Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/f3ca23-86ec-40d0-a520-69a364e5629e/1/3H8Iz5hHhMEKn8xskQH_PIfxJ2M.roa
File:                     3H8Iz5hHhMEKn8xskQH_PIfxJ2M.roa (raw, json)
Hash identifier:          kRuaNE5DN0ER4h4yEzfsi+B5+sjpCYHLxCQH23V/CIQ=
Subject key identifier:   DC:7F:08:CF:98:47:84:C1:0A:9F:CC:6C:91:01:FF:3C:87:F1:27:63
Certificate issuer:       /CN=f844e1eafaad3cb091f20ee5bf1c0482487c306e
Certificate serial:       0194221FC4B8EF774869C964ABFB3A9891B2
Authority key identifier: F8:44:E1:EA:FA:AD:3C:B0:91:F2:0E:E5:BF:1C:04:82:48:7C:30:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-ETh6vqtPLCR8g7lvxwEgkh8MG4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/f3ca23-86ec-40d0-a520-69a364e5629e/1/3H8Iz5hHhMEKn8xskQH_PIfxJ2M.roa
Signing time:             Wed 01 Jan 2025 13:48:14 +0000
ROA not before:           Wed 01 Jan 2025 13:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8412
IP address blocks:        194.50.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/f3ca23-86ec-40d0-a520-69a364e5629e/1/1-ETh6vqtPLCR8g7lvxwEgkh8MG4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/f3ca23-86ec-40d0-a520-69a364e5629e/1/1-ETh6vqtPLCR8g7lvxwEgkh8MG4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-ETh6vqtPLCR8g7lvxwEgkh8MG4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:c4:b8:ef:77:48:69:c9:64:ab:fb:3a:98:91:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f844e1eafaad3cb091f20ee5bf1c0482487c306e
        Validity
            Not Before: Jan  1 13:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc7f08cf984784c10a9fcc6c9101ff3c87f12763
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c4:ee:8c:02:ad:13:b3:51:38:df:58:16:c7:
                    76:21:e1:2d:ac:58:10:bc:6b:0b:77:69:c4:a5:11:
                    d0:d9:63:01:7d:7f:be:7d:e9:a9:64:01:1e:3d:14:
                    2b:07:2c:a4:07:2c:7f:b7:66:4a:29:4e:e8:32:3b:
                    d1:4d:32:bc:d1:55:31:85:28:56:d9:36:bc:3a:46:
                    a9:25:3d:f6:b4:2c:69:ef:92:73:96:3e:5e:44:08:
                    3d:76:ec:06:a5:02:83:0e:e9:06:1b:83:9b:92:74:
                    e2:67:73:9f:ec:ec:02:0e:72:a3:8a:fd:ed:18:f4:
                    b2:dd:7e:74:28:ac:67:ad:41:d4:2f:05:d4:45:b0:
                    4e:e7:d3:d0:f7:8c:c2:c7:ab:23:9d:33:fc:6e:36:
                    ec:b0:c5:3a:a5:79:25:72:a5:d1:03:25:da:93:05:
                    55:35:3f:99:f2:b9:91:06:5b:25:74:9b:da:3c:6d:
                    ce:0f:75:1e:58:08:73:3b:66:6a:ba:36:20:2f:6b:
                    fa:79:e2:52:f0:36:46:42:aa:97:28:6b:0f:c2:8d:
                    d7:a6:a0:2e:ac:e7:65:ca:28:9f:32:24:54:e8:b8:
                    4c:40:c6:d7:a1:a5:43:ff:90:59:b6:94:36:64:9b:
                    a0:67:e4:b4:1f:e0:d8:81:8c:be:7b:1f:0f:65:5b:
                    69:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:7F:08:CF:98:47:84:C1:0A:9F:CC:6C:91:01:FF:3C:87:F1:27:63
            X509v3 Authority Key Identifier:
                keyid:F8:44:E1:EA:FA:AD:3C:B0:91:F2:0E:E5:BF:1C:04:82:48:7C:30:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-ETh6vqtPLCR8g7lvxwEgkh8MG4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f3ca23-86ec-40d0-a520-69a364e5629e/1/3H8Iz5hHhMEKn8xskQH_PIfxJ2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f3ca23-86ec-40d0-a520-69a364e5629e/1/1-ETh6vqtPLCR8g7lvxwEgkh8MG4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:73:ee:00:22:04:59:8b:a7:99:99:a9:1b:68:5f:9d:7a:e8:
         7d:ba:69:05:bb:7f:3d:45:a2:a8:49:50:6f:c7:32:e9:69:f5:
         27:65:c3:04:68:48:68:f7:ea:2b:de:9b:8d:b5:e3:9f:80:c5:
         d1:0c:6f:c5:c7:26:4f:53:2c:06:18:b2:a9:f6:46:d0:f3:44:
         33:55:99:ed:41:1c:c6:28:38:41:d1:6a:28:c8:3f:a8:4c:f9:
         9c:c7:d6:12:9a:b6:19:af:bd:3d:a7:b6:49:00:78:f1:c9:bc:
         5c:c1:29:24:22:b6:6a:19:09:5a:e4:cb:5a:cb:e6:9e:18:bc:
         69:c5:14:c6:8b:43:6c:5f:48:1a:31:85:a6:84:74:b3:f6:f2:
         24:46:d3:9e:48:57:da:fd:a4:a8:f8:c1:8a:1b:cd:4b:5f:63:
         bc:ff:4f:7f:8f:07:9c:fa:84:7f:2d:06:50:da:9a:b4:2c:cd:
         2e:eb:ba:03:89:e4:59:ce:19:57:49:f1:4e:0e:97:e5:3d:57:
         49:a9:de:df:47:e9:5a:67:0a:70:4f:82:87:4c:5d:f5:61:29:
         9e:6e:f8:f7:0e:14:05:28:8c:55:16:aa:d0:74:10:28:37:4d:
         22:49:27:7a:45:3e:29:16:45:02:14:94:25:1f:b0:2e:38:bc:
         ca:03:79:85
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQiH8S473dIaclkq/s6mJGyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NDRlMWVhZmFhZDNjYjA5MWYyMGVlNWJmMWMwNDgyNDg3
YzMwNmUwHhcNMjUwMTAxMTM0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzdmMDhjZjk4NDc4NGMxMGE5ZmNjNmM5MTAxZmYzYzg3ZjEyNzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMTujAKtE7NRON9YFsd2IeEtrFgQ
vGsLd2nEpRHQ2WMBfX++fempZAEePRQrByykByx/t2ZKKU7oMjvRTTK80VUxhShW
2Ta8OkapJT32tCxp75Jzlj5eRAg9duwGpQKDDukGG4ObknTiZ3Of7OwCDnKjiv3t
GPSy3X50KKxnrUHULwXURbBO59PQ94zCx6sjnTP8bjbssMU6pXklcqXRAyXakwVV
NT+Z8rmRBlsldJvaPG3OD3UeWAhzO2ZqujYgL2v6eeJS8DZGQqqXKGsPwo3XpqAu
rOdlyiifMiRU6LhMQMbXoaVD/5BZtpQ2ZJugZ+S0H+DYgYy+ex8PZVtpMQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNx/CM+YR4TBCp/MbJEB/zyH8SdjMB8GA1UdIwQY
MBaAFPhE4er6rTywkfIO5b8cBIJIfDBuMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1FVGg2dnF0UExDUjhnN2x2eHdFZ2toOE1HNC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWUvZjNjYTIzLTg2ZWMtNDBkMC1hNTIw
LTY5YTM2NGU1NjI5ZS8xLzNIOEl6NWhIaE1FS244eHNrUUhfUElmeEoyTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMWUvZjNjYTIzLTg2ZWMtNDBkMC1hNTIwLTY5YTM2NGU1NjI5
ZS8xLzEtRVRoNnZxdFBMQ1I4Zzdsdnh3RWdraDhNRzQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCMq0w
DQYJKoZIhvcNAQELBQADggEBAKlz7gAiBFmLp5mZqRtoX5166H26aQW7fz1FoqhJ
UG/HMulp9SdlwwRoSGj36ivem42145+AxdEMb8XHJk9TLAYYsqn2RtDzRDNVme1B
HMYoOEHRaijIP6hM+ZzH1hKathmvvT2ntkkAePHJvFzBKSQitmoZCVrky1rL5p4Y
vGnFFMaLQ2xfSBoxhaaEdLP28iRG055IV9r9pKj4wYobzUtfY7z/T3+PB5z6hH8t
BlDamrQszS7rugOJ5FnOGVdJ8U4Ol+U9V0mp3t9H6VpnCnBPgodMXfVhKZ5u+PcO
FAUojFUWqtB0ECg3TSJJJ3pFPikWRQIUlCUfsC44vMoDeYU=
-----END CERTIFICATE-----