Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/_VlNj39flV6e7mUD_h0GIRu8R4k.roa
File:                     _VlNj39flV6e7mUD_h0GIRu8R4k.roa (raw, json)
Hash identifier:          ZiF+5+DiJ6e9MwZvb23N2+dhXCQCPkmq0IsilXiXZNk=
Subject key identifier:   FD:59:4D:8F:7F:5F:95:5E:9E:EE:65:03:FE:1D:06:21:1B:BC:47:89
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019645AA9AD9B9CCF59BBAA165A28EA11F98
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/_VlNj39flV6e7mUD_h0GIRu8R4k.roa
Signing time:             Thu 17 Apr 2025 21:32:10 +0000
ROA not before:           Thu 17 Apr 2025 21:32:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213893
IP address blocks:        94.249.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:45:aa:9a:d9:b9:cc:f5:9b:ba:a1:65:a2:8e:a1:1f:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr 17 21:32:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd594d8f7f5f955e9eee6503fe1d06211bbc4789
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:a0:d0:7a:ed:35:b7:f7:38:ef:37:9d:ed:2e:
                    42:40:e6:9d:d8:d4:1d:1c:38:87:e8:6e:c5:f0:da:
                    e0:62:8e:28:6f:eb:43:98:0e:d0:f7:0f:9b:2e:4a:
                    df:5e:5a:56:0a:ec:d6:9b:71:58:6a:c1:8a:52:a8:
                    99:79:72:48:3e:f5:1b:6c:dc:c6:13:f8:c0:f8:45:
                    db:98:4f:ad:55:e8:bf:6b:49:23:be:24:dd:85:18:
                    80:b6:1d:96:09:cb:4c:f6:9c:36:73:79:e4:dc:71:
                    a3:d3:ed:fc:00:eb:90:bc:2a:dd:58:eb:4e:d0:8b:
                    7a:d6:64:a4:bc:7b:f5:07:33:af:cd:e2:a1:b4:ba:
                    01:13:d7:65:cb:d5:8b:79:f3:f6:ef:79:c5:45:1c:
                    b1:29:68:d3:5b:4a:a1:aa:28:2e:81:3d:71:6d:76:
                    4d:91:5d:c7:18:b7:6c:c9:a4:f6:c8:13:02:83:1f:
                    54:64:43:f3:fd:39:05:c9:4f:6b:1b:d9:d3:9c:d4:
                    15:5c:11:4a:c0:3b:b7:8c:67:1b:8a:b8:0c:b7:7e:
                    37:b7:eb:70:cd:47:ed:15:02:2f:fd:a0:1d:09:7f:
                    d0:cc:ad:65:56:eb:f1:7e:e2:7b:98:af:ea:8e:e2:
                    9f:e8:72:49:49:f4:8b:6c:01:19:a0:e5:ac:bb:73:
                    ac:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:59:4D:8F:7F:5F:95:5E:9E:EE:65:03:FE:1D:06:21:1B:BC:47:89
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/_VlNj39flV6e7mUD_h0GIRu8R4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.249.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:13:b2:a4:e2:f8:37:31:1b:e0:dc:fa:53:57:9e:a4:23:d4:
         61:3e:8b:4e:62:a0:ba:ea:41:80:bb:c3:36:6c:39:37:c8:41:
         de:be:69:91:9a:a1:b3:19:ae:21:03:6e:84:b8:2b:bb:f9:36:
         c9:3e:54:d6:f9:da:d9:ae:03:ef:ea:2e:32:62:9c:9f:60:d1:
         f4:ac:71:80:d7:8c:e8:c8:e2:2c:6f:34:7e:82:2d:4d:ac:6d:
         42:ad:6a:bc:e6:90:ff:a7:8c:1c:6a:9a:0f:ff:ec:97:e5:44:
         49:64:af:ad:5b:79:50:e9:28:34:09:27:d1:1b:6f:ab:0c:be:
         8a:cd:5b:71:ba:28:61:8b:dd:db:12:45:1b:7a:26:e8:f5:29:
         f9:cd:19:4f:ac:5c:7b:c8:ca:aa:05:d5:db:9c:63:0b:13:6a:
         bf:48:49:24:87:9c:6f:20:5c:d5:f5:b4:6c:3a:c7:8b:db:38:
         fc:42:5c:a5:b1:58:7f:54:6a:fe:2e:bc:56:d5:d0:ee:e3:32:
         d6:91:da:e4:45:69:a5:1a:db:4c:29:bb:ec:ac:cd:d6:14:47:
         6e:86:16:da:15:08:5b:37:83:bb:de:c6:28:80:36:05:9d:a5:
         84:2f:d0:0d:c6:94:cd:36:7c:25:6b:b0:c2:9e:be:37:1b:05:
         bb:1e:19:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZFqprZucz1m7qhZaKOoR+YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNDE3MjEzMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDU5NGQ4ZjdmNWY5NTVlOWVlZTY1MDNmZTFkMDYyMTFiYmM0Nzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3KDQeu01t/c47zed7S5CQOad2NQd
HDiH6G7F8NrgYo4ob+tDmA7Q9w+bLkrfXlpWCuzWm3FYasGKUqiZeXJIPvUbbNzG
E/jA+EXbmE+tVei/a0kjviTdhRiAth2WCctM9pw2c3nk3HGj0+38AOuQvCrdWOtO
0It61mSkvHv1BzOvzeKhtLoBE9dly9WLefP273nFRRyxKWjTW0qhqigugT1xbXZN
kV3HGLdsyaT2yBMCgx9UZEPz/TkFyU9rG9nTnNQVXBFKwDu3jGcbirgMt343t+tw
zUftFQIv/aAdCX/QzK1lVuvxfuJ7mK/qjuKf6HJJSfSLbAEZoOWsu3OszwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1ZTY9/X5Venu5lA/4dBiEbvEeJMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvX1ZsTmozOWZsVjZlN21VRF9oMEdJUnU4UjRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXvnPMA0G
CSqGSIb3DQEBCwUAA4IBAQCYE7Kk4vg3MRvg3PpTV56kI9RhPotOYqC66kGAu8M2
bDk3yEHevmmRmqGzGa4hA26EuCu7+TbJPlTW+drZrgPv6i4yYpyfYNH0rHGA14zo
yOIsbzR+gi1NrG1CrWq85pD/p4wcapoP/+yX5URJZK+tW3lQ6Sg0CSfRG2+rDL6K
zVtxuihhi93bEkUbeibo9Sn5zRlPrFx7yMqqBdXbnGMLE2q/SEkkh5xvIFzV9bRs
OseL2zj8QlylsVh/VGr+LrxW1dDu4zLWkdrkRWmlGttMKbvsrM3WFEduhhbaFQhb
N4O73sYogDYFnaWEL9ANxpTNNnwla7DCnr43GwW7Hhlq
-----END CERTIFICATE-----