Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/75339a-5997-4a93-9ad6-65963777ba0a/1/OQmOhZ2KJeLWvMja2BDXrtL3kqU.roa
File:                     OQmOhZ2KJeLWvMja2BDXrtL3kqU.roa (raw, json)
Hash identifier:          w70PlkkpGt63cfdxwzDtMvlWiAGcscluDEcq/YXxa18=
Subject key identifier:   39:09:8E:85:9D:8A:25:E2:D6:BC:C8:DA:D8:10:D7:AE:D2:F7:92:A5
Certificate issuer:       /CN=106fc87874912b1813ac4292457abddc018e9b45
Certificate serial:       018CCA2BA4F646FAA6A409EB17A51F5E6007
Authority key identifier: 10:6F:C8:78:74:91:2B:18:13:AC:42:92:45:7A:BD:DC:01:8E:9B:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EG_IeHSRKxgTrEKSRXq93AGOm0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/75339a-5997-4a93-9ad6-65963777ba0a/1/OQmOhZ2KJeLWvMja2BDXrtL3kqU.roa
Signing time:             Tue 02 Jan 2024 12:35:07 +0000
ROA not before:           Tue 02 Jan 2024 12:35:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25301
IP address blocks:        212.94.128.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/75339a-5997-4a93-9ad6-65963777ba0a/1/EG_IeHSRKxgTrEKSRXq93AGOm0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/75339a-5997-4a93-9ad6-65963777ba0a/1/EG_IeHSRKxgTrEKSRXq93AGOm0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EG_IeHSRKxgTrEKSRXq93AGOm0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:a4:f6:46:fa:a6:a4:09:eb:17:a5:1f:5e:60:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=106fc87874912b1813ac4292457abddc018e9b45
        Validity
            Not Before: Jan  2 12:35:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39098e859d8a25e2d6bcc8dad810d7aed2f792a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:da:38:ff:b3:a8:11:76:32:42:21:d0:2f:06:
                    9e:fa:7b:62:22:ab:00:d1:14:aa:d2:31:b3:b6:50:
                    f5:5e:ff:a5:72:f6:40:d5:f1:8a:fc:99:5a:f7:6c:
                    00:26:a1:46:68:1b:75:f1:9c:3c:8b:76:3f:8e:0c:
                    01:9e:e7:54:84:5f:f9:3f:47:76:18:bf:06:70:1f:
                    4a:c1:9b:a1:ff:98:77:5f:69:38:9f:5d:e1:8a:43:
                    e3:e2:c6:7b:cb:87:4e:f2:8c:b8:f5:66:17:1e:08:
                    23:28:70:66:d2:04:c0:17:a4:52:a1:14:7c:37:4e:
                    19:87:55:40:24:1a:e3:e6:7a:7a:46:5b:21:fe:e0:
                    58:67:2a:97:94:83:9c:91:e2:58:1b:ba:45:d3:41:
                    e1:4a:c5:e6:1a:a7:41:e8:9f:36:d3:1a:dc:49:b4:
                    02:0b:b0:87:8b:a3:0c:47:04:55:dc:b3:08:bb:a7:
                    32:d8:88:23:79:4a:4a:f8:77:ea:ee:7c:c1:92:6a:
                    4e:9a:44:98:46:b0:6b:52:b4:ef:7d:27:22:21:69:
                    c0:11:7a:fb:e4:6f:8b:29:fb:1a:b4:5b:84:7a:60:
                    d3:b5:3e:fb:32:2c:54:b7:8e:6a:88:65:f3:19:18:
                    7a:a5:32:27:70:ce:cf:94:9c:cf:5f:d1:02:34:e3:
                    85:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:09:8E:85:9D:8A:25:E2:D6:BC:C8:DA:D8:10:D7:AE:D2:F7:92:A5
            X509v3 Authority Key Identifier:
                keyid:10:6F:C8:78:74:91:2B:18:13:AC:42:92:45:7A:BD:DC:01:8E:9B:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EG_IeHSRKxgTrEKSRXq93AGOm0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/75339a-5997-4a93-9ad6-65963777ba0a/1/OQmOhZ2KJeLWvMja2BDXrtL3kqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/75339a-5997-4a93-9ad6-65963777ba0a/1/EG_IeHSRKxgTrEKSRXq93AGOm0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.94.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         3a:a3:00:ca:f5:c3:de:1c:55:59:c1:8d:16:e2:60:51:88:46:
         07:fa:40:22:7a:bd:67:6b:f9:04:54:31:04:43:87:e8:08:a2:
         1c:18:ef:e9:60:22:85:a9:03:3c:6a:5c:ec:92:d8:d8:a3:5d:
         f1:af:19:e4:ac:42:95:c1:8e:99:b5:14:89:63:0f:f8:6a:21:
         a6:10:f1:a1:f7:e4:3b:25:ef:24:e5:87:38:8e:23:be:a4:a5:
         af:59:5f:f3:79:00:69:73:ec:d2:4e:b9:3b:9f:3e:a9:bf:15:
         8e:73:79:c4:08:51:20:13:1c:d2:7d:0f:73:a2:8e:9b:ad:f5:
         85:00:da:3d:1a:86:67:c4:a2:bc:f2:15:df:c4:d7:a6:d1:28:
         a3:8a:6a:7f:ff:b8:7f:39:84:f7:7e:72:fb:d4:62:82:a9:34:
         1d:e4:97:2b:6b:91:61:8b:05:95:74:98:df:cb:3a:1c:59:44:
         27:37:f4:b4:25:c2:83:bf:71:09:9d:d0:a3:65:85:4a:d9:90:
         10:57:1c:b6:79:bb:45:d6:57:37:24:df:0b:c1:63:56:a3:82:
         90:9b:28:5a:ca:46:50:9d:2d:59:02:ba:7b:2b:11:0a:48:9b:
         3f:9d:5f:f6:15:18:cd:0d:08:25:4f:c1:df:ab:62:07:e5:d3:
         80:03:54:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK6T2RvqmpAnrF6UfXmAHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNmZjODc4NzQ5MTJiMTgxM2FjNDI5MjQ1N2FiZGRjMDE4
ZTliNDUwHhcNMjQwMTAyMTIzNTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTA5OGU4NTlkOGEyNWUyZDZiY2M4ZGFkODEwZDdhZWQyZjc5MmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldo4/7OoEXYyQiHQLwae+ntiIqsA
0RSq0jGztlD1Xv+lcvZA1fGK/Jla92wAJqFGaBt18Zw8i3Y/jgwBnudUhF/5P0d2
GL8GcB9KwZuh/5h3X2k4n13hikPj4sZ7y4dO8oy49WYXHggjKHBm0gTAF6RSoRR8
N04Zh1VAJBrj5np6Rlsh/uBYZyqXlIOckeJYG7pF00HhSsXmGqdB6J820xrcSbQC
C7CHi6MMRwRV3LMIu6cy2IgjeUpK+Hfq7nzBkmpOmkSYRrBrUrTvfSciIWnAEXr7
5G+LKfsatFuEemDTtT77MixUt45qiGXzGRh6pTIncM7PlJzPX9ECNOOFCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDkJjoWdiiXi1rzI2tgQ167S95KlMB8GA1UdIwQY
MBaAFBBvyHh0kSsYE6xCkkV6vdwBjptFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUdfSWVIU1JLeGdUckVLU1JYcTkzQUdPbTBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi83NTMzOWEtNTk5Ny00YTkzLTlhZDYt
NjU5NjM3NzdiYTBhLzEvT1FtT2haMktKZUxXdk1qYTJCRFhydEwza3FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi83NTMzOWEtNTk5Ny00YTkzLTlhZDYtNjU5NjM3NzdiYTBh
LzEvRUdfSWVIU1JLeGdUckVLU1JYcTkzQUdPbTBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1F6AMA0G
CSqGSIb3DQEBCwUAA4IBAQA6owDK9cPeHFVZwY0W4mBRiEYH+kAier1na/kEVDEE
Q4foCKIcGO/pYCKFqQM8alzsktjYo13xrxnkrEKVwY6ZtRSJYw/4aiGmEPGh9+Q7
Je8k5Yc4jiO+pKWvWV/zeQBpc+zSTrk7nz6pvxWOc3nECFEgExzSfQ9zoo6brfWF
ANo9GoZnxKK88hXfxNem0Sijimp//7h/OYT3fnL71GKCqTQd5Jcra5FhiwWVdJjf
yzocWUQnN/S0JcKDv3EJndCjZYVK2ZAQVxy2ebtF1lc3JN8LwWNWo4KQmyhaykZQ
nS1ZArp7KxEKSJs/nV/2FRjNDQglT8Hfq2IH5dOAA1RE
-----END CERTIFICATE-----