Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/49e20f-ffb7-4b6e-9bfe-a798e3df8a88/1/A3_1DFxWhISGR3qRrk0cqzQ_oJU.roa
File:                     A3_1DFxWhISGR3qRrk0cqzQ_oJU.roa (raw, json)
Hash identifier:          BBytHZLgmBi1+Gs7BC3AjtpIs+dsTxilXDE0/DUcWSY=
Subject key identifier:   03:7F:F5:0C:5C:56:84:84:86:47:7A:91:AE:4D:1C:AB:34:3F:A0:95
Certificate issuer:       /CN=661cb5d3f8fc87c16b2df927d7c396626f124554
Certificate serial:       018DE6DDBE4068253392F3F60B0F54A70CBA
Authority key identifier: 66:1C:B5:D3:F8:FC:87:C1:6B:2D:F9:27:D7:C3:96:62:6F:12:45:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zhy10_j8h8FrLfkn18OWYm8SRVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/49e20f-ffb7-4b6e-9bfe-a798e3df8a88/1/A3_1DFxWhISGR3qRrk0cqzQ_oJU.roa
Signing time:             Mon 26 Feb 2024 19:21:48 +0000
ROA not before:           Mon 26 Feb 2024 19:21:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20860
IP address blocks:        185.45.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/49e20f-ffb7-4b6e-9bfe-a798e3df8a88/1/Zhy10_j8h8FrLfkn18OWYm8SRVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/49e20f-ffb7-4b6e-9bfe-a798e3df8a88/1/Zhy10_j8h8FrLfkn18OWYm8SRVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zhy10_j8h8FrLfkn18OWYm8SRVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e6:dd:be:40:68:25:33:92:f3:f6:0b:0f:54:a7:0c:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=661cb5d3f8fc87c16b2df927d7c396626f124554
        Validity
            Not Before: Feb 26 19:21:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=037ff50c5c56848486477a91ae4d1cab343fa095
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b1:ef:4b:12:f3:c7:bb:75:79:20:fd:cf:a9:
                    6d:79:5b:54:24:87:6f:43:cc:61:46:be:f1:f8:66:
                    1f:3d:86:13:f0:1a:a3:84:ef:83:97:90:37:d6:b1:
                    05:52:2f:a4:4c:bd:72:15:e7:a3:55:a5:4f:a1:70:
                    7b:d4:52:3b:e4:2d:fa:29:fe:4f:f0:b3:7a:11:63:
                    ec:a5:66:c2:73:ed:6e:07:7c:e4:59:38:20:5f:e9:
                    1a:f0:ba:f0:cd:09:e7:d1:60:02:9f:dc:d8:7c:c8:
                    42:8e:af:13:e4:ff:1a:79:e9:72:c4:79:35:6b:dc:
                    b3:e2:49:17:5f:61:5e:61:cf:af:b7:0d:64:73:d3:
                    e3:07:13:35:a8:a0:a7:9c:7a:e8:b8:83:01:a9:e1:
                    0f:9f:e8:7f:cc:79:1a:3d:f5:9c:45:21:69:1d:1f:
                    aa:f8:ef:51:75:72:a3:d4:5f:9b:d1:0c:b9:7d:6a:
                    b9:78:85:1b:72:6e:9b:60:2a:1a:5b:23:20:01:fd:
                    3b:df:b5:ed:94:0b:b4:bb:d7:49:7f:44:e9:99:fb:
                    bc:0d:89:c4:92:2d:c0:3d:92:e4:f3:91:c0:49:2f:
                    4d:9a:53:d3:c5:09:18:05:80:87:53:ef:09:82:97:
                    2b:5e:02:4d:d6:02:42:84:db:b1:d6:2a:ff:55:b8:
                    b3:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:7F:F5:0C:5C:56:84:84:86:47:7A:91:AE:4D:1C:AB:34:3F:A0:95
            X509v3 Authority Key Identifier:
                keyid:66:1C:B5:D3:F8:FC:87:C1:6B:2D:F9:27:D7:C3:96:62:6F:12:45:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zhy10_j8h8FrLfkn18OWYm8SRVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/49e20f-ffb7-4b6e-9bfe-a798e3df8a88/1/A3_1DFxWhISGR3qRrk0cqzQ_oJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/49e20f-ffb7-4b6e-9bfe-a798e3df8a88/1/Zhy10_j8h8FrLfkn18OWYm8SRVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:d6:fc:cd:6a:67:01:dd:5c:32:51:4e:1f:2e:70:58:30:62:
         3a:78:5e:5b:e7:53:7d:f4:4f:6b:b5:25:64:31:98:b2:8b:35:
         4c:f6:cb:09:8b:dc:af:e9:66:ef:4a:d7:95:31:5a:50:3d:0d:
         57:07:ca:15:1c:56:35:e8:c3:20:16:1f:51:8d:f5:65:cf:12:
         6e:9e:95:71:c7:37:29:ae:98:00:23:20:cf:c0:a2:76:56:b2:
         ba:d5:ae:d5:19:ee:3a:07:38:df:3d:e8:01:65:81:bc:ef:32:
         b6:fb:8e:0b:af:db:2c:7c:7f:a4:7a:24:1f:f5:13:f9:f0:c7:
         49:4c:53:e2:69:34:eb:ed:40:5b:7a:b8:6f:f3:ba:16:ee:11:
         7e:e4:43:8f:c4:4a:63:eb:62:aa:a8:4e:f8:37:0f:a3:a9:37:
         5e:07:8d:2f:08:de:c0:76:87:0d:2f:6f:a3:99:68:ad:95:6b:
         c0:14:e9:50:ac:bd:90:4f:3f:d5:d5:44:f3:2f:71:39:6d:c0:
         1c:8e:68:ac:19:ff:26:e1:9a:87:82:55:54:4a:ec:68:f1:e6:
         4f:b7:d4:f8:f3:ac:7b:08:c7:75:c0:c5:25:54:14:3b:1c:4a:
         62:d6:7c:45:bb:f1:e9:c6:1b:75:2d:78:98:37:f4:b4:49:9d:
         65:06:4d:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3m3b5AaCUzkvP2Cw9Upwy6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2MWNiNWQzZjhmYzg3YzE2YjJkZjkyN2Q3YzM5NjYyNmYx
MjQ1NTQwHhcNMjQwMjI2MTkyMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzdmZjUwYzVjNTY4NDg0ODY0NzdhOTFhZTRkMWNhYjM0M2ZhMDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrHvSxLzx7t1eSD9z6lteVtUJIdv
Q8xhRr7x+GYfPYYT8BqjhO+Dl5A31rEFUi+kTL1yFeejVaVPoXB71FI75C36Kf5P
8LN6EWPspWbCc+1uB3zkWTggX+ka8LrwzQnn0WACn9zYfMhCjq8T5P8aeelyxHk1
a9yz4kkXX2FeYc+vtw1kc9PjBxM1qKCnnHrouIMBqeEPn+h/zHkaPfWcRSFpHR+q
+O9RdXKj1F+b0Qy5fWq5eIUbcm6bYCoaWyMgAf0737XtlAu0u9dJf0Tpmfu8DYnE
ki3APZLk85HASS9NmlPTxQkYBYCHU+8JgpcrXgJN1gJChNux1ir/VbizQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAN/9QxcVoSEhkd6ka5NHKs0P6CVMB8GA1UdIwQY
MBaAFGYctdP4/IfBay35J9fDlmJvEkVUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmh5MTBfajhoOEZyTGZrbjE4T1dZbThTUlZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS80OWUyMGYtZmZiNy00YjZlLTliZmUt
YTc5OGUzZGY4YTg4LzEvQTNfMURGeFdoSVNHUjNxUnJrMGNxelFfb0pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS80OWUyMGYtZmZiNy00YjZlLTliZmUtYTc5OGUzZGY4YTg4
LzEvWmh5MTBfajhoOEZyTGZrbjE4T1dZbThTUlZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuS38MA0G
CSqGSIb3DQEBCwUAA4IBAQBy1vzNamcB3VwyUU4fLnBYMGI6eF5b51N99E9rtSVk
MZiyizVM9ssJi9yv6WbvSteVMVpQPQ1XB8oVHFY16MMgFh9RjfVlzxJunpVxxzcp
rpgAIyDPwKJ2VrK61a7VGe46BzjfPegBZYG87zK2+44Lr9ssfH+keiQf9RP58MdJ
TFPiaTTr7UBberhv87oW7hF+5EOPxEpj62KqqE74Nw+jqTdeB40vCN7AdocNL2+j
mWitlWvAFOlQrL2QTz/V1UTzL3E5bcAcjmisGf8m4ZqHglVUSuxo8eZPt9T486x7
CMd1wMUlVBQ7HEpi1nxFu/Hpxht1LXiYN/S0SZ1lBk0t
-----END CERTIFICATE-----