Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/cUnPVNczJN7mcd6WzIaNCU_I1Og.roa
File:                     cUnPVNczJN7mcd6WzIaNCU_I1Og.roa (raw, json)
Hash identifier:          POlAUnHt1/Z4AKOvf92VMFTs3jliQGtxg7+xGq8ORNE=
Subject key identifier:   71:49:CF:54:D7:33:24:DE:E6:71:DE:96:CC:86:8D:09:4F:C8:D4:E8
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       0196303545542E33D2BA7B378D2A5A7304EA
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/cUnPVNczJN7mcd6WzIaNCU_I1Og.roa
Signing time:             Sun 13 Apr 2025 17:31:59 +0000
ROA not before:           Sun 13 Apr 2025 17:31:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57014
IP address blocks:        188.66.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:30:35:45:54:2e:33:d2:ba:7b:37:8d:2a:5a:73:04:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Apr 13 17:31:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7149cf54d73324dee671de96cc868d094fc8d4e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:af:cd:ce:b3:e3:7e:ab:97:70:88:83:b4:5f:
                    50:6a:44:a6:56:0a:c0:00:f3:ff:7a:23:6a:28:4c:
                    f0:df:df:f5:12:44:7b:f6:d0:90:d8:fd:8d:72:54:
                    92:95:7d:0b:95:ae:be:91:85:fe:36:6f:05:e0:d1:
                    0e:e5:de:fa:ab:19:9f:30:ca:ab:e5:6b:d4:4f:36:
                    b8:1a:cc:2f:90:09:24:10:28:77:ec:1d:12:7d:c0:
                    2d:77:dd:2b:f0:90:b6:fb:0f:40:e8:59:26:7f:b7:
                    23:df:88:7d:d4:a0:c0:66:9d:9c:8e:a3:fe:1c:46:
                    62:d8:ea:14:be:4f:77:f0:60:aa:4a:c2:dd:49:50:
                    64:11:0c:0a:15:ed:58:46:c0:3c:c2:05:d5:b7:ee:
                    6e:00:a7:39:e6:5b:52:35:65:8b:b4:0a:72:3e:90:
                    5b:3f:68:5c:c5:41:8f:0f:e5:f0:ee:2f:8a:a9:6b:
                    7f:e8:0d:96:48:d0:1d:3c:f8:3d:57:51:e3:ff:81:
                    62:2f:fb:cc:95:e3:2c:92:a1:e5:95:25:fe:c1:de:
                    cb:93:06:b1:ac:73:4d:e5:cc:46:bb:50:c1:0b:75:
                    76:a0:8c:8e:92:6f:e4:ef:fc:83:80:b6:d1:b3:4c:
                    3e:43:82:aa:af:fe:1b:fb:c9:1a:88:87:32:b8:32:
                    3a:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:49:CF:54:D7:33:24:DE:E6:71:DE:96:CC:86:8D:09:4F:C8:D4:E8
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/cUnPVNczJN7mcd6WzIaNCU_I1Og.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.66.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:4e:3a:41:a1:00:62:6d:03:6e:87:24:8d:d2:6d:47:2b:e1:
         42:61:5f:f7:15:58:a0:ce:3e:3a:65:da:28:97:f5:ff:ba:c9:
         6d:28:3f:95:14:71:81:c5:77:ee:e0:d6:dd:bb:a2:9e:3f:69:
         b9:ea:e7:31:58:3d:49:8b:e0:d5:f8:0e:7a:e6:24:4e:5f:8e:
         05:90:4f:51:eb:96:ff:13:10:44:09:71:d5:fd:c1:66:fe:db:
         17:6e:6e:03:75:f1:68:68:3f:06:7c:ef:a6:61:2a:95:77:5f:
         86:f4:0e:68:29:2e:47:dc:44:95:c0:f4:e7:73:25:a3:98:e6:
         54:b5:f1:96:46:20:7c:e4:6a:5e:a0:f5:40:7b:49:cb:66:1f:
         c7:d0:25:67:2c:63:55:9a:8c:24:a5:5a:a2:99:78:23:61:3f:
         a6:b2:3a:cf:f1:d1:36:d8:53:fc:af:6d:5a:be:3a:be:9f:9d:
         f3:73:11:9a:59:42:3e:52:3f:d4:10:91:58:ff:ee:b7:1a:b3:
         71:e0:ae:8d:d0:ae:90:09:13:a5:37:63:4a:2a:7a:a9:e1:58:
         54:31:f0:21:3c:b4:bd:d0:06:5a:65:fc:91:5e:b7:b8:45:9a:
         57:80:44:f3:9e:fe:f9:55:56:f9:c2:c3:2d:35:95:3e:58:92:
         19:82:b3:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYwNUVULjPSuns3jSpacwTqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUwNDEzMTczMTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTQ5Y2Y1NGQ3MzMyNGRlZTY3MWRlOTZjYzg2OGQwOTRmYzhkNGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtK/NzrPjfquXcIiDtF9QakSmVgrA
APP/eiNqKEzw39/1EkR79tCQ2P2NclSSlX0Lla6+kYX+Nm8F4NEO5d76qxmfMMqr
5WvUTza4GswvkAkkECh37B0SfcAtd90r8JC2+w9A6Fkmf7cj34h91KDAZp2cjqP+
HEZi2OoUvk938GCqSsLdSVBkEQwKFe1YRsA8wgXVt+5uAKc55ltSNWWLtApyPpBb
P2hcxUGPD+Xw7i+KqWt/6A2WSNAdPPg9V1Hj/4FiL/vMleMskqHllSX+wd7Lkwax
rHNN5cxGu1DBC3V2oIyOkm/k7/yDgLbRs0w+Q4Kqr/4b+8kaiIcyuDI6IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFJz1TXMyTe5nHelsyGjQlPyNToMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvY1VuUFZOY3pKTjdtY2Q2V3pJYU5DVV9JMU9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEIYMA0G
CSqGSIb3DQEBCwUAA4IBAQBWTjpBoQBibQNuhySN0m1HK+FCYV/3FVigzj46Zdoo
l/X/usltKD+VFHGBxXfu4Nbdu6KeP2m56ucxWD1Ji+DV+A565iROX44FkE9R65b/
ExBECXHV/cFm/tsXbm4DdfFoaD8GfO+mYSqVd1+G9A5oKS5H3ESVwPTncyWjmOZU
tfGWRiB85GpeoPVAe0nLZh/H0CVnLGNVmowkpVqimXgjYT+msjrP8dE22FP8r21a
vjq+n53zcxGaWUI+Uj/UEJFY/+63GrNx4K6N0K6QCROlN2NKKnqp4VhUMfAhPLS9
0AZaZfyRXre4RZpXgETznv75VVb5wsMtNZU+WJIZgrMH
-----END CERTIFICATE-----