Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Sl3ZRALYoFTKYM39_xW04FisG28.roa
File:                     Sl3ZRALYoFTKYM39_xW04FisG28.roa (raw, json)
Hash identifier:          gW6E4k0CntAOBSg6Cbc1jMK0U7vkbfnkUW5iLGa9FQ0=
Subject key identifier:   4A:5D:D9:44:02:D8:A0:54:CA:60:CD:FD:FF:15:B4:E0:58:AC:1B:6F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0195606F46DA8810A793675AADCCF3FEDC60
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Sl3ZRALYoFTKYM39_xW04FisG28.roa
Signing time:             Tue 04 Mar 2025 09:14:20 +0000
ROA not before:           Tue 04 Mar 2025 09:14:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     141968
IP address blocks:        82.153.226.0/24 maxlen: 24
                          109.176.17.0/24 maxlen: 24
                          185.49.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:60:6f:46:da:88:10:a7:93:67:5a:ad:cc:f3:fe:dc:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Mar  4 09:14:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a5dd94402d8a054ca60cdfdff15b4e058ac1b6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:93:7c:d8:0d:64:69:1a:e5:fc:7d:7f:0a:67:
                    51:0f:69:fc:3b:40:59:8a:ec:6a:a8:ba:23:06:80:
                    b9:c2:ac:48:d7:55:4e:79:c4:93:f4:85:89:0a:a3:
                    78:ff:1f:84:e9:84:df:1d:4e:b6:f6:b7:3e:4c:d3:
                    db:3b:71:fe:17:6e:b6:c2:17:e4:7f:96:41:91:3a:
                    97:00:ac:87:2c:50:d5:b2:bc:21:79:7a:03:2a:af:
                    92:c7:37:03:61:f8:8f:b0:5b:50:39:c7:ed:8f:87:
                    00:47:ba:44:a1:87:5f:e9:dc:10:8e:b9:0a:b9:ea:
                    74:fb:72:2e:2c:8a:65:a4:38:ba:a2:b3:43:f8:a5:
                    7d:3c:59:36:3c:fb:61:38:cb:5e:85:2c:e0:bf:31:
                    9c:b3:15:0f:c9:d0:d3:ce:95:83:6e:a1:19:a5:3f:
                    6a:4b:0f:ce:9a:59:01:3d:9f:3d:ac:7b:de:84:ee:
                    32:49:25:03:bb:37:93:09:28:da:85:b5:b9:0a:ce:
                    d2:e8:95:0e:0d:a0:ab:29:d1:b3:e3:62:35:34:85:
                    fd:9a:dc:10:40:58:84:95:51:99:3d:e7:f0:b5:f0:
                    7a:4c:d4:42:65:52:ad:20:14:33:f2:5f:21:e5:f6:
                    07:20:f0:2b:06:23:3f:57:cd:44:b3:d0:4c:6b:b5:
                    d4:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:5D:D9:44:02:D8:A0:54:CA:60:CD:FD:FF:15:B4:E0:58:AC:1B:6F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Sl3ZRALYoFTKYM39_xW04FisG28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.226.0/24
                  109.176.17.0/24
                  185.49.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:41:f7:67:a3:96:12:09:ad:6b:3f:59:23:47:58:a1:14:9c:
         a6:b6:ea:db:f2:2a:b4:b7:64:a6:98:dd:a2:98:b9:48:cd:cc:
         c2:b0:3b:cd:94:e0:c1:75:75:79:4d:ce:5f:3a:59:8b:95:d5:
         d5:b5:79:be:4d:b1:cf:7f:11:2d:f6:9e:b3:72:cb:34:db:4f:
         3a:58:fb:8c:85:74:15:21:49:6a:8e:28:17:99:56:1e:36:c3:
         00:d6:a1:3d:72:da:5c:db:8d:f3:8f:5b:21:6e:b8:18:7e:ad:
         6d:83:a8:fa:61:31:58:e8:6e:43:2e:cd:64:ac:df:1c:a5:92:
         6e:d6:dc:00:46:08:0b:48:54:d7:8b:dc:8c:5e:f3:5e:b9:6f:
         0a:43:58:fd:6a:8e:47:05:b0:dc:0e:0f:b5:f0:eb:c0:ac:62:
         03:9e:9e:c0:e3:4d:e3:05:e1:f4:09:4c:d9:ac:3b:b7:4f:e6:
         68:51:20:a3:9c:7d:1c:e7:60:dd:70:da:62:42:fa:40:de:5b:
         b9:d4:d6:55:1d:1e:b0:96:2f:1d:d8:6f:19:56:af:93:b1:52:
         42:dd:16:88:e7:e1:ea:d9:ea:89:69:7d:58:2c:c9:68:97:83:
         14:7c:13:27:c5:04:63:e1:13:79:a8:ea:45:14:c8:c7:ef:6d:
         c0:e7:3b:29
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZVgb0baiBCnk2darczz/txgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMzA0MDkxNDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTVkZDk0NDAyZDhhMDU0Y2E2MGNkZmRmZjE1YjRlMDU4YWMxYjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJN82A1kaRrl/H1/CmdRD2n8O0BZ
iuxqqLojBoC5wqxI11VOecST9IWJCqN4/x+E6YTfHU629rc+TNPbO3H+F262whfk
f5ZBkTqXAKyHLFDVsrwheXoDKq+SxzcDYfiPsFtQOcftj4cAR7pEoYdf6dwQjrkK
uep0+3IuLIplpDi6orND+KV9PFk2PPthOMtehSzgvzGcsxUPydDTzpWDbqEZpT9q
Sw/OmlkBPZ89rHvehO4ySSUDuzeTCSjahbW5Cs7S6JUODaCrKdGz42I1NIX9mtwQ
QFiElVGZPefwtfB6TNRCZVKtIBQz8l8h5fYHIPArBiM/V81Es9BMa7XUNwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEpd2UQC2KBUymDN/f8VtOBYrBtvMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvU2wzWlJBTFlvRlRLWU0zOV94VzA0RmlzRzI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUpniAwQA
bbARAwQAuTF8MA0GCSqGSIb3DQEBCwUAA4IBAQA7Qfdno5YSCa1rP1kjR1ihFJym
turb8iq0t2SmmN2imLlIzczCsDvNlODBdXV5Tc5fOlmLldXVtXm+TbHPfxEt9p6z
css02086WPuMhXQVIUlqjigXmVYeNsMA1qE9ctpc243zj1shbrgYfq1tg6j6YTFY
6G5DLs1krN8cpZJu1twARggLSFTXi9yMXvNeuW8KQ1j9ao5HBbDcDg+18OvArGID
np7A403jBeH0CUzZrDu3T+ZoUSCjnH0c52DdcNpiQvpA3lu51NZVHR6wli8d2G8Z
Vq+TsVJC3RaI5+Hq2eqJaX1YLMlol4MUfBMnxQRj4RN5qOpFFMjH723A5zsp
-----END CERTIFICATE-----