Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/3nPG-CM1jjEmXF6XDlPgCgntfQg.roa
File:                     3nPG-CM1jjEmXF6XDlPgCgntfQg.roa (raw, json)
Hash identifier:          Sb1ZHVgBDy5ifPkmmrVoXHsKaHLar+3PzllY+7Vhpsc=
Subject key identifier:   DE:73:C6:F8:23:35:8E:31:26:5C:5E:97:0E:53:E0:0A:09:ED:7D:08
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       01941FFA6959E593B28A9A63C609EBEF63D8
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/3nPG-CM1jjEmXF6XDlPgCgntfQg.roa
Signing time:             Wed 01 Jan 2025 03:48:12 +0000
ROA not before:           Wed 01 Jan 2025 03:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60631
IP address blocks:        178.239.151.0/24 maxlen: 24
                          178.239.158.0/24 maxlen: 24
                          185.243.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 15:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:69:59:e5:93:b2:8a:9a:63:c6:09:eb:ef:63:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jan  1 03:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de73c6f823358e31265c5e970e53e00a09ed7d08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:54:73:6a:52:4b:30:91:8e:d8:b0:03:88:56:
                    78:c2:48:55:b2:ad:70:ce:c5:5a:11:41:5e:ba:80:
                    cb:4c:fa:3e:2a:80:9d:b4:34:86:a4:70:7f:2c:da:
                    9e:70:65:5f:6e:bd:5f:27:2c:c4:91:5a:5e:b2:d7:
                    23:87:e9:c8:50:51:27:f9:b4:ee:b1:42:ed:ef:2a:
                    65:ce:69:9a:85:84:88:f0:cf:b2:3f:05:b2:7f:97:
                    f5:d5:1d:e0:40:d5:ee:21:5a:e1:4a:d0:64:12:9e:
                    f1:54:be:e0:88:4a:45:6b:63:28:04:81:37:72:bf:
                    a6:10:df:cb:46:c8:3d:f0:de:6d:9a:bc:5e:41:e5:
                    4b:df:04:84:3d:29:38:c9:43:e0:12:be:73:ce:ea:
                    c5:ec:16:d3:8e:ce:67:de:e7:bc:e3:76:f3:67:17:
                    41:ae:23:05:0c:11:8f:c6:50:a7:43:8f:a3:0a:ee:
                    c0:b0:7a:0c:b3:6f:1f:26:b6:f5:f4:0e:f7:f1:95:
                    80:32:b0:cf:6c:fd:86:a8:53:c3:1d:33:c3:7c:8f:
                    60:46:de:38:5c:43:b9:d2:c1:fb:d8:1e:2d:29:a4:
                    7d:2e:98:f3:97:e7:82:e1:8e:10:59:3f:72:ce:97:
                    77:bd:6d:27:fe:f3:7a:95:bd:6e:3e:cb:f4:a8:ae:
                    94:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:73:C6:F8:23:35:8E:31:26:5C:5E:97:0E:53:E0:0A:09:ED:7D:08
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/3nPG-CM1jjEmXF6XDlPgCgntfQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.151.0/24
                  178.239.158.0/24
                  185.243.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:22:54:d8:35:25:d8:1c:8d:73:22:12:0a:bf:8c:b6:5b:00:
         ee:16:4b:85:f1:43:da:db:41:5a:e3:09:62:96:4e:c6:1e:af:
         6c:4a:af:6d:f5:ff:c0:85:7a:f7:37:a5:e4:29:54:40:20:da:
         d7:8e:9b:cf:45:c8:53:09:0a:6e:5c:bb:7b:7a:dc:33:8e:6c:
         3f:a1:d4:fd:34:0b:a8:d0:f9:73:12:ed:38:a6:1e:14:b0:5f:
         0c:43:68:76:d0:db:89:9c:ce:29:90:b2:dd:5f:ea:ec:4e:1c:
         53:72:87:e6:6b:d0:71:76:9c:17:1d:67:23:f2:e3:9a:f0:f6:
         5c:99:c2:68:d4:5e:15:ad:c0:d2:8a:02:09:d0:4d:21:c1:1c:
         ce:c2:9d:e7:32:77:29:83:8f:4c:33:05:88:36:5d:34:d4:b6:
         62:2a:c8:53:62:c5:b0:a9:35:78:b5:a3:48:5c:f0:ef:d2:a8:
         f7:bc:3d:a6:77:ac:35:f8:92:04:ea:68:85:f9:a1:b7:f0:c1:
         60:61:50:aa:52:04:d9:22:52:ba:33:dd:a4:05:8d:f4:37:f5:
         07:4f:60:49:d8:c7:0a:1b:f6:5b:03:bb:2d:4b:08:22:88:0e:
         b2:1c:34:92:ae:d5:09:da:ed:26:ec:a7:ef:2c:f4:41:68:9a:
         3c:96:f7:80
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQf+mlZ5ZOyippjxgnr72PYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwMTAxMDM0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTczYzZmODIzMzU4ZTMxMjY1YzVlOTcwZTUzZTAwYTA5ZWQ3ZDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVRzalJLMJGO2LADiFZ4wkhVsq1w
zsVaEUFeuoDLTPo+KoCdtDSGpHB/LNqecGVfbr1fJyzEkVpestcjh+nIUFEn+bTu
sULt7yplzmmahYSI8M+yPwWyf5f11R3gQNXuIVrhStBkEp7xVL7giEpFa2MoBIE3
cr+mEN/LRsg98N5tmrxeQeVL3wSEPSk4yUPgEr5zzurF7BbTjs5n3ue843bzZxdB
riMFDBGPxlCnQ4+jCu7AsHoMs28fJrb19A738ZWAMrDPbP2GqFPDHTPDfI9gRt44
XEO50sH72B4tKaR9Lpjzl+eC4Y4QWT9yzpd3vW0n/vN6lb1uPsv0qK6U5wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN5zxvgjNY4xJlxelw5T4AoJ7X0IMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvM25QRy1DTTFqakVtWEY2WERsUGdDZ250ZlFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAsu+XAwQA
su+eAwQAufMwMA0GCSqGSIb3DQEBCwUAA4IBAQCiIlTYNSXYHI1zIhIKv4y2WwDu
FkuF8UPa20Fa4wlilk7GHq9sSq9t9f/AhXr3N6XkKVRAINrXjpvPRchTCQpuXLt7
etwzjmw/odT9NAuo0PlzEu04ph4UsF8MQ2h20NuJnM4pkLLdX+rsThxTcofma9Bx
dpwXHWcj8uOa8PZcmcJo1F4VrcDSigIJ0E0hwRzOwp3nMncpg49MMwWINl001LZi
KshTYsWwqTV4taNIXPDv0qj3vD2md6w1+JIE6miF+aG38MFgYVCqUgTZIlK6M92k
BY30N/UHT2BJ2McKG/ZbA7stSwgiiA6yHDSSrtUJ2u0m7KfvLPRBaJo8lveA
-----END CERTIFICATE-----