Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/DWWu1oVF2mdvJMucEtU7uCQwtIE.roa
File:                     DWWu1oVF2mdvJMucEtU7uCQwtIE.roa (raw, json)
Hash identifier:          aAuGtxrXgaK+BVUTnKou9LLVeFIpGZ/gKCSewU27gCk=
Subject key identifier:   0D:65:AE:D6:85:45:DA:67:6F:24:CB:9C:12:D5:3B:B8:24:30:B4:81
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CB9A4083EBCB8DD4750615E3269FB
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/DWWu1oVF2mdvJMucEtU7uCQwtIE.roa
Signing time:             Wed 01 Jan 2025 01:48:23 +0000
ROA not before:           Wed 01 Jan 2025 01:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202345
IP address blocks:        194.147.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:b9:a4:08:3e:bc:b8:dd:47:50:61:5e:32:69:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d65aed68545da676f24cb9c12d53bb82430b481
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b9:e4:a2:e4:ad:e7:3e:ca:53:c9:8c:32:2c:
                    74:c3:e0:4b:3a:f6:c8:63:78:f2:bd:94:d3:d3:79:
                    87:25:e5:59:d3:b0:06:11:cf:ef:c5:18:c7:c7:bb:
                    5a:b0:02:9c:0f:91:f1:d1:ff:be:c0:41:94:bb:be:
                    cc:be:d3:c3:3d:8d:7c:9b:2d:5a:3f:40:07:3f:72:
                    db:2b:64:f7:10:23:d8:c7:ff:a1:c9:ba:f3:88:5d:
                    c8:d0:af:67:d1:9b:d9:90:8c:75:dd:52:d6:6f:82:
                    07:a2:27:6e:60:5a:24:d4:22:f2:54:97:1d:d5:27:
                    3b:c3:88:58:7c:10:ce:8d:e3:a9:f7:09:09:d4:ca:
                    e5:2c:69:79:92:32:d7:ec:ce:c3:2f:2c:46:7f:b7:
                    e7:74:09:91:6d:20:ee:0c:a7:05:fa:a0:62:3a:b5:
                    4e:f4:ed:24:05:2a:84:84:8a:f5:b3:89:e9:c7:5c:
                    15:66:70:14:3f:f6:1f:eb:9f:db:3a:01:47:10:83:
                    e1:1e:42:57:b6:18:be:d2:c6:28:7b:6e:9f:9e:c1:
                    09:6b:16:51:aa:41:68:54:d8:95:17:d3:bc:5d:89:
                    4c:7a:5c:68:a5:d9:91:22:28:e2:87:1a:f4:9e:f0:
                    f7:23:45:76:bc:ec:86:5c:44:2f:9c:c6:b7:ca:cb:
                    1b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:65:AE:D6:85:45:DA:67:6F:24:CB:9C:12:D5:3B:B8:24:30:B4:81
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/DWWu1oVF2mdvJMucEtU7uCQwtIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:10:46:07:be:34:4d:01:ba:14:8f:3a:df:8b:c3:29:87:60:
         47:86:0d:19:29:26:83:d8:0e:54:99:81:5e:e5:b9:5f:0c:d3:
         e6:ad:4b:d9:8c:be:16:cc:5c:0c:c0:bf:f8:86:bd:d4:78:bd:
         10:a2:42:03:da:0e:c6:e7:d1:7a:0b:62:a5:8c:af:05:d3:3e:
         bc:c5:97:45:b3:28:b9:cb:0a:1c:42:3a:b2:b9:91:55:3c:45:
         fe:6b:fa:2b:46:ce:94:80:ef:f9:c2:75:8b:cf:d3:e8:7d:ce:
         ef:ee:1b:31:70:58:cf:fa:2c:cb:db:d4:fa:35:d7:08:34:3d:
         0e:13:c0:46:5e:c7:c5:d6:44:2e:d7:9a:5c:c3:c1:14:c2:24:
         84:da:75:af:70:2c:01:3d:51:1a:00:4d:db:9b:3d:06:8c:c1:
         63:12:fc:42:41:c8:a6:67:15:7b:65:ad:df:4a:b9:35:bc:5e:
         29:b8:2a:ea:db:64:b8:d8:af:62:01:fb:f1:47:c2:9d:54:e8:
         73:f2:79:f4:8c:19:c8:73:22:c9:b1:02:df:20:0b:77:88:bb:
         87:98:f5:5f:2c:35:c0:7b:39:5b:b4:7f:78:25:ff:ed:ce:ac:
         f1:42:26:be:50:d6:f8:6c:55:ac:f4:d0:e6:12:d9:48:86:d3:
         ae:e6:39:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjLmkCD68uN1HUGFeMmn7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDY1YWVkNjg1NDVkYTY3NmYyNGNiOWMxMmQ1M2JiODI0MzBiNDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7nkouSt5z7KU8mMMix0w+BLOvbI
Y3jyvZTT03mHJeVZ07AGEc/vxRjHx7tasAKcD5Hx0f++wEGUu77MvtPDPY18my1a
P0AHP3LbK2T3ECPYx/+hybrziF3I0K9n0ZvZkIx13VLWb4IHoiduYFok1CLyVJcd
1Sc7w4hYfBDOjeOp9wkJ1MrlLGl5kjLX7M7DLyxGf7fndAmRbSDuDKcF+qBiOrVO
9O0kBSqEhIr1s4npx1wVZnAUP/Yf65/bOgFHEIPhHkJXthi+0sYoe26fnsEJaxZR
qkFoVNiVF9O8XYlMelxopdmRIijihxr0nvD3I0V2vOyGXEQvnMa3yssbZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1lrtaFRdpnbyTLnBLVO7gkMLSBMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvRFdXdTFvVkYybWR2Sk11Y0V0VTd1Q1F3dElFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwpN0MA0G
CSqGSIb3DQEBCwUAA4IBAQB9EEYHvjRNAboUjzrfi8Mph2BHhg0ZKSaD2A5UmYFe
5blfDNPmrUvZjL4WzFwMwL/4hr3UeL0QokID2g7G59F6C2KljK8F0z68xZdFsyi5
ywocQjqyuZFVPEX+a/orRs6UgO/5wnWLz9Pofc7v7hsxcFjP+izL29T6NdcIND0O
E8BGXsfF1kQu15pcw8EUwiSE2nWvcCwBPVEaAE3bmz0GjMFjEvxCQcimZxV7Za3f
Srk1vF4puCrq22S42K9iAfvxR8KdVOhz8nn0jBnIcyLJsQLfIAt3iLuHmPVfLDXA
ezlbtH94Jf/tzqzxQia+UNb4bFWs9NDmEtlIhtOu5jn+
-----END CERTIFICATE-----