Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/0x8juoo7AM8ugf31uQycejLtims.roa
File:                     0x8juoo7AM8ugf31uQycejLtims.roa (raw, json)
Hash identifier:          sJQg/bbbZFsef+zbbHa9OzqRT4fumHdl0Xl81Is/6E0=
Subject key identifier:   D3:1F:23:BA:8A:3B:00:CF:2E:81:FD:F5:B9:0C:9C:7A:32:ED:8A:6B
Certificate issuer:       /CN=81a7ce8bacbeceeb16f600b607d1bfd08033b302
Certificate serial:       019420D5EEB6BC5EFFEF8BA4A51F12DEC038
Authority key identifier: 81:A7:CE:8B:AC:BE:CE:EB:16:F6:00:B6:07:D1:BF:D0:80:33:B3:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gafOi6y-zusW9gC2B9G_0IAzswI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/0x8juoo7AM8ugf31uQycejLtims.roa
Signing time:             Wed 01 Jan 2025 07:47:58 +0000
ROA not before:           Wed 01 Jan 2025 07:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212390
IP address blocks:        194.50.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/gafOi6y-zusW9gC2B9G_0IAzswI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/gafOi6y-zusW9gC2B9G_0IAzswI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gafOi6y-zusW9gC2B9G_0IAzswI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:ee:b6:bc:5e:ff:ef:8b:a4:a5:1f:12:de:c0:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81a7ce8bacbeceeb16f600b607d1bfd08033b302
        Validity
            Not Before: Jan  1 07:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d31f23ba8a3b00cf2e81fdf5b90c9c7a32ed8a6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:25:b9:7d:a1:07:36:21:c7:32:55:2e:e3:96:
                    35:98:40:f9:2d:45:b9:bd:1a:1f:78:77:a7:87:58:
                    dc:3d:cf:d2:3d:5d:e2:c5:99:67:c8:28:18:12:18:
                    ab:75:5e:21:2d:9a:19:66:70:05:80:6d:4a:b1:33:
                    cb:e4:74:a3:b4:51:71:87:c9:00:2a:df:3d:31:34:
                    10:69:07:a9:d8:bf:49:1a:75:a3:95:7a:b0:78:b8:
                    bc:45:23:73:11:ac:3a:7e:ce:f7:1c:a0:53:75:3a:
                    82:0d:89:62:78:0f:03:a3:73:54:87:c4:b0:ec:65:
                    51:bb:fb:39:97:97:82:cc:5a:c9:e5:e9:78:62:08:
                    8a:65:5c:f6:18:99:27:af:c3:d3:40:ea:9d:51:10:
                    9f:4f:f2:3f:4e:dc:93:62:52:67:24:ee:f6:f9:b4:
                    9b:42:53:89:3c:56:c8:5a:ca:d6:7b:02:25:e7:7c:
                    17:0a:68:e5:82:c1:db:6e:6c:7e:ba:4c:bf:c6:91:
                    12:7f:9b:ef:79:f6:75:0b:fc:d7:45:0f:a0:f3:39:
                    8c:12:1c:61:41:3b:4f:78:1d:d6:34:17:a3:56:16:
                    e8:5b:9d:3e:9e:ca:b8:ed:4c:95:eb:b8:4e:91:0a:
                    74:d8:4d:23:39:74:45:a2:4c:70:90:94:4e:d1:88:
                    78:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:1F:23:BA:8A:3B:00:CF:2E:81:FD:F5:B9:0C:9C:7A:32:ED:8A:6B
            X509v3 Authority Key Identifier:
                keyid:81:A7:CE:8B:AC:BE:CE:EB:16:F6:00:B6:07:D1:BF:D0:80:33:B3:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gafOi6y-zusW9gC2B9G_0IAzswI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/0x8juoo7AM8ugf31uQycejLtims.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/gafOi6y-zusW9gC2B9G_0IAzswI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e2:fe:c4:75:19:06:f8:a7:f2:b6:0e:f3:fd:b5:b8:1d:55:a5:
         b7:2a:68:4d:4c:c7:73:8e:69:b3:18:94:2b:f8:41:32:fa:55:
         5e:37:9e:a3:d3:51:72:c3:e8:82:4e:b7:7d:4a:84:68:cf:c2:
         45:5d:7c:6e:74:9e:5f:73:83:a5:d8:7c:49:0c:a3:6e:37:69:
         9b:06:84:c5:cb:90:f0:c6:a2:dd:29:a5:eb:27:20:c0:13:d6:
         98:1e:90:91:f0:b2:22:9b:88:09:3c:e0:10:36:79:4a:1c:29:
         3b:f6:a8:17:66:ec:cf:09:db:c1:f3:22:59:b9:23:da:e2:70:
         4f:8f:e7:e2:a9:40:9c:4e:a1:c6:37:13:0a:1e:a8:df:dc:8b:
         91:d1:41:1c:ae:1e:eb:e8:e7:56:4a:a4:73:e0:47:6a:1d:b9:
         cb:c8:34:9e:73:ab:90:51:a1:bd:98:a6:8e:76:d7:0c:fb:b4:
         f3:05:e1:48:4e:6e:1d:a9:df:75:d1:cc:c5:53:8a:07:45:ab:
         6e:32:6a:d4:9c:a7:2f:b8:47:2a:84:e2:d2:2a:e7:e7:ce:7f:
         1c:e2:d0:c2:a2:75:bd:21:54:b3:2e:2c:63:30:6d:64:15:fd:
         ac:31:bf:89:19:7c:b2:47:9a:0a:55:17:76:3f:dc:e1:4a:28:
         85:42:73:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1e62vF7/74ukpR8S3sA4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYTdjZThiYWNiZWNlZWIxNmY2MDBiNjA3ZDFiZmQwODAz
M2IzMDIwHhcNMjUwMTAxMDc0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzFmMjNiYThhM2IwMGNmMmU4MWZkZjViOTBjOWM3YTMyZWQ4YTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6yW5faEHNiHHMlUu45Y1mED5LUW5
vRofeHenh1jcPc/SPV3ixZlnyCgYEhirdV4hLZoZZnAFgG1KsTPL5HSjtFFxh8kA
Kt89MTQQaQep2L9JGnWjlXqweLi8RSNzEaw6fs73HKBTdTqCDYlieA8Do3NUh8Sw
7GVRu/s5l5eCzFrJ5el4YgiKZVz2GJknr8PTQOqdURCfT/I/TtyTYlJnJO72+bSb
QlOJPFbIWsrWewIl53wXCmjlgsHbbmx+uky/xpESf5vvefZ1C/zXRQ+g8zmMEhxh
QTtPeB3WNBejVhboW50+nsq47UyV67hOkQp02E0jOXRFokxwkJRO0Yh4wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNMfI7qKOwDPLoH99bkMnHoy7YprMB8GA1UdIwQY
MBaAFIGnzousvs7rFvYAtgfRv9CAM7MCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2FmT2k2eS16dXNXOWdDMkI5R18wSUF6c3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9lZTY2ZmItNWRjMC00MTIyLTliYzct
YjI3ZDg3MzBhMjcwLzEvMHg4anVvbzdBTTh1Z2YzMXVReWNlakx0aW1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9lZTY2ZmItNWRjMC00MTIyLTliYzctYjI3ZDg3MzBhMjcw
LzEvZ2FmT2k2eS16dXNXOWdDMkI5R18wSUF6c3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjK7MA0G
CSqGSIb3DQEBCwUAA4IBAQDi/sR1GQb4p/K2DvP9tbgdVaW3KmhNTMdzjmmzGJQr
+EEy+lVeN56j01Fyw+iCTrd9SoRoz8JFXXxudJ5fc4Ol2HxJDKNuN2mbBoTFy5Dw
xqLdKaXrJyDAE9aYHpCR8LIim4gJPOAQNnlKHCk79qgXZuzPCdvB8yJZuSPa4nBP
j+fiqUCcTqHGNxMKHqjf3IuR0UEcrh7r6OdWSqRz4EdqHbnLyDSec6uQUaG9mKaO
dtcM+7TzBeFITm4dqd910czFU4oHRatuMmrUnKcvuEcqhOLSKufnzn8c4tDConW9
IVSzLixjMG1kFf2sMb+JGXyyR5oKVRd2P9zhSiiFQnM5
-----END CERTIFICATE-----