Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/3be7b4-7f42-4217-819b-2476291d70ee/1/XK1HmfxcdTbRAdHlqNq8V7yYy_A.roa
File:                     XK1HmfxcdTbRAdHlqNq8V7yYy_A.roa (raw, json)
Hash identifier:          sq5IFjKXmmj7aEDxsZ6+3DEVQrRJ2eRe1t+cEED93OE=
Subject key identifier:   5C:AD:47:99:FC:5C:75:36:D1:01:D1:E5:A8:DA:BC:57:BC:98:CB:F0
Certificate issuer:       /CN=a08e0aef1cd1e9d32a616adf58245a3ab88a554b
Certificate serial:       019422FC098F67083553F9AC4CD0D949B6F2
Authority key identifier: A0:8E:0A:EF:1C:D1:E9:D3:2A:61:6A:DF:58:24:5A:3A:B8:8A:55:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oI4K7xzR6dMqYWrfWCRaOriKVUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/3be7b4-7f42-4217-819b-2476291d70ee/1/XK1HmfxcdTbRAdHlqNq8V7yYy_A.roa
Signing time:             Wed 01 Jan 2025 17:48:50 +0000
ROA not before:           Wed 01 Jan 2025 17:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15576
IP address blocks:        194.153.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/3be7b4-7f42-4217-819b-2476291d70ee/1/oI4K7xzR6dMqYWrfWCRaOriKVUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/3be7b4-7f42-4217-819b-2476291d70ee/1/oI4K7xzR6dMqYWrfWCRaOriKVUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oI4K7xzR6dMqYWrfWCRaOriKVUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:09:8f:67:08:35:53:f9:ac:4c:d0:d9:49:b6:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a08e0aef1cd1e9d32a616adf58245a3ab88a554b
        Validity
            Not Before: Jan  1 17:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5cad4799fc5c7536d101d1e5a8dabc57bc98cbf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b6:89:0a:46:55:07:60:c7:45:82:48:97:46:
                    54:18:92:91:34:a9:49:15:b8:bd:5b:6d:22:99:92:
                    5d:74:c9:8a:54:10:01:0e:06:ed:60:19:6d:49:68:
                    e9:02:bc:59:a7:be:b6:fa:b6:34:5d:76:0d:a7:8d:
                    18:41:60:eb:35:86:f7:44:2a:ef:f0:4e:85:55:7e:
                    df:99:4c:7a:1c:c9:e2:74:65:9b:3f:66:62:b0:3b:
                    c6:69:a6:67:31:b8:4a:85:0d:96:7a:41:c9:58:51:
                    6e:1d:df:6d:82:5d:fc:0d:ac:5d:0d:65:e1:1b:33:
                    cf:87:e8:54:4b:c6:6c:73:37:f6:7f:3c:c8:02:a7:
                    2d:34:d8:91:f5:1d:eb:e7:67:5b:5c:5e:bf:88:3c:
                    ab:31:d7:11:37:25:ae:d6:02:c5:73:58:6b:e7:f2:
                    0c:b9:42:e1:92:f5:31:aa:0a:f4:ae:5c:74:ba:23:
                    bd:a1:5e:fc:e1:d6:44:f2:93:bb:01:e4:1c:38:16:
                    1b:a9:01:41:3e:5e:59:44:bc:a2:db:74:57:d2:c6:
                    4e:9e:82:04:45:38:d6:da:e1:de:36:8a:be:e0:1a:
                    f8:ba:d0:13:9b:b1:e4:99:dd:37:96:4e:0f:5c:6a:
                    26:32:59:f4:d2:e3:87:1e:7b:be:64:73:92:ae:d1:
                    b0:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:AD:47:99:FC:5C:75:36:D1:01:D1:E5:A8:DA:BC:57:BC:98:CB:F0
            X509v3 Authority Key Identifier:
                keyid:A0:8E:0A:EF:1C:D1:E9:D3:2A:61:6A:DF:58:24:5A:3A:B8:8A:55:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oI4K7xzR6dMqYWrfWCRaOriKVUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/3be7b4-7f42-4217-819b-2476291d70ee/1/XK1HmfxcdTbRAdHlqNq8V7yYy_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/3be7b4-7f42-4217-819b-2476291d70ee/1/oI4K7xzR6dMqYWrfWCRaOriKVUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:16:14:ba:27:02:8b:db:47:37:7e:b7:f5:3e:1d:59:75:8c:
         26:87:4c:6d:7a:70:c5:9c:47:cc:48:07:a0:29:68:e8:53:df:
         40:3d:df:19:10:49:36:c8:f2:fe:f5:cf:9a:2c:0f:e6:1c:e9:
         33:62:ee:d9:68:ba:ab:39:23:19:52:81:2f:27:dc:86:53:63:
         61:04:a9:d9:9c:81:29:47:b9:20:4c:55:27:fe:79:b6:fe:54:
         f9:3c:40:9e:18:b9:81:6b:31:f6:42:8d:9c:db:c6:96:92:d9:
         07:09:92:e8:a5:77:c3:fc:e4:7c:22:bc:5b:52:f3:bc:1c:0f:
         b8:0d:b5:37:f5:c5:04:51:90:5e:02:e0:f0:8d:6b:e3:a2:ba:
         87:ba:f8:20:63:35:f2:ca:be:07:16:a7:2f:41:6b:aa:ed:71:
         e3:c1:d8:81:dd:51:88:97:81:56:21:79:6f:78:cd:b3:ad:96:
         f6:6b:1e:53:bd:40:49:16:de:02:9d:42:f7:0c:69:3f:a9:97:
         fe:75:8e:20:29:e9:f0:9b:f8:f7:fa:ec:f9:2e:bb:22:5d:df:
         40:3e:8c:fa:d4:8b:61:63:ed:3c:00:be:38:fd:ec:9b:51:34:
         9d:36:79:ee:60:95:f1:c7:4d:b2:90:f8:9a:4e:fc:e1:4e:ce:
         0c:8b:e6:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/AmPZwg1U/msTNDZSbbyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwOGUwYWVmMWNkMWU5ZDMyYTYxNmFkZjU4MjQ1YTNhYjg4
YTU1NGIwHhcNMjUwMTAxMTc0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2FkNDc5OWZjNWM3NTM2ZDEwMWQxZTVhOGRhYmM1N2JjOThjYmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7aJCkZVB2DHRYJIl0ZUGJKRNKlJ
Fbi9W20imZJddMmKVBABDgbtYBltSWjpArxZp762+rY0XXYNp40YQWDrNYb3RCrv
8E6FVX7fmUx6HMnidGWbP2ZisDvGaaZnMbhKhQ2WekHJWFFuHd9tgl38DaxdDWXh
GzPPh+hUS8Zsczf2fzzIAqctNNiR9R3r52dbXF6/iDyrMdcRNyWu1gLFc1hr5/IM
uULhkvUxqgr0rlx0uiO9oV784dZE8pO7AeQcOBYbqQFBPl5ZRLyi23RX0sZOnoIE
RTjW2uHeNoq+4Br4utATm7Hkmd03lk4PXGomMln00uOHHnu+ZHOSrtGwGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFytR5n8XHU20QHR5ajavFe8mMvwMB8GA1UdIwQY
MBaAFKCOCu8c0enTKmFq31gkWjq4ilVLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0k0Szd4elI2ZE1xWVdyZldDUmFPcmlLVlVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8zYmU3YjQtN2Y0Mi00MjE3LTgxOWIt
MjQ3NjI5MWQ3MGVlLzEvWEsxSG1meGNkVGJSQWRIbHFOcThWN3lZeV9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8zYmU3YjQtN2Y0Mi00MjE3LTgxOWItMjQ3NjI5MWQ3MGVl
LzEvb0k0Szd4elI2ZE1xWVdyZldDUmFPcmlLVlVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpleMA0G
CSqGSIb3DQEBCwUAA4IBAQA7FhS6JwKL20c3frf1Ph1ZdYwmh0xtenDFnEfMSAeg
KWjoU99APd8ZEEk2yPL+9c+aLA/mHOkzYu7ZaLqrOSMZUoEvJ9yGU2NhBKnZnIEp
R7kgTFUn/nm2/lT5PECeGLmBazH2Qo2c28aWktkHCZLopXfD/OR8IrxbUvO8HA+4
DbU39cUEUZBeAuDwjWvjorqHuvggYzXyyr4HFqcvQWuq7XHjwdiB3VGIl4FWIXlv
eM2zrZb2ax5TvUBJFt4CnUL3DGk/qZf+dY4gKenwm/j3+uz5LrsiXd9APoz61Ith
Y+08AL44/eybUTSdNnnuYJXxx02ykPiaTvzhTs4Mi+Z6
-----END CERTIFICATE-----