Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/NdfYhyEIlOx2bM1fbY-6y_Mzqu0.roa
File:                     NdfYhyEIlOx2bM1fbY-6y_Mzqu0.roa (raw, json)
Hash identifier:          GVG5D0DMkIKvSNVyuIcHw5fPR+kX2pfQRbrnBqYsWAI=
Subject key identifier:   35:D7:D8:87:21:08:94:EC:76:6C:CD:5F:6D:8F:BA:CB:F3:33:AA:ED
Certificate issuer:       /CN=b3d5ec1516ee6dc19d1e5c3998cb7e7a646f715a
Certificate serial:       018CC3490DB2E49FAD49B1DFBF3B7FD78AD4
Authority key identifier: B3:D5:EC:15:16:EE:6D:C1:9D:1E:5C:39:98:CB:7E:7A:64:6F:71:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s9XsFRbubcGdHlw5mMt-emRvcVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/NdfYhyEIlOx2bM1fbY-6y_Mzqu0.roa
Signing time:             Mon 01 Jan 2024 04:29:53 +0000
ROA not before:           Mon 01 Jan 2024 04:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205933
IP address blocks:        185.147.64.0/24 maxlen: 24
                          185.147.66.0/24 maxlen: 24
                          185.147.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/s9XsFRbubcGdHlw5mMt-emRvcVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/s9XsFRbubcGdHlw5mMt-emRvcVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s9XsFRbubcGdHlw5mMt-emRvcVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 16:03:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:0d:b2:e4:9f:ad:49:b1:df:bf:3b:7f:d7:8a:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3d5ec1516ee6dc19d1e5c3998cb7e7a646f715a
        Validity
            Not Before: Jan  1 04:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35d7d887210894ec766ccd5f6d8fbacbf333aaed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b2:c0:f8:5e:e2:a0:35:71:ae:4c:47:00:f8:
                    6a:c1:35:64:dc:5f:df:85:fd:e9:34:b6:b7:99:5b:
                    97:e9:58:54:f4:e2:94:7d:57:af:8d:dd:c9:53:70:
                    ff:57:6c:b1:1a:12:52:78:b4:30:6d:39:6a:a8:3a:
                    63:ef:5e:8d:be:af:ab:1f:d6:e8:18:bd:b1:1f:3b:
                    dc:13:03:22:1c:2a:7c:6b:7a:8f:b7:46:e4:7a:8d:
                    91:9a:3f:21:46:47:35:4a:29:ec:15:fe:42:d4:a9:
                    bb:8d:a3:a0:d9:5a:6d:0a:00:7f:71:c9:1b:72:46:
                    9d:aa:04:4c:ca:72:aa:8f:b9:bd:79:ad:45:31:8b:
                    61:2e:87:d0:d5:09:0c:22:ac:87:e6:4d:0e:be:75:
                    26:9b:eb:d5:49:d4:a9:97:3e:0b:8d:3e:c6:1f:b4:
                    40:43:d0:e5:e6:62:c5:ae:30:4f:d9:ac:bb:b2:69:
                    5a:ea:ea:56:92:ee:77:57:17:10:93:db:ac:88:55:
                    9a:82:01:20:08:cf:52:22:0c:37:38:b2:db:2e:08:
                    f7:b9:d3:6f:a1:23:24:8b:80:4e:fe:c5:f6:b1:92:
                    50:1d:e8:e2:dc:b0:53:75:ba:8f:7a:67:e7:96:1b:
                    86:f5:3e:6b:4e:9c:cd:29:de:ff:96:96:6d:9f:04:
                    74:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:D7:D8:87:21:08:94:EC:76:6C:CD:5F:6D:8F:BA:CB:F3:33:AA:ED
            X509v3 Authority Key Identifier:
                keyid:B3:D5:EC:15:16:EE:6D:C1:9D:1E:5C:39:98:CB:7E:7A:64:6F:71:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s9XsFRbubcGdHlw5mMt-emRvcVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/NdfYhyEIlOx2bM1fbY-6y_Mzqu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/s9XsFRbubcGdHlw5mMt-emRvcVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.64.0-185.147.66.255

    Signature Algorithm: sha256WithRSAEncryption
         9c:75:b4:49:77:a1:14:7f:fb:ce:30:46:96:d6:4f:38:22:74:
         d1:20:2d:56:cc:9d:25:0d:71:a0:72:e5:16:9d:36:04:e9:f4:
         a6:ec:c4:d3:c2:37:e3:f3:f5:31:dc:f8:f5:fa:cc:28:ab:54:
         a1:70:89:e1:15:af:d8:2d:7d:9b:eb:b6:98:a0:92:f8:12:0e:
         43:e5:f2:88:cd:e6:90:79:07:2c:56:87:42:e8:14:35:d9:ac:
         42:67:ea:34:74:7e:cb:5b:06:84:ce:c8:4e:1d:a8:41:e5:c9:
         60:de:a9:88:90:66:ca:bd:16:80:75:8c:30:a3:08:1b:ce:70:
         81:cf:b8:e5:ac:d9:bf:2d:c9:40:b5:99:b0:28:8a:a1:6f:cc:
         56:6d:cb:a9:82:04:52:ea:3e:19:b9:63:35:08:5f:c5:11:7a:
         86:37:08:fe:af:6b:16:d9:09:2e:10:45:1e:38:ea:38:8b:5a:
         52:a4:03:06:82:dc:c0:dc:d7:4e:a6:d0:41:5a:8b:ae:e2:28:
         67:4e:0a:ee:85:df:c5:2f:7b:ce:ab:61:22:61:b4:e2:19:e4:
         f9:0a:0e:ac:30:a6:a3:cd:94:a3:f9:44:83:9d:d8:59:39:9c:
         e0:51:56:db:82:8a:15:25:ac:90:23:f3:3c:b5:ed:3d:be:30:
         7a:9e:1e:6f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzDSQ2y5J+tSbHfvzt/14rUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZDVlYzE1MTZlZTZkYzE5ZDFlNWMzOTk4Y2I3ZTdhNjQ2
ZjcxNWEwHhcNMjQwMTAxMDQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWQ3ZDg4NzIxMDg5NGVjNzY2Y2NkNWY2ZDhmYmFjYmYzMzNhYWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7LA+F7ioDVxrkxHAPhqwTVk3F/f
hf3pNLa3mVuX6VhU9OKUfVevjd3JU3D/V2yxGhJSeLQwbTlqqDpj716Nvq+rH9bo
GL2xHzvcEwMiHCp8a3qPt0bkeo2Rmj8hRkc1SinsFf5C1Km7jaOg2VptCgB/cckb
ckadqgRMynKqj7m9ea1FMYthLofQ1QkMIqyH5k0OvnUmm+vVSdSplz4LjT7GH7RA
Q9Dl5mLFrjBP2ay7smla6upWku53VxcQk9usiFWaggEgCM9SIgw3OLLbLgj3udNv
oSMki4BO/sX2sZJQHeji3LBTdbqPemfnlhuG9T5rTpzNKd7/lpZtnwR03wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDXX2IchCJTsdmzNX22PusvzM6rtMB8GA1UdIwQY
MBaAFLPV7BUW7m3BnR5cOZjLfnpkb3FaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczlYc0ZSYnViY0dkSGx3NW1NdC1lbVJ2Y1ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8zYWQ3Y2MtM2MwOC00YjcyLTg3MGEt
NmMzMDVhNmRiYWI5LzEvTmRmWWh5RUlsT3gyYk0xZmJZLTZ5X016cXUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8zYWQ3Y2MtM2MwOC00YjcyLTg3MGEtNmMzMDVhNmRiYWI5
LzEvczlYc0ZSYnViY0dkSGx3NW1NdC1lbVJ2Y1ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAa5k0AD
BAC5k0IwDQYJKoZIhvcNAQELBQADggEBAJx1tEl3oRR/+84wRpbWTzgidNEgLVbM
nSUNcaBy5RadNgTp9KbsxNPCN+Pz9THc+PX6zCirVKFwieEVr9gtfZvrtpigkvgS
DkPl8ojN5pB5ByxWh0LoFDXZrEJn6jR0fstbBoTOyE4dqEHlyWDeqYiQZsq9FoB1
jDCjCBvOcIHPuOWs2b8tyUC1mbAoiqFvzFZty6mCBFLqPhm5YzUIX8UReoY3CP6v
axbZCS4QRR446jiLWlKkAwaC3MDc106m0EFai67iKGdOCu6F38Uve86rYSJhtOIZ
5PkKDqwwpqPNlKP5RIOd2Fk5nOBRVtuCihUlrJAj8zy17T2+MHqeHm8=
-----END CERTIFICATE-----