Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2dfa97-8c53-4e74-9a2c-484a06a61717/1/u2WMlvCqvR8C4fxIzSZBue7OPx8.roa
File:                     u2WMlvCqvR8C4fxIzSZBue7OPx8.roa (raw, json)
Hash identifier:          qmjTqeANx+dQ4nPXTJuIRLRK9MoQ6Usvr9tkzeOywu8=
Subject key identifier:   BB:65:8C:96:F0:AA:BD:1F:02:E1:FC:48:CD:26:41:B9:EE:CE:3F:1F
Certificate issuer:       /CN=3bec12c21108134f00c0353107d60ccdaebefb2e
Certificate serial:       0194266B9818A9BF489F31E95734D168B0A1
Authority key identifier: 3B:EC:12:C2:11:08:13:4F:00:C0:35:31:07:D6:0C:CD:AE:BE:FB:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O-wSwhEIE08AwDUxB9YMza6--y4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2dfa97-8c53-4e74-9a2c-484a06a61717/1/u2WMlvCqvR8C4fxIzSZBue7OPx8.roa
Signing time:             Thu 02 Jan 2025 09:49:33 +0000
ROA not before:           Thu 02 Jan 2025 09:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209737
IP address blocks:        91.208.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2dfa97-8c53-4e74-9a2c-484a06a61717/1/O-wSwhEIE08AwDUxB9YMza6--y4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2dfa97-8c53-4e74-9a2c-484a06a61717/1/O-wSwhEIE08AwDUxB9YMza6--y4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O-wSwhEIE08AwDUxB9YMza6--y4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:98:18:a9:bf:48:9f:31:e9:57:34:d1:68:b0:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bec12c21108134f00c0353107d60ccdaebefb2e
        Validity
            Not Before: Jan  2 09:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb658c96f0aabd1f02e1fc48cd2641b9eece3f1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7b:27:99:dc:85:3e:84:b2:be:42:7c:28:d9:
                    bf:cd:df:67:19:0c:3e:7d:9c:cb:6d:01:86:06:85:
                    b7:d6:79:52:00:9d:a9:30:5d:12:de:2f:6c:2f:dd:
                    2c:34:7b:99:04:89:24:a1:2d:56:99:38:f0:c2:51:
                    63:b3:7d:dd:65:a6:5a:7b:22:3e:3f:72:18:ff:0f:
                    f4:4b:19:38:98:a2:d9:c6:97:14:c8:5f:86:5d:e0:
                    32:45:a3:43:64:c0:d1:14:34:1f:4c:9b:d5:22:dd:
                    be:48:ab:bb:0b:cd:3f:94:38:d1:41:a4:78:07:be:
                    af:f1:dd:9d:d5:8d:4f:1c:ea:21:37:81:5e:e3:ab:
                    4a:f0:95:68:d6:48:4d:ba:68:4e:4d:88:a7:3c:b4:
                    5a:86:0c:65:5f:48:8c:50:8d:76:77:6c:14:b1:43:
                    6b:cc:04:cc:ec:d1:cc:31:8c:dc:1b:78:f8:22:cd:
                    3a:77:0a:3f:61:1b:72:b9:dc:5e:21:3f:7e:22:f0:
                    43:8b:4a:0b:37:8d:56:40:7b:96:ec:8a:40:f2:53:
                    4d:bc:13:90:15:14:29:17:05:99:ba:dc:7d:a5:92:
                    5e:3a:df:7d:a3:ce:68:67:7e:b2:ca:58:38:dc:85:
                    4b:cf:8a:23:77:41:3b:39:55:3f:55:29:7f:b0:64:
                    28:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:65:8C:96:F0:AA:BD:1F:02:E1:FC:48:CD:26:41:B9:EE:CE:3F:1F
            X509v3 Authority Key Identifier:
                keyid:3B:EC:12:C2:11:08:13:4F:00:C0:35:31:07:D6:0C:CD:AE:BE:FB:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O-wSwhEIE08AwDUxB9YMza6--y4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2dfa97-8c53-4e74-9a2c-484a06a61717/1/u2WMlvCqvR8C4fxIzSZBue7OPx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2dfa97-8c53-4e74-9a2c-484a06a61717/1/O-wSwhEIE08AwDUxB9YMza6--y4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:cd:ec:44:31:86:7a:fc:31:63:e3:fe:d4:ab:f4:24:c0:2e:
         af:84:94:e5:c3:b2:ef:e3:74:d3:03:f1:04:ca:e7:7f:cf:d3:
         ac:87:db:c5:2b:86:2e:0d:03:3a:b6:c0:63:aa:81:c7:19:7d:
         44:4e:ef:30:56:88:d5:0f:1c:be:5b:4c:e7:61:c0:86:b2:d3:
         96:36:9f:43:9c:97:8f:10:9e:f9:f1:bd:ad:65:0f:c3:47:e2:
         0e:9f:0c:67:8f:79:1c:72:b5:ed:0a:44:8d:27:9d:8a:eb:85:
         7f:2f:73:52:d0:f7:86:20:5f:fe:c6:fe:db:eb:79:3b:ae:4f:
         bf:69:c1:2a:00:f6:95:9e:0e:b1:6f:00:fd:e9:72:7e:83:37:
         f3:64:4e:9c:da:f8:ac:29:a9:f7:ea:27:f8:9a:ca:ce:86:65:
         c8:14:43:b6:bb:37:bf:76:7a:d2:5b:07:03:8e:00:e6:74:d3:
         f8:b0:a2:44:a4:34:f3:4e:e4:c1:b0:3d:0f:94:49:ca:39:f9:
         10:2e:78:e0:81:ad:9e:29:f5:fb:9e:0a:2a:b3:37:a2:a9:0b:
         76:8b:c6:bf:46:10:49:4c:c0:5e:41:b9:74:e2:37:f2:fd:74:
         c4:14:79:14:14:55:a6:3a:8f:bc:5c:d0:0d:50:1b:70:33:80:
         c8:cb:db:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma5gYqb9InzHpVzTRaLChMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZWMxMmMyMTEwODEzNGYwMGMwMzUzMTA3ZDYwY2NkYWVi
ZWZiMmUwHhcNMjUwMTAyMDk0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjY1OGM5NmYwYWFiZDFmMDJlMWZjNDhjZDI2NDFiOWVlY2UzZjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3snmdyFPoSyvkJ8KNm/zd9nGQw+
fZzLbQGGBoW31nlSAJ2pMF0S3i9sL90sNHuZBIkkoS1WmTjwwlFjs33dZaZaeyI+
P3IY/w/0Sxk4mKLZxpcUyF+GXeAyRaNDZMDRFDQfTJvVIt2+SKu7C80/lDjRQaR4
B76v8d2d1Y1PHOohN4Fe46tK8JVo1khNumhOTYinPLRahgxlX0iMUI12d2wUsUNr
zATM7NHMMYzcG3j4Is06dwo/YRtyudxeIT9+IvBDi0oLN41WQHuW7IpA8lNNvBOQ
FRQpFwWZutx9pZJeOt99o85oZ36yylg43IVLz4ojd0E7OVU/VSl/sGQoyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLtljJbwqr0fAuH8SM0mQbnuzj8fMB8GA1UdIwQY
MBaAFDvsEsIRCBNPAMA1MQfWDM2uvvsuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTy13U3doRUlFMDhBd0RVeEI5WU16YTYtLXk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZGZhOTctOGM1My00ZTc0LTlhMmMt
NDg0YTA2YTYxNzE3LzEvdTJXTWx2Q3F2UjhDNGZ4SXpTWkJ1ZTdPUHg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZGZhOTctOGM1My00ZTc0LTlhMmMtNDg0YTA2YTYxNzE3
LzEvTy13U3doRUlFMDhBd0RVeEI5WU16YTYtLXk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9DMMA0G
CSqGSIb3DQEBCwUAA4IBAQAjzexEMYZ6/DFj4/7Uq/QkwC6vhJTlw7Lv43TTA/EE
yud/z9Osh9vFK4YuDQM6tsBjqoHHGX1ETu8wVojVDxy+W0znYcCGstOWNp9DnJeP
EJ758b2tZQ/DR+IOnwxnj3kccrXtCkSNJ52K64V/L3NS0PeGIF/+xv7b63k7rk+/
acEqAPaVng6xbwD96XJ+gzfzZE6c2visKan36if4msrOhmXIFEO2uze/dnrSWwcD
jgDmdNP4sKJEpDTzTuTBsD0PlEnKOfkQLnjgga2eKfX7ngoqszeiqQt2i8a/RhBJ
TMBeQbl04jfy/XTEFHkUFFWmOo+8XNANUBtwM4DIy9tz
-----END CERTIFICATE-----