Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/3nHQeUIvfgERGGgwZXPLqGrFwCc.roa
File:                     3nHQeUIvfgERGGgwZXPLqGrFwCc.roa (raw, json)
Hash identifier:          PVqd7KRgPCILOUDhdegbeY89u7gfE4kJTUXx1+4aybk=
Subject key identifier:   DE:71:D0:79:42:2F:7E:01:11:18:68:30:65:73:CB:A8:6A:C5:C0:27
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       019421B1D7F1B56FB4AC17D89BCB811E7CB7
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/3nHQeUIvfgERGGgwZXPLqGrFwCc.roa
Signing time:             Wed 01 Jan 2025 11:48:10 +0000
ROA not before:           Wed 01 Jan 2025 11:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211716
IP address blocks:        79.133.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:d7:f1:b5:6f:b4:ac:17:d8:9b:cb:81:1e:7c:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 11:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de71d079422f7e01111868306573cba86ac5c027
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:91:53:e8:1d:fa:2a:2c:41:7b:06:01:eb:fa:
                    8d:6f:26:10:37:cc:3c:cc:ed:03:45:7c:5a:c3:b8:
                    48:d9:4c:12:f5:1b:83:25:81:a3:1d:c8:dc:23:ba:
                    3d:e2:7d:ea:4e:42:a3:bd:fb:ca:83:05:25:d9:12:
                    5c:0d:ce:7d:fe:7d:9e:c1:39:25:6d:4b:f8:cb:95:
                    0b:78:22:de:dd:c7:63:4c:aa:d6:91:d1:fc:c1:10:
                    17:24:4f:73:6d:bf:8f:de:79:6d:67:0e:2e:28:30:
                    ee:fd:60:c8:66:fc:72:2a:07:cd:cc:bb:36:d3:03:
                    58:68:93:4c:e3:25:0b:2c:e0:95:5f:7f:50:73:91:
                    e3:2b:42:e5:47:71:6a:05:d7:03:91:46:21:17:0e:
                    03:82:42:c0:32:66:fe:50:d5:64:df:55:37:5e:bb:
                    e5:2b:b4:05:ca:c9:5e:90:62:6a:f7:69:2c:0f:ff:
                    4e:5a:ab:31:e6:0f:40:d5:44:8e:a1:bd:32:2d:0a:
                    92:1a:26:a3:1b:de:b0:ed:e3:e4:73:1e:ef:df:03:
                    1d:46:1d:58:20:54:85:17:03:9b:b1:64:79:ef:56:
                    ae:0e:c0:eb:db:83:1d:73:4d:54:74:24:61:bc:60:
                    4e:b8:b5:59:28:b9:4f:33:b3:bc:50:16:1f:c3:37:
                    d2:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:71:D0:79:42:2F:7E:01:11:18:68:30:65:73:CB:A8:6A:C5:C0:27
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/3nHQeUIvfgERGGgwZXPLqGrFwCc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.133.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:93:db:7d:4b:c0:94:b0:06:3f:be:72:58:48:04:07:a5:6d:
         8f:6d:4f:7c:61:a7:eb:ee:85:25:6f:a4:ed:b7:fa:8b:e0:99:
         51:8b:ba:83:43:70:f6:de:fd:20:de:53:1f:f6:3d:54:79:c2:
         17:51:6a:6b:a6:f5:23:4d:c1:d1:25:02:bd:d0:65:86:35:74:
         df:02:35:ec:70:c8:84:51:84:5d:c3:cb:d0:f3:98:a9:06:52:
         bd:30:78:00:0c:de:8e:c3:0d:4c:19:11:1b:b0:79:98:ae:db:
         aa:0e:a5:cf:fc:a5:f2:6d:21:9f:21:97:21:be:b4:c6:50:c5:
         16:c7:1a:f4:46:41:7d:e2:82:1f:dd:27:e4:b6:c6:af:16:28:
         97:e3:b2:45:2b:bf:98:3f:f6:42:a6:24:35:5f:e5:be:76:30:
         d6:71:50:03:fc:84:47:4f:12:c9:85:e9:56:b6:91:72:89:a1:
         8d:5a:72:6a:65:06:c2:4d:62:6d:28:cc:33:71:34:7c:c8:c1:
         5e:cf:10:c0:ea:f7:99:f0:4e:12:a1:0f:33:95:89:9d:f3:74:
         a5:d9:10:51:a5:a9:db:7b:ce:d7:0a:3d:fb:35:cf:9e:32:c1:
         db:d2:1e:4c:3c:20:d5:58:87:d5:c4:89:96:b6:bb:bf:e2:73:
         29:6e:ab:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsdfxtW+0rBfYm8uBHny3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjUwMTAxMTE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTcxZDA3OTQyMmY3ZTAxMTExODY4MzA2NTczY2JhODZhYzVjMDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA65FT6B36KixBewYB6/qNbyYQN8w8
zO0DRXxaw7hI2UwS9RuDJYGjHcjcI7o94n3qTkKjvfvKgwUl2RJcDc59/n2ewTkl
bUv4y5ULeCLe3cdjTKrWkdH8wRAXJE9zbb+P3nltZw4uKDDu/WDIZvxyKgfNzLs2
0wNYaJNM4yULLOCVX39Qc5HjK0LlR3FqBdcDkUYhFw4DgkLAMmb+UNVk31U3Xrvl
K7QFyslekGJq92ksD/9OWqsx5g9A1USOob0yLQqSGiajG96w7ePkcx7v3wMdRh1Y
IFSFFwObsWR571auDsDr24Mdc01UdCRhvGBOuLVZKLlPM7O8UBYfwzfSwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN5x0HlCL34BERhoMGVzy6hqxcAnMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvM25IUWVVSXZmZ0VSR0dnd1pYUExxR3JGd0NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT4VgMA0G
CSqGSIb3DQEBCwUAA4IBAQB/k9t9S8CUsAY/vnJYSAQHpW2PbU98Yafr7oUlb6Tt
t/qL4JlRi7qDQ3D23v0g3lMf9j1UecIXUWprpvUjTcHRJQK90GWGNXTfAjXscMiE
UYRdw8vQ85ipBlK9MHgADN6Oww1MGREbsHmYrtuqDqXP/KXybSGfIZchvrTGUMUW
xxr0RkF94oIf3SfktsavFiiX47JFK7+YP/ZCpiQ1X+W+djDWcVAD/IRHTxLJhelW
tpFyiaGNWnJqZQbCTWJtKMwzcTR8yMFezxDA6veZ8E4SoQ8zlYmd83Sl2RBRpanb
e87XCj37Nc+eMsHb0h5MPCDVWIfVxImWtru/4nMpbqsx
-----END CERTIFICATE-----