Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/3mERRw7E5XUgIBH_5pcwphPvXvk.roa
File:                     3mERRw7E5XUgIBH_5pcwphPvXvk.roa (raw, json)
Hash identifier:          r2r5lkOmQe2LFCismkyuTDNf9ACLsbZo52n6p6bb6Ho=
Subject key identifier:   DE:61:11:47:0E:C4:E5:75:20:20:11:FF:E6:97:30:A6:13:EF:5E:F9
Certificate issuer:       /CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
Certificate serial:       018CC26D2B48D3F121DF8CE433F0875965D5
Authority key identifier: 8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/3mERRw7E5XUgIBH_5pcwphPvXvk.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        217.119.142.0/24 maxlen: 24
                          146.19.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 12:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2b:48:d3:f1:21:df:8c:e4:33:f0:87:59:65:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de6111470ec4e575202011ffe69730a613ef5ef9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:17:e6:31:c5:81:44:ad:f1:ac:c5:56:dd:79:
                    6d:5d:22:9e:b3:eb:32:e8:45:90:4b:85:a5:13:90:
                    27:ba:ca:e9:5b:59:f1:da:e7:a7:88:f5:d6:f5:6c:
                    13:88:53:25:33:91:66:32:43:0c:0a:b5:0e:51:3c:
                    bc:6e:60:86:86:bd:19:d7:6e:fe:52:aa:4c:ef:c9:
                    ae:19:01:75:19:5c:e6:96:ba:39:23:34:99:02:5d:
                    61:9a:83:db:bc:95:6f:e7:b6:66:86:22:31:6e:22:
                    51:3e:ed:3d:30:50:b1:a3:69:d2:74:fb:d2:92:7c:
                    ac:1c:05:d7:c0:b8:0a:d0:6d:f9:63:9b:f2:f0:ab:
                    db:d2:44:72:71:77:04:7f:74:bd:4c:3b:35:f4:2a:
                    22:7e:35:80:21:8b:49:30:fe:d0:2e:b3:0c:1e:95:
                    46:f5:b8:0d:98:40:81:57:ee:00:1f:95:8e:26:af:
                    7d:f2:b4:94:5a:b4:7f:5e:bb:34:2a:bc:57:b2:74:
                    ff:5f:2c:c4:f2:3a:f6:4e:f3:2d:d1:09:72:68:6d:
                    47:67:82:50:21:97:01:6e:7c:4a:ba:70:50:44:e0:
                    dc:40:ef:f7:3d:a5:96:eb:4c:a0:b9:da:1f:23:26:
                    e3:0d:23:38:fc:56:9e:42:5c:a7:93:98:20:66:6e:
                    d5:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:61:11:47:0E:C4:E5:75:20:20:11:FF:E6:97:30:A6:13:EF:5E:F9
            X509v3 Authority Key Identifier:
                keyid:8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/3mERRw7E5XUgIBH_5pcwphPvXvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.26.0/24
                  217.119.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:08:3a:89:4c:2a:67:45:61:05:c4:dc:10:26:e6:2a:e6:c7:
         cd:57:9c:d2:83:b4:07:41:4b:dc:e6:dc:fa:50:28:77:91:c5:
         db:96:e1:59:c0:21:d1:85:9c:d5:91:bc:77:b8:4f:bb:2a:cd:
         64:f3:d1:6f:c7:dd:0c:34:32:12:d5:84:37:12:a6:e5:b2:ef:
         e1:4b:c8:66:72:1d:b0:81:54:e6:e3:03:8b:43:b1:12:16:62:
         4f:e3:62:f0:bf:15:fe:20:7a:e8:41:73:66:58:95:6c:59:1e:
         da:0b:1e:f7:9e:e6:31:e1:d6:e9:d9:f3:aa:09:51:ad:b8:35:
         44:33:7c:d1:e2:17:ca:da:85:24:81:06:47:14:19:68:10:ca:
         a7:5e:23:fe:88:c3:f2:11:61:54:1c:df:92:fe:9d:1c:2e:00:
         83:d4:23:e0:fe:bc:b6:81:e0:a9:a5:11:63:f1:21:b5:7b:43:
         84:e8:59:fc:12:27:d3:55:58:32:3f:3d:10:03:7e:8b:15:2f:
         56:29:54:bc:0f:53:6a:0f:37:bb:69:84:39:43:d4:ed:8e:4a:
         18:80:5c:84:1e:36:44:f1:90:7b:dd:f6:aa:1e:7e:b4:eb:5e:
         af:61:d7:69:2b:e3:67:1a:ab:af:61:5f:57:db:3f:90:9f:8d:
         dd:0a:f7:5f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbStI0/Eh34zkM/CHWWXVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYzY5NjQ2NDU3YThiZjhlZjk1NjliOWI0MjdlOWYyYzQ2
MmU1NmUwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTYxMTE0NzBlYzRlNTc1MjAyMDExZmZlNjk3MzBhNjEzZWY1ZWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxfmMcWBRK3xrMVW3XltXSKes+sy
6EWQS4WlE5AnusrpW1nx2ueniPXW9WwTiFMlM5FmMkMMCrUOUTy8bmCGhr0Z127+
UqpM78muGQF1GVzmlro5IzSZAl1hmoPbvJVv57ZmhiIxbiJRPu09MFCxo2nSdPvS
knysHAXXwLgK0G35Y5vy8Kvb0kRycXcEf3S9TDs19CoifjWAIYtJMP7QLrMMHpVG
9bgNmECBV+4AH5WOJq998rSUWrR/Xrs0KrxXsnT/XyzE8jr2TvMt0QlyaG1HZ4JQ
IZcBbnxKunBQRODcQO/3PaWW60ygudofIybjDSM4/FaeQlynk5ggZm7VBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN5hEUcOxOV1ICAR/+aXMKYT7175MB8GA1UdIwQY
MBaAFI/GlkZFeov475VpubQn6fLEYuVuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTkt
YjBiMzVhMzRlMzg4LzEvM21FUlJ3N0U1WFVnSUJIXzVwY3dwaFB2WHZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTktYjBiMzVhMzRlMzg4
LzEvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkhMaAwQA
2XeOMA0GCSqGSIb3DQEBCwUAA4IBAQCgCDqJTCpnRWEFxNwQJuYq5sfNV5zSg7QH
QUvc5tz6UCh3kcXbluFZwCHRhZzVkbx3uE+7Ks1k89Fvx90MNDIS1YQ3Eqblsu/h
S8hmch2wgVTm4wOLQ7ESFmJP42LwvxX+IHroQXNmWJVsWR7aCx73nuYx4dbp2fOq
CVGtuDVEM3zR4hfK2oUkgQZHFBloEMqnXiP+iMPyEWFUHN+S/p0cLgCD1CPg/ry2
geCppRFj8SG1e0OE6Fn8EifTVVgyPz0QA36LFS9WKVS8D1NqDze7aYQ5Q9TtjkoY
gFyEHjZE8ZB73faqHn60616vYddpK+NnGquvYV9X2z+Qn43dCvdf
-----END CERTIFICATE-----