Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/fa245f-dc74-4974-82e0-a56e67848f11/1/GLkcEMe4eneYkegJdDsN96p2G5w.roa
File:                     GLkcEMe4eneYkegJdDsN96p2G5w.roa (raw, json)
Hash identifier:          a+Y+AIr4ILwMbtFOtGWppkOOeW987wrq4kOZaYCKOMI=
Subject key identifier:   18:B9:1C:10:C7:B8:7A:77:98:91:E8:09:74:3B:0D:F7:AA:76:1B:9C
Certificate issuer:       /CN=235e502c314d5104f7c60ccd69789cb848ff5e07
Certificate serial:       01961474DF0B11992D74DC27996112AF2B80
Authority key identifier: 23:5E:50:2C:31:4D:51:04:F7:C6:0C:CD:69:78:9C:B8:48:FF:5E:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I15QLDFNUQT3xgzNaXicuEj_Xgc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/fa245f-dc74-4974-82e0-a56e67848f11/1/GLkcEMe4eneYkegJdDsN96p2G5w.roa
Signing time:             Tue 08 Apr 2025 08:12:05 +0000
ROA not before:           Tue 08 Apr 2025 08:12:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210754
IP address blocks:        94.156.190.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/fa245f-dc74-4974-82e0-a56e67848f11/1/I15QLDFNUQT3xgzNaXicuEj_Xgc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/fa245f-dc74-4974-82e0-a56e67848f11/1/I15QLDFNUQT3xgzNaXicuEj_Xgc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I15QLDFNUQT3xgzNaXicuEj_Xgc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:14:74:df:0b:11:99:2d:74:dc:27:99:61:12:af:2b:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=235e502c314d5104f7c60ccd69789cb848ff5e07
        Validity
            Not Before: Apr  8 08:12:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18b91c10c7b87a779891e809743b0df7aa761b9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c4:ba:a1:de:9a:49:d7:d1:d9:7a:5b:2c:56:
                    ef:fb:a7:11:e4:73:5b:a1:23:98:28:5c:4b:a9:60:
                    51:7b:b4:25:7a:27:5b:01:fd:e0:e2:f7:34:78:e2:
                    be:d9:b6:63:a6:e0:12:7c:44:11:0d:df:c5:f5:bc:
                    44:dd:35:4c:59:f5:bc:c5:c9:3e:46:26:e5:98:86:
                    8c:52:a3:81:1f:f4:53:ed:e2:ed:4d:95:5c:41:47:
                    29:75:33:ea:37:7a:bd:d1:01:3c:18:57:a6:6a:ca:
                    21:c3:1a:01:bf:bb:72:c7:fa:9e:4a:4e:80:ef:a5:
                    ef:82:3b:44:97:f9:c9:ee:95:bc:69:17:4e:32:96:
                    a6:29:6a:72:51:6b:d7:4e:6c:cc:83:be:d6:a5:5e:
                    0f:45:14:71:b4:4f:45:f7:8b:49:ab:7b:b2:1d:02:
                    df:39:63:b1:1c:03:2a:bd:1a:0e:a1:10:bc:db:a5:
                    f9:eb:a5:c5:12:66:0c:cc:2b:00:eb:30:48:50:d8:
                    aa:40:b3:2b:67:a1:6a:45:5c:7c:9d:d9:fa:df:f9:
                    18:02:2d:50:96:57:9d:ad:eb:16:a9:f9:54:36:72:
                    d5:c3:62:d0:58:93:f7:f0:8c:48:13:7e:02:f2:bd:
                    ae:f8:cc:c8:4a:ff:8e:6b:50:a2:45:62:77:27:c1:
                    80:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:B9:1C:10:C7:B8:7A:77:98:91:E8:09:74:3B:0D:F7:AA:76:1B:9C
            X509v3 Authority Key Identifier:
                keyid:23:5E:50:2C:31:4D:51:04:F7:C6:0C:CD:69:78:9C:B8:48:FF:5E:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I15QLDFNUQT3xgzNaXicuEj_Xgc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/fa245f-dc74-4974-82e0-a56e67848f11/1/GLkcEMe4eneYkegJdDsN96p2G5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/fa245f-dc74-4974-82e0-a56e67848f11/1/I15QLDFNUQT3xgzNaXicuEj_Xgc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.156.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:e7:fa:31:43:21:86:ca:be:41:fd:70:e2:cf:1b:fb:27:a1:
         aa:cd:37:6d:45:38:bf:39:e3:1e:2a:4f:37:29:3c:f7:48:ae:
         97:f6:19:e1:67:62:13:c4:ba:e0:04:e3:c9:0f:e5:92:e7:3a:
         13:dc:78:32:15:a0:77:bb:cd:23:c8:5a:78:64:9c:7d:f5:0b:
         e1:e0:93:3d:23:f6:54:c1:b0:50:4f:27:9c:c8:3c:31:2f:2b:
         1b:09:02:07:71:b4:5f:18:db:d9:9c:95:90:5a:ad:84:d8:21:
         5f:6f:cc:e2:95:6c:8c:60:9e:9d:e8:6b:08:98:14:19:c9:d9:
         e6:4e:65:4a:e0:54:fc:f8:97:c7:db:cb:41:4f:7e:5f:92:6a:
         c3:a8:4f:f1:05:93:02:16:30:95:a0:6b:58:8c:ec:13:2e:d6:
         45:8d:1a:31:fa:32:38:c9:6e:81:b4:3b:45:76:3a:bc:72:9f:
         20:6d:5e:09:ae:9b:85:6e:f9:28:77:d2:4c:6a:af:a9:ea:99:
         c2:0c:9b:0f:30:2f:42:33:53:d1:a7:a6:c2:7d:71:c7:ef:72:
         20:6b:b4:a9:dc:82:f2:79:11:31:53:e5:4d:75:d4:3b:2a:de:
         8c:53:d7:17:e1:e1:bd:7a:e0:f3:3b:19:c3:f5:7b:12:d3:08:
         59:6c:6a:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYUdN8LEZktdNwnmWESryuAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNWU1MDJjMzE0ZDUxMDRmN2M2MGNjZDY5Nzg5Y2I4NDhm
ZjVlMDcwHhcNMjUwNDA4MDgxMjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGI5MWMxMGM3Yjg3YTc3OTg5MWU4MDk3NDNiMGRmN2FhNzYxYjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMS6od6aSdfR2XpbLFbv+6cR5HNb
oSOYKFxLqWBRe7QleidbAf3g4vc0eOK+2bZjpuASfEQRDd/F9bxE3TVMWfW8xck+
RiblmIaMUqOBH/RT7eLtTZVcQUcpdTPqN3q90QE8GFemasohwxoBv7tyx/qeSk6A
76XvgjtEl/nJ7pW8aRdOMpamKWpyUWvXTmzMg77WpV4PRRRxtE9F94tJq3uyHQLf
OWOxHAMqvRoOoRC826X566XFEmYMzCsA6zBIUNiqQLMrZ6FqRVx8ndn63/kYAi1Q
lledresWqflUNnLVw2LQWJP38IxIE34C8r2u+MzISv+Oa1CiRWJ3J8GA1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBi5HBDHuHp3mJHoCXQ7DfeqdhucMB8GA1UdIwQY
MBaAFCNeUCwxTVEE98YMzWl4nLhI/14HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTE1UUxERk5VUVQzeGd6TmFYaWN1RWpfWGdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mYTI0NWYtZGM3NC00OTc0LTgyZTAt
YTU2ZTY3ODQ4ZjExLzEvR0xrY0VNZTRlbmVZa2VnSmREc045NnAyRzV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mYTI0NWYtZGM3NC00OTc0LTgyZTAtYTU2ZTY3ODQ4ZjEx
LzEvSTE1UUxERk5VUVQzeGd6TmFYaWN1RWpfWGdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXpy+MA0G
CSqGSIb3DQEBCwUAA4IBAQB/5/oxQyGGyr5B/XDizxv7J6GqzTdtRTi/OeMeKk83
KTz3SK6X9hnhZ2ITxLrgBOPJD+WS5zoT3HgyFaB3u80jyFp4ZJx99Qvh4JM9I/ZU
wbBQTyecyDwxLysbCQIHcbRfGNvZnJWQWq2E2CFfb8zilWyMYJ6d6GsImBQZydnm
TmVK4FT8+JfH28tBT35fkmrDqE/xBZMCFjCVoGtYjOwTLtZFjRox+jI4yW6BtDtF
djq8cp8gbV4JrpuFbvkod9JMaq+p6pnCDJsPMC9CM1PRp6bCfXHH73Iga7Sp3ILy
eRExU+VNddQ7Kt6MU9cX4eG9euDzOxnD9XsS0whZbGpb
-----END CERTIFICATE-----