Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/296eec-4f04-4a25-a843-bb7a43e57f38/1/3yojvf8xLy7Wn7IouQzlSqK0wi8.roa
File:                     3yojvf8xLy7Wn7IouQzlSqK0wi8.roa (raw, json)
Hash identifier:          XkJKLziNIIGZCpFPWVC2bt7aic/Y/irC0qgPRJLIevw=
Subject key identifier:   DF:2A:23:BD:FF:31:2F:2E:D6:9F:B2:28:B9:0C:E5:4A:A2:B4:C2:2F
Certificate issuer:       /CN=f25fd47d836fca6f741caa3823937f4bb1f1b294
Certificate serial:       0194244508DEE76A2A417A8DC08600EFDFFA
Authority key identifier: F2:5F:D4:7D:83:6F:CA:6F:74:1C:AA:38:23:93:7F:4B:B1:F1:B2:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8l_UfYNvym90HKo4I5N_S7HxspQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/296eec-4f04-4a25-a843-bb7a43e57f38/1/3yojvf8xLy7Wn7IouQzlSqK0wi8.roa
Signing time:             Wed 01 Jan 2025 23:48:11 +0000
ROA not before:           Wed 01 Jan 2025 23:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42525
IP address blocks:        37.25.64.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/296eec-4f04-4a25-a843-bb7a43e57f38/1/8l_UfYNvym90HKo4I5N_S7HxspQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/296eec-4f04-4a25-a843-bb7a43e57f38/1/8l_UfYNvym90HKo4I5N_S7HxspQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8l_UfYNvym90HKo4I5N_S7HxspQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 23:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:08:de:e7:6a:2a:41:7a:8d:c0:86:00:ef:df:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f25fd47d836fca6f741caa3823937f4bb1f1b294
        Validity
            Not Before: Jan  1 23:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df2a23bdff312f2ed69fb228b90ce54aa2b4c22f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f2:eb:58:c1:47:31:6b:bb:0b:d6:b8:ab:a6:
                    53:4f:56:8e:93:df:c0:97:ee:ae:fc:7d:5d:af:6f:
                    dd:4b:15:2e:bf:eb:5a:4e:f6:91:a1:32:33:0c:14:
                    2b:e6:4b:4b:67:77:36:f5:f9:56:ed:71:2a:f7:f2:
                    df:96:72:59:3d:c6:f4:44:0f:2d:11:ff:cd:5e:19:
                    27:d0:02:be:bb:a8:c6:9d:ff:9c:96:5a:67:4c:39:
                    28:c7:d1:b4:70:98:bf:c3:f1:1c:92:d0:23:3f:fc:
                    44:bf:f6:84:e6:08:1a:20:97:7f:ff:e3:9c:ca:f9:
                    a2:06:0e:d9:98:d2:f0:13:ac:50:04:08:6e:7a:a3:
                    ca:c1:22:2b:4f:ab:a8:fc:5b:ee:56:d7:e0:43:11:
                    ff:f2:00:e5:ea:64:b6:25:b9:8c:29:c7:45:86:de:
                    d1:f9:8a:56:94:cf:4e:2c:67:77:97:97:a9:c2:78:
                    1f:81:e1:95:73:9f:f1:d0:47:0c:31:46:84:29:0a:
                    14:54:e5:bf:f1:0f:7e:30:a8:c2:a8:e7:3c:66:bf:
                    46:ac:4f:1c:6a:e4:6b:aa:d6:43:b1:42:ad:86:17:
                    47:87:32:3a:fa:84:03:11:f2:00:47:39:22:ad:06:
                    21:e2:de:cc:3a:7b:6f:d4:68:fa:e2:7e:15:53:e7:
                    21:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:2A:23:BD:FF:31:2F:2E:D6:9F:B2:28:B9:0C:E5:4A:A2:B4:C2:2F
            X509v3 Authority Key Identifier:
                keyid:F2:5F:D4:7D:83:6F:CA:6F:74:1C:AA:38:23:93:7F:4B:B1:F1:B2:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8l_UfYNvym90HKo4I5N_S7HxspQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/296eec-4f04-4a25-a843-bb7a43e57f38/1/3yojvf8xLy7Wn7IouQzlSqK0wi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/296eec-4f04-4a25-a843-bb7a43e57f38/1/8l_UfYNvym90HKo4I5N_S7HxspQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.25.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         68:6f:b2:a4:ac:4b:ad:f3:0a:1e:16:22:18:e4:ae:a0:00:33:
         e9:7e:95:fa:e9:7c:62:b0:0f:61:7c:3d:dc:78:92:9d:ac:1b:
         4d:0d:f8:b1:5e:57:c8:f0:3c:cd:b2:02:b5:fb:69:41:1b:91:
         0a:e4:d4:f5:ad:e5:35:ca:ab:bd:51:40:e5:28:7c:79:93:84:
         e3:51:38:8e:50:3d:0d:67:a7:a9:56:c8:f8:0a:8d:e6:5f:d9:
         31:d6:b9:3b:77:43:35:bb:90:ac:21:f6:5e:f9:46:23:be:94:
         45:3a:c3:05:40:78:91:69:9b:f0:ba:6e:b2:27:44:08:10:ca:
         84:a8:4f:7e:f4:4b:06:42:00:0e:42:ee:61:97:e8:9a:fa:59:
         a8:4a:cb:16:2a:5d:95:e8:13:c8:6b:09:59:97:c9:50:a2:5a:
         98:92:3c:a7:fa:3c:02:3a:ad:2c:3b:9e:d5:f3:c9:4d:b1:6d:
         d4:2a:f5:7b:33:bf:7d:23:a4:6a:9a:57:32:b2:86:d2:1c:7b:
         a7:b6:c3:d8:68:29:21:b2:7f:e6:01:99:ec:8a:63:ed:31:3e:
         a6:c9:5c:7a:42:b7:f8:88:f9:8a:d3:17:5e:ac:05:d3:4f:38:
         09:a5:cd:42:d6:66:94:c3:8e:11:b5:7b:d1:80:b0:41:c3:dd:
         0c:fb:95:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRQje52oqQXqNwIYA79/6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyNWZkNDdkODM2ZmNhNmY3NDFjYWEzODIzOTM3ZjRiYjFm
MWIyOTQwHhcNMjUwMTAxMjM0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjJhMjNiZGZmMzEyZjJlZDY5ZmIyMjhiOTBjZTU0YWEyYjRjMjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvLrWMFHMWu7C9a4q6ZTT1aOk9/A
l+6u/H1dr2/dSxUuv+taTvaRoTIzDBQr5ktLZ3c29flW7XEq9/LflnJZPcb0RA8t
Ef/NXhkn0AK+u6jGnf+cllpnTDkox9G0cJi/w/EcktAjP/xEv/aE5ggaIJd//+Oc
yvmiBg7ZmNLwE6xQBAhueqPKwSIrT6uo/FvuVtfgQxH/8gDl6mS2JbmMKcdFht7R
+YpWlM9OLGd3l5epwngfgeGVc5/x0EcMMUaEKQoUVOW/8Q9+MKjCqOc8Zr9GrE8c
auRrqtZDsUKthhdHhzI6+oQDEfIARzkirQYh4t7MOntv1Gj64n4VU+chbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN8qI73/MS8u1p+yKLkM5UqitMIvMB8GA1UdIwQY
MBaAFPJf1H2Db8pvdByqOCOTf0ux8bKUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGxfVWZZTnZ5bTkwSEtvNEk1Tl9TN0h4c3BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS8yOTZlZWMtNGYwNC00YTI1LWE4NDMt
YmI3YTQzZTU3ZjM4LzEvM3lvanZmOHhMeTdXbjdJb3VRemxTcUswd2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS8yOTZlZWMtNGYwNC00YTI1LWE4NDMtYmI3YTQzZTU3ZjM4
LzEvOGxfVWZZTnZ5bTkwSEtvNEk1Tl9TN0h4c3BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDJRlAMA0G
CSqGSIb3DQEBCwUAA4IBAQBob7KkrEut8woeFiIY5K6gADPpfpX66XxisA9hfD3c
eJKdrBtNDfixXlfI8DzNsgK1+2lBG5EK5NT1reU1yqu9UUDlKHx5k4TjUTiOUD0N
Z6epVsj4Co3mX9kx1rk7d0M1u5CsIfZe+UYjvpRFOsMFQHiRaZvwum6yJ0QIEMqE
qE9+9EsGQgAOQu5hl+ia+lmoSssWKl2V6BPIawlZl8lQolqYkjyn+jwCOq0sO57V
88lNsW3UKvV7M799I6RqmlcysobSHHuntsPYaCkhsn/mAZnsimPtMT6myVx6Qrf4
iPmK0xderAXTTzgJpc1C1maUw44RtXvRgLBBw90M+5WF
-----END CERTIFICATE-----