Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/jNNwfj4yCG6tAQvKNBKNyotT3Uc.roa
File:                     jNNwfj4yCG6tAQvKNBKNyotT3Uc.roa (raw, json)
Hash identifier:          YnWj2zXlzP2G3Zw5FE5Oh0YIdFiyicA2GGgtxLrY7lU=
Subject key identifier:   8C:D3:70:7E:3E:32:08:6E:AD:01:0B:CA:34:12:8D:CA:8B:53:DD:47
Certificate issuer:       /CN=940a10a256728f11a4bbaadc3204b7f0a35a5000
Certificate serial:       018CC7263F806A18C2CACC9FED3E0CD3819E
Authority key identifier: 94:0A:10:A2:56:72:8F:11:A4:BB:AA:DC:32:04:B7:F0:A3:5A:50:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lAoQolZyjxGku6rcMgS38KNaUAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/jNNwfj4yCG6tAQvKNBKNyotT3Uc.roa
Signing time:             Mon 01 Jan 2024 22:30:21 +0000
ROA not before:           Mon 01 Jan 2024 22:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57344
IP address blocks:        194.24.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/lAoQolZyjxGku6rcMgS38KNaUAA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/lAoQolZyjxGku6rcMgS38KNaUAA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lAoQolZyjxGku6rcMgS38KNaUAA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:3f:80:6a:18:c2:ca:cc:9f:ed:3e:0c:d3:81:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=940a10a256728f11a4bbaadc3204b7f0a35a5000
        Validity
            Not Before: Jan  1 22:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8cd3707e3e32086ead010bca34128dca8b53dd47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:11:09:4f:b1:e7:99:9d:06:a6:e7:29:6e:3b:
                    97:e9:13:bf:14:2f:25:b4:87:1a:d7:cc:b5:c6:b5:
                    92:db:d6:58:ac:dd:ea:fb:f5:01:fb:1a:58:cb:eb:
                    4c:f4:df:80:3e:25:80:1d:f9:2c:0e:47:e4:78:8a:
                    d9:ec:90:a2:25:d6:8a:8d:91:93:be:29:65:7e:b0:
                    72:98:40:cd:ad:13:f8:fe:d7:e9:3e:b6:3c:e3:bd:
                    35:ea:80:bb:37:9b:d4:90:99:22:f2:b9:51:69:48:
                    59:0d:5b:93:74:7b:c6:f6:3d:55:c0:2a:a3:5e:03:
                    02:3e:36:79:90:34:30:04:41:fa:fb:2e:e0:b4:ca:
                    a7:0e:0c:5e:85:69:db:0f:55:e2:e2:ac:96:44:31:
                    96:3c:a9:24:50:2a:ff:01:ff:ea:c2:1a:f1:b5:4c:
                    97:a7:e1:33:a3:af:f7:62:96:d5:68:83:79:01:20:
                    25:ff:0d:3c:4a:5c:2f:0e:5c:8a:d7:0e:ca:3b:58:
                    4b:9b:2e:76:a8:3f:a3:a0:42:0b:d8:d1:d7:e3:9a:
                    c9:96:5a:61:36:b4:1e:9d:9a:78:67:96:0e:86:2a:
                    d4:5a:4a:a7:26:87:0e:0a:1e:b4:63:7d:51:2c:b2:
                    ee:a0:0a:b3:9c:95:06:8a:86:ab:71:63:98:a2:63:
                    55:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:D3:70:7E:3E:32:08:6E:AD:01:0B:CA:34:12:8D:CA:8B:53:DD:47
            X509v3 Authority Key Identifier:
                keyid:94:0A:10:A2:56:72:8F:11:A4:BB:AA:DC:32:04:B7:F0:A3:5A:50:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lAoQolZyjxGku6rcMgS38KNaUAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/jNNwfj4yCG6tAQvKNBKNyotT3Uc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/lAoQolZyjxGku6rcMgS38KNaUAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.24.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d6:e3:05:8f:d9:f7:76:79:06:6c:76:c1:98:8f:54:a9:e1:78:
         d1:42:bc:13:ae:c8:b4:75:63:a3:23:92:7b:d9:46:d9:4a:f0:
         4d:af:cc:30:da:d7:25:ac:51:35:e6:dc:bc:19:bf:fa:80:54:
         6d:4e:8c:6a:ce:9d:7d:f8:63:8c:7e:6d:d6:31:9c:f4:1e:f6:
         01:6f:1b:e6:35:36:24:f1:f6:fb:93:f2:4f:ef:83:fc:13:2e:
         ed:8c:53:e5:3b:60:1a:63:57:1e:7b:2a:fd:91:ac:c9:34:27:
         25:c8:51:77:22:bb:95:03:3e:48:fb:5c:42:29:62:f1:3e:96:
         e3:8c:07:9d:a0:9c:e2:64:f2:84:11:a0:0a:39:80:bd:a0:de:
         06:6c:e5:28:0c:f2:89:bf:a8:27:2e:1e:d6:ea:22:c6:c5:62:
         7a:6e:9b:d4:6b:45:7b:33:b9:9b:10:42:37:dc:4e:98:71:20:
         f1:26:1e:a8:ba:7a:51:82:84:18:31:6e:5c:67:dd:e9:84:01:
         21:06:5c:fc:3a:0e:bb:6c:b6:95:8c:cd:d9:36:fe:af:f0:91:
         7a:f0:2a:28:9e:94:38:58:1e:60:a4:e4:ce:e0:d7:e3:dd:90:
         5f:94:a4:74:84:47:5d:43:d5:b5:cc:cc:ce:1b:6e:a0:b7:1f:
         cd:de:5a:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJj+AahjCysyf7T4M04GeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MGExMGEyNTY3MjhmMTFhNGJiYWFkYzMyMDRiN2YwYTM1
YTUwMDAwHhcNMjQwMTAxMjIzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2QzNzA3ZTNlMzIwODZlYWQwMTBiY2EzNDEyOGRjYThiNTNkZDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohEJT7HnmZ0GpucpbjuX6RO/FC8l
tIca18y1xrWS29ZYrN3q+/UB+xpYy+tM9N+APiWAHfksDkfkeIrZ7JCiJdaKjZGT
villfrBymEDNrRP4/tfpPrY847016oC7N5vUkJki8rlRaUhZDVuTdHvG9j1VwCqj
XgMCPjZ5kDQwBEH6+y7gtMqnDgxehWnbD1Xi4qyWRDGWPKkkUCr/Af/qwhrxtUyX
p+Ezo6/3YpbVaIN5ASAl/w08SlwvDlyK1w7KO1hLmy52qD+joEIL2NHX45rJllph
NrQenZp4Z5YOhirUWkqnJocOCh60Y31RLLLuoAqznJUGioarcWOYomNVFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIzTcH4+MghurQELyjQSjcqLU91HMB8GA1UdIwQY
MBaAFJQKEKJWco8RpLuq3DIEt/CjWlAAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEFvUW9sWnlqeEdrdTZyY01nUzM4S05hVUFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hMWFlNzUtMmQ2Yi00Y2M2LWFjZWYt
ZGNlNmQ2OTA5MjQ3LzEvak5Od2ZqNHlDRzZ0QVF2S05CS055b3RUM1VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hMWFlNzUtMmQ2Yi00Y2M2LWFjZWYtZGNlNmQ2OTA5MjQ3
LzEvbEFvUW9sWnlqeEdrdTZyY01nUzM4S05hVUFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhi9MA0G
CSqGSIb3DQEBCwUAA4IBAQDW4wWP2fd2eQZsdsGYj1Sp4XjRQrwTrsi0dWOjI5J7
2UbZSvBNr8ww2tclrFE15ty8Gb/6gFRtToxqzp19+GOMfm3WMZz0HvYBbxvmNTYk
8fb7k/JP74P8Ey7tjFPlO2AaY1ceeyr9kazJNCclyFF3IruVAz5I+1xCKWLxPpbj
jAedoJziZPKEEaAKOYC9oN4GbOUoDPKJv6gnLh7W6iLGxWJ6bpvUa0V7M7mbEEI3
3E6YcSDxJh6ounpRgoQYMW5cZ93phAEhBlz8Og67bLaVjM3ZNv6v8JF68CoonpQ4
WB5gpOTO4Nfj3ZBflKR0hEddQ9W1zMzOG26gtx/N3lqM
-----END CERTIFICATE-----