Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/3FdWA00TwKK7x-8SNSVC1Sgdths.roa
File:                     3FdWA00TwKK7x-8SNSVC1Sgdths.roa (raw, json)
Hash identifier:          l71qYvQ72hVs+7H4+HQSZKtxS9657cJm+Kdjvjd2frI=
Subject key identifier:   DC:57:56:03:4D:13:C0:A2:BB:C7:EF:12:35:25:42:D5:28:1D:B6:1B
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       0191A37757985953278AEBC961C335AA1FAB
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/3FdWA00TwKK7x-8SNSVC1Sgdths.roa
Signing time:             Fri 30 Aug 2024 13:26:32 +0000
ROA not before:           Fri 30 Aug 2024 13:26:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        45.138.157.0/24 maxlen: 24
                          193.201.126.0/24 maxlen: 24
                          194.61.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a3:77:57:98:59:53:27:8a:eb:c9:61:c3:35:aa:1f:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Aug 30 13:26:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc5756034d13c0a2bbc7ef12352542d5281db61b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:5f:5d:79:98:0f:b6:36:5d:ca:9a:fa:97:ee:
                    d3:99:c1:78:17:d6:c6:de:db:4f:7b:34:3a:60:9d:
                    57:d9:35:e0:be:7c:bf:4c:5a:4b:d1:7f:d4:74:49:
                    8e:56:16:80:f1:f1:0c:5a:d3:23:bc:c3:91:08:96:
                    b7:16:87:f7:8d:37:c5:43:d6:cb:b7:ed:29:38:ef:
                    58:25:6a:f9:15:9e:01:d8:f0:a6:82:d3:7c:67:7d:
                    2a:be:3c:f7:56:fe:d8:f8:05:81:ac:0a:50:aa:1e:
                    40:5a:4f:cc:f4:95:b0:7a:0c:72:53:fb:53:53:0c:
                    7b:0c:31:54:40:b1:91:24:1e:0d:98:5c:be:98:34:
                    83:fa:7a:bf:9b:62:8a:89:50:c0:8b:cf:df:87:46:
                    0f:33:65:0c:4c:4d:f7:25:50:02:3c:ea:29:01:29:
                    25:c1:c3:eb:c3:02:5d:0b:e2:73:0a:79:a2:cf:0c:
                    57:8f:6b:ce:fe:78:bb:25:e7:7a:cd:45:22:07:2a:
                    fc:c1:e4:e4:d6:02:38:8d:67:c3:80:f2:0d:05:95:
                    e8:dd:ff:35:e3:3c:86:b5:c8:4d:32:f4:a0:38:ed:
                    aa:b1:aa:2a:22:d7:14:bc:5c:b5:9a:71:5b:36:b9:
                    79:05:0b:b0:7b:5c:9b:12:73:8b:fd:fe:cc:9d:1a:
                    d4:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:57:56:03:4D:13:C0:A2:BB:C7:EF:12:35:25:42:D5:28:1D:B6:1B
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/3FdWA00TwKK7x-8SNSVC1Sgdths.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.157.0/24
                  193.201.126.0/24
                  194.61.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:ac:e5:f4:5f:f8:d0:51:a4:f1:08:93:96:20:4c:26:40:c5:
         04:fa:30:b6:bf:fe:75:9f:15:df:63:d2:40:15:2a:cb:c2:0c:
         65:7d:0f:86:fa:e4:cc:d8:e2:cd:e9:97:8e:a1:03:43:46:d4:
         d4:9b:ea:86:40:47:77:ae:09:80:d3:94:fb:9c:f0:b3:a2:02:
         a7:7b:71:63:81:2a:95:1c:e8:fb:f8:f1:0b:a5:6f:6b:40:78:
         17:16:51:e1:5c:19:79:fb:91:33:3b:9c:0e:9b:35:9f:99:db:
         32:ee:ee:35:e2:a3:ea:41:24:4a:84:de:d6:52:d0:3d:ee:5c:
         64:e7:c0:44:22:42:f8:15:f5:8a:b9:35:ea:ba:d5:53:4c:1a:
         81:19:07:7c:35:a9:98:03:1c:9f:49:47:76:d3:b0:f4:b1:74:
         46:25:17:66:c3:d3:6d:1a:87:4e:5c:98:48:88:f9:91:2f:93:
         d0:55:8e:9a:4b:00:fc:26:16:83:66:60:4e:ac:2f:e9:29:76:
         cf:59:31:0f:57:25:ae:90:d7:71:98:f1:8a:1a:f7:09:39:9a:
         fa:49:03:10:b3:9c:7c:e2:75:fa:47:2f:9c:08:92:0f:52:74:
         dd:71:a3:ff:30:e2:3c:3a:8a:a0:ba:f1:e7:fa:22:b2:07:f1:
         94:78:80:66
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZGjd1eYWVMniuvJYcM1qh+rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwODMwMTMyNjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzU3NTYwMzRkMTNjMGEyYmJjN2VmMTIzNTI1NDJkNTI4MWRiNjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm19deZgPtjZdypr6l+7TmcF4F9bG
3ttPezQ6YJ1X2TXgvny/TFpL0X/UdEmOVhaA8fEMWtMjvMORCJa3Fof3jTfFQ9bL
t+0pOO9YJWr5FZ4B2PCmgtN8Z30qvjz3Vv7Y+AWBrApQqh5AWk/M9JWwegxyU/tT
Uwx7DDFUQLGRJB4NmFy+mDSD+nq/m2KKiVDAi8/fh0YPM2UMTE33JVACPOopASkl
wcPrwwJdC+JzCnmizwxXj2vO/ni7Jed6zUUiByr8weTk1gI4jWfDgPINBZXo3f81
4zyGtchNMvSgOO2qsaoqItcUvFy1mnFbNrl5BQuwe1ybEnOL/f7MnRrU+wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNxXVgNNE8Ciu8fvEjUlQtUoHbYbMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvM0ZkV0EwMFR3S0s3eC04U05TVkMxU2dkdGhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALYqdAwQA
wcl+AwQAwj0JMA0GCSqGSIb3DQEBCwUAA4IBAQBrrOX0X/jQUaTxCJOWIEwmQMUE
+jC2v/51nxXfY9JAFSrLwgxlfQ+G+uTM2OLN6ZeOoQNDRtTUm+qGQEd3rgmA05T7
nPCzogKne3FjgSqVHOj7+PELpW9rQHgXFlHhXBl5+5EzO5wOmzWfmdsy7u414qPq
QSRKhN7WUtA97lxk58BEIkL4FfWKuTXqutVTTBqBGQd8NamYAxyfSUd207D0sXRG
JRdmw9NtGodOXJhIiPmRL5PQVY6aSwD8JhaDZmBOrC/pKXbPWTEPVyWukNdxmPGK
GvcJOZr6SQMQs5x84nX6Ry+cCJIPUnTdcaP/MOI8OoqguvHn+iKyB/GUeIBm
-----END CERTIFICATE-----