Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3gWHm1LER9GOJQ_y3u6CM5NH3EE.roa
File:                     3gWHm1LER9GOJQ_y3u6CM5NH3EE.roa (raw, json)
Hash identifier:          XaCTvNWqs1Jthv4FNOzXkGjSSNYDu3FRgfSISMFTdh0=
Subject key identifier:   DE:05:87:9B:52:C4:47:D1:8E:25:0F:F2:DE:EE:82:33:93:47:DC:41
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC349631DDBF3F39B9A5F29689D706718
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3gWHm1LER9GOJQ_y3u6CM5NH3EE.roa
Signing time:             Mon 01 Jan 2024 04:30:15 +0000
ROA not before:           Mon 01 Jan 2024 04:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212427
IP address blocks:        213.152.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:63:1d:db:f3:f3:9b:9a:5f:29:68:9d:70:67:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de05879b52c447d18e250ff2deee82339347dc41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f3:28:8b:a1:26:f0:83:07:22:4b:e3:6b:f4:
                    8d:2e:03:57:22:0a:e1:27:d5:13:96:fc:31:9d:09:
                    7c:b1:4d:13:de:d8:83:0d:ad:cd:0a:24:fe:4b:b5:
                    53:e0:77:f4:7b:d7:d5:fa:e7:62:11:82:80:5c:37:
                    fa:60:1c:2b:4d:40:56:f2:43:45:59:9a:2e:e1:c3:
                    99:25:be:ad:40:d1:75:d0:35:f2:59:2a:8c:b3:67:
                    66:92:5e:2d:0b:67:ac:31:5d:c0:94:e2:a9:ed:82:
                    66:5d:f4:f3:19:c7:0b:87:7f:41:a9:50:83:a1:b0:
                    c0:60:28:b4:1b:42:16:9e:f8:a9:da:50:88:a7:d5:
                    01:34:07:31:68:6d:78:23:1b:59:93:a5:e1:13:07:
                    2b:27:6f:cc:62:f1:1a:ca:de:35:c1:80:85:06:ab:
                    50:8a:ce:d9:8a:91:a1:62:97:8e:dc:35:ae:73:48:
                    52:65:df:be:e1:da:c4:60:8b:10:8c:34:30:1f:40:
                    26:7d:31:01:9f:5e:d1:2e:a7:8b:dc:e1:80:e1:c7:
                    47:5a:26:f0:4f:be:bd:2f:04:5d:a2:52:88:e6:bc:
                    5b:85:12:56:8d:58:55:c9:3a:c3:a5:c2:e2:d1:c0:
                    b4:0b:ee:9e:c8:30:73:33:24:63:27:2e:fe:39:fd:
                    b7:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:05:87:9B:52:C4:47:D1:8E:25:0F:F2:DE:EE:82:33:93:47:DC:41
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3gWHm1LER9GOJQ_y3u6CM5NH3EE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.152.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:fe:64:e2:38:64:6b:2f:f7:57:c1:68:7a:50:39:f0:40:2a:
         91:e2:02:f6:d6:5a:c1:62:6d:a0:f0:fe:00:6d:1e:a4:95:e3:
         e3:c6:4d:5f:bb:51:6c:2b:19:5d:2d:74:ef:b8:b9:29:7d:02:
         02:d1:34:33:68:4b:e1:7f:5c:de:b3:96:2f:8d:d9:09:3f:da:
         d6:af:bf:92:8c:22:6f:19:65:70:df:b6:be:de:10:cf:59:1d:
         f2:14:62:cd:cc:9c:f9:35:60:45:4b:2f:30:82:fb:2b:f3:1a:
         cc:68:b6:4f:f2:81:69:84:3a:ac:1f:74:bc:8c:a5:0c:c1:3d:
         0b:02:34:a6:ba:6b:50:0c:f3:08:40:a4:c6:86:09:36:f2:7d:
         a9:25:96:22:83:bf:b4:08:3c:7e:88:a0:b3:8f:1e:e1:e0:e7:
         86:8d:e7:1a:57:5b:33:4a:f6:23:ec:01:2a:62:8d:8f:37:5c:
         1a:30:e0:ce:be:bb:ef:f4:43:c6:04:28:ac:3e:72:11:ef:8f:
         ec:fb:bb:85:31:11:94:a4:61:2d:96:b1:7a:1f:97:9d:ae:b1:
         05:48:eb:92:2f:f5:48:84:59:ce:f4:42:6b:3a:69:05:fa:3d:
         57:2a:c5:26:68:42:68:14:7c:44:24:a9:70:70:eb:84:26:6f:
         d8:32:2c:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSWMd2/Pzm5pfKWidcGcYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTA1ODc5YjUyYzQ0N2QxOGUyNTBmZjJkZWVlODIzMzkzNDdkYzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/Moi6Em8IMHIkvja/SNLgNXIgrh
J9UTlvwxnQl8sU0T3tiDDa3NCiT+S7VT4Hf0e9fV+udiEYKAXDf6YBwrTUBW8kNF
WZou4cOZJb6tQNF10DXyWSqMs2dmkl4tC2esMV3AlOKp7YJmXfTzGccLh39BqVCD
obDAYCi0G0IWnvip2lCIp9UBNAcxaG14IxtZk6XhEwcrJ2/MYvEayt41wYCFBqtQ
is7ZipGhYpeO3DWuc0hSZd++4drEYIsQjDQwH0AmfTEBn17RLqeL3OGA4cdHWibw
T769LwRdolKI5rxbhRJWjVhVyTrDpcLi0cC0C+6eyDBzMyRjJy7+Of233QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN4Fh5tSxEfRjiUP8t7ugjOTR9xBMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvM2dXSG0xTEVSOUdPSlFfeTN1NkNNNU5IM0VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZgrMA0G
CSqGSIb3DQEBCwUAA4IBAQB//mTiOGRrL/dXwWh6UDnwQCqR4gL21lrBYm2g8P4A
bR6klePjxk1fu1FsKxldLXTvuLkpfQIC0TQzaEvhf1zes5YvjdkJP9rWr7+SjCJv
GWVw37a+3hDPWR3yFGLNzJz5NWBFSy8wgvsr8xrMaLZP8oFphDqsH3S8jKUMwT0L
AjSmumtQDPMIQKTGhgk28n2pJZYig7+0CDx+iKCzjx7h4OeGjecaV1szSvYj7AEq
Yo2PN1waMODOvrvv9EPGBCisPnIR74/s+7uFMRGUpGEtlrF6H5edrrEFSOuSL/VI
hFnO9EJrOmkF+j1XKsUmaEJoFHxEJKlwcOuEJm/YMix0
-----END CERTIFICATE-----