Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/3Dwyf9R-2iqQezeeuz7mCcev6jU.roa
File:                     3Dwyf9R-2iqQezeeuz7mCcev6jU.roa (raw, json)
Hash identifier:          qhu/o0Nw038vBf7CmuRlQq/RpGCM7dAo1Wj7VOxU0lc=
Subject key identifier:   DC:3C:32:7F:D4:7E:DA:2A:90:7B:37:9E:BB:3E:E6:09:C7:AF:EA:35
Certificate issuer:       /CN=03cbdb0595fc48902938a78f42c1eaf0a159bf46
Certificate serial:       0190EA7C2D92223614DC94A7FDB91B1043DE
Authority key identifier: 03:CB:DB:05:95:FC:48:90:29:38:A7:8F:42:C1:EA:F0:A1:59:BF:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A8vbBZX8SJApOKePQsHq8KFZv0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/3Dwyf9R-2iqQezeeuz7mCcev6jU.roa
Signing time:             Thu 25 Jul 2024 15:22:04 +0000
ROA not before:           Thu 25 Jul 2024 15:22:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214470
IP address blocks:        45.148.73.0/24 maxlen: 24
                          2a0f:8c00::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/A8vbBZX8SJApOKePQsHq8KFZv0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/A8vbBZX8SJApOKePQsHq8KFZv0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A8vbBZX8SJApOKePQsHq8KFZv0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ea:7c:2d:92:22:36:14:dc:94:a7:fd:b9:1b:10:43:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03cbdb0595fc48902938a78f42c1eaf0a159bf46
        Validity
            Not Before: Jul 25 15:22:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc3c327fd47eda2a907b379ebb3ee609c7afea35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2e:3f:5e:0a:e5:5c:d9:a1:fb:72:02:ad:56:
                    44:9b:8d:d0:f1:ee:ad:47:45:cc:46:66:9d:b6:7f:
                    10:96:c7:4e:44:55:5a:04:a4:09:81:4b:00:63:cb:
                    00:5d:6b:bc:ee:eb:43:d4:3d:d9:9e:18:35:05:c6:
                    76:b5:d0:e7:45:1c:c5:a7:e1:49:05:d3:49:b9:9e:
                    bc:1e:14:d9:e1:ca:04:ec:18:4e:50:9f:c5:3f:a1:
                    85:12:7d:d8:69:34:e5:70:e5:45:31:96:ec:cd:43:
                    ad:f7:f9:96:0c:6f:5e:04:57:5f:f4:2e:de:96:3d:
                    75:fe:6a:7e:7f:f7:df:32:aa:cb:50:db:e6:b8:1e:
                    60:53:63:b8:5d:7e:66:8e:df:2d:40:56:2e:9e:34:
                    77:64:ff:9f:d9:a7:f7:6e:a7:3e:f4:0d:83:a2:82:
                    a9:81:80:8e:c2:08:00:be:08:b9:5f:63:75:6c:08:
                    0c:4e:03:25:79:e4:ac:da:08:59:aa:35:05:11:f0:
                    58:03:21:68:59:e7:a3:b6:2f:5a:84:26:89:43:de:
                    8b:13:12:ad:c3:8c:09:6d:10:1f:c5:78:5b:ec:d7:
                    ae:f5:dd:c9:32:17:4e:85:44:76:6c:59:44:ae:46:
                    48:06:0e:66:4d:0f:83:d1:d7:70:c6:a5:18:52:8a:
                    17:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:3C:32:7F:D4:7E:DA:2A:90:7B:37:9E:BB:3E:E6:09:C7:AF:EA:35
            X509v3 Authority Key Identifier:
                keyid:03:CB:DB:05:95:FC:48:90:29:38:A7:8F:42:C1:EA:F0:A1:59:BF:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A8vbBZX8SJApOKePQsHq8KFZv0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/3Dwyf9R-2iqQezeeuz7mCcev6jU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/4a7d7f-886d-4bdf-83d6-f66138066358/1/A8vbBZX8SJApOKePQsHq8KFZv0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.73.0/24
                IPv6:
                  2a0f:8c00::/33

    Signature Algorithm: sha256WithRSAEncryption
         18:34:11:72:9d:e1:61:16:d3:2a:67:05:2d:b6:e6:47:eb:3e:
         19:2d:2c:3d:c8:e0:82:e6:4f:81:88:89:dd:be:4a:05:40:f1:
         1a:b7:70:66:9f:b2:c0:74:d6:01:e5:40:bf:61:51:59:3e:07:
         6e:4b:2a:77:ee:eb:fc:e1:5e:a9:22:2c:d8:6e:98:97:1a:11:
         f8:75:da:f8:ca:e2:65:ad:4c:72:d3:45:6b:87:fd:81:93:2a:
         0d:96:a4:4e:d7:60:6a:89:a3:24:67:80:09:5b:05:f8:66:85:
         3b:8a:16:49:3c:18:d1:e7:9f:5e:d4:a4:66:1c:10:b1:fe:1e:
         af:95:bc:0b:8d:6d:ea:7e:e7:e5:9e:d6:c9:f6:bc:63:aa:b0:
         b1:0b:b0:3b:d8:3a:a7:74:e0:03:5c:32:b9:92:c6:60:62:be:
         5a:16:9b:89:a6:c0:84:91:df:8e:9b:4b:89:85:49:ae:1e:94:
         c3:6c:f1:6c:58:ff:26:ee:1a:a3:2b:9d:9b:23:d9:31:3b:ee:
         55:90:84:d1:99:db:18:6a:ec:ce:10:5c:89:81:e1:c2:c1:a5:
         e4:85:67:eb:06:a9:a7:aa:2b:90:71:01:77:53:46:a5:18:53:
         9b:e0:de:72:29:5b:33:51:1e:93:20:be:5b:02:7f:51:aa:c2:
         cd:8c:96:2b
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZDqfC2SIjYU3JSn/bkbEEPeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzY2JkYjA1OTVmYzQ4OTAyOTM4YTc4ZjQyYzFlYWYwYTE1
OWJmNDYwHhcNMjQwNzI1MTUyMjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzNjMzI3ZmQ0N2VkYTJhOTA3YjM3OWViYjNlZTYwOWM3YWZlYTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzi4/XgrlXNmh+3ICrVZEm43Q8e6t
R0XMRmadtn8QlsdORFVaBKQJgUsAY8sAXWu87utD1D3Znhg1BcZ2tdDnRRzFp+FJ
BdNJuZ68HhTZ4coE7BhOUJ/FP6GFEn3YaTTlcOVFMZbszUOt9/mWDG9eBFdf9C7e
lj11/mp+f/ffMqrLUNvmuB5gU2O4XX5mjt8tQFYunjR3ZP+f2af3bqc+9A2DooKp
gYCOwggAvgi5X2N1bAgMTgMleeSs2ghZqjUFEfBYAyFoWeejti9ahCaJQ96LExKt
w4wJbRAfxXhb7Neu9d3JMhdOhUR2bFlErkZIBg5mTQ+D0ddwxqUYUooXZwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFNw8Mn/UftoqkHs3nrs+5gnHr+o1MB8GA1UdIwQY
MBaAFAPL2wWV/EiQKTinj0LB6vChWb9GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTh2YkJaWDhTSkFwT0tlUFFzSHE4S0ZadjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My80YTdkN2YtODg2ZC00YmRmLTgzZDYt
ZjY2MTM4MDY2MzU4LzEvM0R3eWY5Ui0yaXFRZXplZXV6N21DY2V2NmpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My80YTdkN2YtODg2ZC00YmRmLTgzZDYtZjY2MTM4MDY2MzU4
LzEvQTh2YkJaWDhTSkFwT0tlUFFzSHE4S0ZadjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQALZRJMA4E
AgACMAgDBgcqD4wAADANBgkqhkiG9w0BAQsFAAOCAQEAGDQRcp3hYRbTKmcFLbbm
R+s+GS0sPcjgguZPgYiJ3b5KBUDxGrdwZp+ywHTWAeVAv2FRWT4Hbksqd+7r/OFe
qSIs2G6YlxoR+HXa+MriZa1MctNFa4f9gZMqDZakTtdgaomjJGeACVsF+GaFO4oW
STwY0eefXtSkZhwQsf4er5W8C41t6n7n5Z7Wyfa8Y6qwsQuwO9g6p3TgA1wyuZLG
YGK+WhabiabAhJHfjptLiYVJrh6Uw2zxbFj/Ju4aoyudmyPZMTvuVZCE0ZnbGGrs
zhBciYHhwsGl5IVn6wapp6orkHEBd1NGpRhTm+DecilbM1EekyC+WwJ/UarCzYyW
Kw==
-----END CERTIFICATE-----