Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/T3dYaQ_itGY8sg6N2piIETo4lNY.roa
File:                     T3dYaQ_itGY8sg6N2piIETo4lNY.roa (raw, json)
Hash identifier:          jr3iaS2h5oKJUS7JXvE4JXbV33q5i4nh8t/0oFzKNAE=
Subject key identifier:   4F:77:58:69:0F:E2:B4:66:3C:B2:0E:8D:DA:98:88:11:3A:38:94:D6
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       0194266B7F1889DED32AB5F92C893B41F099
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/T3dYaQ_itGY8sg6N2piIETo4lNY.roa
Signing time:             Thu 02 Jan 2025 09:49:26 +0000
ROA not before:           Thu 02 Jan 2025 09:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48680
IP address blocks:        176.103.176.0/24 maxlen: 24
                          176.103.177.0/24 maxlen: 24
                          176.103.178.0/24 maxlen: 24
                          176.103.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:7f:18:89:de:d3:2a:b5:f9:2c:89:3b:41:f0:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Jan  2 09:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f7758690fe2b4663cb20e8dda9888113a3894d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:7b:cc:14:60:9d:bc:e2:9c:e3:c1:ef:05:80:
                    39:5d:a5:0f:ab:4d:21:50:79:7c:89:cb:72:dd:c4:
                    1a:2a:68:62:26:9d:0f:9a:39:22:08:45:c1:b9:85:
                    09:bb:b7:66:59:78:60:f8:1b:36:0b:5d:fc:bb:01:
                    4d:9f:07:7d:0a:ae:47:6d:48:14:3c:bc:7d:63:07:
                    64:b0:7e:69:2c:79:2e:82:6f:b1:97:2b:bf:78:bb:
                    27:d9:ff:d2:0d:10:0a:e5:3c:a5:88:8c:d5:c0:a0:
                    52:67:4d:6e:9b:b8:63:d0:76:51:6d:55:a2:32:43:
                    25:59:09:2c:21:9f:cd:40:28:bb:af:f4:cd:26:44:
                    23:80:43:28:f2:45:c1:b5:53:9b:d2:a4:0e:0d:b4:
                    5f:a2:83:b7:f6:79:1d:1f:da:6a:e4:0a:69:c7:4a:
                    98:c3:d7:d5:87:a8:99:a8:b0:13:fb:dd:0b:c3:94:
                    39:d0:6c:10:a0:96:44:a9:ba:2e:2c:43:6e:39:31:
                    61:c1:a0:63:36:1e:bb:f7:01:26:69:18:8e:73:4f:
                    1f:6c:bb:80:fb:17:c9:ba:e2:d0:95:55:21:1c:e2:
                    74:c5:c8:5d:8a:74:68:a7:1f:a4:38:2c:bf:1c:5e:
                    b8:43:c3:01:08:12:9b:93:96:63:bf:72:15:33:3b:
                    fc:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:77:58:69:0F:E2:B4:66:3C:B2:0E:8D:DA:98:88:11:3A:38:94:D6
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/T3dYaQ_itGY8sg6N2piIETo4lNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.103.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:81:1b:ad:70:01:2e:67:aa:0d:2d:14:0f:13:97:69:6e:f2:
         7a:24:ee:1e:ca:55:05:61:1e:84:f3:9c:9b:d7:47:8b:95:b6:
         85:a2:73:8c:59:ff:2b:5b:77:36:e4:ff:3a:8d:f9:6c:d4:8d:
         45:62:3a:45:26:d2:c4:cf:cd:fa:43:03:91:a1:8c:a6:b7:01:
         7c:73:77:be:d9:03:c4:03:59:f4:51:6d:c5:3e:4f:d9:eb:1c:
         15:ad:19:3c:60:39:48:1f:44:e8:ad:d4:5f:f2:c9:ff:8a:ac:
         45:14:a1:c4:e8:79:74:42:3f:9a:84:26:6b:e3:a1:28:45:ed:
         6e:f7:fc:1f:df:4b:49:53:7f:3c:4c:a5:ac:e2:74:e9:08:5a:
         a3:a1:74:04:3a:6e:cd:31:81:09:4e:a1:46:36:ce:b7:06:be:
         b2:f0:40:b5:3d:d2:22:6f:e2:29:35:98:28:c6:86:a6:1f:75:
         56:1e:e7:2c:b4:a9:c9:03:1f:a9:29:ca:94:9d:77:b4:ea:f3:
         b8:5b:64:bc:65:e4:ac:50:7e:1f:6b:8b:19:43:e0:2a:cc:27:
         ad:06:85:4c:47:f7:5b:bd:e2:68:e7:38:98:80:d5:48:d6:59:
         21:18:e9:7a:0a:53:af:6d:b2:61:a7:2f:a4:f2:96:3b:27:c0:
         43:3f:ac:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma38Yid7TKrX5LIk7QfCZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjUwMTAyMDk0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Zjc3NTg2OTBmZTJiNDY2M2NiMjBlOGRkYTk4ODgxMTNhMzg5NGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXvMFGCdvOKc48HvBYA5XaUPq00h
UHl8icty3cQaKmhiJp0PmjkiCEXBuYUJu7dmWXhg+Bs2C138uwFNnwd9Cq5HbUgU
PLx9YwdksH5pLHkugm+xlyu/eLsn2f/SDRAK5TyliIzVwKBSZ01um7hj0HZRbVWi
MkMlWQksIZ/NQCi7r/TNJkQjgEMo8kXBtVOb0qQODbRfooO39nkdH9pq5Appx0qY
w9fVh6iZqLAT+90Lw5Q50GwQoJZEqbouLENuOTFhwaBjNh679wEmaRiOc08fbLuA
+xfJuuLQlVUhHOJ0xchdinRopx+kOCy/HF64Q8MBCBKbk5Zjv3IVMzv8IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE93WGkP4rRmPLIOjdqYiBE6OJTWMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvVDNkWWFRX2l0R1k4c2c2TjJwaUlFVG80bE5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsGewMA0G
CSqGSIb3DQEBCwUAA4IBAQA1gRutcAEuZ6oNLRQPE5dpbvJ6JO4eylUFYR6E85yb
10eLlbaFonOMWf8rW3c25P86jfls1I1FYjpFJtLEz836QwORoYymtwF8c3e+2QPE
A1n0UW3FPk/Z6xwVrRk8YDlIH0TordRf8sn/iqxFFKHE6Hl0Qj+ahCZr46EoRe1u
9/wf30tJU388TKWs4nTpCFqjoXQEOm7NMYEJTqFGNs63Br6y8EC1PdIib+IpNZgo
xoamH3VWHucstKnJAx+pKcqUnXe06vO4W2S8ZeSsUH4fa4sZQ+AqzCetBoVMR/db
veJo5ziYgNVI1lkhGOl6ClOvbbJhpy+k8pY7J8BDP6yW
-----END CERTIFICATE-----