Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/166933-f68c-49a0-8869-bdf55db4a90a/1/Ai3_NgCb2mwvHHHWVo7OjI6Wj04.roa
File:                     Ai3_NgCb2mwvHHHWVo7OjI6Wj04.roa (raw, json)
Hash identifier:          mxmvKEH6k3H+fHWxr8AaesSD9p5zVNhT7qFX1XU+vIQ=
Subject key identifier:   02:2D:FF:36:00:9B:DA:6C:2F:1C:71:D6:56:8E:CE:8C:8E:96:8F:4E
Certificate issuer:       /CN=971aeeea8798f76ec9a434e75637ecd881092ec2
Certificate serial:       019422201E3DC1783C14069596F71739D504
Authority key identifier: 97:1A:EE:EA:87:98:F7:6E:C9:A4:34:E7:56:37:EC:D8:81:09:2E:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lxru6oeY927JpDTnVjfs2IEJLsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/166933-f68c-49a0-8869-bdf55db4a90a/1/Ai3_NgCb2mwvHHHWVo7OjI6Wj04.roa
Signing time:             Wed 01 Jan 2025 13:48:37 +0000
ROA not before:           Wed 01 Jan 2025 13:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202699
IP address blocks:        185.117.8.0/24 maxlen: 24
                          185.117.10.0/24 maxlen: 24
                          185.117.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/166933-f68c-49a0-8869-bdf55db4a90a/1/lxru6oeY927JpDTnVjfs2IEJLsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/166933-f68c-49a0-8869-bdf55db4a90a/1/lxru6oeY927JpDTnVjfs2IEJLsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lxru6oeY927JpDTnVjfs2IEJLsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:1e:3d:c1:78:3c:14:06:95:96:f7:17:39:d5:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=971aeeea8798f76ec9a434e75637ecd881092ec2
        Validity
            Not Before: Jan  1 13:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=022dff36009bda6c2f1c71d6568ece8c8e968f4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:7e:75:07:f3:9e:66:37:5d:6f:91:f5:b7:20:
                    83:dd:fa:c9:10:f1:4d:49:a7:4b:0c:0b:d0:32:84:
                    66:0d:92:52:e9:ab:fd:75:cd:4f:28:58:92:c9:be:
                    02:5c:b6:a0:8f:46:07:86:e2:61:cb:ed:34:66:59:
                    2b:27:5a:b0:c9:3d:dd:fe:30:7d:ae:56:ca:4e:ab:
                    5c:5f:10:0c:bb:86:be:11:3e:08:00:78:4f:ee:12:
                    10:c6:e8:e3:f7:9f:80:3e:b7:f2:71:b3:7d:4f:b4:
                    e1:7e:41:f3:f0:19:4b:0d:cc:6d:56:f0:3e:01:8d:
                    bc:31:ad:48:45:99:8b:41:a9:f1:9c:e3:ce:69:5f:
                    47:bf:4a:a8:63:d4:97:d2:5b:b4:25:56:57:47:a4:
                    ef:ee:df:49:aa:cc:e8:9d:b5:5b:05:17:71:63:f0:
                    ee:98:d1:2b:ba:46:f7:29:0a:bc:f3:d8:81:ed:6b:
                    19:7f:81:d3:84:a2:0a:16:f8:12:5a:90:63:c9:44:
                    e6:29:73:97:9a:54:91:df:1f:db:19:d9:f0:c6:6e:
                    70:a4:d3:4e:a6:e4:7b:48:17:1a:36:fe:37:85:16:
                    4e:1a:0a:05:df:20:b0:0f:19:b1:68:97:ac:a0:32:
                    22:bf:53:7a:f2:80:f9:b7:3d:a8:d2:10:c9:39:3b:
                    25:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:2D:FF:36:00:9B:DA:6C:2F:1C:71:D6:56:8E:CE:8C:8E:96:8F:4E
            X509v3 Authority Key Identifier:
                keyid:97:1A:EE:EA:87:98:F7:6E:C9:A4:34:E7:56:37:EC:D8:81:09:2E:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lxru6oeY927JpDTnVjfs2IEJLsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/166933-f68c-49a0-8869-bdf55db4a90a/1/Ai3_NgCb2mwvHHHWVo7OjI6Wj04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/166933-f68c-49a0-8869-bdf55db4a90a/1/lxru6oeY927JpDTnVjfs2IEJLsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.8.0/24
                  185.117.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ac:84:ab:65:1a:bf:3f:fa:49:ae:10:dd:e2:27:d8:42:87:74:
         79:bd:1d:3f:64:69:f4:b7:63:21:72:a7:41:97:df:8f:68:17:
         97:56:96:3b:b7:4c:bb:37:6c:28:7f:a7:12:42:04:40:1a:d3:
         59:25:84:aa:05:2d:03:44:1a:67:8e:72:98:ae:a3:fb:90:b8:
         4c:5a:0e:fd:0b:2d:e2:b2:07:08:93:3d:83:49:09:31:7b:2d:
         ef:02:53:af:00:6d:83:08:00:28:50:95:03:d1:16:74:6e:1e:
         fb:94:a8:17:f1:a4:49:4a:47:e4:66:6a:df:ab:f5:4a:05:14:
         56:52:5e:bb:93:5f:a7:51:73:a5:54:0d:21:59:c4:f2:43:ef:
         ef:d0:5f:9a:e7:af:b5:c3:e0:14:2a:28:1f:1a:4e:04:8b:f2:
         14:fd:fc:2f:f4:5a:aa:1b:9b:11:e0:de:c5:42:d7:9d:e2:b5:
         c2:38:ae:49:0c:ff:8e:76:ba:7c:b5:a1:ad:e8:40:a4:de:a8:
         87:ed:0d:8b:47:dd:e9:ff:50:35:7e:07:8d:e5:8a:e9:d6:d8:
         ad:ea:61:88:7b:45:7b:ce:d2:39:8d:a2:83:cb:8f:81:44:11:
         39:e4:62:9a:2c:05:a7:20:7c:3e:b2:01:5f:61:19:52:fc:93:
         95:33:1f:5c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiIB49wXg8FAaVlvcXOdUEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MWFlZWVhODc5OGY3NmVjOWE0MzRlNzU2MzdlY2Q4ODEw
OTJlYzIwHhcNMjUwMTAxMTM0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjJkZmYzNjAwOWJkYTZjMmYxYzcxZDY1NjhlY2U4YzhlOTY4ZjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzn51B/OeZjddb5H1tyCD3frJEPFN
SadLDAvQMoRmDZJS6av9dc1PKFiSyb4CXLagj0YHhuJhy+00ZlkrJ1qwyT3d/jB9
rlbKTqtcXxAMu4a+ET4IAHhP7hIQxujj95+APrfycbN9T7ThfkHz8BlLDcxtVvA+
AY28Ma1IRZmLQanxnOPOaV9Hv0qoY9SX0lu0JVZXR6Tv7t9JqszonbVbBRdxY/Du
mNErukb3KQq889iB7WsZf4HThKIKFvgSWpBjyUTmKXOXmlSR3x/bGdnwxm5wpNNO
puR7SBcaNv43hRZOGgoF3yCwDxmxaJesoDIiv1N68oD5tz2o0hDJOTslCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAIt/zYAm9psLxxx1laOzoyOlo9OMB8GA1UdIwQY
MBaAFJca7uqHmPduyaQ051Y37NiBCS7CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHhydTZvZVk5MjdKcERUblZqZnMySUVKTHNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi8xNjY5MzMtZjY4Yy00OWEwLTg4Njkt
YmRmNTVkYjRhOTBhLzEvQWkzX05nQ2IybXd2SEhIV1ZvN09qSTZXajA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi8xNjY5MzMtZjY4Yy00OWEwLTg4NjktYmRmNTVkYjRhOTBh
LzEvbHhydTZvZVk5MjdKcERUblZqZnMySUVKTHNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuXUIAwQB
uXUKMA0GCSqGSIb3DQEBCwUAA4IBAQCshKtlGr8/+kmuEN3iJ9hCh3R5vR0/ZGn0
t2MhcqdBl9+PaBeXVpY7t0y7N2wof6cSQgRAGtNZJYSqBS0DRBpnjnKYrqP7kLhM
Wg79Cy3isgcIkz2DSQkxey3vAlOvAG2DCAAoUJUD0RZ0bh77lKgX8aRJSkfkZmrf
q/VKBRRWUl67k1+nUXOlVA0hWcTyQ+/v0F+a56+1w+AUKigfGk4Ei/IU/fwv9Fqq
G5sR4N7FQted4rXCOK5JDP+Odrp8taGt6ECk3qiH7Q2LR93p/1A1fgeN5Yrp1tit
6mGIe0V7ztI5jaKDy4+BRBE55GKaLAWnIHw+sgFfYRlS/JOVMx9c
-----END CERTIFICATE-----