Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/K_GKFulSX6Oy_EAQzLQa-3i5CJg.roa
File:                     K_GKFulSX6Oy_EAQzLQa-3i5CJg.roa (raw, json)
Hash identifier:          l9gFAG8lRkWg7ngTMBFdXklVQR1yNsmnq3CBshIRfbs=
Subject key identifier:   2B:F1:8A:16:E9:52:5F:A3:B2:FC:40:10:CC:B4:1A:FB:78:B9:08:98
Certificate issuer:       /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial:       018CC348B183A2EA21AC164C07A63F48F230
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/K_GKFulSX6Oy_EAQzLQa-3i5CJg.roa
Signing time:             Mon 01 Jan 2024 04:29:30 +0000
ROA not before:           Mon 01 Jan 2024 04:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209817
IP address blocks:        94.240.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b1:83:a2:ea:21:ac:16:4c:07:a6:3f:48:f2:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
        Validity
            Not Before: Jan  1 04:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2bf18a16e9525fa3b2fc4010ccb41afb78b90898
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:c7:84:08:e7:c4:45:9e:ac:65:bd:61:ae:f5:
                    17:f8:83:ae:4f:38:f5:bd:1e:1e:90:39:58:c2:9c:
                    1f:0e:69:c5:b9:30:c4:21:b1:a6:7f:0e:5e:1e:5c:
                    8b:66:af:0c:b8:eb:5f:41:f1:6a:71:3b:59:45:81:
                    93:eb:8a:67:74:27:a3:b2:c0:72:01:a2:6b:ee:ee:
                    f0:63:09:e7:c1:ed:ad:ef:1c:39:bc:bb:5c:28:c7:
                    53:6d:60:2e:8a:a9:6b:ee:ed:b3:a6:42:f6:15:30:
                    78:a9:4d:25:5d:3f:c7:29:dc:dd:52:8b:8a:9f:e0:
                    03:95:ef:00:05:6a:3f:12:47:46:fe:a7:ac:68:9a:
                    25:32:f7:eb:17:13:b4:b7:71:ed:05:45:f8:a1:eb:
                    02:65:a2:7e:75:9a:75:b4:12:da:5c:60:c4:c1:fb:
                    d5:2f:8a:a2:6b:eb:58:85:5a:d3:e1:c9:0e:bf:7b:
                    dc:12:ca:99:7f:e0:49:0b:a7:95:29:e3:bb:50:4c:
                    b9:05:64:59:f7:b5:f9:2d:7a:c2:cd:91:b5:71:03:
                    b9:20:96:83:3d:00:61:37:be:01:2f:8d:0c:dc:49:
                    82:d1:86:3e:36:e0:9c:f0:f9:cb:e1:14:2b:3c:74:
                    77:9f:83:c8:bc:cf:87:4c:68:0d:95:90:71:50:0f:
                    44:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:F1:8A:16:E9:52:5F:A3:B2:FC:40:10:CC:B4:1A:FB:78:B9:08:98
            X509v3 Authority Key Identifier:
                keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/K_GKFulSX6Oy_EAQzLQa-3i5CJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.240.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:f8:a5:ac:b3:eb:76:24:30:2d:92:43:59:b7:47:ee:8c:00:
         95:09:52:9f:8e:50:37:7d:bd:98:04:59:ae:92:41:8c:f3:59:
         57:72:d2:0b:9d:67:e8:b2:90:02:bf:85:78:33:26:15:4c:9b:
         e6:89:a3:ab:9a:be:6a:3b:12:bf:d9:9e:bb:bd:fe:43:f2:9a:
         4f:e0:7f:03:23:69:d6:6a:38:ff:83:c5:e5:ee:f5:61:6e:e5:
         ac:cf:0b:96:44:54:30:f3:f5:b0:09:d2:e4:59:0f:b0:06:77:
         a3:6e:fc:3c:98:44:19:60:67:e0:2d:bd:ba:79:51:17:45:1b:
         50:96:7b:68:2b:40:3e:b8:fc:2c:5a:b6:45:6d:7d:1c:b3:cb:
         81:f9:04:37:04:3d:f0:c8:b8:98:8b:b4:3a:d9:bb:ce:14:08:
         d7:6c:ae:3b:99:6b:90:a1:15:d4:a4:53:b8:3f:d3:e5:68:24:
         ac:04:ac:95:fb:22:f5:42:2b:74:6a:10:2a:ca:a8:53:ea:f3:
         00:86:39:69:d7:2b:37:22:40:1e:08:d3:e1:fb:b5:58:2f:93:
         64:ee:81:89:63:cb:d1:08:09:3d:7b:6e:64:63:a8:d5:8e:6c:
         e0:a6:57:be:2d:50:90:5d:8b:b8:d9:20:dd:a5:03:b1:56:30:
         80:39:d8:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSLGDouohrBZMB6Y/SPIwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjQwMTAxMDQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmYxOGExNmU5NTI1ZmEzYjJmYzQwMTBjY2I0MWFmYjc4YjkwODk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6MeECOfERZ6sZb1hrvUX+IOuTzj1
vR4ekDlYwpwfDmnFuTDEIbGmfw5eHlyLZq8MuOtfQfFqcTtZRYGT64pndCejssBy
AaJr7u7wYwnnwe2t7xw5vLtcKMdTbWAuiqlr7u2zpkL2FTB4qU0lXT/HKdzdUouK
n+ADle8ABWo/EkdG/qesaJolMvfrFxO0t3HtBUX4oesCZaJ+dZp1tBLaXGDEwfvV
L4qia+tYhVrT4ckOv3vcEsqZf+BJC6eVKeO7UEy5BWRZ97X5LXrCzZG1cQO5IJaD
PQBhN74BL40M3EmC0YY+NuCc8PnL4RQrPHR3n4PIvM+HTGgNlZBxUA9EowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCvxihbpUl+jsvxAEMy0Gvt4uQiYMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvS19HS0Z1bFNYNk95X0VBUXpMUWEtM2k1Q0pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXvAOMA0G
CSqGSIb3DQEBCwUAA4IBAQA0+KWss+t2JDAtkkNZt0fujACVCVKfjlA3fb2YBFmu
kkGM81lXctILnWfospACv4V4MyYVTJvmiaOrmr5qOxK/2Z67vf5D8ppP4H8DI2nW
ajj/g8Xl7vVhbuWszwuWRFQw8/WwCdLkWQ+wBnejbvw8mEQZYGfgLb26eVEXRRtQ
lntoK0A+uPwsWrZFbX0cs8uB+QQ3BD3wyLiYi7Q62bvOFAjXbK47mWuQoRXUpFO4
P9PlaCSsBKyV+yL1Qit0ahAqyqhT6vMAhjlp1ys3IkAeCNPh+7VYL5Nk7oGJY8vR
CAk9e25kY6jVjmzgple+LVCQXYu42SDdpQOxVjCAOdhv
-----END CERTIFICATE-----