Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/3BdeI36IkUxOlCqSmaZfu8I0p4g.roa
File:                     3BdeI36IkUxOlCqSmaZfu8I0p4g.roa (raw, json)
Hash identifier:          5N4fYvWW73MoWuT7eG7LCKSc0LhblTQNkeac5h0QDT0=
Subject key identifier:   DC:17:5E:23:7E:88:91:4C:4E:94:2A:92:99:A6:5F:BB:C2:34:A7:88
Certificate issuer:       /CN=baa0f258eef4b2bf4bbaa8430c1e58ca8c188ea7
Certificate serial:       019736CFCE3B9BC4FAD1CEE62AF79A99F39F
Authority key identifier: BA:A0:F2:58:EE:F4:B2:BF:4B:BA:A8:43:0C:1E:58:CA:8C:18:8E:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/3BdeI36IkUxOlCqSmaZfu8I0p4g.roa
Signing time:             Tue 03 Jun 2025 17:21:17 +0000
ROA not before:           Tue 03 Jun 2025 17:21:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49981
IP address blocks:        91.226.31.0/24 maxlen: 24
                          2a06:d641::/32 maxlen: 32
                          2a09:9446::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:36:cf:ce:3b:9b:c4:fa:d1:ce:e6:2a:f7:9a:99:f3:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=baa0f258eef4b2bf4bbaa8430c1e58ca8c188ea7
        Validity
            Not Before: Jun  3 17:21:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc175e237e88914c4e942a9299a65fbbc234a788
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:6c:5b:61:65:3a:0b:a4:ba:d3:65:e5:4b:f7:
                    12:1b:97:6b:b3:2a:92:c8:dc:11:1d:ba:db:db:85:
                    0e:d9:3e:39:73:3b:97:1d:b3:99:6c:33:bd:d2:e1:
                    e5:6a:cd:a2:ea:4a:cd:5c:4e:dd:1d:6b:a0:3b:4c:
                    3c:ca:35:00:b2:43:c2:bb:cd:14:5d:da:ca:47:6d:
                    86:af:d3:e6:0f:e9:17:51:14:3f:fc:83:f2:56:e6:
                    6e:5d:c6:d5:57:95:d8:d3:f3:63:ac:b2:2c:85:21:
                    fd:8e:54:66:a4:8b:fa:74:e2:12:f9:6b:10:ff:29:
                    3b:cd:c8:a3:f3:ea:45:66:c4:79:b2:56:09:2e:2b:
                    94:75:f7:4c:3b:ff:b4:5e:a6:9f:1b:4e:95:b4:6a:
                    27:44:74:2b:56:73:86:b2:02:07:be:42:87:b2:93:
                    2e:80:e6:9d:95:59:e8:d9:02:bf:0a:45:51:21:96:
                    4e:17:91:a1:84:d3:3a:5f:b1:a3:ab:fe:ca:c4:cd:
                    b6:49:4d:87:6b:f8:bb:86:ca:80:02:b8:aa:26:73:
                    de:43:f7:c4:1d:9e:c2:81:f7:c3:33:00:81:26:02:
                    d6:b6:4f:ca:07:2f:98:26:29:93:2f:1d:aa:72:5e:
                    36:31:8e:db:74:9c:97:e6:19:66:36:38:94:7f:48:
                    a5:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:17:5E:23:7E:88:91:4C:4E:94:2A:92:99:A6:5F:BB:C2:34:A7:88
            X509v3 Authority Key Identifier:
                keyid:BA:A0:F2:58:EE:F4:B2:BF:4B:BA:A8:43:0C:1E:58:CA:8C:18:8E:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/3BdeI36IkUxOlCqSmaZfu8I0p4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.31.0/24
                IPv6:
                  2a06:d641::/32
                  2a09:9446::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:99:a2:56:a3:39:d1:ca:d8:22:33:91:bf:61:9a:2d:18:ca:
         45:62:91:31:b4:07:b4:1b:1d:07:ba:8e:47:f0:3d:fd:0b:7f:
         43:2a:1d:11:64:a9:0c:4e:f2:a4:e1:18:cd:94:3f:25:36:ae:
         eb:56:1a:e2:99:e5:af:90:1f:b0:4f:a6:71:ad:69:bc:a7:79:
         06:8b:9a:af:a2:86:b2:35:31:42:8c:99:db:a2:52:45:4e:bd:
         b1:ae:b2:c7:01:b0:42:39:97:33:9f:bf:ec:15:50:18:70:50:
         73:b5:89:d9:a3:a2:ee:2c:f9:fc:ef:cf:a2:32:48:3d:8c:f6:
         9d:b6:58:d7:08:5d:d3:26:de:ad:f4:91:ad:ef:9b:6c:40:dc:
         fd:81:a6:1f:ee:87:51:a5:cd:a9:d7:9f:3b:dd:40:84:fb:3e:
         32:cb:c2:d0:ab:44:03:37:00:87:75:b0:a8:a1:3c:05:a0:6e:
         25:0c:a9:1d:28:99:03:90:67:5e:8a:c8:b9:6a:ec:c0:12:ee:
         18:42:51:6f:de:cb:b1:50:b4:b6:10:24:b5:94:f1:c5:ce:7a:
         de:25:52:c5:bb:43:20:f4:44:9c:31:6c:91:28:8b:b6:37:d8:
         31:06:80:e3:62:67:23:c5:cb:12:bd:93:e7:22:2c:4c:f4:e3:
         a3:29:0d:7b
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZc2z847m8T60c7mKveamfOfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYTBmMjU4ZWVmNGIyYmY0YmJhYTg0MzBjMWU1OGNhOGMx
ODhlYTcwHhcNMjUwNjAzMTcyMTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzE3NWUyMzdlODg5MTRjNGU5NDJhOTI5OWE2NWZiYmMyMzRhNzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumxbYWU6C6S602XlS/cSG5drsyqS
yNwRHbrb24UO2T45czuXHbOZbDO90uHlas2i6krNXE7dHWugO0w8yjUAskPCu80U
XdrKR22Gr9PmD+kXURQ//IPyVuZuXcbVV5XY0/NjrLIshSH9jlRmpIv6dOIS+WsQ
/yk7zcij8+pFZsR5slYJLiuUdfdMO/+0XqafG06VtGonRHQrVnOGsgIHvkKHspMu
gOadlVno2QK/CkVRIZZOF5GhhNM6X7Gjq/7KxM22SU2Ha/i7hsqAAriqJnPeQ/fE
HZ7CgffDMwCBJgLWtk/KBy+YJimTLx2qcl42MY7bdJyX5hlmNjiUf0ilhQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFNwXXiN+iJFMTpQqkpmmX7vCNKeIMB8GA1UdIwQY
MBaAFLqg8lju9LK/S7qoQwweWMqMGI6nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFEeVdPNzBzcjlMdXFoRERCNVl5b3dZanFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS81ZTBlZTEtYzgzMy00MjQxLTk2MGEt
ZTU3NjhkNmIxODJjLzEvM0JkZUkzNklrVXhPbENxU21hWmZ1OEkwcDRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS81ZTBlZTEtYzgzMy00MjQxLTk2MGEtZTU3NjhkNmIxODJj
LzEvdXFEeVdPNzBzcjlMdXFoRERCNVl5b3dZanFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQAW+IfMBQE
AgACMA4DBQAqBtZBAwUAKgmURjANBgkqhkiG9w0BAQsFAAOCAQEAZJmiVqM50crY
IjORv2GaLRjKRWKRMbQHtBsdB7qOR/A9/Qt/QyodEWSpDE7ypOEYzZQ/JTau61Ya
4pnlr5AfsE+mca1pvKd5Bouar6KGsjUxQoyZ26JSRU69sa6yxwGwQjmXM5+/7BVQ
GHBQc7WJ2aOi7iz5/O/PojJIPYz2nbZY1whd0yberfSRre+bbEDc/YGmH+6HUaXN
qdefO91AhPs+MsvC0KtEAzcAh3WwqKE8BaBuJQypHSiZA5BnXorIuWrswBLuGEJR
b97LsVC0thAktZTxxc563iVSxbtDIPREnDFskSiLtjfYMQaA42JnI8XLEr2T5yIs
TPTjoykNew==
-----END CERTIFICATE-----