Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/3f6310-f56b-4165-b8fe-9b87f2afbd7f/1/m7j41yWDEfLAx4I6fuINswAyiXA.roa
File:                     m7j41yWDEfLAx4I6fuINswAyiXA.roa (raw, json)
Hash identifier:          dDqFpGebxjdBoXgviJqZBlxaNfM8q5rLJMGVfhQeHKs=
Subject key identifier:   9B:B8:F8:D7:25:83:11:F2:C0:C7:82:3A:7E:E2:0D:B3:00:32:89:70
Certificate issuer:       /CN=2fa4e870bc37ac9731fe6fcf9682eb657e50bca3
Certificate serial:       0194228D3078316F252E7F0FC364BFFCDC4B
Authority key identifier: 2F:A4:E8:70:BC:37:AC:97:31:FE:6F:CF:96:82:EB:65:7E:50:BC:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6TocLw3rJcx_m_PloLrZX5QvKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/3f6310-f56b-4165-b8fe-9b87f2afbd7f/1/m7j41yWDEfLAx4I6fuINswAyiXA.roa
Signing time:             Wed 01 Jan 2025 15:47:45 +0000
ROA not before:           Wed 01 Jan 2025 15:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399587
IP address blocks:        193.3.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/3f6310-f56b-4165-b8fe-9b87f2afbd7f/1/L6TocLw3rJcx_m_PloLrZX5QvKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/3f6310-f56b-4165-b8fe-9b87f2afbd7f/1/L6TocLw3rJcx_m_PloLrZX5QvKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6TocLw3rJcx_m_PloLrZX5QvKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 09:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:30:78:31:6f:25:2e:7f:0f:c3:64:bf:fc:dc:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa4e870bc37ac9731fe6fcf9682eb657e50bca3
        Validity
            Not Before: Jan  1 15:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9bb8f8d7258311f2c0c7823a7ee20db300328970
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:33:4d:21:59:9b:5b:5a:3a:f2:94:74:fe:08:
                    a1:f4:84:0f:9f:de:e0:81:fd:2d:42:5c:0b:f2:89:
                    6b:7b:14:2c:56:b1:a7:ed:10:bf:a5:52:9f:a7:b3:
                    1e:0d:09:16:10:ba:63:0b:af:7b:77:1a:0b:0c:e5:
                    f1:96:b8:f6:2c:53:78:38:2d:43:cb:5e:0e:1e:3c:
                    bb:73:69:33:d7:79:a9:8b:d3:a1:34:20:8b:31:6a:
                    28:2d:0d:6c:58:15:a3:90:7a:61:5b:40:db:87:fa:
                    1b:40:73:44:61:31:26:8c:e7:88:c8:d8:82:45:ed:
                    88:3a:08:e3:0f:6a:b4:ad:78:73:78:ca:90:3e:5e:
                    be:ea:03:bb:2a:ee:35:32:73:c6:2d:14:08:13:b5:
                    05:5d:f6:45:d4:56:c2:ab:fc:ae:f5:34:da:f0:33:
                    93:08:60:4f:e0:ab:e6:6c:49:07:48:ca:e0:b5:e6:
                    20:d6:c5:43:8e:e9:f8:75:bd:f4:49:ec:3b:85:0a:
                    80:64:7d:0a:08:79:f0:6b:9c:ef:8e:b3:7d:3c:4d:
                    31:06:54:2e:76:0b:1c:06:f4:2c:e3:62:ba:6d:8e:
                    e5:0f:97:4c:34:6a:14:6c:af:41:e0:1b:f0:72:68:
                    af:f9:fe:ec:49:36:54:02:cd:3e:c1:31:15:ff:ac:
                    e3:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:B8:F8:D7:25:83:11:F2:C0:C7:82:3A:7E:E2:0D:B3:00:32:89:70
            X509v3 Authority Key Identifier:
                keyid:2F:A4:E8:70:BC:37:AC:97:31:FE:6F:CF:96:82:EB:65:7E:50:BC:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6TocLw3rJcx_m_PloLrZX5QvKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/3f6310-f56b-4165-b8fe-9b87f2afbd7f/1/m7j41yWDEfLAx4I6fuINswAyiXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/3f6310-f56b-4165-b8fe-9b87f2afbd7f/1/L6TocLw3rJcx_m_PloLrZX5QvKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:a3:3a:ac:a7:c3:a1:6e:61:89:11:7f:c4:02:1b:3b:e9:e7:
         f5:7e:e9:51:32:2e:09:38:48:22:27:14:5c:6b:ba:46:75:07:
         4a:c0:5a:aa:75:66:d1:8b:da:47:ec:ae:08:9d:87:a4:fa:68:
         9b:4e:27:8d:8a:fa:3d:82:53:8e:93:43:a8:c3:96:6a:dd:5f:
         af:fd:89:95:6c:b4:79:94:99:b0:1a:60:c4:39:3b:d9:a2:4f:
         4a:38:ed:d1:71:20:23:5a:c5:ad:fa:17:a5:1c:ce:c2:e9:ac:
         4c:2f:53:36:07:a3:18:c7:f1:77:f6:22:cf:e9:83:d2:4a:99:
         d7:27:0c:88:58:67:06:06:a4:ca:ad:30:4a:d8:db:99:25:78:
         f0:41:7f:ad:3b:7c:09:df:d9:43:90:8a:39:fa:c9:ad:da:69:
         83:e7:64:e3:41:7e:cc:b6:05:f0:bb:af:0d:24:a6:85:de:9a:
         22:0f:a7:77:a3:fb:d1:92:be:e4:53:19:6a:dd:b0:87:8c:50:
         bc:3c:4d:b8:90:6b:4c:53:d4:a7:c7:ca:17:17:10:4a:04:74:
         f8:4b:1c:6a:a5:8a:c0:94:39:f5:fc:13:b5:f6:d9:c3:ec:99:
         6d:4d:ac:d3:69:4e:65:cd:8f:4c:e9:5a:af:09:db:c6:8a:bc:
         28:41:ac:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijTB4MW8lLn8Pw2S//NxLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTRlODcwYmMzN2FjOTczMWZlNmZjZjk2ODJlYjY1N2U1
MGJjYTMwHhcNMjUwMTAxMTU0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmI4ZjhkNzI1ODMxMWYyYzBjNzgyM2E3ZWUyMGRiMzAwMzI4OTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTNNIVmbW1o68pR0/gih9IQPn97g
gf0tQlwL8olrexQsVrGn7RC/pVKfp7MeDQkWELpjC697dxoLDOXxlrj2LFN4OC1D
y14OHjy7c2kz13mpi9OhNCCLMWooLQ1sWBWjkHphW0Dbh/obQHNEYTEmjOeIyNiC
Re2IOgjjD2q0rXhzeMqQPl6+6gO7Ku41MnPGLRQIE7UFXfZF1FbCq/yu9TTa8DOT
CGBP4KvmbEkHSMrgteYg1sVDjun4db30Sew7hQqAZH0KCHnwa5zvjrN9PE0xBlQu
dgscBvQs42K6bY7lD5dMNGoUbK9B4Bvwcmiv+f7sSTZUAs0+wTEV/6zjRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJu4+NclgxHywMeCOn7iDbMAMolwMB8GA1UdIwQY
MBaAFC+k6HC8N6yXMf5vz5aC62V+ULyjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZUb2NMdzNySmN4X21fUGxvTHJaWDVRdktNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi8zZjYzMTAtZjU2Yi00MTY1LWI4ZmUt
OWI4N2YyYWZiZDdmLzEvbTdqNDF5V0RFZkxBeDRJNmZ1SU5zd0F5aVhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi8zZjYzMTAtZjU2Yi00MTY1LWI4ZmUtOWI4N2YyYWZiZDdm
LzEvTDZUb2NMdzNySmN4X21fUGxvTHJaWDVRdktNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQM2MA0G
CSqGSIb3DQEBCwUAA4IBAQAYozqsp8OhbmGJEX/EAhs76ef1fulRMi4JOEgiJxRc
a7pGdQdKwFqqdWbRi9pH7K4InYek+mibTieNivo9glOOk0Oow5Zq3V+v/YmVbLR5
lJmwGmDEOTvZok9KOO3RcSAjWsWt+helHM7C6axML1M2B6MYx/F39iLP6YPSSpnX
JwyIWGcGBqTKrTBK2NuZJXjwQX+tO3wJ39lDkIo5+smt2mmD52TjQX7MtgXwu68N
JKaF3poiD6d3o/vRkr7kUxlq3bCHjFC8PE24kGtMU9Snx8oXFxBKBHT4SxxqpYrA
lDn1/BO19tnD7JltTazTaU5lzY9M6VqvCdvGirwoQaw8
-----END CERTIFICATE-----