Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/l2U4nOdo5Kw9LfRjjiZy3TleawA.roa
File:                     l2U4nOdo5Kw9LfRjjiZy3TleawA.roa (raw, json)
Hash identifier:          ar/90vxlN9s3UA5MxmcqSTYjiO4owUwJU6FbobPHz2M=
Subject key identifier:   97:65:38:9C:E7:68:E4:AC:3D:2D:F4:63:8E:26:72:DD:39:5E:6B:00
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019649A93E59D124249C2A5FCF4662E3E264
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/l2U4nOdo5Kw9LfRjjiZy3TleawA.roa
Signing time:             Fri 18 Apr 2025 16:09:10 +0000
ROA not before:           Fri 18 Apr 2025 16:09:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212384
IP address blocks:        94.229.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 May 2025 19:27:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:49:a9:3e:59:d1:24:24:9c:2a:5f:cf:46:62:e3:e2:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Apr 18 16:09:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9765389ce768e4ac3d2df4638e2672dd395e6b00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:b0:9a:8b:38:e9:40:1f:9e:e2:a0:2e:a7:eb:
                    cd:35:0f:db:26:c8:b4:a9:ee:06:85:a3:d4:c7:37:
                    57:4e:59:9b:e0:6e:40:ea:7d:d3:c9:1b:9a:39:b0:
                    7e:44:4b:60:c7:e3:b8:ad:31:01:59:e9:a2:bb:4b:
                    27:8e:fc:4b:60:07:ab:22:4e:60:e9:4f:1b:30:6c:
                    a1:5a:7c:a6:79:fb:34:ec:59:2f:56:ef:0a:4b:63:
                    fc:d5:87:8e:0b:ac:16:2c:3e:cf:2f:8b:df:02:a6:
                    5f:64:ce:07:18:66:27:83:4b:eb:3c:17:3f:c5:aa:
                    4d:a3:4d:9d:4e:b3:4b:db:0d:09:2c:62:92:0f:81:
                    3b:0a:ce:05:36:11:25:c7:99:cb:c8:5a:4d:2a:4f:
                    62:41:79:6d:ae:0d:0b:99:22:97:b5:8a:cf:d2:27:
                    cb:bc:a1:0e:fb:90:8e:64:38:82:e4:cb:fa:15:7a:
                    6c:f7:7e:29:c0:8f:73:cc:46:5e:b5:2b:7a:cb:28:
                    57:cb:af:4c:40:dd:77:3c:31:98:e8:4b:29:03:85:
                    b7:a1:87:a2:15:02:30:87:e2:cf:54:27:e6:20:6f:
                    fc:18:5d:0d:a4:f2:97:50:54:5e:a0:57:5a:d8:38:
                    f5:52:1f:33:59:fb:f9:cc:8a:85:2f:d0:1e:e0:46:
                    2c:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:65:38:9C:E7:68:E4:AC:3D:2D:F4:63:8E:26:72:DD:39:5E:6B:00
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/l2U4nOdo5Kw9LfRjjiZy3TleawA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.229.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:f2:24:4b:f4:53:bc:aa:8a:9d:87:b4:0c:d1:7b:61:95:cd:
         8c:2d:82:33:62:72:bf:7c:81:c7:22:24:ea:87:1e:04:e1:41:
         da:b9:c0:4b:37:02:0b:8f:f3:d9:6a:7a:73:eb:ed:12:8e:ba:
         50:5f:9f:3a:74:c9:47:4e:c3:d7:05:6b:8b:23:09:25:a3:86:
         3a:b9:6d:6a:bb:d6:7b:69:ef:84:0f:d2:2a:e2:0a:d2:65:4e:
         f4:d6:1f:12:ae:59:d0:9c:ea:e7:6b:26:bd:11:bf:b3:3a:c0:
         8f:2d:3d:8e:1a:f9:fe:fd:55:3c:3d:01:da:9a:f5:ff:a9:a7:
         fc:7c:fa:b6:b1:75:9a:93:fe:d1:94:31:2c:cd:97:21:25:40:
         8f:ba:d5:f1:eb:11:9e:7e:9c:07:4c:be:11:ca:d9:21:e0:5d:
         1d:6b:b6:7a:8e:0c:a3:2d:96:16:b8:44:66:13:39:5f:f8:0a:
         94:72:5d:4b:6e:11:5d:89:6a:fd:d8:38:e5:7f:55:56:5e:f7:
         01:2c:78:4d:c5:c1:8b:05:80:67:83:9c:19:4f:a0:fa:5e:33:
         20:b5:23:d5:1e:9f:7a:48:b4:65:ec:28:bd:ff:ce:c9:6a:c7:
         49:32:41:c0:f9:95:0e:89:33:01:5c:82:e3:00:56:02:c0:e0:
         aa:21:92:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZJqT5Z0SQknCpfz0Zi4+JkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwNDE4MTYwOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzY1Mzg5Y2U3NjhlNGFjM2QyZGY0NjM4ZTI2NzJkZDM5NWU2YjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+LCaizjpQB+e4qAup+vNNQ/bJsi0
qe4GhaPUxzdXTlmb4G5A6n3TyRuaObB+REtgx+O4rTEBWemiu0snjvxLYAerIk5g
6U8bMGyhWnymefs07FkvVu8KS2P81YeOC6wWLD7PL4vfAqZfZM4HGGYng0vrPBc/
xapNo02dTrNL2w0JLGKSD4E7Cs4FNhElx5nLyFpNKk9iQXltrg0LmSKXtYrP0ifL
vKEO+5COZDiC5Mv6FXps934pwI9zzEZetSt6yyhXy69MQN13PDGY6EspA4W3oYei
FQIwh+LPVCfmIG/8GF0NpPKXUFReoFda2Dj1Uh8zWfv5zIqFL9Ae4EYs+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJdlOJznaOSsPS30Y44mct05XmsAMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvbDJVNG5PZG81S3c5TGZSamppWnkzVGxlYXdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXuXSMA0G
CSqGSIb3DQEBCwUAA4IBAQBS8iRL9FO8qoqdh7QM0Xthlc2MLYIzYnK/fIHHIiTq
hx4E4UHaucBLNwILj/PZanpz6+0SjrpQX586dMlHTsPXBWuLIwklo4Y6uW1qu9Z7
ae+ED9Iq4grSZU701h8SrlnQnOrnaya9Eb+zOsCPLT2OGvn+/VU8PQHamvX/qaf8
fPq2sXWak/7RlDEszZchJUCPutXx6xGefpwHTL4Rytkh4F0da7Z6jgyjLZYWuERm
Ezlf+AqUcl1LbhFdiWr92Djlf1VWXvcBLHhNxcGLBYBng5wZT6D6XjMgtSPVHp96
SLRl7Ci9/87JasdJMkHA+ZUOiTMBXILjAFYCwOCqIZL5
-----END CERTIFICATE-----