Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/PrLRWGrkGlOz391B_d1bhvHtRdM.roa
File:                     PrLRWGrkGlOz391B_d1bhvHtRdM.roa (raw, json)
Hash identifier:          Zq1F0wSxITxrY6z9+vuv+6+JvubiotTrHBEnZAFhoq4=
Subject key identifier:   3E:B2:D1:58:6A:E4:1A:53:B3:DF:DD:41:FD:DD:5B:86:F1:ED:45:D3
Certificate issuer:       /CN=66634f14586e399cd3802d9c88b1e67d8ddb03a8
Certificate serial:       01942143C3BA3D057AFABE41C4094DAF7222
Authority key identifier: 66:63:4F:14:58:6E:39:9C:D3:80:2D:9C:88:B1:E6:7D:8D:DB:03:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/PrLRWGrkGlOz391B_d1bhvHtRdM.roa
Signing time:             Wed 01 Jan 2025 09:47:56 +0000
ROA not before:           Wed 01 Jan 2025 09:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205739
IP address blocks:        185.208.88.0/22 maxlen: 24
                          2a0b:32c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:c3:ba:3d:05:7a:fa:be:41:c4:09:4d:af:72:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66634f14586e399cd3802d9c88b1e67d8ddb03a8
        Validity
            Not Before: Jan  1 09:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3eb2d1586ae41a53b3dfdd41fddd5b86f1ed45d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:c4:c6:8c:2b:d8:a4:23:1d:c4:f8:59:91:74:
                    ce:f9:b0:e5:6a:a0:ef:34:9f:76:d0:cb:42:af:61:
                    9b:c7:38:63:1b:0d:54:68:03:48:fe:af:08:f2:65:
                    aa:54:1c:04:92:67:37:64:2e:33:2d:f3:19:88:28:
                    39:2c:31:97:2f:05:1a:9a:a0:fe:5a:19:86:fe:d8:
                    ec:23:78:a7:12:7c:32:05:95:9e:17:3b:12:b6:b2:
                    81:58:c3:f5:6a:c3:95:7f:bc:09:01:66:11:b9:b8:
                    c8:2d:a0:5b:e1:58:d9:e5:7b:96:13:13:72:0b:06:
                    6d:c7:64:32:30:5d:fc:cf:01:b6:0a:aa:37:dc:98:
                    d4:eb:6b:0f:77:a4:d7:ad:43:71:a1:e9:97:67:84:
                    f2:6a:ba:23:de:ec:c3:4a:f1:2e:98:23:ea:c8:d4:
                    ec:4b:54:62:9c:15:0d:3c:a8:2a:91:b5:ad:e5:87:
                    09:5a:79:c4:56:df:dc:f4:d5:fb:73:ae:d5:67:73:
                    84:a7:30:3e:91:5d:a9:e2:aa:d9:9d:11:2b:c2:e0:
                    51:bb:54:74:9e:42:d2:bd:ad:2f:9a:55:21:a6:a6:
                    71:49:d2:f6:d2:15:a5:09:a8:64:58:b1:39:f4:51:
                    54:da:59:67:d8:ec:30:f2:5f:c9:04:76:60:c6:e7:
                    3a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:B2:D1:58:6A:E4:1A:53:B3:DF:DD:41:FD:DD:5B:86:F1:ED:45:D3
            X509v3 Authority Key Identifier:
                keyid:66:63:4F:14:58:6E:39:9C:D3:80:2D:9C:88:B1:E6:7D:8D:DB:03:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/PrLRWGrkGlOz391B_d1bhvHtRdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.88.0/22
                IPv6:
                  2a0b:32c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3a:71:37:c8:b8:1e:3e:32:79:84:96:53:92:71:e1:01:14:e2:
         df:96:ab:0d:f7:6e:5b:f6:5b:75:37:99:76:71:ea:1e:6c:f7:
         7f:a4:d8:5e:34:36:8e:93:77:8a:ab:43:41:58:26:d1:e2:ee:
         93:31:fb:e6:57:36:66:50:95:f0:5e:30:1d:3a:62:70:e6:62:
         de:27:81:8d:99:10:db:63:0c:6d:87:40:11:43:21:9f:59:61:
         41:ef:79:86:c0:d7:ae:23:5c:0c:59:a3:55:b2:e9:e9:43:30:
         be:97:7d:0d:fe:1a:58:40:f4:25:23:fa:cd:ac:15:b7:ff:f7:
         45:e6:50:fc:8d:a1:ba:af:1d:2c:5f:cf:fc:80:17:42:bf:5f:
         18:7e:6b:ee:17:43:af:43:b3:3f:26:f7:42:db:65:06:80:e1:
         77:a1:c0:8a:66:3a:f2:02:a6:c8:27:2e:80:58:aa:7b:f6:fe:
         d4:b0:68:c8:ad:76:e9:f3:e0:7b:8e:0c:ea:26:00:50:66:0d:
         3b:89:a2:7e:61:52:83:ad:f2:00:9c:47:0b:5c:9a:91:d2:fe:
         04:c2:7b:77:7b:89:29:0a:f6:76:c3:78:52:58:d4:d8:1a:f0:
         3a:a4:01:cb:c3:6f:c3:05:2f:51:05:48:00:9a:64:70:32:a3:
         ae:d7:88:6d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhQ8O6PQV6+r5BxAlNr3IiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NjM0ZjE0NTg2ZTM5OWNkMzgwMmQ5Yzg4YjFlNjdkOGRk
YjAzYTgwHhcNMjUwMTAxMDk0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWIyZDE1ODZhZTQxYTUzYjNkZmRkNDFmZGRkNWI4NmYxZWQ0NWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMTGjCvYpCMdxPhZkXTO+bDlaqDv
NJ920MtCr2GbxzhjGw1UaANI/q8I8mWqVBwEkmc3ZC4zLfMZiCg5LDGXLwUamqD+
WhmG/tjsI3inEnwyBZWeFzsStrKBWMP1asOVf7wJAWYRubjILaBb4VjZ5XuWExNy
CwZtx2QyMF38zwG2Cqo33JjU62sPd6TXrUNxoemXZ4Tyaroj3uzDSvEumCPqyNTs
S1RinBUNPKgqkbWt5YcJWnnEVt/c9NX7c67VZ3OEpzA+kV2p4qrZnRErwuBRu1R0
nkLSva0vmlUhpqZxSdL20hWlCahkWLE59FFU2lln2Oww8l/JBHZgxuc61wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD6y0Vhq5BpTs9/dQf3dW4bx7UXTMB8GA1UdIwQY
MBaAFGZjTxRYbjmc04AtnIix5n2N2wOoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm1OUEZGaHVPWnpUZ0MyY2lMSG1mWTNiQTZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8yYzJkMzMtYTM2Ny00NDliLTljNDct
MTcxZGI0NjkwYzBhLzEvUHJMUldHcmtHbE96MzkxQl9kMWJodkh0UmRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8yYzJkMzMtYTM2Ny00NDliLTljNDctMTcxZGI0NjkwYzBh
LzEvWm1OUEZGaHVPWnpUZ0MyY2lMSG1mWTNiQTZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudBYMA0E
AgACMAcDBQMqCzLAMA0GCSqGSIb3DQEBCwUAA4IBAQA6cTfIuB4+MnmEllOSceEB
FOLflqsN925b9lt1N5l2ceoebPd/pNheNDaOk3eKq0NBWCbR4u6TMfvmVzZmUJXw
XjAdOmJw5mLeJ4GNmRDbYwxth0ARQyGfWWFB73mGwNeuI1wMWaNVsunpQzC+l30N
/hpYQPQlI/rNrBW3//dF5lD8jaG6rx0sX8/8gBdCv18YfmvuF0OvQ7M/JvdC22UG
gOF3ocCKZjryAqbIJy6AWKp79v7UsGjIrXbp8+B7jgzqJgBQZg07iaJ+YVKDrfIA
nEcLXJqR0v4Ewnt3e4kpCvZ2w3hSWNTYGvA6pAHLw2/DBS9RBUgAmmRwMqOu14ht
-----END CERTIFICATE-----