Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/3RRxCGORhxJUfcVq4tpq0XZragY.roa
File:                     3RRxCGORhxJUfcVq4tpq0XZragY.roa (raw, json)
Hash identifier:          y6TouJV1sDEJ98HnKmVFWXfBdYGdQF1hzAEK2639To8=
Subject key identifier:   DD:14:71:08:63:91:87:12:54:7D:C5:6A:E2:DA:6A:D1:76:6B:6A:06
Certificate issuer:       /CN=bb0d4e85937b7a0f271054d28614f2934d4ea500
Certificate serial:       019425FD4CE4CF5193AD86A31384D44E10EC
Authority key identifier: BB:0D:4E:85:93:7B:7A:0F:27:10:54:D2:86:14:F2:93:4D:4E:A5:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uw1OhZN7eg8nEFTShhTyk01OpQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/3RRxCGORhxJUfcVq4tpq0XZragY.roa
Signing time:             Thu 02 Jan 2025 07:49:04 +0000
ROA not before:           Thu 02 Jan 2025 07:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        91.224.108.0/24 maxlen: 24
                          194.33.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/uw1OhZN7eg8nEFTShhTyk01OpQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/uw1OhZN7eg8nEFTShhTyk01OpQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uw1OhZN7eg8nEFTShhTyk01OpQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:4c:e4:cf:51:93:ad:86:a3:13:84:d4:4e:10:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb0d4e85937b7a0f271054d28614f2934d4ea500
        Validity
            Not Before: Jan  2 07:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd14710863918712547dc56ae2da6ad1766b6a06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:26:70:f1:d2:b2:f1:8a:a4:b0:c1:66:df:6a:
                    6e:74:3f:f2:e1:03:c2:f4:20:59:18:7e:93:bc:cc:
                    99:25:9f:64:a6:25:85:dc:b8:8a:33:8c:6f:cd:03:
                    33:39:5c:dc:b6:84:97:5f:41:d1:2d:de:34:29:c2:
                    8d:6e:ec:c4:0f:eb:df:ac:9c:00:66:06:ae:67:51:
                    d4:6d:1f:39:0d:29:dd:bb:f1:85:a5:f4:46:c8:78:
                    03:89:fa:fe:63:b2:8f:e5:14:e0:72:44:21:15:8f:
                    9e:05:fe:17:d4:36:8e:30:25:f1:36:4c:79:07:1f:
                    a0:28:6d:8a:a1:94:ce:4d:70:0e:01:ba:5f:ff:61:
                    6f:e0:d9:78:21:5e:0b:7c:14:1d:26:be:de:27:29:
                    8c:e2:04:65:57:85:a1:3d:34:06:e3:77:31:22:ef:
                    8f:75:7f:4e:97:85:0a:24:27:9f:dc:33:58:f6:78:
                    8d:59:5b:cd:82:49:df:1c:20:f4:6d:61:60:35:72:
                    1e:1e:56:61:10:2c:cc:12:3e:9b:e5:53:d2:f9:46:
                    1a:4c:26:f3:a6:a8:50:13:bb:ae:d8:b2:6f:32:49:
                    4b:b2:7c:a8:a4:6b:15:89:52:53:e1:52:bc:d7:92:
                    54:88:b2:0f:46:a9:18:45:a9:9c:ea:4b:d7:0d:f3:
                    f6:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:14:71:08:63:91:87:12:54:7D:C5:6A:E2:DA:6A:D1:76:6B:6A:06
            X509v3 Authority Key Identifier:
                keyid:BB:0D:4E:85:93:7B:7A:0F:27:10:54:D2:86:14:F2:93:4D:4E:A5:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uw1OhZN7eg8nEFTShhTyk01OpQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/3RRxCGORhxJUfcVq4tpq0XZragY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/uw1OhZN7eg8nEFTShhTyk01OpQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.108.0/24
                  194.33.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:c2:6e:47:6f:93:b7:a8:19:09:6f:99:85:b6:21:39:92:0e:
         ac:d8:45:b4:36:26:97:b5:50:6b:fb:64:4a:76:76:5f:b2:4d:
         ba:14:54:34:78:fc:37:67:4d:89:46:48:2f:9b:21:44:a3:06:
         eb:be:5a:f2:46:b5:b5:a0:19:40:bd:20:ab:2f:0b:8c:28:13:
         04:2c:2c:1a:f3:61:21:4c:49:77:73:c2:59:dc:6a:a2:0c:03:
         df:1e:0c:c4:0a:fa:3d:65:09:95:d9:2f:dc:34:bc:a8:e3:67:
         14:73:4b:2d:17:9d:44:c1:76:62:4b:c9:1a:90:3a:96:cd:62:
         bd:1a:3e:36:fa:87:00:25:c6:16:33:b2:3a:f4:77:f5:ba:e3:
         a3:95:66:9f:e5:12:0a:cd:17:d5:04:37:79:c7:8c:f4:c1:44:
         f1:1c:4f:b9:28:81:67:0d:c3:32:d0:e3:fc:8b:5a:16:ee:33:
         89:48:8b:13:93:e6:84:1d:82:49:0c:ca:ee:2f:09:e3:1a:fb:
         9d:33:71:ad:0b:40:c0:e5:e1:25:c3:72:3e:02:58:ca:12:56:
         0d:2e:b9:68:2a:02:4c:27:e8:37:84:97:f5:bf:d0:9f:95:02:
         2a:dc:3f:23:54:b8:84:20:26:54:a5:9b:94:a3:b2:44:f2:5c:
         a6:29:51:80
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/Uzkz1GTrYajE4TUThDsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiMGQ0ZTg1OTM3YjdhMGYyNzEwNTRkMjg2MTRmMjkzNGQ0
ZWE1MDAwHhcNMjUwMTAyMDc0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDE0NzEwODYzOTE4NzEyNTQ3ZGM1NmFlMmRhNmFkMTc2NmI2YTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiyZw8dKy8YqksMFm32pudD/y4QPC
9CBZGH6TvMyZJZ9kpiWF3LiKM4xvzQMzOVzctoSXX0HRLd40KcKNbuzED+vfrJwA
ZgauZ1HUbR85DSndu/GFpfRGyHgDifr+Y7KP5RTgckQhFY+eBf4X1DaOMCXxNkx5
Bx+gKG2KoZTOTXAOAbpf/2Fv4Nl4IV4LfBQdJr7eJymM4gRlV4WhPTQG43cxIu+P
dX9Ol4UKJCef3DNY9niNWVvNgknfHCD0bWFgNXIeHlZhECzMEj6b5VPS+UYaTCbz
pqhQE7uu2LJvMklLsnyopGsViVJT4VK815JUiLIPRqkYRamc6kvXDfP24QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN0UcQhjkYcSVH3FauLaatF2a2oGMB8GA1UdIwQY
MBaAFLsNToWTe3oPJxBU0oYU8pNNTqUAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXcxT2haTjdlZzhuRUZUU2hoVHlrMDFPcFFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9kMTc1MjctY2Y5OC00ZDM3LTg2NmYt
OGU5Yjk4YTk5Y2RiLzEvM1JSeENHT1JoeEpVZmNWcTR0cHEwWFpyYWdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9kMTc1MjctY2Y5OC00ZDM3LTg2NmYtOGU5Yjk4YTk5Y2Ri
LzEvdXcxT2haTjdlZzhuRUZUU2hoVHlrMDFPcFFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+BsAwQA
wiE6MA0GCSqGSIb3DQEBCwUAA4IBAQBGwm5Hb5O3qBkJb5mFtiE5kg6s2EW0NiaX
tVBr+2RKdnZfsk26FFQ0ePw3Z02JRkgvmyFEowbrvlryRrW1oBlAvSCrLwuMKBME
LCwa82EhTEl3c8JZ3GqiDAPfHgzECvo9ZQmV2S/cNLyo42cUc0stF51EwXZiS8ka
kDqWzWK9Gj42+ocAJcYWM7I69Hf1uuOjlWaf5RIKzRfVBDd5x4z0wUTxHE+5KIFn
DcMy0OP8i1oW7jOJSIsTk+aEHYJJDMruLwnjGvudM3GtC0DA5eElw3I+AljKElYN
LrloKgJMJ+g3hJf1v9CflQIq3D8jVLiEICZUpZuUo7JE8lymKVGA
-----END CERTIFICATE-----