Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/3u-LFDYOPDKUR_aD9yRJMe6LFho.roa
File:                     3u-LFDYOPDKUR_aD9yRJMe6LFho.roa (raw, json)
Hash identifier:          euYR+CNCm6M5QEu0e13mte8Lec7fxC8lashK6MZRo8E=
Subject key identifier:   DE:EF:8B:14:36:0E:3C:32:94:47:F6:83:F7:24:49:31:EE:8B:16:1A
Certificate issuer:       /CN=af5316fc4a83b3d03e2975f8bec270cb0f4efb1d
Certificate serial:       0194236A4427BC335ED6968D9C5CD9F4646C
Authority key identifier: AF:53:16:FC:4A:83:B3:D0:3E:29:75:F8:BE:C2:70:CB:0F:4E:FB:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r1MW_EqDs9A-KXX4vsJwyw9O-x0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/3u-LFDYOPDKUR_aD9yRJMe6LFho.roa
Signing time:             Wed 01 Jan 2025 19:49:14 +0000
ROA not before:           Wed 01 Jan 2025 19:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203020
IP address blocks:        82.115.215.0/24 maxlen: 24
                          194.124.252.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/r1MW_EqDs9A-KXX4vsJwyw9O-x0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/r1MW_EqDs9A-KXX4vsJwyw9O-x0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r1MW_EqDs9A-KXX4vsJwyw9O-x0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:44:27:bc:33:5e:d6:96:8d:9c:5c:d9:f4:64:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af5316fc4a83b3d03e2975f8bec270cb0f4efb1d
        Validity
            Not Before: Jan  1 19:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=deef8b14360e3c329447f683f7244931ee8b161a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:60:40:da:d0:21:a4:46:f1:2c:61:44:45:23:
                    78:28:2f:29:dc:20:24:38:c4:00:a7:a3:46:0d:17:
                    6c:60:72:48:ad:00:c4:85:52:5c:31:c2:4d:3f:5a:
                    17:78:7c:10:74:45:10:f7:39:90:ad:cb:74:d2:4a:
                    96:b9:83:86:3c:d0:62:20:26:47:f8:b8:1d:30:cc:
                    b9:50:74:d2:73:7d:73:4e:7e:0e:02:a7:e1:e0:a2:
                    99:2e:d2:61:d2:aa:c4:d9:f9:7a:d4:c0:ce:81:f3:
                    c6:da:d0:79:55:f6:91:a4:6e:ed:92:01:9d:cf:2b:
                    4d:8d:64:18:0f:27:72:84:20:78:be:0c:bb:be:48:
                    ab:74:d2:fb:4b:b1:83:66:bf:43:f8:96:50:8a:9a:
                    3e:73:29:e2:65:14:44:7a:64:8d:45:0c:69:5e:af:
                    35:70:c5:a2:03:91:cd:9f:8d:50:87:b0:a6:f9:7b:
                    82:c2:c8:a9:58:3c:da:77:e8:c2:53:dd:8f:c1:59:
                    f8:14:fd:0c:fd:7d:ab:c2:6d:a2:b0:aa:7d:40:37:
                    88:e3:2d:67:32:ce:03:3f:e9:50:be:b9:62:e6:c9:
                    39:bc:e8:b6:21:8e:1b:db:c3:5b:e4:36:0b:2f:9e:
                    e3:4a:4d:6e:d3:a1:f8:6d:40:68:90:66:05:a6:4d:
                    84:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:EF:8B:14:36:0E:3C:32:94:47:F6:83:F7:24:49:31:EE:8B:16:1A
            X509v3 Authority Key Identifier:
                keyid:AF:53:16:FC:4A:83:B3:D0:3E:29:75:F8:BE:C2:70:CB:0F:4E:FB:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r1MW_EqDs9A-KXX4vsJwyw9O-x0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/3u-LFDYOPDKUR_aD9yRJMe6LFho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/c90d5d-ca61-4464-899a-d1205e0c0cce/1/r1MW_EqDs9A-KXX4vsJwyw9O-x0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.115.215.0/24
                  194.124.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:e1:f0:f4:e9:19:2e:eb:b5:09:59:65:c5:c8:9e:e9:bf:0d:
         8a:c9:77:31:fb:69:4b:e4:32:86:2f:21:d6:71:7f:9d:a1:46:
         f2:9e:1d:50:cb:bd:25:f2:16:de:bb:46:13:4e:09:fe:48:8d:
         f6:81:c0:55:85:68:71:9e:f1:7c:f1:cd:82:ef:78:8c:e3:47:
         d7:58:8e:cf:cc:4c:a1:27:be:f5:5b:c3:be:d6:a3:63:51:7f:
         f8:e2:10:ad:23:96:29:32:8e:75:ed:e8:6e:f0:3c:b9:50:bd:
         f0:0d:9b:80:0f:aa:bb:0b:da:50:c0:8e:25:59:d1:e1:04:22:
         79:97:6f:ab:53:dd:62:17:a7:5c:54:99:35:d1:66:24:a1:1e:
         24:be:94:e0:a6:b7:ea:0c:c3:9b:80:3d:e0:31:dc:18:be:83:
         55:4b:5c:7b:67:99:35:7f:3e:a7:0f:35:1f:a3:bc:a9:03:d7:
         6a:91:83:20:db:a6:dd:12:7e:29:89:f7:23:c7:cd:fe:73:dd:
         d3:25:a6:bf:05:bd:39:57:ed:79:2e:51:dd:3d:e6:da:88:41:
         83:2d:ca:1a:5b:d7:33:50:b3:e6:c5:ce:3c:ee:14:e9:ca:fd:
         ad:e4:ec:e1:d1:c5:cb:d6:bd:b5:23:e2:e3:c4:00:67:ef:00:
         b2:61:37:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjakQnvDNe1paNnFzZ9GRsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNTMxNmZjNGE4M2IzZDAzZTI5NzVmOGJlYzI3MGNiMGY0
ZWZiMWQwHhcNMjUwMTAxMTk0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWVmOGIxNDM2MGUzYzMyOTQ0N2Y2ODNmNzI0NDkzMWVlOGIxNjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2BA2tAhpEbxLGFERSN4KC8p3CAk
OMQAp6NGDRdsYHJIrQDEhVJcMcJNP1oXeHwQdEUQ9zmQrct00kqWuYOGPNBiICZH
+LgdMMy5UHTSc31zTn4OAqfh4KKZLtJh0qrE2fl61MDOgfPG2tB5VfaRpG7tkgGd
zytNjWQYDydyhCB4vgy7vkirdNL7S7GDZr9D+JZQipo+cyniZRREemSNRQxpXq81
cMWiA5HNn41Qh7Cm+XuCwsipWDzad+jCU92PwVn4FP0M/X2rwm2isKp9QDeI4y1n
Ms4DP+lQvrli5sk5vOi2IY4b28Nb5DYLL57jSk1u06H4bUBokGYFpk2EnwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN7vixQ2DjwylEf2g/ckSTHuixYaMB8GA1UdIwQY
MBaAFK9TFvxKg7PQPil1+L7CcMsPTvsdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjFNV19FcURzOUEtS1hYNHZzSnd5dzlPLXgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9jOTBkNWQtY2E2MS00NDY0LTg5OWEt
ZDEyMDVlMGMwY2NlLzEvM3UtTEZEWU9QREtVUl9hRDl5UkpNZTZMRmhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9jOTBkNWQtY2E2MS00NDY0LTg5OWEtZDEyMDVlMGMwY2Nl
LzEvcjFNV19FcURzOUEtS1hYNHZzSnd5dzlPLXgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUnPXAwQA
wnz8MA0GCSqGSIb3DQEBCwUAA4IBAQAc4fD06Rku67UJWWXFyJ7pvw2KyXcx+2lL
5DKGLyHWcX+doUbynh1Qy70l8hbeu0YTTgn+SI32gcBVhWhxnvF88c2C73iM40fX
WI7PzEyhJ771W8O+1qNjUX/44hCtI5YpMo517ehu8Dy5UL3wDZuAD6q7C9pQwI4l
WdHhBCJ5l2+rU91iF6dcVJk10WYkoR4kvpTgprfqDMObgD3gMdwYvoNVS1x7Z5k1
fz6nDzUfo7ypA9dqkYMg26bdEn4pifcjx83+c93TJaa/Bb05V+15LlHdPebaiEGD
LcoaW9czULPmxc487hTpyv2t5Ozh0cXL1r21I+LjxABn7wCyYTfs
-----END CERTIFICATE-----