Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/815590-951c-4c1f-8697-c3694088f34a/1/Ac1ugy5pnxQTho_tMsEZtU1OyDo.roa
File:                     Ac1ugy5pnxQTho_tMsEZtU1OyDo.roa (raw, json)
Hash identifier:          5K4+0JPB6c12K3m2YVu9MeqO2E6TstHes1Fo5mTfLoQ=
Subject key identifier:   01:CD:6E:83:2E:69:9F:14:13:86:8F:ED:32:C1:19:B5:4D:4E:C8:3A
Certificate issuer:       /CN=f20bf46303ff54a505f533c554251923e41f5926
Certificate serial:       018CC26D19EE1F450EC138276C2E672F4BBC
Authority key identifier: F2:0B:F4:63:03:FF:54:A5:05:F5:33:C5:54:25:19:23:E4:1F:59:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8gv0YwP_VKUF9TPFVCUZI-QfWSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/815590-951c-4c1f-8697-c3694088f34a/1/Ac1ugy5pnxQTho_tMsEZtU1OyDo.roa
Signing time:             Mon 01 Jan 2024 00:29:39 +0000
ROA not before:           Mon 01 Jan 2024 00:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6696
IP address blocks:        94.139.36.0/23 maxlen: 24
                          2a13:ac40::/29 maxlen: 56

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/815590-951c-4c1f-8697-c3694088f34a/1/8gv0YwP_VKUF9TPFVCUZI-QfWSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/815590-951c-4c1f-8697-c3694088f34a/1/8gv0YwP_VKUF9TPFVCUZI-QfWSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8gv0YwP_VKUF9TPFVCUZI-QfWSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:02:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:19:ee:1f:45:0e:c1:38:27:6c:2e:67:2f:4b:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f20bf46303ff54a505f533c554251923e41f5926
        Validity
            Not Before: Jan  1 00:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01cd6e832e699f1413868fed32c119b54d4ec83a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:56:bf:71:41:4b:86:22:14:47:f7:58:67:e4:
                    96:0f:c1:a8:ae:53:13:f2:8e:e7:cb:c3:4c:33:ce:
                    35:4d:23:26:b5:20:6e:57:5a:85:d6:6d:1d:09:b1:
                    24:02:c2:34:4c:4c:07:ee:f0:63:cb:a9:f1:c3:64:
                    f0:d1:c9:14:1d:94:c1:e8:7f:cc:27:c9:88:ec:bf:
                    7d:e7:4d:0e:e9:1f:bd:ce:f9:ca:84:00:15:a8:06:
                    14:5b:7b:7e:05:08:5e:a7:b3:36:4d:e7:29:68:39:
                    08:b4:11:ba:54:f9:d9:4f:bf:21:fe:22:94:ec:e4:
                    78:4b:31:15:e9:f2:bd:60:ff:01:e4:c7:f5:6b:84:
                    aa:93:91:0b:09:43:40:12:30:7b:a8:b1:20:88:40:
                    9e:31:7d:43:07:e7:b1:68:4e:85:21:89:6c:6b:6a:
                    1b:18:f7:0f:22:8e:f1:da:33:f6:c8:0d:6a:8f:3b:
                    a0:06:45:20:08:29:c7:14:eb:f2:34:3f:e9:4a:3e:
                    2a:fe:00:f9:34:f4:56:a7:a6:a5:ec:c2:f9:a2:9c:
                    9e:ef:c5:37:c1:f0:7e:4b:d9:eb:4e:c7:02:59:d4:
                    f7:c2:b6:c6:8c:44:64:32:7d:ae:cb:ba:ec:a4:de:
                    39:da:24:32:60:ed:b4:9e:57:a4:d2:e6:92:aa:4b:
                    a9:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:CD:6E:83:2E:69:9F:14:13:86:8F:ED:32:C1:19:B5:4D:4E:C8:3A
            X509v3 Authority Key Identifier:
                keyid:F2:0B:F4:63:03:FF:54:A5:05:F5:33:C5:54:25:19:23:E4:1F:59:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8gv0YwP_VKUF9TPFVCUZI-QfWSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/815590-951c-4c1f-8697-c3694088f34a/1/Ac1ugy5pnxQTho_tMsEZtU1OyDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/815590-951c-4c1f-8697-c3694088f34a/1/8gv0YwP_VKUF9TPFVCUZI-QfWSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.139.36.0/23
                IPv6:
                  2a13:ac40::/29

    Signature Algorithm: sha256WithRSAEncryption
         95:4d:67:11:2b:62:12:2c:b2:29:af:70:aa:aa:aa:6c:08:3a:
         93:5c:0c:6b:34:ad:b5:3b:a8:7f:4f:2a:5f:20:7b:41:17:5d:
         28:9c:68:c6:34:c1:2d:e7:87:c2:23:7f:dd:e6:e5:1c:f4:c6:
         9b:3d:51:d2:38:83:ea:93:9b:38:d1:4b:c3:64:e3:6f:1f:af:
         51:d5:d4:f1:2f:66:06:77:11:83:ce:d3:2e:dc:2f:0b:57:21:
         08:5f:72:e2:b4:b8:86:bb:82:1b:87:42:c3:a8:53:e5:cc:17:
         7b:e4:fd:7f:22:ab:2b:c7:fa:98:f6:23:10:7e:4c:ca:ed:b7:
         22:60:b4:b2:36:8a:70:96:94:c9:a1:f1:da:a7:1d:de:a5:23:
         e3:e3:b6:26:90:43:5b:c6:ee:01:8b:3d:ed:93:e4:4a:12:7b:
         4a:be:68:f7:c2:f5:70:4a:07:f1:63:ec:8e:c8:5d:2c:4c:ba:
         58:9e:89:fe:a3:11:c0:ee:41:34:32:2b:fe:a9:77:d8:d5:15:
         d9:dc:6c:af:2d:bc:3e:64:53:4a:df:cf:39:44:6c:09:b8:0c:
         7f:d1:2d:cc:f3:46:c1:58:70:d1:62:a8:b4:90:34:e7:05:4d:
         fb:54:20:05:68:9f:00:af:51:21:9c:b5:d7:e5:db:f4:37:f5:
         a1:bc:b1:5e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbRnuH0UOwTgnbC5nL0u8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMGJmNDYzMDNmZjU0YTUwNWY1MzNjNTU0MjUxOTIzZTQx
ZjU5MjYwHhcNMjQwMTAxMDAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWNkNmU4MzJlNjk5ZjE0MTM4NjhmZWQzMmMxMTliNTRkNGVjODNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1a/cUFLhiIUR/dYZ+SWD8GorlMT
8o7ny8NMM841TSMmtSBuV1qF1m0dCbEkAsI0TEwH7vBjy6nxw2Tw0ckUHZTB6H/M
J8mI7L99500O6R+9zvnKhAAVqAYUW3t+BQhep7M2TecpaDkItBG6VPnZT78h/iKU
7OR4SzEV6fK9YP8B5Mf1a4Sqk5ELCUNAEjB7qLEgiECeMX1DB+exaE6FIYlsa2ob
GPcPIo7x2jP2yA1qjzugBkUgCCnHFOvyND/pSj4q/gD5NPRWp6al7ML5opye78U3
wfB+S9nrTscCWdT3wrbGjERkMn2uy7rspN452iQyYO20nlek0uaSqkupKQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAHNboMuaZ8UE4aP7TLBGbVNTsg6MB8GA1UdIwQY
MBaAFPIL9GMD/1SlBfUzxVQlGSPkH1kmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGd2MFl3UF9WS1VGOVRQRlZDVVpJLVFmV1NZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS84MTU1OTAtOTUxYy00YzFmLTg2OTct
YzM2OTQwODhmMzRhLzEvQWMxdWd5NXBueFFUaG9fdE1zRVp0VTFPeURvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS84MTU1OTAtOTUxYy00YzFmLTg2OTctYzM2OTQwODhmMzRh
LzEvOGd2MFl3UF9WS1VGOVRQRlZDVVpJLVFmV1NZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBXoskMA0E
AgACMAcDBQMqE6xAMA0GCSqGSIb3DQEBCwUAA4IBAQCVTWcRK2ISLLIpr3Cqqqps
CDqTXAxrNK21O6h/TypfIHtBF10onGjGNMEt54fCI3/d5uUc9MabPVHSOIPqk5s4
0UvDZONvH69R1dTxL2YGdxGDztMu3C8LVyEIX3LitLiGu4Ibh0LDqFPlzBd75P1/
Iqsrx/qY9iMQfkzK7bciYLSyNopwlpTJofHapx3epSPj47YmkENbxu4Biz3tk+RK
EntKvmj3wvVwSgfxY+yOyF0sTLpYnon+oxHA7kE0Miv+qXfY1RXZ3GyvLbw+ZFNK
3885RGwJuAx/0S3M80bBWHDRYqi0kDTnBU37VCAFaJ8Ar1EhnLXX5dv0N/WhvLFe
-----END CERTIFICATE-----