Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/3KNmMvvNnWz-gbQdS7pSD6NeSj8.roa
File:                     3KNmMvvNnWz-gbQdS7pSD6NeSj8.roa (raw, json)
Hash identifier:          19Nj6yvWJYRr/APzHhAxi9EkGzAdWa0wPSZ7epiybNI=
Subject key identifier:   DC:A3:66:32:FB:CD:9D:6C:FE:81:B4:1D:4B:BA:52:0F:A3:5E:4A:3F
Certificate issuer:       /CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
Certificate serial:       019427B57F1276E403D448576DF150D34067
Authority key identifier: 82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/3KNmMvvNnWz-gbQdS7pSD6NeSj8.roa
Signing time:             Thu 02 Jan 2025 15:49:53 +0000
ROA not before:           Thu 02 Jan 2025 15:49:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209854
IP address blocks:        5.182.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 08:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:7f:12:76:e4:03:d4:48:57:6d:f1:50:d3:40:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
        Validity
            Not Before: Jan  2 15:49:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dca36632fbcd9d6cfe81b41d4bba520fa35e4a3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:fd:71:77:d6:ae:55:e4:d3:7f:df:70:0b:49:
                    9d:04:0e:f9:90:51:95:55:d0:43:f2:c9:52:1f:dc:
                    cd:3f:9c:c8:9e:11:3d:b0:25:27:fa:61:6d:46:39:
                    d6:0b:88:aa:88:10:31:ad:bd:df:03:bf:2c:f3:13:
                    72:4f:e4:93:40:35:1b:ac:68:d7:d2:a3:78:2f:61:
                    79:57:a7:13:c8:b0:b1:b0:83:ee:ad:92:e2:8c:34:
                    64:88:f5:cc:a8:20:9c:86:2f:e7:9f:fa:68:98:c7:
                    0f:c2:05:ec:de:5e:02:2a:e8:23:d7:3a:44:ec:50:
                    04:31:97:c4:54:eb:3b:f8:4f:a9:6d:66:83:5d:aa:
                    a7:f5:19:22:52:e8:ee:57:22:91:11:24:9a:98:66:
                    64:25:b4:e1:7c:8b:cd:27:3c:25:11:4b:40:27:66:
                    ac:25:53:6b:ec:03:a2:8f:ee:f7:d5:67:7e:37:0d:
                    9d:f0:6a:09:3a:04:c4:16:01:bf:bd:16:48:18:d9:
                    db:cc:2b:1c:64:42:c3:2d:26:34:d1:1d:5f:ce:1e:
                    54:a8:17:d2:76:63:69:e3:57:d1:94:d9:30:39:a8:
                    8b:15:24:03:f9:de:6b:b3:0b:38:41:e5:9b:bf:aa:
                    c7:b8:c5:8c:72:a3:bc:a9:bd:1e:82:46:6c:24:f2:
                    d3:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:A3:66:32:FB:CD:9D:6C:FE:81:B4:1D:4B:BA:52:0F:A3:5E:4A:3F
            X509v3 Authority Key Identifier:
                keyid:82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/3KNmMvvNnWz-gbQdS7pSD6NeSj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:7a:64:97:70:97:6c:97:a9:23:e1:2d:0b:24:0d:65:65:f4:
         a8:54:66:ba:9e:02:23:84:4b:37:a4:4b:16:57:5e:73:97:8d:
         19:d7:ac:47:fc:af:49:8f:00:9f:8f:bc:16:5f:ec:71:da:e6:
         6f:96:84:07:5e:cf:93:69:93:97:59:a0:92:54:13:4b:a3:62:
         c7:c9:4f:86:88:51:21:1e:b1:43:46:f4:5f:48:35:49:67:f2:
         21:36:76:b3:fb:a5:d7:5e:21:d5:6c:23:28:ce:38:74:27:57:
         ca:ae:ca:ca:01:c6:1f:6e:ce:67:a8:b8:a4:b5:e9:32:7e:67:
         24:af:b8:28:15:9f:a3:0d:3c:4a:a4:ce:ee:33:86:04:73:0f:
         9d:b5:da:1a:91:e1:3b:da:ca:25:a8:a7:78:f8:0f:3a:b7:d4:
         c6:17:a4:d6:9f:dd:67:82:a9:a2:20:96:43:d7:4b:5d:34:46:
         00:10:21:cf:c5:65:e5:c0:62:01:85:11:43:81:48:ad:b5:8d:
         68:9a:9a:d8:90:af:16:0d:b3:74:76:a9:a2:77:b8:c0:85:de:
         d5:eb:46:83:80:35:9b:39:8d:06:eb:8d:d2:77:2f:56:0a:a2:
         46:29:c7:8e:4c:da:64:5f:91:f4:8e:9b:a8:c2:e9:05:fd:14:
         0f:13:e8:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntX8SduQD1EhXbfFQ00BnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMWEzZjIxZmIwYzI5NGQ2ZDRhNTI5YjJmMWRiZDRiZDEx
MTliZDcwHhcNMjUwMTAyMTU0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2EzNjYzMmZiY2Q5ZDZjZmU4MWI0MWQ0YmJhNTIwZmEzNWU0YTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/1xd9auVeTTf99wC0mdBA75kFGV
VdBD8slSH9zNP5zInhE9sCUn+mFtRjnWC4iqiBAxrb3fA78s8xNyT+STQDUbrGjX
0qN4L2F5V6cTyLCxsIPurZLijDRkiPXMqCCchi/nn/pomMcPwgXs3l4CKugj1zpE
7FAEMZfEVOs7+E+pbWaDXaqn9RkiUujuVyKRESSamGZkJbThfIvNJzwlEUtAJ2as
JVNr7AOij+731Wd+Nw2d8GoJOgTEFgG/vRZIGNnbzCscZELDLSY00R1fzh5UqBfS
dmNp41fRlNkwOaiLFSQD+d5rsws4QeWbv6rHuMWMcqO8qb0egkZsJPLTFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNyjZjL7zZ1s/oG0HUu6Ug+jXko/MB8GA1UdIwQY
MBaAFIIaPyH7DClNbUpSmy8dvUvREZvXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMt
YjZmMmFjODZlZjI3LzEvM0tObU12dk5uV3otZ2JRZFM3cFNENk5lU2o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMtYjZmMmFjODZlZjI3
LzEvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbZnMA0G
CSqGSIb3DQEBCwUAA4IBAQA3emSXcJdsl6kj4S0LJA1lZfSoVGa6ngIjhEs3pEsW
V15zl40Z16xH/K9JjwCfj7wWX+xx2uZvloQHXs+TaZOXWaCSVBNLo2LHyU+GiFEh
HrFDRvRfSDVJZ/IhNnaz+6XXXiHVbCMozjh0J1fKrsrKAcYfbs5nqLiktekyfmck
r7goFZ+jDTxKpM7uM4YEcw+dtdoakeE72solqKd4+A86t9TGF6TWn91ngqmiIJZD
10tdNEYAECHPxWXlwGIBhRFDgUittY1omprYkK8WDbN0dqmid7jAhd7V60aDgDWb
OY0G643Sdy9WCqJGKceOTNpkX5H0jpuowukF/RQPE+jr
-----END CERTIFICATE-----