Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/W3ef7yk_8thOKV8fePQf_c3aBKs.roa
File:                     W3ef7yk_8thOKV8fePQf_c3aBKs.roa (raw, json)
Hash identifier:          q4TpxDQr4+wv6OyV3D6r4UE1e0P7/7+4PMrtZl4uXJc=
Subject key identifier:   5B:77:9F:EF:29:3F:F2:D8:4E:29:5F:1F:78:F4:1F:FD:CD:DA:04:AB
Certificate issuer:       /CN=b3dd35ccff6c2b86a1fad8f103bc20070d09e50d
Certificate serial:       0194252146D645ECE65263CC4E87A4EA08CE
Authority key identifier: B3:DD:35:CC:FF:6C:2B:86:A1:FA:D8:F1:03:BC:20:07:0D:09:E5:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s901zP9sK4ah-tjxA7wgBw0J5Q0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/W3ef7yk_8thOKV8fePQf_c3aBKs.roa
Signing time:             Thu 02 Jan 2025 03:48:45 +0000
ROA not before:           Thu 02 Jan 2025 03:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48763
IP address blocks:        185.173.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/s901zP9sK4ah-tjxA7wgBw0J5Q0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/s901zP9sK4ah-tjxA7wgBw0J5Q0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s901zP9sK4ah-tjxA7wgBw0J5Q0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 17:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:46:d6:45:ec:e6:52:63:cc:4e:87:a4:ea:08:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3dd35ccff6c2b86a1fad8f103bc20070d09e50d
        Validity
            Not Before: Jan  2 03:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b779fef293ff2d84e295f1f78f41ffdcdda04ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:e0:7f:9f:08:e2:41:40:a6:b2:2e:a2:2e:e9:
                    26:83:cc:66:90:ba:a7:c2:f0:ff:27:1f:96:b4:7a:
                    40:c0:13:dd:8b:73:fe:83:98:fe:49:14:de:b6:9e:
                    2a:e4:45:11:62:e1:98:94:ee:5e:21:ec:1d:4e:78:
                    9e:92:20:6d:10:07:e3:af:5d:22:d6:9b:c0:01:aa:
                    ca:1c:43:a9:78:4d:b2:34:73:74:ff:9c:f7:2e:57:
                    bd:ee:f2:19:34:90:5c:49:48:2f:33:29:1f:05:15:
                    df:d0:8e:1f:9e:0f:57:c3:cf:3b:40:3c:4e:d1:61:
                    10:d4:b1:34:e5:c5:56:61:f2:91:dc:27:b6:d1:cd:
                    e6:09:ba:3a:fc:16:51:2d:d0:4a:3f:f9:04:fd:66:
                    e5:2b:54:7e:9a:13:0b:c5:9a:b0:21:65:25:18:d0:
                    1e:8a:0f:e1:31:e6:4c:aa:07:ad:12:67:4d:a7:a8:
                    be:0c:90:fd:c7:a3:08:e9:78:db:65:45:04:aa:75:
                    86:2d:f5:1a:bd:99:ef:73:bb:4f:a3:e3:35:94:eb:
                    7d:7f:52:c3:63:69:c5:aa:d9:b6:f2:64:c5:f1:ff:
                    81:e7:5b:23:8b:a0:46:c1:96:d7:8c:24:b7:5b:77:
                    33:60:f9:7e:d9:ab:34:e8:a8:9e:88:1b:ac:5e:87:
                    19:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:77:9F:EF:29:3F:F2:D8:4E:29:5F:1F:78:F4:1F:FD:CD:DA:04:AB
            X509v3 Authority Key Identifier:
                keyid:B3:DD:35:CC:FF:6C:2B:86:A1:FA:D8:F1:03:BC:20:07:0D:09:E5:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s901zP9sK4ah-tjxA7wgBw0J5Q0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/W3ef7yk_8thOKV8fePQf_c3aBKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/44d4a3-7a84-4499-8b71-2b105051ba59/1/s901zP9sK4ah-tjxA7wgBw0J5Q0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:23:31:0c:c0:6a:9f:31:41:86:43:19:c0:d1:d1:a0:58:0f:
         fd:3e:0e:bd:51:ed:61:fd:b5:39:2c:1c:be:0e:55:b7:d9:2a:
         19:84:79:14:84:46:e0:01:32:ea:dd:ba:f9:21:c4:a2:50:41:
         cf:4c:91:0a:c1:49:c9:bc:16:90:ab:a8:ff:a9:52:b1:54:d2:
         5d:f5:b9:8c:33:f7:1b:bf:a1:e9:9a:0d:85:75:fe:0e:d2:64:
         bc:37:ae:5f:bb:08:cd:5e:41:a6:4e:3a:51:0e:95:ab:69:df:
         70:0e:dd:80:3f:1d:13:61:14:46:a7:a6:a1:40:7d:75:61:74:
         3d:26:85:1d:48:0d:e8:e9:35:73:70:cf:c6:d2:c8:b6:0c:7c:
         25:d3:cc:f5:74:89:40:35:4d:16:50:25:7e:31:9a:ed:f1:b1:
         cf:49:dc:1f:2c:f9:b7:06:de:90:67:e7:04:70:06:09:7e:39:
         8a:39:11:2f:1a:a7:c7:c0:44:ff:c7:b7:84:9b:9c:be:7e:0f:
         75:cb:84:47:a6:92:9d:bb:58:53:79:e9:f6:53:de:8c:71:29:
         66:51:af:0a:1f:13:6e:9e:31:a2:be:19:7a:98:51:cb:19:76:
         01:a9:21:8a:6d:ae:b2:61:f9:2d:bc:bf:8e:9e:c4:8d:40:76:
         dc:94:fd:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIUbWRezmUmPMToek6gjOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZGQzNWNjZmY2YzJiODZhMWZhZDhmMTAzYmMyMDA3MGQw
OWU1MGQwHhcNMjUwMTAyMDM0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yjc3OWZlZjI5M2ZmMmQ4NGUyOTVmMWY3OGY0MWZmZGNkZGEwNGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6eB/nwjiQUCmsi6iLukmg8xmkLqn
wvD/Jx+WtHpAwBPdi3P+g5j+SRTetp4q5EURYuGYlO5eIewdTniekiBtEAfjr10i
1pvAAarKHEOpeE2yNHN0/5z3Lle97vIZNJBcSUgvMykfBRXf0I4fng9Xw887QDxO
0WEQ1LE05cVWYfKR3Ce20c3mCbo6/BZRLdBKP/kE/WblK1R+mhMLxZqwIWUlGNAe
ig/hMeZMqgetEmdNp6i+DJD9x6MI6XjbZUUEqnWGLfUavZnvc7tPo+M1lOt9f1LD
Y2nFqtm28mTF8f+B51sji6BGwZbXjCS3W3czYPl+2as06KieiBusXocZuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFt3n+8pP/LYTilfH3j0H/3N2gSrMB8GA1UdIwQY
MBaAFLPdNcz/bCuGofrY8QO8IAcNCeUNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczkwMXpQOXNLNGFoLXRqeEE3d2dCdzBKNVEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny80NGQ0YTMtN2E4NC00NDk5LThiNzEt
MmIxMDUwNTFiYTU5LzEvVzNlZjd5a184dGhPS1Y4ZmVQUWZfYzNhQktzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny80NGQ0YTMtN2E4NC00NDk5LThiNzEtMmIxMDUwNTFiYTU5
LzEvczkwMXpQOXNLNGFoLXRqeEE3d2dCdzBKNVEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAua2dMA0G
CSqGSIb3DQEBCwUAA4IBAQAqIzEMwGqfMUGGQxnA0dGgWA/9Pg69Ue1h/bU5LBy+
DlW32SoZhHkUhEbgATLq3br5IcSiUEHPTJEKwUnJvBaQq6j/qVKxVNJd9bmMM/cb
v6Hpmg2Fdf4O0mS8N65fuwjNXkGmTjpRDpWrad9wDt2APx0TYRRGp6ahQH11YXQ9
JoUdSA3o6TVzcM/G0si2DHwl08z1dIlANU0WUCV+MZrt8bHPSdwfLPm3Bt6QZ+cE
cAYJfjmKOREvGqfHwET/x7eEm5y+fg91y4RHppKdu1hTeen2U96McSlmUa8KHxNu
njGivhl6mFHLGXYBqSGKba6yYfktvL+OnsSNQHbclP2t
-----END CERTIFICATE-----