Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b66666-b3b7-4248-ae65-760e4ee4c6b2/1/3E7aBqsHg6THlsFLCGCu1ykhumg.roa
File:                     3E7aBqsHg6THlsFLCGCu1ykhumg.roa (raw, json)
Hash identifier:          vdRC30YdnIGNPLtMGa2MkjovoqgS/LCgWDKRJk5Yhko=
Subject key identifier:   DC:4E:DA:06:AB:07:83:A4:C7:96:C1:4B:08:60:AE:D7:29:21:BA:68
Certificate issuer:       /CN=1d2cdcb9c76f5e0ce0c385d7e0ef15572d15a54c
Certificate serial:       01942521943D6EC34ADA02B3EB7784B9DE1E
Authority key identifier: 1D:2C:DC:B9:C7:6F:5E:0C:E0:C3:85:D7:E0:EF:15:57:2D:15:A5:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HSzcucdvXgzgw4XX4O8VVy0VpUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b66666-b3b7-4248-ae65-760e4ee4c6b2/1/3E7aBqsHg6THlsFLCGCu1ykhumg.roa
Signing time:             Thu 02 Jan 2025 03:49:05 +0000
ROA not before:           Thu 02 Jan 2025 03:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     378
IP address blocks:        132.66.0.0/15 maxlen: 15
                          132.66.0.0/16 maxlen: 16
                          132.67.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b66666-b3b7-4248-ae65-760e4ee4c6b2/1/HSzcucdvXgzgw4XX4O8VVy0VpUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b66666-b3b7-4248-ae65-760e4ee4c6b2/1/HSzcucdvXgzgw4XX4O8VVy0VpUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HSzcucdvXgzgw4XX4O8VVy0VpUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 09:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:94:3d:6e:c3:4a:da:02:b3:eb:77:84:b9:de:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d2cdcb9c76f5e0ce0c385d7e0ef15572d15a54c
        Validity
            Not Before: Jan  2 03:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc4eda06ab0783a4c796c14b0860aed72921ba68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:bf:73:06:15:fb:92:42:9b:1d:91:b3:49:06:
                    50:69:fc:74:23:3c:16:ad:5d:f0:19:d8:58:f2:09:
                    0a:5e:24:bf:0a:1c:2f:2d:36:12:2a:ca:e3:ca:17:
                    e2:18:64:cc:af:f0:8a:b9:58:b3:1b:7f:5e:2b:86:
                    aa:08:7d:81:0f:8a:1b:d0:6b:4c:32:35:c8:72:d9:
                    3e:35:10:93:9f:d3:b0:09:37:a1:61:97:78:81:d8:
                    b1:01:cc:6b:3d:27:8a:91:25:dd:b1:1c:e2:d9:21:
                    e6:e6:1a:38:3c:75:37:b7:02:9a:4a:90:ac:b0:59:
                    d2:15:94:00:ee:80:d3:e0:df:92:cd:82:3f:85:b4:
                    45:c5:f6:bc:6d:b2:76:f2:bb:e5:6f:ed:17:02:a4:
                    9b:63:e6:11:12:77:c7:35:b0:b7:48:bf:80:65:bd:
                    22:86:e3:72:d3:d8:a1:6a:03:d8:69:94:36:dd:a4:
                    24:59:60:4e:4b:63:4e:46:71:c8:b0:35:2a:fe:df:
                    76:1d:4b:73:6f:b3:95:5e:e5:2d:a5:ee:e6:ee:31:
                    c9:df:92:c5:f5:10:d0:c7:27:69:31:09:43:50:75:
                    a7:7f:df:bb:f6:6d:d7:a9:10:44:56:e4:48:c9:87:
                    9c:cf:79:03:bc:23:7a:28:de:dd:8e:3d:89:e1:8e:
                    4f:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:4E:DA:06:AB:07:83:A4:C7:96:C1:4B:08:60:AE:D7:29:21:BA:68
            X509v3 Authority Key Identifier:
                keyid:1D:2C:DC:B9:C7:6F:5E:0C:E0:C3:85:D7:E0:EF:15:57:2D:15:A5:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HSzcucdvXgzgw4XX4O8VVy0VpUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b66666-b3b7-4248-ae65-760e4ee4c6b2/1/3E7aBqsHg6THlsFLCGCu1ykhumg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b66666-b3b7-4248-ae65-760e4ee4c6b2/1/HSzcucdvXgzgw4XX4O8VVy0VpUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.66.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         55:14:6e:91:9f:95:69:59:5a:85:0c:b4:b5:41:53:c0:05:82:
         76:27:c8:a5:87:2d:02:95:be:ff:bb:2b:35:0d:9c:94:1b:54:
         3d:05:00:5a:59:19:bc:8b:ef:86:6e:20:82:f7:67:65:b4:92:
         64:db:af:5c:90:c5:b3:9c:a4:0e:2f:9a:e9:fa:13:47:24:f0:
         12:97:76:ab:e4:85:a6:cc:99:88:48:c3:97:38:80:ae:8b:e3:
         79:a6:a0:b5:a2:43:66:f8:41:a0:e9:c8:01:48:4a:43:ac:34:
         89:69:ac:56:a2:62:7f:a0:cb:a6:a9:c6:d7:19:10:32:3e:14:
         4a:8e:b8:31:ab:27:b0:3e:96:43:2e:08:10:6c:6f:9d:8f:26:
         fd:8e:0d:35:03:d4:47:e4:c1:0a:8e:94:8e:72:d7:eb:b8:8f:
         51:d8:2b:bf:26:80:29:86:90:15:94:be:31:78:e0:3f:b7:ed:
         3c:dc:f1:00:50:eb:dc:3a:3e:75:95:bc:34:2d:c3:c1:67:57:
         33:d5:82:e5:d7:d7:89:02:df:e0:49:23:dc:88:5e:2f:5a:80:
         dd:41:ad:e5:34:c1:7b:50:f2:03:de:b8:75:6e:34:08:8b:87:
         4a:13:2b:c7:d9:10:c7:e0:82:34:a1:de:93:81:b8:f9:ab:98:
         00:ae:fc:f3
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQlIZQ9bsNK2gKz63eEud4eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMmNkY2I5Yzc2ZjVlMGNlMGMzODVkN2UwZWYxNTU3MmQx
NWE1NGMwHhcNMjUwMTAyMDM0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzRlZGEwNmFiMDc4M2E0Yzc5NmMxNGIwODYwYWVkNzI5MjFiYTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkr9zBhX7kkKbHZGzSQZQafx0IzwW
rV3wGdhY8gkKXiS/ChwvLTYSKsrjyhfiGGTMr/CKuVizG39eK4aqCH2BD4ob0GtM
MjXIctk+NRCTn9OwCTehYZd4gdixAcxrPSeKkSXdsRzi2SHm5ho4PHU3twKaSpCs
sFnSFZQA7oDT4N+SzYI/hbRFxfa8bbJ28rvlb+0XAqSbY+YREnfHNbC3SL+AZb0i
huNy09ihagPYaZQ23aQkWWBOS2NORnHIsDUq/t92HUtzb7OVXuUtpe7m7jHJ35LF
9RDQxydpMQlDUHWnf9+79m3XqRBEVuRIyYecz3kDvCN6KN7djj2J4Y5PPQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFNxO2garB4Okx5bBSwhgrtcpIbpoMB8GA1UdIwQY
MBaAFB0s3LnHb14M4MOF1+DvFVctFaVMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFN6Y3VjZHZYZ3pndzRYWDRPOFZWeTBWcFV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iNjY2NjYtYjNiNy00MjQ4LWFlNjUt
NzYwZTRlZTRjNmIyLzEvM0U3YUJxc0hnNlRIbHNGTENHQ3UxeWtodW1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iNjY2NjYtYjNiNy00MjQ4LWFlNjUtNzYwZTRlZTRjNmIy
LzEvSFN6Y3VjZHZYZ3pndzRYWDRPOFZWeTBWcFV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBhEIwDQYJ
KoZIhvcNAQELBQADggEBAFUUbpGflWlZWoUMtLVBU8AFgnYnyKWHLQKVvv+7KzUN
nJQbVD0FAFpZGbyL74ZuIIL3Z2W0kmTbr1yQxbOcpA4vmun6E0ck8BKXdqvkhabM
mYhIw5c4gK6L43mmoLWiQ2b4QaDpyAFISkOsNIlprFaiYn+gy6apxtcZEDI+FEqO
uDGrJ7A+lkMuCBBsb52PJv2ODTUD1EfkwQqOlI5y1+u4j1HYK78mgCmGkBWUvjF4
4D+37Tzc8QBQ69w6PnWVvDQtw8FnVzPVguXX14kC3+BJI9yIXi9agN1BreU0wXtQ
8gPeuHVuNAiLh0oTK8fZEMfggjSh3pOBuPmrmACu/PM=
-----END CERTIFICATE-----