Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/N3SebxAKTP1hKjzYekf7Hf388_k.roa
File:                     N3SebxAKTP1hKjzYekf7Hf388_k.roa (raw, json)
Hash identifier:          oMHg0F2QxsimR4aFrsCfhSo6UPdrtIG3RzmlGkzKZ1g=
Subject key identifier:   37:74:9E:6F:10:0A:4C:FD:61:2A:3C:D8:7A:47:FB:1D:FD:FC:F3:F9
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019428277289C5A41A59CC3260E2832CC133
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/N3SebxAKTP1hKjzYekf7Hf388_k.roa
Signing time:             Thu 02 Jan 2025 17:54:21 +0000
ROA not before:           Thu 02 Jan 2025 17:54:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214504
IP address blocks:        212.192.2.0/24 maxlen: 24
                          212.192.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:72:89:c5:a4:1a:59:cc:32:60:e2:83:2c:c1:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37749e6f100a4cfd612a3cd87a47fb1dfdfcf3f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:f6:b0:7c:ea:d2:39:a4:18:91:1b:e2:2c:12:
                    cb:d2:ab:ba:2c:60:8d:6f:eb:9b:70:46:78:2e:42:
                    c5:4b:54:24:af:df:e0:2b:29:b1:bd:a8:35:85:f6:
                    86:67:86:c3:bf:99:0f:4a:79:96:c4:1c:38:e1:86:
                    6c:71:1c:d9:14:f5:dd:03:ca:2a:2b:64:2f:1b:87:
                    10:99:ca:5a:18:92:39:24:72:3b:02:06:ca:22:9f:
                    e8:e1:b3:fe:10:d4:55:99:1f:1d:53:f3:2e:98:f8:
                    51:90:f9:20:2a:c9:e0:44:df:af:9e:d8:76:d0:03:
                    cd:02:a8:cf:bb:aa:ca:2d:77:cc:c5:d7:56:40:d3:
                    b2:79:73:f9:d2:c8:3d:47:c0:a0:b7:86:0d:c7:84:
                    df:0b:31:8c:2b:e2:00:d0:af:c2:02:47:cc:52:0f:
                    35:3f:9d:04:8d:96:c9:45:96:4b:6f:44:ee:63:f9:
                    bc:50:a2:37:2f:db:1c:e3:89:fb:16:1e:42:83:9a:
                    d8:22:bc:bd:ba:42:62:f3:53:95:59:62:11:1a:a8:
                    be:34:b0:5a:70:f4:ee:6d:28:fa:99:81:fa:1a:42:
                    40:a5:dd:6f:f7:01:f0:b1:dd:d0:97:9a:22:6c:68:
                    4e:a8:5c:3d:57:ac:cd:cf:ee:91:0f:79:c8:0e:5c:
                    df:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:74:9E:6F:10:0A:4C:FD:61:2A:3C:D8:7A:47:FB:1D:FD:FC:F3:F9
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/N3SebxAKTP1hKjzYekf7Hf388_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         58:67:d2:c3:b7:1b:71:b9:19:62:5c:eb:dd:25:e6:39:68:d8:
         74:b6:b7:99:21:90:d8:38:e0:bc:56:be:8d:d2:91:6f:16:b5:
         8e:6c:a7:de:3a:a9:73:fc:0e:dd:f0:21:88:76:f9:43:e9:db:
         3c:c0:45:fd:61:9c:6f:f2:6a:b8:67:79:03:3d:43:3e:f1:54:
         2d:2a:b5:fb:81:30:ae:21:5c:f5:64:a0:3d:ee:a7:8f:b9:c9:
         99:40:37:d1:4c:c5:36:5d:59:f8:4c:e1:79:d0:86:a9:f7:97:
         08:7b:7b:b2:87:f6:ac:56:4a:75:b8:e3:68:2b:82:74:45:fb:
         2b:62:5d:9c:00:38:3b:11:27:45:21:92:2f:af:c4:34:9a:8b:
         23:1d:66:d0:47:52:7d:64:93:3f:33:3c:bd:2d:92:72:74:9b:
         fd:f7:b0:4f:62:1a:8d:06:b1:1b:f1:6c:77:1e:71:3c:92:76:
         42:e3:39:de:7a:d6:47:d6:bf:84:c3:9a:23:41:88:d6:0f:8d:
         33:0d:30:58:bf:93:4c:c9:2a:d3:01:68:8e:78:a3:11:5b:b6:
         7b:ea:df:36:59:b9:ff:3b:ff:a6:33:c7:f3:41:fd:3f:a9:b1:
         8b:0d:fa:8e:84:22:f1:8f:34:51:71:61:b2:a9:87:ff:d2:a3:
         f7:89:e7:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ3KJxaQaWcwyYOKDLMEzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzc0OWU2ZjEwMGE0Y2ZkNjEyYTNjZDg3YTQ3ZmIxZGZkZmNmM2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/awfOrSOaQYkRviLBLL0qu6LGCN
b+ubcEZ4LkLFS1Qkr9/gKymxvag1hfaGZ4bDv5kPSnmWxBw44YZscRzZFPXdA8oq
K2QvG4cQmcpaGJI5JHI7AgbKIp/o4bP+ENRVmR8dU/MumPhRkPkgKsngRN+vnth2
0APNAqjPu6rKLXfMxddWQNOyeXP50sg9R8Cgt4YNx4TfCzGMK+IA0K/CAkfMUg81
P50EjZbJRZZLb0TuY/m8UKI3L9sc44n7Fh5Cg5rYIry9ukJi81OVWWIRGqi+NLBa
cPTubSj6mYH6GkJApd1v9wHwsd3Ql5oibGhOqFw9V6zNz+6RD3nIDlzf+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDd0nm8QCkz9YSo82HpH+x39/PP5MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvTjNTZWJ4QUtUUDFoS2p6WWVrZjdIZjM4OF9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1MACMA0G
CSqGSIb3DQEBCwUAA4IBAQBYZ9LDtxtxuRliXOvdJeY5aNh0treZIZDYOOC8Vr6N
0pFvFrWObKfeOqlz/A7d8CGIdvlD6ds8wEX9YZxv8mq4Z3kDPUM+8VQtKrX7gTCu
IVz1ZKA97qePucmZQDfRTMU2XVn4TOF50Iap95cIe3uyh/asVkp1uONoK4J0Rfsr
Yl2cADg7ESdFIZIvr8Q0mosjHWbQR1J9ZJM/Mzy9LZJydJv997BPYhqNBrEb8Wx3
HnE8knZC4zneetZH1r+Ew5ojQYjWD40zDTBYv5NMySrTAWiOeKMRW7Z76t82Wbn/
O/+mM8fzQf0/qbGLDfqOhCLxjzRRcWGyqYf/0qP3ieeq
-----END CERTIFICATE-----