Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/1b0998-ab81-4cce-8c46-f212666725b4/1/b3ZtzLlxeNLOehH6AKtYdH5OpTQ.roa
File:                     b3ZtzLlxeNLOehH6AKtYdH5OpTQ.roa (raw, json)
Hash identifier:          KgbQQ56PF7r41MO3Zy3vYzefbru0LRGx/vG1JD/z6f0=
Subject key identifier:   6F:76:6D:CC:B9:71:78:D2:CE:7A:11:FA:00:AB:58:74:7E:4E:A5:34
Certificate issuer:       /CN=bb4a0af156332d3c7ecb585faee3a90d9bf2a096
Certificate serial:       019421B25B7014C61A10C1C323FB2A9E0C87
Authority key identifier: BB:4A:0A:F1:56:33:2D:3C:7E:CB:58:5F:AE:E3:A9:0D:9B:F2:A0:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u0oK8VYzLTx-y1hfruOpDZvyoJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/1b0998-ab81-4cce-8c46-f212666725b4/1/b3ZtzLlxeNLOehH6AKtYdH5OpTQ.roa
Signing time:             Wed 01 Jan 2025 11:48:44 +0000
ROA not before:           Wed 01 Jan 2025 11:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203012
IP address blocks:        185.147.16.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/1b0998-ab81-4cce-8c46-f212666725b4/1/u0oK8VYzLTx-y1hfruOpDZvyoJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/1b0998-ab81-4cce-8c46-f212666725b4/1/u0oK8VYzLTx-y1hfruOpDZvyoJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u0oK8VYzLTx-y1hfruOpDZvyoJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 11:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:5b:70:14:c6:1a:10:c1:c3:23:fb:2a:9e:0c:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb4a0af156332d3c7ecb585faee3a90d9bf2a096
        Validity
            Not Before: Jan  1 11:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f766dccb97178d2ce7a11fa00ab58747e4ea534
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:9b:81:55:2a:d2:78:17:75:55:56:9e:12:d4:
                    e7:6d:a1:04:9e:0f:66:53:5a:32:1c:27:7e:0a:c1:
                    d8:94:5c:d5:92:e4:16:a2:7e:07:a3:21:c4:e7:e3:
                    ab:46:18:4d:82:8a:30:da:5a:1f:37:23:6a:d1:98:
                    bf:a6:c0:95:a6:3a:f1:fa:58:ea:d0:cb:b0:cf:b2:
                    47:e7:1f:d6:d7:b5:94:09:e9:88:89:54:6a:84:17:
                    41:37:75:85:51:a5:b4:42:aa:9b:4d:cd:45:3a:8a:
                    fe:a1:76:b8:59:7b:ac:cc:6b:f7:bb:f0:f3:e9:db:
                    eb:09:c1:a0:13:45:c6:ac:a3:04:96:f0:80:bd:6d:
                    c7:86:48:72:44:f9:64:5e:63:9c:f4:f9:2e:39:77:
                    48:79:6d:7e:90:37:1d:76:f1:1b:f4:c2:f6:e9:33:
                    b3:61:5b:e9:b1:2c:97:c7:b8:b5:68:f9:a5:09:78:
                    17:23:04:7f:05:54:d5:60:7a:63:22:ce:0a:ee:a0:
                    d6:d0:a9:62:0e:05:31:eb:d4:1f:2f:37:62:5a:ab:
                    90:2f:e6:66:55:e5:2f:84:a2:76:0a:bb:04:91:05:
                    e1:c2:ec:92:e5:a4:63:8c:d1:56:02:8c:6b:ba:74:
                    9f:3b:f7:77:59:32:6b:09:63:8c:3f:b5:68:53:63:
                    b5:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:76:6D:CC:B9:71:78:D2:CE:7A:11:FA:00:AB:58:74:7E:4E:A5:34
            X509v3 Authority Key Identifier:
                keyid:BB:4A:0A:F1:56:33:2D:3C:7E:CB:58:5F:AE:E3:A9:0D:9B:F2:A0:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u0oK8VYzLTx-y1hfruOpDZvyoJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/1b0998-ab81-4cce-8c46-f212666725b4/1/b3ZtzLlxeNLOehH6AKtYdH5OpTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/1b0998-ab81-4cce-8c46-f212666725b4/1/u0oK8VYzLTx-y1hfruOpDZvyoJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:92:6f:80:9f:b2:28:82:8a:a1:9b:34:f1:ea:20:71:09:32:
         dd:e4:77:da:ac:8e:25:8a:49:54:dd:f1:d1:3d:df:3d:cb:d0:
         85:b7:48:dd:c7:c4:e4:04:83:38:62:15:54:9d:2c:03:b5:c5:
         b1:2b:73:f3:3c:f3:c9:e8:5e:3a:ea:cd:26:ad:64:65:cf:a9:
         f6:14:c9:4f:07:53:cf:07:9d:b1:1b:dd:30:50:45:c2:e8:4a:
         85:2b:e0:c3:39:03:88:6f:31:99:97:c5:e9:1e:40:04:3d:7a:
         cb:6e:85:d5:14:03:ea:6e:54:ea:30:b4:7c:0b:7d:fe:03:4b:
         62:0d:8e:f4:73:8b:04:83:58:ea:89:90:c3:d7:74:78:b3:5e:
         ee:83:09:27:eb:b1:b3:4d:2b:a6:a8:9d:77:4b:02:25:49:fa:
         7d:2d:b3:38:14:a9:d5:71:6f:9f:c7:d7:5a:5c:36:63:97:a0:
         f9:70:3a:13:8f:f8:d7:9a:3b:4d:27:ea:e0:ec:f2:9d:7b:c8:
         84:2e:81:3c:2d:08:88:0c:bc:51:84:db:e2:49:c5:14:ea:76:
         ef:1b:a4:b5:4e:9d:c0:d5:d5:8c:48:37:bd:0d:33:4d:fd:eb:
         67:bb:9f:79:d8:82:8f:73:fe:ce:83:af:29:d7:e0:29:8b:30:
         36:71:e6:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsltwFMYaEMHDI/sqngyHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiNGEwYWYxNTYzMzJkM2M3ZWNiNTg1ZmFlZTNhOTBkOWJm
MmEwOTYwHhcNMjUwMTAxMTE0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Zjc2NmRjY2I5NzE3OGQyY2U3YTExZmEwMGFiNTg3NDdlNGVhNTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6puBVSrSeBd1VVaeEtTnbaEEng9m
U1oyHCd+CsHYlFzVkuQWon4HoyHE5+OrRhhNgoow2lofNyNq0Zi/psCVpjrx+ljq
0Muwz7JH5x/W17WUCemIiVRqhBdBN3WFUaW0QqqbTc1FOor+oXa4WXuszGv3u/Dz
6dvrCcGgE0XGrKMElvCAvW3HhkhyRPlkXmOc9PkuOXdIeW1+kDcddvEb9ML26TOz
YVvpsSyXx7i1aPmlCXgXIwR/BVTVYHpjIs4K7qDW0KliDgUx69QfLzdiWquQL+Zm
VeUvhKJ2CrsEkQXhwuyS5aRjjNFWAoxrunSfO/d3WTJrCWOMP7VoU2O1wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG92bcy5cXjSznoR+gCrWHR+TqU0MB8GA1UdIwQY
MBaAFLtKCvFWMy08fstYX67jqQ2b8qCWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTBvSzhWWXpMVHgteTFoZnJ1T3BEWnZ5b0pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8xYjA5OTgtYWI4MS00Y2NlLThjNDYt
ZjIxMjY2NjcyNWI0LzEvYjNadHpMbHhlTkxPZWhINkFLdFlkSDVPcFRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8xYjA5OTgtYWI4MS00Y2NlLThjNDYtZjIxMjY2NjcyNWI0
LzEvdTBvSzhWWXpMVHgteTFoZnJ1T3BEWnZ5b0pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZMQMA0G
CSqGSIb3DQEBCwUAA4IBAQAmkm+An7IogoqhmzTx6iBxCTLd5HfarI4liklU3fHR
Pd89y9CFt0jdx8TkBIM4YhVUnSwDtcWxK3PzPPPJ6F466s0mrWRlz6n2FMlPB1PP
B52xG90wUEXC6EqFK+DDOQOIbzGZl8XpHkAEPXrLboXVFAPqblTqMLR8C33+A0ti
DY70c4sEg1jqiZDD13R4s17ugwkn67GzTSumqJ13SwIlSfp9LbM4FKnVcW+fx9da
XDZjl6D5cDoTj/jXmjtNJ+rg7PKde8iELoE8LQiIDLxRhNviScUU6nbvG6S1Tp3A
1dWMSDe9DTNN/etnu5952IKPc/7Og68p1+ApizA2ceb2
-----END CERTIFICATE-----