Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/Xy7X7Y7n1dwT-JcABr_7kk_W05o.roa
File:                     Xy7X7Y7n1dwT-JcABr_7kk_W05o.roa (raw, json)
Hash identifier:          AQ2x/CDJ1G+4qJ9b94DvcRRy4bmdLPUtpu6pmkV+OCs=
Subject key identifier:   5F:2E:D7:ED:8E:E7:D5:DC:13:F8:97:00:06:BF:FB:92:4F:D6:D3:9A
Certificate issuer:       /CN=3d3f87bb7f7874aa7e15cfec9bbf6aae3c9ce33a
Certificate serial:       0195C8827E5089606CE993B4D364EF3FF9F7
Authority key identifier: 3D:3F:87:BB:7F:78:74:AA:7E:15:CF:EC:9B:BF:6A:AE:3C:9C:E3:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/Xy7X7Y7n1dwT-JcABr_7kk_W05o.roa
Signing time:             Mon 24 Mar 2025 14:15:50 +0000
ROA not before:           Mon 24 Mar 2025 14:15:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203217
IP address blocks:        194.39.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:c8:82:7e:50:89:60:6c:e9:93:b4:d3:64:ef:3f:f9:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d3f87bb7f7874aa7e15cfec9bbf6aae3c9ce33a
        Validity
            Not Before: Mar 24 14:15:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f2ed7ed8ee7d5dc13f8970006bffb924fd6d39a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:0b:bf:52:51:fc:78:60:89:6d:14:fc:d3:df:
                    cc:32:8c:f2:f9:66:ef:93:45:34:50:c2:12:db:13:
                    14:2c:23:17:24:51:59:f0:6f:3c:03:5d:6e:fb:68:
                    f1:fc:53:8f:bc:f1:e1:b8:c6:6e:b2:0d:d5:93:ae:
                    4e:b4:3e:83:77:13:e7:40:ac:e3:e4:52:36:96:ce:
                    ae:58:51:86:40:3a:1b:d1:38:44:75:fc:97:a8:83:
                    16:1b:fe:3d:e8:ef:5c:7a:8e:e6:ea:bc:c1:f3:d4:
                    f4:70:7e:d4:e6:0d:02:dd:d4:44:64:d1:32:53:07:
                    c1:77:57:38:ae:7e:4e:69:37:e3:56:2e:62:f6:c5:
                    e0:84:8e:03:33:bf:3c:5d:ed:8f:1c:cb:ee:55:34:
                    ed:ce:29:7b:9b:f7:c6:86:e8:f9:97:61:21:64:fe:
                    56:78:36:4b:54:aa:a0:9d:e4:19:35:eb:c2:eb:ae:
                    eb:41:6a:bc:28:bf:71:27:d5:23:31:2a:87:63:14:
                    25:cb:00:1b:cb:d3:7a:4d:ce:5f:e5:8b:43:0b:18:
                    ef:a3:e8:bf:f9:de:e4:8a:dd:40:3b:ae:16:40:6b:
                    71:d3:7a:a5:7c:70:d1:4f:7b:bd:87:71:90:ee:07:
                    bf:40:fb:7d:eb:02:6b:de:55:79:b9:87:cd:08:4d:
                    a1:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:2E:D7:ED:8E:E7:D5:DC:13:F8:97:00:06:BF:FB:92:4F:D6:D3:9A
            X509v3 Authority Key Identifier:
                keyid:3D:3F:87:BB:7F:78:74:AA:7E:15:CF:EC:9B:BF:6A:AE:3C:9C:E3:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PT-Hu394dKp-Fc_sm79qrjyc4zo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/Xy7X7Y7n1dwT-JcABr_7kk_W05o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/71015a-11be-471e-9592-62be53425676/1/PT-Hu394dKp-Fc_sm79qrjyc4zo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:1f:74:0d:42:09:75:d8:1e:09:a0:ff:39:11:35:b0:8c:60:
         85:4b:8d:68:f6:8f:ab:51:c8:db:af:80:73:15:b2:7f:0d:d0:
         49:31:9d:6d:2a:49:30:12:cf:7e:43:92:0e:e3:ae:ea:4c:de:
         ba:e1:02:44:63:c9:37:9a:29:1e:c7:b7:6e:a9:04:a3:5d:18:
         99:da:e9:ac:f1:3e:a4:2b:6b:07:45:88:ea:c6:52:bd:0d:49:
         6d:1a:63:51:1d:14:b3:b5:b4:2b:7e:31:4e:d4:45:2b:35:be:
         37:64:4f:17:d8:ff:48:f2:16:0b:ff:c4:a0:c3:e0:52:c9:9d:
         85:76:37:cf:1f:d5:89:86:66:47:4a:fb:38:ac:27:0e:47:16:
         e1:3a:01:2f:83:da:89:cf:ec:7d:da:af:65:dd:10:f9:f3:42:
         9d:a2:16:12:68:8f:6d:03:73:d4:65:84:26:2e:04:12:19:ba:
         24:39:86:5a:ae:a3:13:fa:f5:fa:73:6b:54:fd:55:34:aa:5e:
         bb:86:f1:a8:2c:d8:92:59:4c:19:aa:43:39:20:cf:ee:c8:0c:
         80:63:49:78:cf:d8:e0:0f:a1:ea:1f:12:bb:04:6f:41:c9:6f:
         d0:3c:32:52:5f:2a:4b:20:7b:a3:6c:fb:c5:c1:60:c1:9e:de:
         4f:9d:b1:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXIgn5QiWBs6ZO002TvP/n3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkM2Y4N2JiN2Y3ODc0YWE3ZTE1Y2ZlYzliYmY2YWFlM2M5
Y2UzM2EwHhcNMjUwMzI0MTQxNTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjJlZDdlZDhlZTdkNWRjMTNmODk3MDAwNmJmZmI5MjRmZDZkMzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwu/UlH8eGCJbRT809/MMozy+Wbv
k0U0UMIS2xMULCMXJFFZ8G88A11u+2jx/FOPvPHhuMZusg3Vk65OtD6DdxPnQKzj
5FI2ls6uWFGGQDob0ThEdfyXqIMWG/496O9ceo7m6rzB89T0cH7U5g0C3dREZNEy
UwfBd1c4rn5OaTfjVi5i9sXghI4DM788Xe2PHMvuVTTtzil7m/fGhuj5l2EhZP5W
eDZLVKqgneQZNevC667rQWq8KL9xJ9UjMSqHYxQlywAby9N6Tc5f5YtDCxjvo+i/
+d7kit1AO64WQGtx03qlfHDRT3u9h3GQ7ge/QPt96wJr3lV5uYfNCE2hxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8u1+2O59XcE/iXAAa/+5JP1tOaMB8GA1UdIwQY
MBaAFD0/h7t/eHSqfhXP7Ju/aq48nOM6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFQtSHUzOTRkS3AtRmNfc203OXFyanljNHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MTAxNWEtMTFiZS00NzFlLTk1OTIt
NjJiZTUzNDI1Njc2LzEvWHk3WDdZN24xZHdULUpjQUJyXzdra19XMDVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MTAxNWEtMTFiZS00NzFlLTk1OTItNjJiZTUzNDI1Njc2
LzEvUFQtSHUzOTRkS3AtRmNfc203OXFyanljNHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiflMA0G
CSqGSIb3DQEBCwUAA4IBAQBaH3QNQgl12B4JoP85ETWwjGCFS41o9o+rUcjbr4Bz
FbJ/DdBJMZ1tKkkwEs9+Q5IO467qTN664QJEY8k3mikex7duqQSjXRiZ2ums8T6k
K2sHRYjqxlK9DUltGmNRHRSztbQrfjFO1EUrNb43ZE8X2P9I8hYL/8Sgw+BSyZ2F
djfPH9WJhmZHSvs4rCcORxbhOgEvg9qJz+x92q9l3RD580KdohYSaI9tA3PUZYQm
LgQSGbokOYZarqMT+vX6c2tU/VU0ql67hvGoLNiSWUwZqkM5IM/uyAyAY0l4z9jg
D6HqHxK7BG9ByW/QPDJSXypLIHujbPvFwWDBnt5PnbG7
-----END CERTIFICATE-----