Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/784vXib9GrluOYDBJvzUgTS8ARU.roa
File:                     784vXib9GrluOYDBJvzUgTS8ARU.roa (raw, json)
Hash identifier:          J6X8RcfoYeRlZAX3pjrYdoIuEkv3/PvLhvEbATD1YnE=
Subject key identifier:   EF:CE:2F:5E:26:FD:1A:B9:6E:39:80:C1:26:FC:D4:81:34:BC:01:15
Certificate issuer:       /CN=fa3d0bc11b29da44ad57304c3f8568870a019c24
Certificate serial:       019253157747F4DF67A8B0109B9787E52B60
Authority key identifier: FA:3D:0B:C1:1B:29:DA:44:AD:57:30:4C:3F:85:68:87:0A:01:9C:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/784vXib9GrluOYDBJvzUgTS8ARU.roa
Signing time:             Thu 03 Oct 2024 15:52:48 +0000
ROA not before:           Thu 03 Oct 2024 15:52:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.49.104.0/24 maxlen: 24
                          185.49.105.0/24 maxlen: 24
                          185.118.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:53:15:77:47:f4:df:67:a8:b0:10:9b:97:87:e5:2b:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa3d0bc11b29da44ad57304c3f8568870a019c24
        Validity
            Not Before: Oct  3 15:52:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efce2f5e26fd1ab96e3980c126fcd48134bc0115
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:4f:a7:2e:4c:1b:d7:c2:fd:46:16:9f:6d:3a:
                    47:97:c9:a4:8e:e6:4a:c3:72:18:d5:28:52:0b:1e:
                    45:6c:fa:50:d9:0e:24:64:16:30:88:a7:a5:8e:3f:
                    54:b4:58:42:d6:af:32:9c:27:4a:41:c4:3c:41:96:
                    46:a6:09:f8:c4:2c:6b:7c:c3:fc:72:1f:e2:2f:ee:
                    d9:6d:69:46:bd:f3:a8:8b:02:d0:38:09:f5:8a:97:
                    68:35:d5:c6:08:5d:dc:44:5d:59:b2:0c:b3:dc:bb:
                    28:b5:87:cb:1c:12:f8:9f:a8:50:2f:86:8a:0b:55:
                    f6:fb:1a:bb:02:21:71:68:49:5d:ba:f8:11:ec:21:
                    8a:dd:2a:b1:26:73:a9:dd:0b:b4:66:f6:11:25:da:
                    b2:61:48:86:73:dc:b7:14:07:9f:66:df:8a:c6:33:
                    94:43:5c:2d:be:f1:5c:09:ab:f1:96:4b:fc:e2:84:
                    35:a8:6b:6d:47:9a:13:c1:d1:82:e7:7f:e3:8d:e8:
                    fb:a1:be:ac:fe:b6:dd:8a:09:46:f4:52:57:8a:38:
                    5e:3c:10:15:6e:1e:39:4e:57:fe:00:22:d9:99:af:
                    5d:38:79:0f:8d:fc:85:b8:91:34:0e:eb:d7:23:45:
                    e0:68:51:d3:cb:cc:bc:7f:8b:0f:d4:e4:4f:9f:c1:
                    b7:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:CE:2F:5E:26:FD:1A:B9:6E:39:80:C1:26:FC:D4:81:34:BC:01:15
            X509v3 Authority Key Identifier:
                keyid:FA:3D:0B:C1:1B:29:DA:44:AD:57:30:4C:3F:85:68:87:0A:01:9C:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/784vXib9GrluOYDBJvzUgTS8ARU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.104.0/23
                  185.118.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:15:31:9a:0f:4e:3d:ad:0a:5d:f3:e2:51:42:97:67:3e:16:
         b5:18:13:3c:53:d0:3e:d5:91:ee:ad:24:ae:12:de:9c:10:21:
         41:f4:3a:68:a4:a4:13:f8:36:8f:82:0a:75:a8:cc:3c:0d:ef:
         68:57:72:54:36:42:62:fe:b9:fe:98:e5:3f:54:d8:0d:06:38:
         bb:71:69:03:f7:4d:2a:93:71:8d:52:ca:28:f1:81:56:f4:f9:
         7e:4e:85:77:c4:53:aa:41:82:04:a8:37:14:26:63:69:5e:d9:
         ac:0c:3a:98:b9:67:70:4f:6a:8d:11:11:69:d5:ed:f2:d4:1a:
         10:a0:76:6d:b1:07:b1:58:95:9e:e8:22:f4:bd:e3:54:95:0c:
         bb:d6:5d:4e:9c:6c:dd:cb:c6:11:94:8b:3d:ab:d8:6c:07:73:
         f8:98:59:f6:f5:16:50:f8:da:93:4d:be:0a:e4:0a:f8:e7:da:
         91:14:8d:3f:b6:93:f9:43:dc:d0:60:bd:21:94:40:3b:eb:5d:
         a2:b1:97:c2:dd:bc:a1:c0:64:0d:f0:fd:44:72:de:bb:67:f3:
         17:c2:ef:3e:a7:4c:0e:8a:8b:7a:7c:ff:67:cd:aa:ea:50:1f:
         1b:1a:a9:e7:69:64:31:12:cf:c2:7a:48:d2:a0:b4:b1:da:c8:
         80:00:f5:1d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZJTFXdH9N9nqLAQm5eH5StgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhM2QwYmMxMWIyOWRhNDRhZDU3MzA0YzNmODU2ODg3MGEw
MTljMjQwHhcNMjQxMDAzMTU1MjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmNlMmY1ZTI2ZmQxYWI5NmUzOTgwYzEyNmZjZDQ4MTM0YmMwMTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0+nLkwb18L9RhafbTpHl8mkjuZK
w3IY1ShSCx5FbPpQ2Q4kZBYwiKeljj9UtFhC1q8ynCdKQcQ8QZZGpgn4xCxrfMP8
ch/iL+7ZbWlGvfOoiwLQOAn1ipdoNdXGCF3cRF1Zsgyz3LsotYfLHBL4n6hQL4aK
C1X2+xq7AiFxaElduvgR7CGK3SqxJnOp3Qu0ZvYRJdqyYUiGc9y3FAefZt+KxjOU
Q1wtvvFcCavxlkv84oQ1qGttR5oTwdGC53/jjej7ob6s/rbdiglG9FJXijhePBAV
bh45Tlf+ACLZma9dOHkPjfyFuJE0DuvXI0XgaFHTy8y8f4sP1ORPn8G3HQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFO/OL14m/Rq5bjmAwSb81IE0vAEVMB8GA1UdIwQY
MBaAFPo9C8EbKdpErVcwTD+FaIcKAZwkMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1qMEx3UnNwMmtTdFZ6Qk1QNFZvaHdvQm5DUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzMvYWE2NjI5LWQxNDktNDE5Ny1hMzE1
LWQyMTA3MWVmNzM1Yi8xLzc4NHZYaWI5R3JsdU9ZREJKdnpVZ1RTOEFSVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzMvYWE2NjI5LWQxNDktNDE5Ny1hMzE1LWQyMTA3MWVmNzM1
Yi8xLzEtajBMd1JzcDJrU3RWekJNUDRWb2h3b0JuQ1EuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAG5MWgD
BAC5dgwwDQYJKoZIhvcNAQELBQADggEBAGcVMZoPTj2tCl3z4lFCl2c+FrUYEzxT
0D7Vke6tJK4S3pwQIUH0OmikpBP4No+CCnWozDwN72hXclQ2QmL+uf6Y5T9U2A0G
OLtxaQP3TSqTcY1SyijxgVb0+X5OhXfEU6pBggSoNxQmY2le2awMOpi5Z3BPao0R
EWnV7fLUGhCgdm2xB7FYlZ7oIvS941SVDLvWXU6cbN3LxhGUiz2r2GwHc/iYWfb1
FlD42pNNvgrkCvjn2pEUjT+2k/lD3NBgvSGUQDvrXaKxl8LdvKHAZA3w/URy3rtn
8xfC7z6nTA6Ki3p8/2fNqupQHxsaqedpZDESz8J6SNKgtLHayIAA9R0=
-----END CERTIFICATE-----