Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/6FCLQHtozzvvT3rILarZx-dLMdk.roa
File:                     6FCLQHtozzvvT3rILarZx-dLMdk.roa (raw, json)
Hash identifier:          CE/HPZOWQIhCk0/eQd5v6UrJlGl3+mfNdRJaoA8qyRQ=
Subject key identifier:   E8:50:8B:40:7B:68:CF:3B:EF:4F:7A:C8:2D:AA:D9:C7:E7:4B:31:D9
Certificate issuer:       /CN=3cd37ec23719b2f142f46e6f3317664034adf598
Certificate serial:       0194252141D4271192303507AA369FE1B167
Authority key identifier: 3C:D3:7E:C2:37:19:B2:F1:42:F4:6E:6F:33:17:66:40:34:AD:F5:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/6FCLQHtozzvvT3rILarZx-dLMdk.roa
Signing time:             Thu 02 Jan 2025 03:48:44 +0000
ROA not before:           Thu 02 Jan 2025 03:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58192
IP address blocks:        185.83.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:41:d4:27:11:92:30:35:07:aa:36:9f:e1:b1:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cd37ec23719b2f142f46e6f3317664034adf598
        Validity
            Not Before: Jan  2 03:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e8508b407b68cf3bef4f7ac82daad9c7e74b31d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e2:67:97:25:65:73:84:f5:b3:5d:d0:89:9a:
                    33:16:6d:43:66:b1:d6:04:7c:37:10:58:06:f8:c7:
                    90:79:ee:c5:47:ab:6a:b8:d0:ea:78:44:4d:77:ef:
                    cc:8f:c1:73:65:1d:2f:94:be:6a:80:c2:25:a1:9a:
                    62:8a:72:a8:83:9c:09:8b:6f:96:0e:2e:80:ac:d0:
                    9a:ab:c2:94:42:3c:14:38:cb:38:e4:82:83:3f:7b:
                    76:45:99:9c:e8:d2:fd:54:b8:4e:f0:4b:96:6f:fc:
                    cf:2b:c3:4f:68:b1:1b:8a:7d:ec:6d:f6:4b:72:19:
                    a1:d7:08:ff:7c:4d:cc:ad:e7:43:d6:f9:b0:7b:96:
                    b6:af:42:83:cc:15:53:dc:ea:06:44:2f:e8:d5:10:
                    13:2b:a8:65:a7:ce:a3:11:4e:4d:94:7d:00:76:eb:
                    db:08:f0:c2:e4:5e:26:81:a2:9d:51:ce:70:d3:2c:
                    fe:6f:4e:cd:e5:59:5d:69:b4:ed:95:78:1b:81:1f:
                    74:7d:d8:0c:f9:36:5a:f4:eb:06:57:53:88:75:47:
                    c7:64:a4:0e:9b:a9:90:f6:4b:ce:0f:e5:40:bc:d7:
                    50:c9:b2:01:fa:1f:c9:49:09:2f:4a:22:9f:9e:59:
                    a2:8d:92:6a:52:07:39:e2:4d:bd:57:a9:91:2e:d0:
                    46:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:50:8B:40:7B:68:CF:3B:EF:4F:7A:C8:2D:AA:D9:C7:E7:4B:31:D9
            X509v3 Authority Key Identifier:
                keyid:3C:D3:7E:C2:37:19:B2:F1:42:F4:6E:6F:33:17:66:40:34:AD:F5:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/6FCLQHtozzvvT3rILarZx-dLMdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:a8:45:c9:25:ce:6a:2b:90:c1:cc:3b:8e:b9:cd:7f:44:8c:
         b7:b9:37:ef:fc:85:a0:ab:68:b9:75:4f:49:97:87:52:27:7a:
         a1:9a:ab:81:08:85:4d:b3:bf:c9:38:56:04:ea:81:c0:16:46:
         a1:13:92:cb:8a:96:84:a5:14:d7:a4:3a:bb:88:e6:04:60:6a:
         6f:e4:7f:d3:4f:b8:30:33:18:31:01:62:3e:83:04:97:13:a4:
         51:76:17:31:3c:6c:45:fa:29:ee:11:32:85:63:30:65:cb:63:
         c2:79:f8:88:cb:3b:f1:79:3c:1b:0d:46:d8:b4:e8:3f:0f:39:
         41:e0:88:5a:db:56:47:c3:c6:40:27:db:f1:51:31:91:f7:95:
         2b:83:60:d8:6b:29:e8:18:ea:4d:9c:a2:fb:aa:5d:b8:23:a7:
         8e:f9:9f:de:9d:a1:1b:fc:7c:74:5b:26:76:98:5b:a3:13:f2:
         c4:61:57:31:88:3f:6e:29:18:8c:fc:04:60:72:84:0b:ad:21:
         8c:26:ce:c6:e6:f0:b2:3d:47:21:4b:cc:eb:ea:22:a2:b6:15:
         c8:4f:2c:e3:31:3f:91:bf:ca:d0:26:48:9d:60:8e:af:03:c6:
         b2:8e:c7:6c:7e:4c:ed:6f:ab:0b:33:4b:8c:14:03:29:22:60:
         84:1b:5d:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIUHUJxGSMDUHqjaf4bFnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZDM3ZWMyMzcxOWIyZjE0MmY0NmU2ZjMzMTc2NjQwMzRh
ZGY1OTgwHhcNMjUwMTAyMDM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODUwOGI0MDdiNjhjZjNiZWY0ZjdhYzgyZGFhZDljN2U3NGIzMWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOJnlyVlc4T1s13QiZozFm1DZrHW
BHw3EFgG+MeQee7FR6tquNDqeERNd+/Mj8FzZR0vlL5qgMIloZpiinKog5wJi2+W
Di6ArNCaq8KUQjwUOMs45IKDP3t2RZmc6NL9VLhO8EuWb/zPK8NPaLEbin3sbfZL
chmh1wj/fE3MredD1vmwe5a2r0KDzBVT3OoGRC/o1RATK6hlp86jEU5NlH0Aduvb
CPDC5F4mgaKdUc5w0yz+b07N5VldabTtlXgbgR90fdgM+TZa9OsGV1OIdUfHZKQO
m6mQ9kvOD+VAvNdQybIB+h/JSQkvSiKfnlmijZJqUgc54k29V6mRLtBGMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOhQi0B7aM877096yC2q2cfnSzHZMB8GA1UdIwQY
MBaAFDzTfsI3GbLxQvRubzMXZkA0rfWYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUE5OLXdqY1pzdkZDOUc1dk14ZG1RRFN0OVpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8zZjdlNTYtMDkxNi00N2FjLTg1ODYt
YTkzODhmMzFiNDdlLzEvNkZDTFFIdG96enZ2VDNySUxhclp4LWRMTWRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8zZjdlNTYtMDkxNi00N2FjLTg1ODYtYTkzODhmMzFiNDdl
LzEvUE5OLXdqY1pzdkZDOUc1dk14ZG1RRFN0OVpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVO2MA0G
CSqGSIb3DQEBCwUAA4IBAQBHqEXJJc5qK5DBzDuOuc1/RIy3uTfv/IWgq2i5dU9J
l4dSJ3qhmquBCIVNs7/JOFYE6oHAFkahE5LLipaEpRTXpDq7iOYEYGpv5H/TT7gw
MxgxAWI+gwSXE6RRdhcxPGxF+inuETKFYzBly2PCefiIyzvxeTwbDUbYtOg/DzlB
4Iha21ZHw8ZAJ9vxUTGR95Urg2DYaynoGOpNnKL7ql24I6eO+Z/enaEb/Hx0WyZ2
mFujE/LEYVcxiD9uKRiM/ARgcoQLrSGMJs7G5vCyPUchS8zr6iKithXITyzjMT+R
v8rQJkidYI6vA8ayjsdsfkztb6sLM0uMFAMpImCEG10m
-----END CERTIFICATE-----