Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/975c38-5998-4549-b16a-42f4202b4e52/1/_T95pb3fSEz9wIRRNrJ3URoDyA0.roa
File:                     _T95pb3fSEz9wIRRNrJ3URoDyA0.roa (raw, json)
Hash identifier:          b9DXDFtYGSmkdIdbmXbJbKOGmfHzZxo/lkWoAYmkF+s=
Subject key identifier:   FD:3F:79:A5:BD:DF:48:4C:FD:C0:84:51:36:B2:77:51:1A:03:C8:0D
Certificate issuer:       /CN=e3d89f8f2ab8e5446b4c9e125cacb027489ca7fb
Certificate serial:       0192DE2C5975E20A21FDE01198132E30D5A3
Authority key identifier: E3:D8:9F:8F:2A:B8:E5:44:6B:4C:9E:12:5C:AC:B0:27:48:9C:A7:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/49ifjyq45URrTJ4SXKywJ0icp_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/975c38-5998-4549-b16a-42f4202b4e52/1/_T95pb3fSEz9wIRRNrJ3URoDyA0.roa
Signing time:             Wed 30 Oct 2024 16:05:01 +0000
ROA not before:           Wed 30 Oct 2024 16:05:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212598
IP address blocks:        185.102.87.0/24 maxlen: 24
                          2a12:8540::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/975c38-5998-4549-b16a-42f4202b4e52/1/49ifjyq45URrTJ4SXKywJ0icp_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/975c38-5998-4549-b16a-42f4202b4e52/1/49ifjyq45URrTJ4SXKywJ0icp_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/49ifjyq45URrTJ4SXKywJ0icp_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:de:2c:59:75:e2:0a:21:fd:e0:11:98:13:2e:30:d5:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3d89f8f2ab8e5446b4c9e125cacb027489ca7fb
        Validity
            Not Before: Oct 30 16:05:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd3f79a5bddf484cfdc0845136b277511a03c80d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f3:71:d1:af:3b:21:44:ab:6b:24:c3:a2:2b:
                    af:be:4e:5e:66:06:75:f0:a1:92:9b:3f:80:61:cf:
                    f2:f0:f7:f5:98:6c:a1:bd:3e:03:6c:c2:2e:7a:b8:
                    7b:ee:2e:8b:4c:67:f6:28:df:87:e0:79:51:d6:0f:
                    fd:a4:bf:f9:ae:7d:0d:fb:a5:5e:29:ab:a1:16:2b:
                    44:ad:fb:55:f6:4b:86:83:49:6c:28:ec:ab:1b:e7:
                    44:94:65:c3:d7:55:63:4c:90:16:66:94:8b:53:ab:
                    44:ee:79:bb:0b:da:d6:3f:54:6d:22:7b:0c:1b:5d:
                    ca:93:2d:d1:36:71:d3:12:a5:b2:0f:49:44:71:03:
                    09:10:b8:7a:ff:a5:0c:bb:9b:0b:28:f9:bf:45:ce:
                    ed:6e:ab:0a:d0:9d:33:93:bb:90:40:55:b9:14:83:
                    27:80:55:e0:d4:6b:43:8f:ea:8a:72:02:d9:e9:84:
                    72:c0:ea:6e:75:73:87:c9:82:bb:bf:7f:ae:23:e9:
                    50:ff:01:64:ab:ad:57:c6:66:c9:63:4c:ac:f9:7f:
                    e9:de:ed:4d:8a:25:29:bf:c3:13:7e:5d:07:f9:16:
                    e3:f8:c3:ac:28:73:af:99:84:c9:6e:89:cf:43:65:
                    bf:db:a5:dd:7e:da:69:c0:b3:c6:0f:df:7c:2a:f2:
                    59:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:3F:79:A5:BD:DF:48:4C:FD:C0:84:51:36:B2:77:51:1A:03:C8:0D
            X509v3 Authority Key Identifier:
                keyid:E3:D8:9F:8F:2A:B8:E5:44:6B:4C:9E:12:5C:AC:B0:27:48:9C:A7:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/49ifjyq45URrTJ4SXKywJ0icp_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/975c38-5998-4549-b16a-42f4202b4e52/1/_T95pb3fSEz9wIRRNrJ3URoDyA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/975c38-5998-4549-b16a-42f4202b4e52/1/49ifjyq45URrTJ4SXKywJ0icp_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.87.0/24
                IPv6:
                  2a12:8540::/29

    Signature Algorithm: sha256WithRSAEncryption
         6c:2e:bf:a8:16:0e:32:70:26:40:17:5a:2d:e4:ce:c0:dc:21:
         18:37:06:0a:04:a0:ad:4d:47:7b:60:8d:41:09:ea:d5:ef:1e:
         7f:8c:1c:48:a4:44:3d:38:8e:d9:8a:06:81:07:be:b0:ee:b5:
         8e:0f:2b:67:27:31:a2:c1:8b:35:5e:a5:63:f8:64:79:d8:36:
         f2:71:65:f3:3f:02:e2:f5:ce:fa:0d:12:80:a4:5a:7b:c1:db:
         14:f8:a9:bb:30:45:b2:54:e2:ab:bd:41:5b:c4:58:45:dc:3e:
         db:cf:80:f6:0f:69:40:cd:ed:6b:5a:a5:1d:2e:3c:d3:f1:46:
         52:6a:62:49:d0:10:24:bf:2e:f7:4c:99:df:e1:77:0f:1f:bd:
         3e:dc:7b:de:22:31:73:eb:b7:fb:a2:69:45:45:54:34:4e:f1:
         02:d8:86:47:20:f2:a6:5c:20:21:e6:87:bd:c5:ff:87:3d:40:
         b1:8a:ae:00:a7:50:46:6b:28:f5:e9:1c:af:4c:66:20:67:d6:
         73:68:36:6e:99:7c:76:9e:0c:ba:18:c2:2a:84:3b:46:d0:a9:
         65:bf:c1:3f:95:d7:eb:0b:5a:aa:b8:91:ab:01:d1:56:cf:35:
         36:a3:21:36:91:51:8a:27:3c:b3:c0:4c:1d:70:80:39:6d:bb:
         6b:fd:d8:7a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZLeLFl14goh/eARmBMuMNWjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZDg5ZjhmMmFiOGU1NDQ2YjRjOWUxMjVjYWNiMDI3NDg5
Y2E3ZmIwHhcNMjQxMDMwMTYwNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDNmNzlhNWJkZGY0ODRjZmRjMDg0NTEzNmIyNzc1MTFhMDNjODBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/Nx0a87IUSrayTDoiuvvk5eZgZ1
8KGSmz+AYc/y8Pf1mGyhvT4DbMIuerh77i6LTGf2KN+H4HlR1g/9pL/5rn0N+6Ve
KauhFitErftV9kuGg0lsKOyrG+dElGXD11VjTJAWZpSLU6tE7nm7C9rWP1RtInsM
G13Kky3RNnHTEqWyD0lEcQMJELh6/6UMu5sLKPm/Rc7tbqsK0J0zk7uQQFW5FIMn
gFXg1GtDj+qKcgLZ6YRywOpudXOHyYK7v3+uI+lQ/wFkq61XxmbJY0ys+X/p3u1N
iiUpv8MTfl0H+Rbj+MOsKHOvmYTJbonPQ2W/26XdftppwLPGD998KvJZwQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFP0/eaW930hM/cCEUTayd1EaA8gNMB8GA1UdIwQY
MBaAFOPYn48quOVEa0yeElyssCdInKf7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDlpZmp5cTQ1VVJyVEo0U1hLeXdKMGljcF9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NzVjMzgtNTk5OC00NTQ5LWIxNmEt
NDJmNDIwMmI0ZTUyLzEvX1Q5NXBiM2ZTRXo5d0lSUk5ySjNVUm9EeUEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NzVjMzgtNTk5OC00NTQ5LWIxNmEtNDJmNDIwMmI0ZTUy
LzEvNDlpZmp5cTQ1VVJyVEo0U1hLeXdKMGljcF9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuWZXMA0E
AgACMAcDBQMqEoVAMA0GCSqGSIb3DQEBCwUAA4IBAQBsLr+oFg4ycCZAF1ot5M7A
3CEYNwYKBKCtTUd7YI1BCerV7x5/jBxIpEQ9OI7ZigaBB76w7rWODytnJzGiwYs1
XqVj+GR52DbycWXzPwLi9c76DRKApFp7wdsU+Km7MEWyVOKrvUFbxFhF3D7bz4D2
D2lAze1rWqUdLjzT8UZSamJJ0BAkvy73TJnf4XcPH70+3HveIjFz67f7omlFRVQ0
TvEC2IZHIPKmXCAh5oe9xf+HPUCxiq4Ap1BGayj16RyvTGYgZ9ZzaDZumXx2ngy6
GMIqhDtG0Kllv8E/ldfrC1qquJGrAdFWzzU2oyE2kVGKJzyzwEwdcIA5bbtr/dh6
-----END CERTIFICATE-----