Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/MOhuKkKFUOCJzvGkfVg3ZmGMV9g.roa
File:                     MOhuKkKFUOCJzvGkfVg3ZmGMV9g.roa (raw, json)
Hash identifier:          GRcY4hPKLNCKWz8KxAbe1WQmkZqEk9LZq4sJ8uzaP8k=
Subject key identifier:   30:E8:6E:2A:42:85:50:E0:89:CE:F1:A4:7D:58:37:66:61:8C:57:D8
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019427B5AE5CEB0849BDBF0A79D4056C63E0
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/MOhuKkKFUOCJzvGkfVg3ZmGMV9g.roa
Signing time:             Thu 02 Jan 2025 15:50:05 +0000
ROA not before:           Thu 02 Jan 2025 15:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62563
IP address blocks:        193.108.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:ae:5c:eb:08:49:bd:bf:0a:79:d4:05:6c:63:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  2 15:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30e86e2a428550e089cef1a47d583766618c57d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:6e:db:2c:65:e2:56:b4:f0:c7:ac:6e:57:db:
                    b8:c7:6e:1e:36:69:4a:7c:3c:a7:67:9e:4d:40:45:
                    3d:d6:1d:a4:68:a9:db:ba:f7:0e:1a:88:bf:2d:dc:
                    e9:aa:eb:98:26:05:68:9c:80:7e:cc:32:a9:da:2d:
                    37:99:54:19:ae:dd:f8:28:d6:24:16:df:7a:cb:97:
                    15:28:90:0b:17:76:a1:df:d7:5b:6f:c7:50:f6:6d:
                    cb:46:05:5a:2c:3f:18:65:77:18:2b:04:e4:2f:1f:
                    bb:26:e2:a0:5d:ce:1c:73:da:f1:08:99:31:30:c3:
                    41:0d:74:6a:e1:2a:ef:00:ff:45:e2:88:24:5f:d0:
                    a7:fd:f6:4b:1d:6b:40:91:06:4a:38:9e:a9:97:83:
                    60:96:14:81:c4:83:03:37:35:4b:f0:b7:43:f2:73:
                    a4:00:82:dd:ce:58:22:c5:91:d0:10:fe:85:d5:c3:
                    aa:a9:81:5d:00:3b:d8:78:fe:ce:c4:13:fe:86:97:
                    89:be:7f:55:f0:1e:eb:74:7d:e7:d1:68:09:9e:a4:
                    e9:ce:d9:53:a3:3b:66:1b:78:e9:2d:0e:01:d6:41:
                    29:75:a9:64:13:31:cf:45:36:0e:eb:38:29:f7:09:
                    fa:f4:f8:3c:39:8c:82:c9:ba:87:0a:c1:dd:d6:9a:
                    2b:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:E8:6E:2A:42:85:50:E0:89:CE:F1:A4:7D:58:37:66:61:8C:57:D8
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/MOhuKkKFUOCJzvGkfVg3ZmGMV9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:60:2e:6f:93:e3:d0:8e:93:75:34:17:6b:97:69:75:42:84:
         ec:11:6e:e5:85:aa:a4:09:80:c4:1b:25:c8:a6:39:2a:97:03:
         77:12:f9:b3:da:c7:2b:da:42:3c:40:b4:31:04:e8:35:0c:5e:
         a8:b5:e9:96:39:14:0f:b6:2f:24:ba:64:5f:cc:9f:08:49:51:
         d5:66:ea:39:d3:26:8b:87:7e:3c:09:ae:6a:41:82:3d:f9:62:
         da:36:fc:0e:2a:07:69:39:73:e0:b2:78:d5:24:3d:eb:c7:f4:
         01:af:a4:e0:6b:36:b2:51:9e:ce:a9:5b:fd:a6:bd:89:bf:a8:
         1c:fb:fb:23:7b:bf:f1:a1:06:03:ce:11:9d:62:93:32:5f:75:
         3b:34:47:ad:f9:ff:c3:5b:66:b7:56:7b:a3:81:77:22:13:b0:
         4a:c7:65:ce:68:92:02:ae:d7:42:43:62:0e:27:4e:94:de:e3:
         d1:b2:e4:81:cf:81:e1:f6:9b:f8:9b:1d:2f:91:9b:47:07:1b:
         32:35:e5:6f:c8:8a:c2:90:e4:f5:42:46:c3:1e:33:5e:d3:2a:
         bf:da:20:a0:6a:52:fc:9f:b5:e3:f3:fe:e7:26:a6:1b:f3:ae:
         aa:57:ad:42:eb:5b:83:a8:d2:a3:d3:e3:c9:96:7f:df:4b:3f:
         3d:7e:30:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnta5c6whJvb8KedQFbGPgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUwMTAyMTU1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGU4NmUyYTQyODU1MGUwODljZWYxYTQ3ZDU4Mzc2NjYxOGM1N2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA427bLGXiVrTwx6xuV9u4x24eNmlK
fDynZ55NQEU91h2kaKnbuvcOGoi/LdzpquuYJgVonIB+zDKp2i03mVQZrt34KNYk
Ft96y5cVKJALF3ah39dbb8dQ9m3LRgVaLD8YZXcYKwTkLx+7JuKgXc4cc9rxCJkx
MMNBDXRq4SrvAP9F4ogkX9Cn/fZLHWtAkQZKOJ6pl4NglhSBxIMDNzVL8LdD8nOk
AILdzlgixZHQEP6F1cOqqYFdADvYeP7OxBP+hpeJvn9V8B7rdH3n0WgJnqTpztlT
oztmG3jpLQ4B1kEpdalkEzHPRTYO6zgp9wn69Pg8OYyCybqHCsHd1por5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDDobipChVDgic7xpH1YN2ZhjFfYMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvTU9odUtrS0ZVT0NKenZHa2ZWZzNabUdNVjlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWw6MA0G
CSqGSIb3DQEBCwUAA4IBAQACYC5vk+PQjpN1NBdrl2l1QoTsEW7lhaqkCYDEGyXI
pjkqlwN3Evmz2scr2kI8QLQxBOg1DF6otemWORQPti8kumRfzJ8ISVHVZuo50yaL
h348Ca5qQYI9+WLaNvwOKgdpOXPgsnjVJD3rx/QBr6TgazayUZ7OqVv9pr2Jv6gc
+/sje7/xoQYDzhGdYpMyX3U7NEet+f/DW2a3VnujgXciE7BKx2XOaJICrtdCQ2IO
J06U3uPRsuSBz4Hh9pv4mx0vkZtHBxsyNeVvyIrCkOT1QkbDHjNe0yq/2iCgalL8
n7Xj8/7nJqYb866qV61C61uDqNKj0+PJln/fSz89fjCY
-----END CERTIFICATE-----