Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/PHFVTcG4KZjwKJOE7_73HHVKLFs.roa
File:                     PHFVTcG4KZjwKJOE7_73HHVKLFs.roa (raw, json)
Hash identifier:          WE0SQ9SvcesHSizaa+Bf2w3NFhcVw1y/r+SFqq3s8Og=
Subject key identifier:   3C:71:55:4D:C1:B8:29:98:F0:28:93:84:EF:FE:F7:1C:75:4A:2C:5B
Certificate issuer:       /CN=ec4fb061a9426e4fb2885d822867572a1b58a4c0
Certificate serial:       0194258F948C074136AA4353C2FF161AB601
Authority key identifier: EC:4F:B0:61:A9:42:6E:4F:B2:88:5D:82:28:67:57:2A:1B:58:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/PHFVTcG4KZjwKJOE7_73HHVKLFs.roa
Signing time:             Thu 02 Jan 2025 05:49:14 +0000
ROA not before:           Thu 02 Jan 2025 05:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49870
IP address blocks:        185.224.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:94:8c:07:41:36:aa:43:53:c2:ff:16:1a:b6:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec4fb061a9426e4fb2885d822867572a1b58a4c0
        Validity
            Not Before: Jan  2 05:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c71554dc1b82998f0289384effef71c754a2c5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:da:b7:20:23:9f:b5:df:6b:e7:79:c9:9e:f7:
                    91:e9:8e:bb:1a:69:f9:91:b6:30:3c:cf:95:9a:cf:
                    ca:51:cc:fb:0d:74:5e:a8:5b:a5:98:1c:42:09:30:
                    e4:5f:b3:0a:a2:98:f9:37:89:f4:44:ae:d0:7c:f3:
                    57:ab:f0:4e:32:65:2a:67:42:04:49:20:fc:3f:0b:
                    e4:ef:85:34:66:86:78:59:93:56:0e:6b:9f:ad:b4:
                    27:24:46:2b:2f:a7:4c:46:3b:31:8a:07:87:6b:a8:
                    56:c5:81:38:de:b9:73:b1:3b:ea:64:b8:74:24:24:
                    29:89:d8:0b:40:0c:c8:9c:22:64:31:72:b4:6d:04:
                    46:e9:4e:28:9c:65:55:97:12:cd:fb:ec:23:05:5b:
                    a5:92:7b:63:43:3e:5f:0b:5d:fc:6f:e0:17:48:20:
                    4b:b7:1f:ab:1f:59:c1:88:94:ba:92:e0:71:be:4f:
                    38:d7:51:47:e4:a3:76:06:23:04:f9:d9:66:2d:42:
                    e8:68:64:a2:fd:2d:cf:e7:64:58:cb:81:62:86:92:
                    88:16:da:e2:00:99:3d:a8:c8:69:ec:b4:6e:61:d3:
                    70:6b:b8:95:fc:17:14:02:9f:1b:96:0c:6a:f7:c2:
                    9a:61:67:09:fa:e0:5b:a1:55:0e:1a:15:3e:9c:63:
                    90:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:71:55:4D:C1:B8:29:98:F0:28:93:84:EF:FE:F7:1C:75:4A:2C:5B
            X509v3 Authority Key Identifier:
                keyid:EC:4F:B0:61:A9:42:6E:4F:B2:88:5D:82:28:67:57:2A:1B:58:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/PHFVTcG4KZjwKJOE7_73HHVKLFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:3c:96:c4:92:3e:4c:a5:e5:e1:35:f4:43:c1:1f:2e:29:30:
         29:c2:9e:ac:ec:99:4f:97:f0:8a:75:84:1b:47:56:56:83:d6:
         10:4a:b6:f2:47:b0:73:48:b6:2e:bd:00:8b:10:9a:e5:7a:e1:
         4b:d5:dc:6e:17:93:b6:aa:62:4b:2e:8f:ac:67:71:15:28:b2:
         49:38:b8:69:b9:6a:90:24:d8:f0:14:52:c2:51:bd:41:2e:60:
         f3:89:c1:e8:73:43:94:66:71:39:a1:08:d2:c7:75:d5:88:12:
         77:c1:5a:ed:15:20:4a:f8:4d:65:be:df:40:8d:dd:09:5a:25:
         0a:5e:8a:5b:4b:ba:16:fd:3f:1a:04:25:94:6a:3c:1c:e8:e6:
         1d:0d:dc:bd:3a:52:19:3e:85:ae:e7:91:53:47:38:11:f9:d5:
         aa:30:34:19:d8:18:e2:12:18:86:c5:64:18:8e:ed:f5:1d:08:
         42:de:67:52:21:c4:14:a0:46:75:a9:92:f4:1b:7a:ff:4d:10:
         46:21:eb:2f:ef:96:e6:df:7f:65:19:0e:2c:f5:17:b7:66:60:
         24:9f:bf:d0:52:36:0d:c7:94:7e:0b:02:11:83:4d:1d:ba:7b:
         dc:cc:0f:2a:14:6e:82:d9:07:00:50:88:89:08:e2:1e:ea:20:
         9e:f1:f4:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj5SMB0E2qkNTwv8WGrYBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNGZiMDYxYTk0MjZlNGZiMjg4NWQ4MjI4Njc1NzJhMWI1
OGE0YzAwHhcNMjUwMTAyMDU0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzcxNTU0ZGMxYjgyOTk4ZjAyODkzODRlZmZlZjcxYzc1NGEyYzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitq3ICOftd9r53nJnveR6Y67Gmn5
kbYwPM+Vms/KUcz7DXReqFulmBxCCTDkX7MKopj5N4n0RK7QfPNXq/BOMmUqZ0IE
SSD8Pwvk74U0ZoZ4WZNWDmufrbQnJEYrL6dMRjsxigeHa6hWxYE43rlzsTvqZLh0
JCQpidgLQAzInCJkMXK0bQRG6U4onGVVlxLN++wjBVulkntjQz5fC138b+AXSCBL
tx+rH1nBiJS6kuBxvk8411FH5KN2BiME+dlmLULoaGSi/S3P52RYy4FihpKIFtri
AJk9qMhp7LRuYdNwa7iV/BcUAp8blgxq98KaYWcJ+uBboVUOGhU+nGOQkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDxxVU3BuCmY8CiThO/+9xx1SixbMB8GA1UdIwQY
MBaAFOxPsGGpQm5PsohdgihnVyobWKTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0Utd1lhbENiay15aUYyQ0tHZFhLaHRZcE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi83YmMzYWItZDliNi00YWU0LWJjZDEt
Y2U1NzE1MDY5NWE5LzEvUEhGVlRjRzRLWmp3S0pPRTdfNzNISFZLTEZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi83YmMzYWItZDliNi00YWU0LWJjZDEtY2U1NzE1MDY5NWE5
LzEvN0Utd1lhbENiay15aUYyQ0tHZFhLaHRZcE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueCAMA0G
CSqGSIb3DQEBCwUAA4IBAQAWPJbEkj5MpeXhNfRDwR8uKTApwp6s7JlPl/CKdYQb
R1ZWg9YQSrbyR7BzSLYuvQCLEJrleuFL1dxuF5O2qmJLLo+sZ3EVKLJJOLhpuWqQ
JNjwFFLCUb1BLmDzicHoc0OUZnE5oQjSx3XViBJ3wVrtFSBK+E1lvt9Ajd0JWiUK
XopbS7oW/T8aBCWUajwc6OYdDdy9OlIZPoWu55FTRzgR+dWqMDQZ2BjiEhiGxWQY
ju31HQhC3mdSIcQUoEZ1qZL0G3r/TRBGIesv75bm339lGQ4s9Re3ZmAkn7/QUjYN
x5R+CwIRg00dunvczA8qFG6C2QcAUIiJCOIe6iCe8fSJ
-----END CERTIFICATE-----