Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/dd18d0-d1a2-46d4-8464-c94a8f2e3230/1/FYDxNKC7eVGhTXJyh7DYdQpF13Q.roa
File:                     FYDxNKC7eVGhTXJyh7DYdQpF13Q.roa (raw, json)
Hash identifier:          QGlq0akFOdxYp0jPfxez742IAGFVAdJ6BpKN9aAo6FU=
Subject key identifier:   15:80:F1:34:A0:BB:79:51:A1:4D:72:72:87:B0:D8:75:0A:45:D7:74
Certificate issuer:       /CN=3c4ee9110b85fdde3eb6e4462541babc3236e8ba
Certificate serial:       019427B5F4A0699041552CC033DA638F5B34
Authority key identifier: 3C:4E:E9:11:0B:85:FD:DE:3E:B6:E4:46:25:41:BA:BC:32:36:E8:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PE7pEQuF_d4-tuRGJUG6vDI26Lo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/dd18d0-d1a2-46d4-8464-c94a8f2e3230/1/FYDxNKC7eVGhTXJyh7DYdQpF13Q.roa
Signing time:             Thu 02 Jan 2025 15:50:23 +0000
ROA not before:           Thu 02 Jan 2025 15:50:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8515
IP address blocks:        195.42.160.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/dd18d0-d1a2-46d4-8464-c94a8f2e3230/1/PE7pEQuF_d4-tuRGJUG6vDI26Lo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/dd18d0-d1a2-46d4-8464-c94a8f2e3230/1/PE7pEQuF_d4-tuRGJUG6vDI26Lo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PE7pEQuF_d4-tuRGJUG6vDI26Lo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:f4:a0:69:90:41:55:2c:c0:33:da:63:8f:5b:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c4ee9110b85fdde3eb6e4462541babc3236e8ba
        Validity
            Not Before: Jan  2 15:50:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1580f134a0bb7951a14d727287b0d8750a45d774
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:20:ee:02:c6:19:23:bf:de:d6:94:41:5d:a8:
                    e4:ca:e5:9a:6a:1f:82:6e:6a:77:32:f1:4a:d8:51:
                    ea:52:c3:9e:98:ef:10:6b:e3:73:be:d4:0f:dd:2f:
                    7f:6e:12:4e:c7:9e:ed:5e:4f:5c:dc:e1:75:7e:5f:
                    f7:b8:f3:92:c1:57:6a:75:d6:6c:11:89:be:ae:7d:
                    53:18:99:fa:29:c8:11:60:07:d8:56:26:0e:e6:ad:
                    6a:df:cb:44:c0:9f:ff:24:ee:3e:0c:0d:23:ac:f8:
                    91:40:36:4a:2a:07:32:45:3e:a3:92:39:b1:0b:d1:
                    63:13:cb:e5:01:13:0e:a2:0f:1c:e7:f9:8b:f6:45:
                    07:58:8c:8f:d1:f9:60:38:84:6f:31:17:7a:a4:58:
                    88:e2:ee:b7:f8:c9:3c:52:87:ab:22:dd:6b:b9:b4:
                    db:93:22:f6:d9:81:a7:0b:b2:1d:1b:af:87:07:a1:
                    66:70:bb:d8:e3:f1:f6:b1:40:b5:1c:96:37:9b:e2:
                    8a:b6:03:37:bd:66:0b:cc:cf:9e:15:eb:6c:59:03:
                    47:f1:97:58:1a:80:7e:87:f3:e2:91:2f:79:7c:0f:
                    26:bd:66:92:16:cd:44:87:a6:6b:4c:7a:a6:7f:1d:
                    38:e2:d2:0a:7a:82:c3:03:be:82:20:92:9a:a7:bf:
                    ea:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:80:F1:34:A0:BB:79:51:A1:4D:72:72:87:B0:D8:75:0A:45:D7:74
            X509v3 Authority Key Identifier:
                keyid:3C:4E:E9:11:0B:85:FD:DE:3E:B6:E4:46:25:41:BA:BC:32:36:E8:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7pEQuF_d4-tuRGJUG6vDI26Lo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/dd18d0-d1a2-46d4-8464-c94a8f2e3230/1/FYDxNKC7eVGhTXJyh7DYdQpF13Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/dd18d0-d1a2-46d4-8464-c94a8f2e3230/1/PE7pEQuF_d4-tuRGJUG6vDI26Lo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.42.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         29:dd:95:50:29:fc:39:af:48:7a:eb:7a:f9:23:ae:90:d6:fa:
         cf:02:a5:89:0e:62:75:c3:17:37:64:fb:6b:86:e3:6f:7e:95:
         dc:1a:0f:2f:29:be:af:b8:7a:a3:6d:16:94:d4:3a:5d:9a:14:
         01:26:19:e4:f6:31:65:e2:ba:a0:d6:78:d7:33:bb:94:22:b0:
         e2:d8:d0:82:9d:f7:9b:e0:fc:0f:ec:89:47:5c:3b:b8:87:b4:
         bf:69:c5:70:fa:bb:06:c6:fc:c4:5d:ff:dc:8c:a7:e8:4b:eb:
         63:d8:e8:b5:9a:67:69:01:4f:20:bf:48:4d:c6:70:62:8f:b7:
         19:d5:f3:8b:7e:d1:d1:e0:77:4b:35:95:6c:d3:c4:b5:aa:d3:
         51:50:db:c0:7b:bc:90:4b:64:87:e7:4e:b6:89:f7:1d:30:94:
         61:97:af:22:43:0a:7a:5c:91:86:b4:28:68:bf:2a:cf:04:cb:
         90:1f:2a:14:1b:65:75:0b:78:b1:5c:51:2c:92:34:77:98:0d:
         45:f4:2e:3f:4a:68:fc:dd:53:10:14:b8:11:f0:d7:73:7f:7c:
         2a:2d:d4:92:c0:17:ff:57:7a:91:12:d0:87:98:48:e5:00:a7:
         d0:ca:e2:5e:97:99:a3:3e:b2:d4:72:c8:90:1a:74:e0:1f:aa:
         d8:82:dc:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntfSgaZBBVSzAM9pjj1s0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVlOTExMGI4NWZkZGUzZWI2ZTQ0NjI1NDFiYWJjMzIz
NmU4YmEwHhcNMjUwMTAyMTU1MDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTgwZjEzNGEwYmI3OTUxYTE0ZDcyNzI4N2IwZDg3NTBhNDVkNzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4iDuAsYZI7/e1pRBXajkyuWaah+C
bmp3MvFK2FHqUsOemO8Qa+NzvtQP3S9/bhJOx57tXk9c3OF1fl/3uPOSwVdqddZs
EYm+rn1TGJn6KcgRYAfYViYO5q1q38tEwJ//JO4+DA0jrPiRQDZKKgcyRT6jkjmx
C9FjE8vlARMOog8c5/mL9kUHWIyP0flgOIRvMRd6pFiI4u63+Mk8UoerIt1rubTb
kyL22YGnC7IdG6+HB6FmcLvY4/H2sUC1HJY3m+KKtgM3vWYLzM+eFetsWQNH8ZdY
GoB+h/PikS95fA8mvWaSFs1Eh6ZrTHqmfx044tIKeoLDA76CIJKap7/qJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBWA8TSgu3lRoU1ycoew2HUKRdd0MB8GA1UdIwQY
MBaAFDxO6RELhf3ePrbkRiVBurwyNui6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3cEVRdUZfZDQtdHVSR0pVRzZ2REkyNkxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9kZDE4ZDAtZDFhMi00NmQ0LTg0NjQt
Yzk0YThmMmUzMjMwLzEvRllEeE5LQzdlVkdoVFhKeWg3RFlkUXBGMTNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9kZDE4ZDAtZDFhMi00NmQ0LTg0NjQtYzk0YThmMmUzMjMw
LzEvUEU3cEVRdUZfZDQtdHVSR0pVRzZ2REkyNkxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFwyqgMA0G
CSqGSIb3DQEBCwUAA4IBAQAp3ZVQKfw5r0h663r5I66Q1vrPAqWJDmJ1wxc3ZPtr
huNvfpXcGg8vKb6vuHqjbRaU1DpdmhQBJhnk9jFl4rqg1njXM7uUIrDi2NCCnfeb
4PwP7IlHXDu4h7S/acVw+rsGxvzEXf/cjKfoS+tj2Oi1mmdpAU8gv0hNxnBij7cZ
1fOLftHR4HdLNZVs08S1qtNRUNvAe7yQS2SH5062ifcdMJRhl68iQwp6XJGGtCho
vyrPBMuQHyoUG2V1C3ixXFEskjR3mA1F9C4/Smj83VMQFLgR8Ndzf3wqLdSSwBf/
V3qREtCHmEjlAKfQyuJel5mjPrLUcsiQGnTgH6rYgty3
-----END CERTIFICATE-----