Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/NE0WcAfrm3AM0n_95V8TnkNIjoo.roa
File:                     NE0WcAfrm3AM0n_95V8TnkNIjoo.roa (raw, json)
Hash identifier:          oyngUFK0MUVw4Hw/iJMJwYVrpWdijuhgrFx7ZId5pc8=
Subject key identifier:   34:4D:16:70:07:EB:9B:70:0C:D2:7F:FD:E5:5F:13:9E:43:48:8E:8A
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       019427B684D0AA457D097C5F099DA87D57A6
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/NE0WcAfrm3AM0n_95V8TnkNIjoo.roa
Signing time:             Thu 02 Jan 2025 15:51:00 +0000
ROA not before:           Thu 02 Jan 2025 15:51:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214767
IP address blocks:        194.140.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:84:d0:aa:45:7d:09:7c:5f:09:9d:a8:7d:57:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Jan  2 15:51:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=344d167007eb9b700cd27ffde55f139e43488e8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:71:ad:ea:a3:17:a1:59:52:55:b2:4a:ee:e0:
                    c8:e6:f3:10:d8:96:ae:37:c7:57:e6:09:f5:d2:41:
                    79:01:de:2e:ea:1d:9a:d6:fb:5f:fa:7f:33:98:f8:
                    6c:32:75:32:1f:01:c2:99:96:52:8e:a4:04:61:cb:
                    6f:a6:69:84:97:cb:96:da:3a:84:1c:5f:b2:64:9c:
                    c2:d6:9f:89:4c:8f:0f:1c:8c:31:79:29:58:13:36:
                    b2:df:fb:b2:d5:45:05:11:cc:cd:78:5a:83:c6:6b:
                    ee:19:47:7e:7e:46:d2:b1:4e:74:04:4b:48:21:b8:
                    d3:77:34:45:2a:93:da:94:5b:c3:79:e7:bd:2b:12:
                    b3:9a:1a:e6:81:09:23:f1:46:1c:6c:92:bb:f7:ae:
                    57:d2:e0:4b:1d:69:2d:f2:88:e1:5c:30:45:3f:0e:
                    4b:d4:18:b8:14:44:3e:88:74:15:ab:17:08:c0:3a:
                    dd:77:de:cc:51:7b:46:66:a1:13:56:43:49:d3:a0:
                    e0:36:27:37:c2:9a:09:1c:f9:be:62:7b:02:21:89:
                    53:79:e6:9d:21:0d:2e:00:06:0e:94:a9:d3:03:6c:
                    ec:46:9f:ec:fd:81:8b:a7:41:d5:99:8c:fd:b2:53:
                    da:3b:96:dd:7f:3c:0b:36:21:76:66:82:08:82:de:
                    1b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:4D:16:70:07:EB:9B:70:0C:D2:7F:FD:E5:5F:13:9E:43:48:8E:8A
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/NE0WcAfrm3AM0n_95V8TnkNIjoo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.140.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:57:78:a3:3b:44:55:1f:38:05:f2:e3:8e:0a:8c:f8:b6:a4:
         f4:f0:c3:c0:9a:5a:ac:b3:50:5a:c7:9b:4c:e5:6a:e9:ce:ae:
         d6:17:60:ce:91:ef:7b:d6:db:c7:8a:bd:f6:92:f4:91:f6:8f:
         b9:7c:96:3f:53:82:d7:58:2d:7a:64:cb:47:64:26:7b:70:ff:
         66:7b:32:d7:e2:85:31:a1:25:26:e8:9f:19:75:9e:01:84:5f:
         97:d2:2f:28:09:19:0f:fe:2b:9d:92:b0:0d:19:02:8a:d3:a7:
         46:a1:74:fc:59:49:5a:77:40:07:e1:2d:69:63:ca:42:71:d7:
         ae:40:8d:a7:db:a4:75:ee:30:0e:38:56:6f:71:e0:7d:23:e5:
         e3:8b:8f:1e:34:fa:76:c6:39:68:97:4e:4e:68:d6:bc:26:71:
         53:6d:6c:f7:01:c4:69:80:8c:27:e3:5e:90:42:87:ab:c4:d9:
         12:86:be:ce:6f:7c:9a:f4:9a:c5:15:16:7c:4a:fc:48:e8:21:
         cd:96:dc:1e:1a:80:64:55:79:e5:99:8d:57:62:db:42:09:8d:
         81:3e:5d:c2:1c:4c:a2:98:97:86:0a:10:95:b4:d8:da:13:f6:
         25:5d:31:3c:e6:52:ee:fb:15:a4:5e:31:18:3f:f4:9f:2d:37:
         8d:0c:26:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntoTQqkV9CXxfCZ2ofVemMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjUwMTAyMTU1MTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDRkMTY3MDA3ZWI5YjcwMGNkMjdmZmRlNTVmMTM5ZTQzNDg4ZThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2HGt6qMXoVlSVbJK7uDI5vMQ2Jau
N8dX5gn10kF5Ad4u6h2a1vtf+n8zmPhsMnUyHwHCmZZSjqQEYctvpmmEl8uW2jqE
HF+yZJzC1p+JTI8PHIwxeSlYEzay3/uy1UUFEczNeFqDxmvuGUd+fkbSsU50BEtI
IbjTdzRFKpPalFvDeee9KxKzmhrmgQkj8UYcbJK7965X0uBLHWkt8ojhXDBFPw5L
1Bi4FEQ+iHQVqxcIwDrdd97MUXtGZqETVkNJ06DgNic3wpoJHPm+YnsCIYlTeead
IQ0uAAYOlKnTA2zsRp/s/YGLp0HVmYz9slPaO5bdfzwLNiF2ZoIIgt4bEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDRNFnAH65twDNJ//eVfE55DSI6KMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvTkUwV2NBZnJtM0FNMG5fOTVWOFRua05Jam9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwozkMA0G
CSqGSIb3DQEBCwUAA4IBAQC0V3ijO0RVHzgF8uOOCoz4tqT08MPAmlqss1Bax5tM
5Wrpzq7WF2DOke971tvHir32kvSR9o+5fJY/U4LXWC16ZMtHZCZ7cP9mezLX4oUx
oSUm6J8ZdZ4BhF+X0i8oCRkP/iudkrANGQKK06dGoXT8WUlad0AH4S1pY8pCcdeu
QI2n26R17jAOOFZvceB9I+Xji48eNPp2xjlol05OaNa8JnFTbWz3AcRpgIwn416Q
QoerxNkShr7Ob3ya9JrFFRZ8SvxI6CHNltweGoBkVXnlmY1XYttCCY2BPl3CHEyi
mJeGChCVtNjaE/YlXTE85lLu+xWkXjEYP/SfLTeNDCaa
-----END CERTIFICATE-----