Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/00c6c4-ab28-4405-b694-c3d57e2387ca/1/N1lamLlhgzNRGPHUkNTfpCkFt90.roa
File:                     N1lamLlhgzNRGPHUkNTfpCkFt90.roa (raw, json)
Hash identifier:          pB67V0BCH9GkIAL5+HShUUapNOCfeuzZwl3r9QMxPjE=
Subject key identifier:   37:59:5A:98:B9:61:83:33:51:18:F1:D4:90:D4:DF:A4:29:05:B7:DD
Certificate issuer:       /CN=3fe14329b6c1e695011a82406f7af48f4bb10ad4
Certificate serial:       018DD09084A80E19A26CEDD106DB2B6D4A36
Authority key identifier: 3F:E1:43:29:B6:C1:E6:95:01:1A:82:40:6F:7A:F4:8F:4B:B1:0A:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-FDKbbB5pUBGoJAb3r0j0uxCtQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/00c6c4-ab28-4405-b694-c3d57e2387ca/1/N1lamLlhgzNRGPHUkNTfpCkFt90.roa
Signing time:             Thu 22 Feb 2024 11:25:48 +0000
ROA not before:           Thu 22 Feb 2024 11:25:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204697
IP address blocks:        185.246.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/00c6c4-ab28-4405-b694-c3d57e2387ca/1/P-FDKbbB5pUBGoJAb3r0j0uxCtQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/00c6c4-ab28-4405-b694-c3d57e2387ca/1/P-FDKbbB5pUBGoJAb3r0j0uxCtQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-FDKbbB5pUBGoJAb3r0j0uxCtQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d0:90:84:a8:0e:19:a2:6c:ed:d1:06:db:2b:6d:4a:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fe14329b6c1e695011a82406f7af48f4bb10ad4
        Validity
            Not Before: Feb 22 11:25:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37595a98b96183335118f1d490d4dfa42905b7dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:00:98:98:20:bd:ad:6b:4b:b1:4e:ea:d7:35:
                    4f:6b:96:8d:31:4c:29:6c:1d:23:be:2e:bc:dc:30:
                    3c:32:11:d5:9b:e5:f7:f7:de:01:36:d0:60:4c:15:
                    c2:7a:a1:d2:9f:cc:a3:54:a4:1c:eb:67:ec:8a:f4:
                    cb:3e:45:39:dc:e8:8c:c7:2c:dd:77:53:d2:7c:5f:
                    44:00:1a:b8:60:bf:f7:d9:84:96:00:d6:58:df:8a:
                    3c:00:e7:52:37:6f:a5:0d:79:b2:db:10:0d:db:2e:
                    4f:99:43:dc:70:58:4a:f4:18:f6:6c:20:05:02:53:
                    c6:ed:f7:a7:3e:40:53:78:93:0c:34:12:65:14:f8:
                    08:fb:e8:90:eb:93:93:ce:c5:a0:0f:c5:ca:ee:29:
                    c8:a6:b1:7b:6e:3f:cc:26:f9:13:d8:8d:a3:1c:49:
                    45:8c:f6:4b:aa:39:ef:09:57:84:b1:03:77:dc:6b:
                    a5:1f:b9:2a:93:b2:52:70:38:a1:99:6d:ff:54:d7:
                    6e:0e:44:56:ab:00:d0:07:f6:41:59:9d:64:e5:fe:
                    6b:49:c5:d5:3c:33:c3:47:7e:6b:7c:59:b8:e5:83:
                    73:cd:27:bb:bd:07:78:46:5b:f9:f9:32:3f:9a:7a:
                    5f:ed:b8:42:9a:5b:ef:c4:2d:77:21:56:df:3b:ad:
                    47:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:59:5A:98:B9:61:83:33:51:18:F1:D4:90:D4:DF:A4:29:05:B7:DD
            X509v3 Authority Key Identifier:
                keyid:3F:E1:43:29:B6:C1:E6:95:01:1A:82:40:6F:7A:F4:8F:4B:B1:0A:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-FDKbbB5pUBGoJAb3r0j0uxCtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/00c6c4-ab28-4405-b694-c3d57e2387ca/1/N1lamLlhgzNRGPHUkNTfpCkFt90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/00c6c4-ab28-4405-b694-c3d57e2387ca/1/P-FDKbbB5pUBGoJAb3r0j0uxCtQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.246.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:c5:2e:18:13:95:d2:e6:05:5b:54:1f:7a:37:e0:9a:30:ea:
         a0:a2:4a:d0:6d:a7:f5:84:b2:fe:86:49:e9:d0:a4:02:fc:32:
         58:a2:80:06:71:ef:e5:45:0c:83:d5:dd:9c:fb:6e:1c:aa:f0:
         5a:37:d0:19:e1:54:1b:07:c6:1e:d2:e0:c9:fe:5f:ea:7b:b0:
         aa:c6:85:f6:b5:07:d5:6b:af:96:58:64:0f:bf:eb:d7:d6:f4:
         e4:29:25:b1:c6:59:ff:98:7c:a4:ea:18:95:3a:29:c1:29:a0:
         94:11:d8:ef:86:9e:57:de:8b:ff:cd:20:21:f6:56:53:5f:e3:
         53:cd:56:ba:48:17:1c:b5:3f:59:26:8c:a3:44:ce:84:d9:a9:
         1f:1c:2c:07:83:98:4e:66:b6:f2:3e:b7:dc:35:2d:11:4c:fc:
         d2:f6:ba:bc:d0:27:e3:97:a8:00:70:8f:88:c3:07:23:63:8f:
         16:b4:f3:4f:d3:8e:17:64:78:87:bb:91:16:12:63:f7:67:90:
         e1:15:06:f6:9a:aa:77:6b:9f:a0:36:47:6c:ea:39:01:dc:53:
         42:62:0d:0a:f6:9d:68:18:34:b5:e8:06:55:87:bd:68:12:43:
         e5:c5:b6:57:ce:e5:53:09:1a:48:d4:13:74:c2:e6:d9:75:a7:
         5e:4a:e5:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3QkISoDhmibO3RBtsrbUo2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZTE0MzI5YjZjMWU2OTUwMTFhODI0MDZmN2FmNDhmNGJi
MTBhZDQwHhcNMjQwMjIyMTEyNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzU5NWE5OGI5NjE4MzMzNTExOGYxZDQ5MGQ0ZGZhNDI5MDViN2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngCYmCC9rWtLsU7q1zVPa5aNMUwp
bB0jvi683DA8MhHVm+X3994BNtBgTBXCeqHSn8yjVKQc62fsivTLPkU53OiMxyzd
d1PSfF9EABq4YL/32YSWANZY34o8AOdSN2+lDXmy2xAN2y5PmUPccFhK9Bj2bCAF
AlPG7fenPkBTeJMMNBJlFPgI++iQ65OTzsWgD8XK7inIprF7bj/MJvkT2I2jHElF
jPZLqjnvCVeEsQN33GulH7kqk7JScDihmW3/VNduDkRWqwDQB/ZBWZ1k5f5rScXV
PDPDR35rfFm45YNzzSe7vQd4Rlv5+TI/mnpf7bhCmlvvxC13IVbfO61HnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDdZWpi5YYMzURjx1JDU36QpBbfdMB8GA1UdIwQY
MBaAFD/hQym2weaVARqCQG969I9LsQrUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUC1GREtiYkI1cFVCR29KQWIzcjBqMHV4Q3RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wMGM2YzQtYWIyOC00NDA1LWI2OTQt
YzNkNTdlMjM4N2NhLzEvTjFsYW1MbGhnek5SR1BIVWtOVGZwQ2tGdDkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wMGM2YzQtYWIyOC00NDA1LWI2OTQtYzNkNTdlMjM4N2Nh
LzEvUC1GREtiYkI1cFVCR29KQWIzcjBqMHV4Q3RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufarMA0G
CSqGSIb3DQEBCwUAA4IBAQBtxS4YE5XS5gVbVB96N+CaMOqgokrQbaf1hLL+hknp
0KQC/DJYooAGce/lRQyD1d2c+24cqvBaN9AZ4VQbB8Ye0uDJ/l/qe7CqxoX2tQfV
a6+WWGQPv+vX1vTkKSWxxln/mHyk6hiVOinBKaCUEdjvhp5X3ov/zSAh9lZTX+NT
zVa6SBcctT9ZJoyjRM6E2akfHCwHg5hOZrbyPrfcNS0RTPzS9rq80Cfjl6gAcI+I
wwcjY48WtPNP044XZHiHu5EWEmP3Z5DhFQb2mqp3a5+gNkds6jkB3FNCYg0K9p1o
GDS16AZVh71oEkPlxbZXzuVTCRpI1BN0wubZdadeSuWF
-----END CERTIFICATE-----