Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/3tpPmXILFu60qgLsaLKQakcJCkI.roa
File:                     3tpPmXILFu60qgLsaLKQakcJCkI.roa (raw, json)
Hash identifier:          nblHSZYrmkkpqUgHzfxFvBCE//4h1MIgtAZG1l3WQLA=
Subject key identifier:   DE:DA:4F:99:72:0B:16:EE:B4:AA:02:EC:68:B2:90:6A:47:09:0A:42
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       0198C102842D65A2D3A68BBE75C8F2793188
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/3tpPmXILFu60qgLsaLKQakcJCkI.roa
Signing time:             Tue 19 Aug 2025 06:27:04 +0000
ROA not before:           Tue 19 Aug 2025 06:27:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        178.253.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Aug 2025 01:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c1:02:84:2d:65:a2:d3:a6:8b:be:75:c8:f2:79:31:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Aug 19 06:27:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=deda4f99720b16eeb4aa02ec68b2906a47090a42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:92:17:1b:a1:dd:4f:72:42:a7:b0:eb:ee:f5:
                    80:a1:c8:85:95:35:c1:2b:42:7d:08:11:7e:2c:2d:
                    16:8c:3c:65:73:d5:1c:e8:2c:59:d8:1a:b7:85:ce:
                    87:ac:70:1c:1d:80:da:97:24:1b:03:20:1a:8b:be:
                    d0:11:6b:ac:24:32:d0:69:0f:1d:5d:fa:9a:bc:97:
                    1f:52:eb:cd:54:b0:2a:a4:9b:72:6d:34:ba:0e:b8:
                    74:98:8b:58:7c:fd:b2:58:58:1a:01:4f:e6:7f:1c:
                    30:1e:d2:dc:77:7e:ed:2b:78:28:83:06:dd:56:be:
                    20:e9:e0:73:25:a2:73:a4:1a:eb:f7:d5:e1:cf:82:
                    f3:e0:1c:21:5c:16:ca:0a:c5:07:ca:f2:b2:b7:56:
                    5d:0f:2b:9b:62:2a:d4:66:42:fd:5b:a9:44:4a:f0:
                    be:bc:b8:21:ee:c9:ef:17:4c:15:3a:bd:8d:89:05:
                    a5:32:ff:60:26:0d:4e:7d:aa:ff:e2:9e:04:b2:64:
                    79:a9:de:17:25:de:84:ef:2c:4b:80:1a:58:ce:ee:
                    6c:3d:87:c7:25:44:dc:77:fa:15:77:79:bc:1a:17:
                    32:39:43:96:09:82:7c:31:b6:ee:76:2b:fe:26:21:
                    16:e1:69:7f:68:99:8e:a7:f5:4a:20:8e:6d:50:33:
                    52:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:DA:4F:99:72:0B:16:EE:B4:AA:02:EC:68:B2:90:6A:47:09:0A:42
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/3tpPmXILFu60qgLsaLKQakcJCkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:9e:40:e7:96:60:9b:bf:da:71:9d:b4:48:e4:46:45:15:a2:
         a1:b5:08:cd:4a:b0:43:56:b4:59:40:2b:b3:0b:fd:30:4c:bc:
         ba:40:ec:a3:a5:32:67:40:93:eb:90:6f:86:5b:f8:55:6a:ff:
         8d:56:fa:ad:2f:91:3e:66:86:1b:fb:b3:e7:8c:89:34:8a:8e:
         30:76:4a:86:14:57:64:0d:f6:5e:98:a6:a9:18:11:5f:43:be:
         43:80:31:b3:b3:71:aa:58:01:36:48:a1:f3:73:16:a6:f1:63:
         82:00:52:48:58:53:8a:86:00:a0:9f:53:95:8c:e5:66:e3:6d:
         87:81:a5:fd:9b:25:f1:b8:af:34:28:19:af:ce:2c:d7:07:ae:
         ee:31:14:16:d5:d8:33:03:f8:1e:51:46:0f:60:51:4a:e6:65:
         31:4a:d5:78:60:98:06:8b:5a:80:47:26:42:72:d2:1d:db:af:
         13:76:f3:37:5b:92:c7:8f:bc:3a:1d:e5:22:cb:7a:f3:f7:79:
         bd:13:73:1c:89:cc:db:0e:6f:c0:90:83:0f:07:8a:28:6d:d4:
         26:07:ee:36:24:d1:89:b9:94:9f:91:28:4e:f7:cf:2e:a4:1d:
         ef:05:75:7e:29:47:f2:47:37:81:93:5a:1c:4b:be:c6:03:62:
         6d:47:b9:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjBAoQtZaLTpou+dcjyeTGIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUwODE5MDYyNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWRhNGY5OTcyMGIxNmVlYjRhYTAyZWM2OGIyOTA2YTQ3MDkwYTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZIXG6HdT3JCp7Dr7vWAociFlTXB
K0J9CBF+LC0WjDxlc9Uc6CxZ2Bq3hc6HrHAcHYDalyQbAyAai77QEWusJDLQaQ8d
XfqavJcfUuvNVLAqpJtybTS6Drh0mItYfP2yWFgaAU/mfxwwHtLcd37tK3gogwbd
Vr4g6eBzJaJzpBrr99Xhz4Lz4BwhXBbKCsUHyvKyt1ZdDyubYirUZkL9W6lESvC+
vLgh7snvF0wVOr2NiQWlMv9gJg1Ofar/4p4EsmR5qd4XJd6E7yxLgBpYzu5sPYfH
JUTcd/oVd3m8GhcyOUOWCYJ8Mbbudiv+JiEW4Wl/aJmOp/VKII5tUDNSsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN7aT5lyCxbutKoC7GiykGpHCQpCMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvM3RwUG1YSUxGdTYwcWdMc2FMS1Fha2NKQ2tJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv3gMA0G
CSqGSIb3DQEBCwUAA4IBAQB1nkDnlmCbv9pxnbRI5EZFFaKhtQjNSrBDVrRZQCuz
C/0wTLy6QOyjpTJnQJPrkG+GW/hVav+NVvqtL5E+ZoYb+7PnjIk0io4wdkqGFFdk
DfZemKapGBFfQ75DgDGzs3GqWAE2SKHzcxam8WOCAFJIWFOKhgCgn1OVjOVm422H
gaX9myXxuK80KBmvzizXB67uMRQW1dgzA/geUUYPYFFK5mUxStV4YJgGi1qARyZC
ctId268TdvM3W5LHj7w6HeUiy3rz93m9E3MciczbDm/AkIMPB4oobdQmB+42JNGJ
uZSfkShO988upB3vBXV+KUfyRzeBk1ocS77GA2JtR7mq
-----END CERTIFICATE-----