Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/DTkkXlwWhjBYM7E-LiW8oFBHJjI.roa
File:                     DTkkXlwWhjBYM7E-LiW8oFBHJjI.roa (raw, json)
Hash identifier:          cFY01vIGbPqfZkXvhIFJCumwHCyy8N/DU0Sq4RcHFF0=
Subject key identifier:   0D:39:24:5E:5C:16:86:30:58:33:B1:3E:2E:25:BC:A0:50:47:26:32
Certificate issuer:       /CN=3d8a553e05f0319bf452fa206c14ccda87304654
Certificate serial:       0194228E34735451282A50F2F0D2C674E42E
Authority key identifier: 3D:8A:55:3E:05:F0:31:9B:F4:52:FA:20:6C:14:CC:DA:87:30:46:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PYpVPgXwMZv0UvogbBTM2ocwRlQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/DTkkXlwWhjBYM7E-LiW8oFBHJjI.roa
Signing time:             Wed 01 Jan 2025 15:48:52 +0000
ROA not before:           Wed 01 Jan 2025 15:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57353
IP address blocks:        176.97.202.0/24 maxlen: 24
                          185.81.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/PYpVPgXwMZv0UvogbBTM2ocwRlQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/PYpVPgXwMZv0UvogbBTM2ocwRlQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PYpVPgXwMZv0UvogbBTM2ocwRlQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:34:73:54:51:28:2a:50:f2:f0:d2:c6:74:e4:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d8a553e05f0319bf452fa206c14ccda87304654
        Validity
            Not Before: Jan  1 15:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d39245e5c1686305833b13e2e25bca050472632
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:2e:82:fd:0a:46:2f:9d:67:d8:ab:91:41:92:
                    69:b8:36:dc:bb:52:b5:50:56:01:e4:16:51:59:19:
                    5e:e4:df:ca:d7:30:34:4c:54:22:49:0c:4e:e0:89:
                    e4:6a:13:93:7b:56:b5:fa:3e:8f:78:37:7f:27:c4:
                    67:6a:e3:e8:d5:3e:04:be:ed:ae:b8:67:97:5e:7e:
                    53:4b:4e:0e:b8:ee:57:9b:ee:6c:0e:f6:24:02:2d:
                    9b:1e:3a:65:f3:db:2a:3f:78:e2:9f:ee:bc:dd:ff:
                    2f:ce:a0:47:ba:a4:a5:ec:70:e6:2f:e9:8b:bf:b9:
                    6a:2f:df:f9:76:91:fb:f3:68:90:07:36:03:34:5b:
                    6d:aa:b8:08:e7:d6:0e:bf:a5:01:f4:23:48:47:65:
                    07:76:da:51:10:16:2e:c5:0c:78:3a:e1:2d:35:d0:
                    9b:aa:2d:81:c1:35:dd:43:3a:fc:3d:85:93:33:42:
                    14:bd:f5:3e:1d:eb:5a:ba:47:7b:eb:f3:e8:8e:c1:
                    72:73:70:3c:fd:3d:35:47:3e:ef:94:e0:4e:7b:f3:
                    94:8a:1e:76:6d:f0:2c:3e:8c:8b:f1:0d:ae:da:86:
                    71:e6:aa:7b:ab:68:dc:c6:fa:9c:f5:9b:64:0d:54:
                    f4:37:61:d6:5f:f0:3b:e0:c3:76:43:07:cc:ad:a6:
                    32:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:39:24:5E:5C:16:86:30:58:33:B1:3E:2E:25:BC:A0:50:47:26:32
            X509v3 Authority Key Identifier:
                keyid:3D:8A:55:3E:05:F0:31:9B:F4:52:FA:20:6C:14:CC:DA:87:30:46:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYpVPgXwMZv0UvogbBTM2ocwRlQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/DTkkXlwWhjBYM7E-LiW8oFBHJjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/52ce54-e49c-411c-8527-0fb4823f5b87/1/PYpVPgXwMZv0UvogbBTM2ocwRlQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.97.202.0/24
                  185.81.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:0f:91:2d:b2:28:9d:63:39:83:6b:6b:d3:26:ac:a2:69:31:
         88:61:28:6d:5b:95:59:e3:68:80:8d:09:46:3d:a3:12:a0:c0:
         dc:be:23:70:5b:22:81:cd:c0:c7:2e:73:cd:39:3b:e8:5f:b2:
         55:f3:01:39:90:ad:c4:c7:39:7a:99:5f:a9:c2:a2:b5:4d:19:
         9e:d7:ce:fd:13:15:40:a0:5f:b7:6b:f7:70:61:46:33:0b:ab:
         2d:63:2d:a2:bc:aa:93:36:1a:53:b9:37:49:d1:55:4b:61:19:
         79:6a:24:79:ca:c4:a2:5c:94:05:af:3d:23:b6:4b:96:1e:0a:
         54:ea:e9:a7:1a:0d:94:40:3c:dc:7c:12:af:71:b5:d2:97:7a:
         96:69:c2:4c:46:e5:ad:17:a0:d3:ed:d1:f2:df:ee:43:a2:83:
         86:92:8d:07:84:05:0f:a8:4c:3c:0c:05:df:e5:e4:e6:8f:eb:
         67:a2:dc:a1:50:e2:6d:db:f5:34:45:51:a7:62:61:7a:75:82:
         d1:50:8a:3d:2e:39:34:89:a8:e0:59:26:a1:ad:d2:3b:96:f6:
         f1:f2:4a:4b:8a:8a:9d:d2:8f:6f:b7:31:88:f0:e4:22:fa:d0:
         32:8f:d7:9e:2a:fa:9c:6f:0e:26:ca:06:bb:a2:71:31:bb:cb:
         a0:e9:eb:3a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijjRzVFEoKlDy8NLGdOQuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkOGE1NTNlMDVmMDMxOWJmNDUyZmEyMDZjMTRjY2RhODcz
MDQ2NTQwHhcNMjUwMTAxMTU0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDM5MjQ1ZTVjMTY4NjMwNTgzM2IxM2UyZTI1YmNhMDUwNDcyNjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvS6C/QpGL51n2KuRQZJpuDbcu1K1
UFYB5BZRWRle5N/K1zA0TFQiSQxO4InkahOTe1a1+j6PeDd/J8RnauPo1T4Evu2u
uGeXXn5TS04OuO5Xm+5sDvYkAi2bHjpl89sqP3jin+683f8vzqBHuqSl7HDmL+mL
v7lqL9/5dpH782iQBzYDNFttqrgI59YOv6UB9CNIR2UHdtpREBYuxQx4OuEtNdCb
qi2BwTXdQzr8PYWTM0IUvfU+Hetaukd76/PojsFyc3A8/T01Rz7vlOBOe/OUih52
bfAsPoyL8Q2u2oZx5qp7q2jcxvqc9ZtkDVT0N2HWX/A74MN2QwfMraYyHwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA05JF5cFoYwWDOxPi4lvKBQRyYyMB8GA1UdIwQY
MBaAFD2KVT4F8DGb9FL6IGwUzNqHMEZUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFlwVlBnWHdNWnYwVXZvZ2JCVE0yb2N3UmxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy81MmNlNTQtZTQ5Yy00MTFjLTg1Mjct
MGZiNDgyM2Y1Yjg3LzEvRFRra1hsd1doakJZTTdFLUxpVzhvRkJISmpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy81MmNlNTQtZTQ5Yy00MTFjLTg1MjctMGZiNDgyM2Y1Yjg3
LzEvUFlwVlBnWHdNWnYwVXZvZ2JCVE0yb2N3UmxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsGHKAwQA
uVFFMA0GCSqGSIb3DQEBCwUAA4IBAQC0D5EtsiidYzmDa2vTJqyiaTGIYShtW5VZ
42iAjQlGPaMSoMDcviNwWyKBzcDHLnPNOTvoX7JV8wE5kK3Exzl6mV+pwqK1TRme
1879ExVAoF+3a/dwYUYzC6stYy2ivKqTNhpTuTdJ0VVLYRl5aiR5ysSiXJQFrz0j
tkuWHgpU6umnGg2UQDzcfBKvcbXSl3qWacJMRuWtF6DT7dHy3+5DooOGko0HhAUP
qEw8DAXf5eTmj+tnotyhUOJt2/U0RVGnYmF6dYLRUIo9Ljk0iajgWSahrdI7lvbx
8kpLioqd0o9vtzGI8OQi+tAyj9eeKvqcbw4myga7onExu8ug6es6
-----END CERTIFICATE-----