Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/TN33zl_9MCFTSIYGFyxnpxzp5Bo.roa
File:                     TN33zl_9MCFTSIYGFyxnpxzp5Bo.roa (raw, json)
Hash identifier:          nkM2kif1SGgvHNfgUgjjrwGBBe3B6bpjCCIKFIHQXPE=
Subject key identifier:   4C:DD:F7:CE:5F:FD:30:21:53:48:86:06:17:2C:67:A7:1C:E9:E4:1A
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       018EE7BFBB746B9D8A9FEF6D72A1A6CECD38
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/TN33zl_9MCFTSIYGFyxnpxzp5Bo.roa
Signing time:             Tue 16 Apr 2024 16:31:25 +0000
ROA not before:           Tue 16 Apr 2024 16:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9123
IP address blocks:        94.232.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e7:bf:bb:74:6b:9d:8a:9f:ef:6d:72:a1:a6:ce:cd:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Apr 16 16:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cddf7ce5ffd302153488606172c67a71ce9e41a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:3f:02:6b:6e:b0:72:4c:3c:d1:5a:06:42:69:
                    48:99:8f:37:87:08:88:51:c0:99:91:49:77:60:40:
                    4a:b3:40:bd:58:cd:d8:64:82:59:c3:c1:c8:a9:e2:
                    f4:e4:f0:f2:3c:dd:72:22:4d:dc:4b:30:1c:96:9b:
                    d7:12:06:97:48:d1:bd:a6:89:70:ad:aa:07:f7:1d:
                    72:c0:99:ef:96:4d:ff:61:23:99:9f:b8:73:d4:7c:
                    83:13:35:55:a5:8a:12:e8:84:7d:dd:cd:8c:fc:38:
                    02:a0:f5:93:43:44:d3:78:8c:5b:fc:5d:ec:10:b1:
                    94:63:ba:05:d8:b0:e0:88:4b:84:1f:9d:61:65:61:
                    ab:be:f3:61:18:28:4a:9b:d3:4e:07:7a:3c:d7:e2:
                    46:f4:cd:c6:f7:d3:6a:ff:d0:0e:0c:82:15:ef:79:
                    00:bd:8c:3a:5e:cf:7a:71:63:4b:16:bb:47:4f:e8:
                    6e:17:42:f8:a4:d8:01:53:18:14:fc:4c:0d:99:25:
                    a1:85:cd:94:08:83:d6:89:be:eb:f1:7a:f8:41:18:
                    ef:44:de:88:c8:f2:53:a0:c8:40:ee:34:9b:f7:7a:
                    51:29:f7:77:90:75:f4:95:72:ed:f7:e8:9a:f5:36:
                    a6:19:5c:38:d2:63:bd:34:38:2f:1a:00:e8:a0:e4:
                    17:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:DD:F7:CE:5F:FD:30:21:53:48:86:06:17:2C:67:A7:1C:E9:E4:1A
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/TN33zl_9MCFTSIYGFyxnpxzp5Bo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.232.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:50:b9:fe:47:10:2e:cc:a1:24:84:0d:5f:7f:b8:53:48:ce:
         6b:f6:3f:2f:04:72:4e:df:68:6f:7a:40:2f:4d:6c:d3:ca:3c:
         bf:c2:1c:67:c5:3d:ca:d0:9c:f9:9e:0d:f0:8f:9d:9b:28:4f:
         75:af:86:8e:a9:6a:d1:74:0f:50:ed:95:59:fb:9b:9e:75:2b:
         d4:fc:10:b2:93:82:fc:43:96:87:64:e9:20:73:68:00:57:e1:
         33:e7:f4:f3:e7:4b:e0:2d:0d:6b:e0:af:f4:b6:0f:12:cb:db:
         0a:68:b4:25:97:7a:54:a4:e0:e5:f1:fe:a4:e7:d5:4a:ba:59:
         a7:b4:aa:50:95:0b:8a:f4:4e:bb:72:64:1f:b0:25:56:6c:6a:
         79:35:04:e3:45:d0:86:91:31:6e:cd:f2:41:69:64:fe:69:e1:
         0f:7a:97:1a:95:85:57:4a:e9:d6:21:96:d3:20:f2:fc:09:8d:
         36:ab:07:2d:9b:0d:bc:1c:c1:71:ec:d1:c6:82:a0:5d:87:26:
         73:0c:a3:87:b5:60:6f:11:c6:cb:99:11:8c:9b:ca:69:34:bb:
         6f:9f:49:8e:bd:e6:df:b5:89:86:62:d4:92:c4:24:b8:99:63:
         8d:8d:13:fd:43:3a:0a:b2:3a:66:c2:dc:52:75:3d:aa:4b:cc:
         59:ee:b1:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7nv7t0a52Kn+9tcqGmzs04MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjQwNDE2MTYzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2RkZjdjZTVmZmQzMDIxNTM0ODg2MDYxNzJjNjdhNzFjZTllNDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlj8Ca26wckw80VoGQmlImY83hwiI
UcCZkUl3YEBKs0C9WM3YZIJZw8HIqeL05PDyPN1yIk3cSzAclpvXEgaXSNG9polw
raoH9x1ywJnvlk3/YSOZn7hz1HyDEzVVpYoS6IR93c2M/DgCoPWTQ0TTeIxb/F3s
ELGUY7oF2LDgiEuEH51hZWGrvvNhGChKm9NOB3o81+JG9M3G99Nq/9AODIIV73kA
vYw6Xs96cWNLFrtHT+huF0L4pNgBUxgU/EwNmSWhhc2UCIPWib7r8Xr4QRjvRN6I
yPJToMhA7jSb93pRKfd3kHX0lXLt9+ia9TamGVw40mO9NDgvGgDooOQXKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEzd985f/TAhU0iGBhcsZ6cc6eQaMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvVE4zM3psXzlNQ0ZUU0lZR0Z5eG5weHpwNUJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXuj5MA0G
CSqGSIb3DQEBCwUAA4IBAQCFULn+RxAuzKEkhA1ff7hTSM5r9j8vBHJO32hvekAv
TWzTyjy/whxnxT3K0Jz5ng3wj52bKE91r4aOqWrRdA9Q7ZVZ+5uedSvU/BCyk4L8
Q5aHZOkgc2gAV+Ez5/Tz50vgLQ1r4K/0tg8Sy9sKaLQll3pUpODl8f6k59VKulmn
tKpQlQuK9E67cmQfsCVWbGp5NQTjRdCGkTFuzfJBaWT+aeEPepcalYVXSunWIZbT
IPL8CY02qwctmw28HMFx7NHGgqBdhyZzDKOHtWBvEcbLmRGMm8ppNLtvn0mOvebf
tYmGYtSSxCS4mWONjRP9QzoKsjpmwtxSdT2qS8xZ7rGK
-----END CERTIFICATE-----