Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/_3dFtyWirHHyQNJi2NW6j_lsVgI.roa
File:                     _3dFtyWirHHyQNJi2NW6j_lsVgI.roa (raw, json)
Hash identifier:          KsScbm3odTuHNUJQOiRdKxYKstyRJItmjmEU3Et06tM=
Subject key identifier:   FF:77:45:B7:25:A2:AC:71:F2:40:D2:62:D8:D5:BA:8F:F9:6C:56:02
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       019425FD57FDC8BADD18DABE088E8A9F0179
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/_3dFtyWirHHyQNJi2NW6j_lsVgI.roa
Signing time:             Thu 02 Jan 2025 07:49:07 +0000
ROA not before:           Thu 02 Jan 2025 07:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50340
IP address blocks:        193.232.164.0/24 maxlen: 24
                          194.85.116.0/24 maxlen: 24
                          212.192.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 16:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:57:fd:c8:ba:dd:18:da:be:08:8e:8a:9f:01:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  2 07:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff7745b725a2ac71f240d262d8d5ba8ff96c5602
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:4f:14:3c:a0:9c:c2:99:5e:a2:22:60:1a:b9:
                    f0:40:75:bd:be:8c:37:3d:28:c1:85:0e:77:41:1b:
                    91:10:93:a7:7c:d8:8d:23:96:af:e4:6b:4c:6f:ac:
                    f7:8e:81:a7:61:0f:12:4b:64:58:ba:19:7e:30:10:
                    8a:fd:db:e8:c5:11:85:74:c7:65:a8:a4:b8:38:5c:
                    33:8a:ba:a0:39:7c:2a:91:44:9d:5e:9a:b7:51:e0:
                    dd:7f:ca:1e:85:c5:52:85:2c:21:7f:5b:62:95:7b:
                    4e:86:e5:e1:79:ee:ec:0d:d4:7f:45:e1:c7:e4:bf:
                    e1:a8:9d:97:90:c8:2f:55:47:7a:53:6d:17:44:d2:
                    84:14:d2:56:41:fd:38:2c:41:56:fe:02:fd:ee:43:
                    18:a8:8b:f4:a6:36:c8:c4:0d:6d:d9:de:b9:32:db:
                    18:14:f9:37:4f:09:99:4d:ca:57:54:85:6f:31:00:
                    1a:55:2d:cc:55:b6:01:71:b4:06:21:ec:a9:18:81:
                    fa:4f:f2:26:07:b9:0d:87:bb:a3:1a:ca:07:36:4c:
                    25:b9:ee:0f:da:6b:b8:9a:4b:e6:2d:87:11:07:bd:
                    a0:e4:7b:f2:bf:d7:65:4a:18:9a:93:60:17:b4:d4:
                    a2:6a:bc:ef:2d:0f:2d:fc:b2:bb:79:47:2d:76:a4:
                    76:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:77:45:B7:25:A2:AC:71:F2:40:D2:62:D8:D5:BA:8F:F9:6C:56:02
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/_3dFtyWirHHyQNJi2NW6j_lsVgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.232.164.0/24
                  194.85.116.0/24
                  212.192.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:58:06:e9:54:98:c8:1b:94:8c:01:40:97:3c:88:e5:91:65:
         2a:e5:0d:ee:30:de:c6:b3:f2:7a:f6:37:82:74:96:13:61:24:
         c9:b0:ff:20:7b:cb:e3:be:80:73:9f:37:5c:14:28:5b:02:ef:
         91:14:bf:d3:13:10:21:f5:9b:ca:81:81:25:fb:c1:9f:f2:02:
         bf:98:c0:0a:96:81:9b:9b:63:fe:91:f7:87:f0:d4:3a:f2:21:
         82:2b:60:d3:e1:6c:95:a7:50:2a:3f:b9:cf:d3:6f:81:5c:35:
         0b:45:f1:da:10:85:6e:4a:a5:96:84:b3:37:4d:05:f8:6a:e0:
         40:42:a6:e9:e5:28:a6:8e:3c:07:be:67:9f:d5:c9:ed:53:a4:
         b4:3e:90:b7:c4:6c:a5:f9:25:ac:dd:33:75:43:4b:16:b6:91:
         72:09:6c:55:bf:1f:77:00:5e:86:fa:06:ec:f4:82:94:bb:e4:
         2d:bd:c8:00:e0:5f:36:2b:ac:b3:a6:c9:04:58:85:2b:88:99:
         28:3c:f4:85:43:90:4b:fb:72:d6:77:5e:5b:9d:c0:fe:a5:3d:
         88:30:46:53:f8:7a:65:02:a2:47:56:b1:8b:e0:9a:68:c8:c3:
         3f:3b:a7:54:0a:29:63:d5:fe:60:eb:95:8e:97:fe:0d:7e:54:
         0b:7e:10:1c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQl/Vf9yLrdGNq+CI6KnwF5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjUwMTAyMDc0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjc3NDViNzI1YTJhYzcxZjI0MGQyNjJkOGQ1YmE4ZmY5NmM1NjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzk8UPKCcwpleoiJgGrnwQHW9vow3
PSjBhQ53QRuREJOnfNiNI5av5GtMb6z3joGnYQ8SS2RYuhl+MBCK/dvoxRGFdMdl
qKS4OFwzirqgOXwqkUSdXpq3UeDdf8oehcVShSwhf1tilXtOhuXhee7sDdR/ReHH
5L/hqJ2XkMgvVUd6U20XRNKEFNJWQf04LEFW/gL97kMYqIv0pjbIxA1t2d65MtsY
FPk3TwmZTcpXVIVvMQAaVS3MVbYBcbQGIeypGIH6T/ImB7kNh7ujGsoHNkwlue4P
2mu4mkvmLYcRB72g5Hvyv9dlShiak2AXtNSiarzvLQ8t/LK7eUctdqR2vwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP93Rbcloqxx8kDSYtjVuo/5bFYCMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvXzNkRnR5V2lySEh5UU5KaTJOVzZqX2xzVmdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAweikAwQA
wlV0AwQA1MA+MA0GCSqGSIb3DQEBCwUAA4IBAQBuWAbpVJjIG5SMAUCXPIjlkWUq
5Q3uMN7Gs/J69jeCdJYTYSTJsP8ge8vjvoBznzdcFChbAu+RFL/TExAh9ZvKgYEl
+8Gf8gK/mMAKloGbm2P+kfeH8NQ68iGCK2DT4WyVp1AqP7nP02+BXDULRfHaEIVu
SqWWhLM3TQX4auBAQqbp5SimjjwHvmef1cntU6S0PpC3xGyl+SWs3TN1Q0sWtpFy
CWxVvx93AF6G+gbs9IKUu+QtvcgA4F82K6yzpskEWIUriJkoPPSFQ5BL+3LWd15b
ncD+pT2IMEZT+HplAqJHVrGL4JpoyMM/O6dUCilj1f5g65WOl/4NflQLfhAc
-----END CERTIFICATE-----