Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/VxIXaWwLkBGkjZQeWWd_ibEhp60.roa
File:                     VxIXaWwLkBGkjZQeWWd_ibEhp60.roa (raw, json)
Hash identifier:          QCpkMwaTbzamZ/SOTvV5UxFRlb2vNax+YKBEOMySN+E=
Subject key identifier:   57:12:17:69:6C:0B:90:11:A4:8D:94:1E:59:67:7F:89:B1:21:A7:AD
Certificate issuer:       /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial:       0195D2FB27BC04F5636B9A3E30144276C204
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/VxIXaWwLkBGkjZQeWWd_ibEhp60.roa
Signing time:             Wed 26 Mar 2025 15:03:49 +0000
ROA not before:           Wed 26 Mar 2025 15:03:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197177
IP address blocks:        94.240.20.0/24 maxlen: 24
                          94.240.21.0/24 maxlen: 24
                          94.240.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 12:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d2:fb:27:bc:04:f5:63:6b:9a:3e:30:14:42:76:c2:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
        Validity
            Not Before: Mar 26 15:03:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=571217696c0b9011a48d941e59677f89b121a7ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:77:53:5c:cd:e1:46:ac:17:7e:0e:0d:c4:f3:
                    4d:88:34:ae:26:44:64:c0:9b:14:52:2b:03:29:46:
                    f2:a7:c0:b4:ce:4a:7b:88:e2:0e:12:42:da:1d:4d:
                    8b:94:ae:58:af:8e:d2:ad:33:d3:22:17:a2:cf:c0:
                    67:b7:db:06:86:d6:99:e6:11:87:81:aa:ea:c3:1e:
                    ab:ec:31:a9:0e:06:30:a0:d2:5d:0a:e3:c3:0b:77:
                    c4:6a:51:82:21:f6:7e:e2:31:2b:11:ee:78:fa:c5:
                    3e:48:12:f1:20:a3:e2:d8:a6:be:59:e9:6f:ea:39:
                    ff:11:89:43:8e:81:20:be:ca:5b:a0:14:98:3c:dd:
                    21:71:a1:5d:ac:66:65:f2:30:06:0e:39:5c:8f:7b:
                    5d:e0:c1:80:ee:f7:a5:88:6a:57:f2:56:93:2d:9c:
                    b3:fc:88:95:e4:53:78:a2:cb:33:5a:a7:4d:1a:5d:
                    38:4f:ed:6c:5b:05:08:e8:41:0c:51:27:9b:82:ba:
                    9a:30:85:29:de:ae:ad:42:a1:8d:f4:58:56:6d:14:
                    5f:14:89:60:93:ec:de:12:89:e8:32:24:93:d7:37:
                    d9:dc:e8:9c:3d:9c:ea:b5:c7:24:92:cf:11:07:af:
                    c4:56:2f:f7:54:c3:3a:25:43:1d:ad:ad:e3:9b:b4:
                    79:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:12:17:69:6C:0B:90:11:A4:8D:94:1E:59:67:7F:89:B1:21:A7:AD
            X509v3 Authority Key Identifier:
                keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/VxIXaWwLkBGkjZQeWWd_ibEhp60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.240.20.0/23
                  94.240.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:99:16:9b:1c:94:a5:98:a0:80:ed:c9:16:41:13:38:e5:5f:
         01:fa:9c:74:b6:48:8f:62:e2:37:34:67:de:2e:c2:c1:39:e7:
         a2:b6:b9:05:fd:b2:ca:f7:d7:03:ca:e5:d3:bd:e8:44:91:d0:
         64:13:84:b0:9d:9a:e9:65:7c:3b:15:cf:22:3d:27:5d:06:57:
         be:5c:6c:05:c4:e2:3b:ae:a6:2a:38:38:96:a5:f5:0d:09:1e:
         a6:e1:cb:8d:e9:ef:7c:46:e2:2c:21:6f:9e:6f:a5:61:7f:35:
         e8:c5:b9:fd:7d:2f:1d:f8:0f:4d:23:f0:81:09:27:23:aa:87:
         49:d1:94:f5:f2:d5:50:24:fe:5f:25:4a:32:ca:b4:d2:a4:06:
         c8:d5:cb:fb:f9:d4:75:2d:f1:f6:e4:49:88:ce:c0:86:0e:b0:
         85:ad:a6:6e:ef:3b:f5:ac:e3:58:ea:12:14:c7:77:2f:16:57:
         cb:1a:fb:32:cd:db:df:f3:37:a8:ab:41:f1:b3:36:7c:a6:49:
         7a:37:ef:a1:41:f8:ea:92:a9:ae:47:c9:20:61:99:63:ac:88:
         2a:61:88:7a:72:98:85:3d:3a:96:25:7f:37:21:74:34:02:08:
         dd:09:e8:55:c2:0c:f6:31:74:10:6f:65:c1:74:8b:58:35:88:
         b3:85:c5:7d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZXS+ye8BPVja5o+MBRCdsIEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjUwMzI2MTUwMzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzEyMTc2OTZjMGI5MDExYTQ4ZDk0MWU1OTY3N2Y4OWIxMjFhN2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHdTXM3hRqwXfg4NxPNNiDSuJkRk
wJsUUisDKUbyp8C0zkp7iOIOEkLaHU2LlK5Yr47SrTPTIheiz8Bnt9sGhtaZ5hGH
garqwx6r7DGpDgYwoNJdCuPDC3fEalGCIfZ+4jErEe54+sU+SBLxIKPi2Ka+Welv
6jn/EYlDjoEgvspboBSYPN0hcaFdrGZl8jAGDjlcj3td4MGA7veliGpX8laTLZyz
/IiV5FN4osszWqdNGl04T+1sWwUI6EEMUSebgrqaMIUp3q6tQqGN9FhWbRRfFIlg
k+zeEonoMiST1zfZ3OicPZzqtcckks8RB6/EVi/3VMM6JUMdra3jm7R56QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFcSF2lsC5ARpI2UHllnf4mxIaetMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvVnhJWGFXd0xrQkdralpRZVdXZF9pYkVocDYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBXvAUAwQA
XvAnMA0GCSqGSIb3DQEBCwUAA4IBAQCimRabHJSlmKCA7ckWQRM45V8B+px0tkiP
YuI3NGfeLsLBOeeitrkF/bLK99cDyuXTvehEkdBkE4SwnZrpZXw7Fc8iPSddBle+
XGwFxOI7rqYqODiWpfUNCR6m4cuN6e98RuIsIW+eb6VhfzXoxbn9fS8d+A9NI/CB
CScjqodJ0ZT18tVQJP5fJUoyyrTSpAbI1cv7+dR1LfH25EmIzsCGDrCFraZu7zv1
rONY6hIUx3cvFlfLGvsyzdvf8zeoq0HxszZ8pkl6N++hQfjqkqmuR8kgYZljrIgq
YYh6cpiFPTqWJX83IXQ0AgjdCehVwgz2MXQQb2XBdItYNYizhcV9
-----END CERTIFICATE-----