Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/7cd157-c58f-4cb9-8252-1696b246cd50/1/abyvfDmy4Q3zVDJIfxfSkrtZdLo.roa
File:                     abyvfDmy4Q3zVDJIfxfSkrtZdLo.roa (raw, json)
Hash identifier:          IZm94vPLNr133XeI56Dl5DQUBKwgG1pbFRgf8ws+6Pw=
Subject key identifier:   69:BC:AF:7C:39:B2:E1:0D:F3:54:32:48:7F:17:D2:92:BB:59:74:BA
Certificate issuer:       /CN=3a92f5d936752baf2d0df713299499cecfa9f48d
Certificate serial:       01944B24050F0C9725E59E311963B959F530
Authority key identifier: 3A:92:F5:D9:36:75:2B:AF:2D:0D:F7:13:29:94:99:CE:CF:A9:F4:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OpL12TZ1K68tDfcTKZSZzs-p9I0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/7cd157-c58f-4cb9-8252-1696b246cd50/1/abyvfDmy4Q3zVDJIfxfSkrtZdLo.roa
Signing time:             Thu 09 Jan 2025 12:57:19 +0000
ROA not before:           Thu 09 Jan 2025 12:57:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198279
IP address blocks:        185.239.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/7cd157-c58f-4cb9-8252-1696b246cd50/1/OpL12TZ1K68tDfcTKZSZzs-p9I0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/7cd157-c58f-4cb9-8252-1696b246cd50/1/OpL12TZ1K68tDfcTKZSZzs-p9I0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OpL12TZ1K68tDfcTKZSZzs-p9I0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4b:24:05:0f:0c:97:25:e5:9e:31:19:63:b9:59:f5:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a92f5d936752baf2d0df713299499cecfa9f48d
        Validity
            Not Before: Jan  9 12:57:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69bcaf7c39b2e10df35432487f17d292bb5974ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:49:d2:0b:3e:28:91:16:a8:1a:c0:fb:14:95:
                    9f:c8:dc:19:35:fb:53:f6:cb:ba:9b:19:4a:84:d6:
                    0e:55:9f:f7:db:03:85:69:5e:11:30:42:cc:83:02:
                    04:bf:d3:6e:be:00:a9:85:da:2a:1f:84:c7:03:33:
                    53:89:62:48:d8:25:8a:d1:b6:6f:28:a6:ea:e3:09:
                    ee:dd:71:7b:cf:cf:57:10:81:14:44:4b:15:08:c5:
                    2f:66:9e:dc:37:c6:c4:66:14:8b:25:20:22:1b:74:
                    e3:a0:0c:24:d5:52:d9:70:b4:a2:76:16:4b:b2:e4:
                    cf:10:0d:e2:cb:55:18:49:0d:7d:5d:cd:89:83:1f:
                    68:e7:eb:1d:0b:4f:0b:d9:4d:35:30:f9:6b:b1:52:
                    b9:e4:d9:8d:fb:c7:70:aa:bb:6e:63:71:0d:92:3b:
                    1c:29:19:32:8f:b4:9d:12:67:71:df:59:6c:b7:21:
                    6c:ec:08:1a:8c:aa:b5:9d:61:37:00:f3:2c:44:5b:
                    72:7f:b3:85:5b:a8:51:2f:b6:48:3a:d2:6b:be:6a:
                    b4:24:4d:92:d9:c8:4e:ad:bb:43:a3:27:2f:4d:88:
                    d4:4d:e8:1e:89:7d:f6:1b:ac:7d:35:23:85:ac:7a:
                    2f:7a:16:5c:36:07:ee:6c:90:f3:02:b1:f9:d9:00:
                    d3:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:BC:AF:7C:39:B2:E1:0D:F3:54:32:48:7F:17:D2:92:BB:59:74:BA
            X509v3 Authority Key Identifier:
                keyid:3A:92:F5:D9:36:75:2B:AF:2D:0D:F7:13:29:94:99:CE:CF:A9:F4:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OpL12TZ1K68tDfcTKZSZzs-p9I0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/7cd157-c58f-4cb9-8252-1696b246cd50/1/abyvfDmy4Q3zVDJIfxfSkrtZdLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/7cd157-c58f-4cb9-8252-1696b246cd50/1/OpL12TZ1K68tDfcTKZSZzs-p9I0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:36:7d:f5:c1:d0:8b:fb:02:8d:6e:26:a6:e9:ab:7e:3b:8b:
         8e:a2:94:c3:50:86:bc:28:72:65:bc:22:4a:02:f4:58:eb:c3:
         23:bc:2c:72:79:87:b5:62:78:9a:0c:34:7a:2a:30:df:1b:2e:
         ca:e2:ad:a0:35:fa:81:ed:1b:17:21:f9:25:16:30:ea:48:7f:
         6e:73:85:0c:2b:f2:dd:ab:38:8e:0a:8e:fe:15:d1:a7:e7:68:
         64:db:0d:d0:05:fd:7d:f0:f8:34:a8:66:91:4f:93:51:aa:86:
         53:94:e7:72:20:73:cd:03:e1:ef:81:1a:ab:8b:b4:da:2d:5e:
         a7:8c:d7:1c:e8:36:3f:e4:8d:8d:e3:49:ac:57:b0:6c:68:51:
         6e:57:af:4f:67:cf:24:9e:97:dd:3f:4e:35:d3:7b:26:59:2b:
         0d:22:1d:55:9d:33:58:10:b6:f1:28:bc:cc:87:60:51:8f:5c:
         80:83:b5:2c:b0:db:91:7e:e7:37:ac:fc:dc:5f:ec:bc:b8:aa:
         43:1c:b2:55:13:52:49:79:12:6c:3c:ed:04:21:d0:18:51:16:
         98:05:52:f3:80:46:40:90:ed:fc:35:8b:bb:51:37:ab:2b:26:
         ca:5d:27:20:fb:aa:05:25:c9:e6:13:ac:b6:15:37:a5:a7:00:
         f5:17:b4:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRLJAUPDJcl5Z4xGWO5WfUwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhOTJmNWQ5MzY3NTJiYWYyZDBkZjcxMzI5OTQ5OWNlY2Zh
OWY0OGQwHhcNMjUwMTA5MTI1NzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWJjYWY3YzM5YjJlMTBkZjM1NDMyNDg3ZjE3ZDI5MmJiNTk3NGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEnSCz4okRaoGsD7FJWfyNwZNftT
9su6mxlKhNYOVZ/32wOFaV4RMELMgwIEv9NuvgCphdoqH4THAzNTiWJI2CWK0bZv
KKbq4wnu3XF7z89XEIEUREsVCMUvZp7cN8bEZhSLJSAiG3TjoAwk1VLZcLSidhZL
suTPEA3iy1UYSQ19Xc2Jgx9o5+sdC08L2U01MPlrsVK55NmN+8dwqrtuY3ENkjsc
KRkyj7SdEmdx31lstyFs7AgajKq1nWE3APMsRFtyf7OFW6hRL7ZIOtJrvmq0JE2S
2chOrbtDoycvTYjUTegeiX32G6x9NSOFrHovehZcNgfubJDzArH52QDTiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGm8r3w5suEN81QySH8X0pK7WXS6MB8GA1UdIwQY
MBaAFDqS9dk2dSuvLQ33EymUmc7PqfSNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3BMMTJUWjFLNjh0RGZjVEtaU1p6cy1wOUkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS83Y2QxNTctYzU4Zi00Y2I5LTgyNTIt
MTY5NmIyNDZjZDUwLzEvYWJ5dmZEbXk0UTN6VkRKSWZ4ZlNrcnRaZExvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS83Y2QxNTctYzU4Zi00Y2I5LTgyNTItMTY5NmIyNDZjZDUw
LzEvT3BMMTJUWjFLNjh0RGZjVEtaU1p6cy1wOUkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue8IMA0G
CSqGSIb3DQEBCwUAA4IBAQAANn31wdCL+wKNbiam6at+O4uOopTDUIa8KHJlvCJK
AvRY68MjvCxyeYe1YniaDDR6KjDfGy7K4q2gNfqB7RsXIfklFjDqSH9uc4UMK/Ld
qziOCo7+FdGn52hk2w3QBf198Pg0qGaRT5NRqoZTlOdyIHPNA+HvgRqri7TaLV6n
jNcc6DY/5I2N40msV7BsaFFuV69PZ88knpfdP04103smWSsNIh1VnTNYELbxKLzM
h2BRj1yAg7UssNuRfuc3rPzcX+y8uKpDHLJVE1JJeRJsPO0EIdAYURaYBVLzgEZA
kO38NYu7UTerKybKXScg+6oFJcnmE6y2FTelpwD1F7Qn
-----END CERTIFICATE-----