Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/euzuAPfeJuv2-cm-rKuGKDxPe8I.roa
File:                     euzuAPfeJuv2-cm-rKuGKDxPe8I.roa (raw, json)
Hash identifier:          96LpiX/MLfmTkOgA68PX4zJcqAm4CD3qIp5sMcLFqNU=
Subject key identifier:   7A:EC:EE:00:F7:DE:26:EB:F6:F9:C9:BE:AC:AB:86:28:3C:4F:7B:C2
Certificate issuer:       /CN=099a1f2dbf7b7a84ae57b8d67426b7e4e420fab5
Certificate serial:       019427484812D04D72E3B33922E25CA906D6
Authority key identifier: 09:9A:1F:2D:BF:7B:7A:84:AE:57:B8:D6:74:26:B7:E4:E4:20:FA:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CZofLb97eoSuV7jWdCa35OQg-rU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/euzuAPfeJuv2-cm-rKuGKDxPe8I.roa
Signing time:             Thu 02 Jan 2025 13:50:35 +0000
ROA not before:           Thu 02 Jan 2025 13:50:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        94.237.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/CZofLb97eoSuV7jWdCa35OQg-rU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/CZofLb97eoSuV7jWdCa35OQg-rU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CZofLb97eoSuV7jWdCa35OQg-rU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 16:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:48:12:d0:4d:72:e3:b3:39:22:e2:5c:a9:06:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=099a1f2dbf7b7a84ae57b8d67426b7e4e420fab5
        Validity
            Not Before: Jan  2 13:50:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7aecee00f7de26ebf6f9c9beacab86283c4f7bc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:16:37:1e:03:b0:b2:a9:d3:26:bd:0d:75:c6:
                    07:0b:bf:b4:a2:da:25:a0:a9:dd:1f:8a:8c:30:dd:
                    96:e8:2a:0d:b0:fa:0a:97:86:62:8c:d0:ff:ab:38:
                    0e:ef:82:fc:77:24:96:35:3c:81:2b:80:05:07:53:
                    c0:67:c9:27:42:65:85:13:c0:af:de:b2:43:b9:d6:
                    e9:8a:4f:27:07:70:7b:b2:4e:89:b8:f2:bf:1b:ec:
                    7f:8a:e2:28:1a:43:e5:48:aa:02:4e:98:40:5b:fd:
                    fb:0d:93:b5:91:fc:be:93:fb:24:d0:4d:a9:bc:00:
                    73:e1:52:63:fc:0a:01:cc:12:e6:5d:c7:ea:3c:2f:
                    c0:9a:20:18:dd:ff:f4:a2:a8:70:7a:ed:fb:b1:00:
                    7b:6a:28:71:ff:58:d2:4d:a0:6d:9d:bb:1a:f9:e7:
                    70:7a:42:b9:ca:bb:d6:61:09:f7:b8:66:6e:9a:96:
                    9e:c9:f3:a3:6d:ca:8c:e1:07:4d:3f:1f:ea:94:4c:
                    68:12:0d:fb:8f:fe:17:88:d7:2f:e2:67:97:3c:ff:
                    95:94:14:76:6d:d4:f5:b0:1a:5d:14:1c:8d:49:8f:
                    a8:c8:f3:ff:ab:43:17:c0:3d:4e:ed:51:8a:29:86:
                    13:9a:25:4e:51:0a:fa:cf:8c:dc:6b:c5:4e:4a:c7:
                    36:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:EC:EE:00:F7:DE:26:EB:F6:F9:C9:BE:AC:AB:86:28:3C:4F:7B:C2
            X509v3 Authority Key Identifier:
                keyid:09:9A:1F:2D:BF:7B:7A:84:AE:57:B8:D6:74:26:B7:E4:E4:20:FA:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CZofLb97eoSuV7jWdCa35OQg-rU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/euzuAPfeJuv2-cm-rKuGKDxPe8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/CZofLb97eoSuV7jWdCa35OQg-rU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.237.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:80:30:ed:4a:f0:8b:57:d3:c0:d6:41:f0:33:8f:b6:1d:00:
         cd:92:4c:c1:55:f4:1f:8d:e0:15:76:24:d8:2b:72:dd:3a:54:
         48:67:f6:78:c1:b4:ef:fd:b0:64:52:13:60:37:e0:8e:4f:3e:
         50:9c:f8:ea:64:0e:55:37:8d:3c:ee:09:76:db:ed:24:06:9c:
         2f:eb:b4:51:bb:a9:df:8f:80:01:18:ae:e3:f2:4f:70:ce:8c:
         ef:b7:12:58:ee:18:c7:85:16:aa:13:55:a3:7c:59:9f:8f:cc:
         a4:b9:82:99:2a:9e:21:fc:69:16:ca:01:c6:72:e5:3b:c4:eb:
         9a:c0:72:27:f8:a5:e4:26:28:15:99:59:bb:84:45:d2:b0:f7:
         1c:d1:95:2f:22:19:33:07:c8:76:bf:7b:a1:eb:ac:ee:7f:63:
         e5:9a:57:6c:27:4b:6a:7a:0d:eb:57:20:b5:de:27:b0:37:b1:
         a8:70:f9:80:3c:50:7e:00:f1:45:c1:e3:7c:ff:3a:60:0d:35:
         45:f5:02:18:92:26:06:57:bd:ca:cc:cb:22:41:92:fb:97:5d:
         b9:55:1c:11:de:1d:d3:3c:bc:dd:03:10:1c:70:3b:f8:67:f0:
         fe:25:62:2a:6c:09:ae:97:70:cf:e7:6a:90:b3:27:c7:97:7f:
         d5:19:b9:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSEgS0E1y47M5IuJcqQbWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OWExZjJkYmY3YjdhODRhZTU3YjhkNjc0MjZiN2U0ZTQy
MGZhYjUwHhcNMjUwMTAyMTM1MDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWVjZWUwMGY3ZGUyNmViZjZmOWM5YmVhY2FiODYyODNjNGY3YmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9BY3HgOwsqnTJr0NdcYHC7+0otol
oKndH4qMMN2W6CoNsPoKl4ZijND/qzgO74L8dySWNTyBK4AFB1PAZ8knQmWFE8Cv
3rJDudbpik8nB3B7sk6JuPK/G+x/iuIoGkPlSKoCTphAW/37DZO1kfy+k/sk0E2p
vABz4VJj/AoBzBLmXcfqPC/AmiAY3f/0oqhweu37sQB7aihx/1jSTaBtnbsa+edw
ekK5yrvWYQn3uGZumpaeyfOjbcqM4QdNPx/qlExoEg37j/4XiNcv4meXPP+VlBR2
bdT1sBpdFByNSY+oyPP/q0MXwD1O7VGKKYYTmiVOUQr6z4zca8VOSsc2nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHrs7gD33ibr9vnJvqyrhig8T3vCMB8GA1UdIwQY
MBaAFAmaHy2/e3qErle41nQmt+TkIPq1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1pvZkxiOTdlb1N1VjdqV2RDYTM1T1FnLXJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9kNDJhYmItMzM0Mi00ODg3LWFmNDAt
OWNkNjhmMjIxZTIxLzEvZXV6dUFQZmVKdXYyLWNtLXJLdUdLRHhQZThJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9kNDJhYmItMzM0Mi00ODg3LWFmNDAtOWNkNjhmMjIxZTIx
LzEvQ1pvZkxiOTdlb1N1VjdqV2RDYTM1T1FnLXJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXu1/MA0G
CSqGSIb3DQEBCwUAA4IBAQBdgDDtSvCLV9PA1kHwM4+2HQDNkkzBVfQfjeAVdiTY
K3LdOlRIZ/Z4wbTv/bBkUhNgN+COTz5QnPjqZA5VN4087gl22+0kBpwv67RRu6nf
j4ABGK7j8k9wzozvtxJY7hjHhRaqE1WjfFmfj8ykuYKZKp4h/GkWygHGcuU7xOua
wHIn+KXkJigVmVm7hEXSsPcc0ZUvIhkzB8h2v3uh66zuf2PlmldsJ0tqeg3rVyC1
3iewN7GocPmAPFB+APFFweN8/zpgDTVF9QIYkiYGV73KzMsiQZL7l125VRwR3h3T
PLzdAxAccDv4Z/D+JWIqbAmul3DP52qQsyfHl3/VGbmG
-----END CERTIFICATE-----