Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/O0E_dnFN5zi96CvgLLN6eJoyMkM.roa
File:                     O0E_dnFN5zi96CvgLLN6eJoyMkM.roa (raw, json)
Hash identifier:          Ns1LJilR3FhqXle0WRn94Ds/xQRz0HxzYlILaBi7ZCU=
Subject key identifier:   3B:41:3F:76:71:4D:E7:38:BD:E8:2B:E0:2C:B3:7A:78:9A:32:32:43
Certificate issuer:       /CN=a7f94ab935054b86dcb5d6adbad2dfdb564b5248
Certificate serial:       01942067F1EE656668659BB76731D5C5B595
Authority key identifier: A7:F9:4A:B9:35:05:4B:86:DC:B5:D6:AD:BA:D2:DF:DB:56:4B:52:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_lKuTUFS4bctdatutLf21ZLUkg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/O0E_dnFN5zi96CvgLLN6eJoyMkM.roa
Signing time:             Wed 01 Jan 2025 05:47:50 +0000
ROA not before:           Wed 01 Jan 2025 05:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205766
IP address blocks:        185.139.156.0/22 maxlen: 24
                          2a0b:20c0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/p_lKuTUFS4bctdatutLf21ZLUkg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/p_lKuTUFS4bctdatutLf21ZLUkg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_lKuTUFS4bctdatutLf21ZLUkg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:f1:ee:65:66:68:65:9b:b7:67:31:d5:c5:b5:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7f94ab935054b86dcb5d6adbad2dfdb564b5248
        Validity
            Not Before: Jan  1 05:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b413f76714de738bde82be02cb37a789a323243
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f0:cb:82:4f:32:24:70:80:1a:44:98:60:48:
                    e2:04:1e:3a:be:91:74:94:cb:80:c4:5b:02:fa:f0:
                    a3:e4:ba:27:10:30:cc:8e:f2:e1:94:6d:06:26:b4:
                    2c:e7:58:66:1a:c1:ee:99:19:be:00:76:82:bc:5a:
                    cc:ab:a2:55:7b:db:27:12:b1:02:d5:5d:9f:b3:ed:
                    08:b7:c2:a7:24:98:53:9d:97:1b:bd:a3:65:f3:12:
                    bb:35:f4:f9:25:82:af:64:6e:19:4e:20:80:5d:ad:
                    64:40:df:c4:65:28:34:d2:a5:fc:19:a5:7c:65:a5:
                    61:d4:71:fb:67:32:3e:19:a1:77:dc:8d:41:ea:fb:
                    5a:58:05:b1:ec:4b:53:54:52:76:68:32:b5:e6:14:
                    0c:ca:b7:4e:31:42:89:c1:e4:8d:4e:c0:68:68:7f:
                    c7:8c:15:15:4e:28:48:0d:f0:5a:82:8d:7c:53:c5:
                    65:20:7b:88:85:97:fa:a6:ce:cb:b7:fb:e4:a9:50:
                    fa:fa:b3:7c:c3:23:d2:56:49:aa:34:9a:d9:a3:f7:
                    ce:8d:6b:5e:bf:aa:7b:c8:30:47:c7:ab:80:b5:5b:
                    c7:7d:30:19:74:2d:21:62:56:5d:5d:35:a5:87:2a:
                    43:9f:7a:c5:c2:01:97:00:1d:e4:5e:ba:e9:11:1e:
                    c0:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:41:3F:76:71:4D:E7:38:BD:E8:2B:E0:2C:B3:7A:78:9A:32:32:43
            X509v3 Authority Key Identifier:
                keyid:A7:F9:4A:B9:35:05:4B:86:DC:B5:D6:AD:BA:D2:DF:DB:56:4B:52:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_lKuTUFS4bctdatutLf21ZLUkg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/O0E_dnFN5zi96CvgLLN6eJoyMkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/p_lKuTUFS4bctdatutLf21ZLUkg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.156.0/22
                IPv6:
                  2a0b:20c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         86:a8:51:b5:a4:72:a5:0e:7a:d0:da:1c:13:50:33:51:bb:ae:
         ac:9d:61:79:08:64:c7:aa:7d:73:03:ea:e8:79:19:90:17:c8:
         dd:9c:97:09:d9:c4:76:82:64:4a:f4:dd:fd:bb:bb:02:88:85:
         59:ff:24:6a:15:59:ed:12:1e:a8:32:88:b5:71:6e:9e:b5:30:
         1f:e0:ea:14:9d:0f:b4:85:6f:3b:58:65:f6:b4:b4:b5:ea:45:
         95:c8:b2:35:59:f2:be:0f:42:0c:a5:7c:c8:29:e7:d1:f9:4f:
         c5:5a:05:23:42:af:97:39:80:4f:59:de:49:b6:7a:36:10:33:
         fd:6e:bd:ca:ef:e2:36:75:f8:e6:e6:55:49:9f:8f:cb:cf:1c:
         80:7c:7a:66:b8:1c:e2:f6:98:c0:e6:cd:6d:f5:5a:eb:58:92:
         b9:8b:8e:4b:8a:9e:ef:a5:ab:04:df:24:4e:12:2f:04:3c:da:
         78:9d:6f:cf:cd:e0:5e:fd:3e:d7:c3:f3:16:1f:66:16:7d:56:
         47:4c:bc:4f:0d:5f:d0:e2:e8:35:c1:4a:f8:7a:cc:64:26:36:
         a9:c0:fe:8a:5f:c2:b3:4f:46:cf:bd:6c:e8:77:c9:66:00:06:
         99:15:35:78:da:49:5c:01:47:d0:da:9f:45:8a:fb:63:82:59:
         99:c2:56:34
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgZ/HuZWZoZZu3ZzHVxbWVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3Zjk0YWI5MzUwNTRiODZkY2I1ZDZhZGJhZDJkZmRiNTY0
YjUyNDgwHhcNMjUwMTAxMDU0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjQxM2Y3NjcxNGRlNzM4YmRlODJiZTAyY2IzN2E3ODlhMzIzMjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/DLgk8yJHCAGkSYYEjiBB46vpF0
lMuAxFsC+vCj5LonEDDMjvLhlG0GJrQs51hmGsHumRm+AHaCvFrMq6JVe9snErEC
1V2fs+0It8KnJJhTnZcbvaNl8xK7NfT5JYKvZG4ZTiCAXa1kQN/EZSg00qX8GaV8
ZaVh1HH7ZzI+GaF33I1B6vtaWAWx7EtTVFJ2aDK15hQMyrdOMUKJweSNTsBoaH/H
jBUVTihIDfBago18U8VlIHuIhZf6ps7Lt/vkqVD6+rN8wyPSVkmqNJrZo/fOjWte
v6p7yDBHx6uAtVvHfTAZdC0hYlZdXTWlhypDn3rFwgGXAB3kXrrpER7AqwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDtBP3ZxTec4vegr4CyzeniaMjJDMB8GA1UdIwQY
MBaAFKf5Srk1BUuG3LXWrbrS39tWS1JIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF9sS3VUVUZTNGJjdGRhdHV0TGYyMVpMVWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy83ZTM4YjItYmVjMS00NDY0LWEwY2Et
N2QyNThiNjIwMTY5LzEvTzBFX2RuRk41emk5NkN2Z0xMTjZlSm95TWtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy83ZTM4YjItYmVjMS00NDY0LWEwY2EtN2QyNThiNjIwMTY5
LzEvcF9sS3VUVUZTNGJjdGRhdHV0TGYyMVpMVWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYucMA0E
AgACMAcDBQAqCyDAMA0GCSqGSIb3DQEBCwUAA4IBAQCGqFG1pHKlDnrQ2hwTUDNR
u66snWF5CGTHqn1zA+roeRmQF8jdnJcJ2cR2gmRK9N39u7sCiIVZ/yRqFVntEh6o
Moi1cW6etTAf4OoUnQ+0hW87WGX2tLS16kWVyLI1WfK+D0IMpXzIKefR+U/FWgUj
Qq+XOYBPWd5Jtno2EDP9br3K7+I2dfjm5lVJn4/LzxyAfHpmuBzi9pjA5s1t9Vrr
WJK5i45Lip7vpasE3yROEi8EPNp4nW/PzeBe/T7Xw/MWH2YWfVZHTLxPDV/Q4ug1
wUr4esxkJjapwP6KX8KzT0bPvWzod8lmAAaZFTV42klcAUfQ2p9FivtjglmZwlY0
-----END CERTIFICATE-----