Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/03cc4f-60c2-475e-9e09-524803ee2949/1/3FcBSSiJh8aVrK9iYZdzbMgTqW4.roa
File:                     3FcBSSiJh8aVrK9iYZdzbMgTqW4.roa (raw, json)
Hash identifier:          6RoiwnIQu/6s++wuEChPFYXGvNvnIKo47xh4stLwSlQ=
Subject key identifier:   DC:57:01:49:28:89:87:C6:95:AC:AF:62:61:97:73:6C:C8:13:A9:6E
Certificate issuer:       /CN=780f86d044a4a2a233319418aa8da9ad837c76ea
Certificate serial:       019426D9AA4C5AF4A30825938E739C4E5FDC
Authority key identifier: 78:0F:86:D0:44:A4:A2:A2:33:31:94:18:AA:8D:A9:AD:83:7C:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eA-G0ESkoqIzMZQYqo2prYN8duo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/03cc4f-60c2-475e-9e09-524803ee2949/1/3FcBSSiJh8aVrK9iYZdzbMgTqW4.roa
Signing time:             Thu 02 Jan 2025 11:49:46 +0000
ROA not before:           Thu 02 Jan 2025 11:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209591
IP address blocks:        141.98.124.0/22 maxlen: 24
                          2a10:2980::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/03cc4f-60c2-475e-9e09-524803ee2949/1/eA-G0ESkoqIzMZQYqo2prYN8duo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/03cc4f-60c2-475e-9e09-524803ee2949/1/eA-G0ESkoqIzMZQYqo2prYN8duo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eA-G0ESkoqIzMZQYqo2prYN8duo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 11:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:aa:4c:5a:f4:a3:08:25:93:8e:73:9c:4e:5f:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=780f86d044a4a2a233319418aa8da9ad837c76ea
        Validity
            Not Before: Jan  2 11:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc570149288987c695acaf626197736cc813a96e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:68:83:87:f7:c5:d7:d8:12:7e:1c:06:cd:43:
                    f9:0a:e1:55:eb:6a:b1:13:61:21:08:9b:cb:78:9d:
                    bf:5e:0c:03:4b:1c:dd:ce:a4:81:5e:53:69:ba:5f:
                    2a:63:61:14:52:32:50:56:40:2e:0b:af:c7:ee:4b:
                    77:83:51:fd:d0:ad:ea:7a:26:93:98:eb:61:ab:ab:
                    5b:8c:2b:db:13:cf:eb:75:ad:34:0f:21:0d:d9:24:
                    ac:10:f0:e4:a5:9a:dd:4e:b9:e3:94:53:9f:70:14:
                    02:b2:ab:54:3b:c3:c9:70:b2:d8:b8:5d:7c:90:17:
                    76:c6:93:e5:b5:3e:27:b3:af:7a:c7:66:36:5f:95:
                    86:69:86:ed:76:00:8b:b3:23:4f:cd:a0:74:a8:6c:
                    26:6e:d4:87:3a:a9:aa:68:08:76:28:5f:a3:fc:32:
                    bd:a2:48:46:f3:b0:73:11:73:60:5b:57:68:72:27:
                    ab:e3:8b:d2:0c:1a:5a:bc:f3:87:51:fc:dd:f9:5c:
                    91:cd:a4:69:27:d6:bb:a6:5b:b0:42:4a:78:50:ba:
                    88:62:cc:75:db:68:db:78:85:e9:38:a9:82:4b:24:
                    12:f2:4e:93:68:5b:48:5f:ac:9b:f9:25:1d:5e:9f:
                    85:13:25:df:08:1a:4c:0e:80:ca:bf:7b:64:90:4e:
                    65:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:57:01:49:28:89:87:C6:95:AC:AF:62:61:97:73:6C:C8:13:A9:6E
            X509v3 Authority Key Identifier:
                keyid:78:0F:86:D0:44:A4:A2:A2:33:31:94:18:AA:8D:A9:AD:83:7C:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eA-G0ESkoqIzMZQYqo2prYN8duo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/03cc4f-60c2-475e-9e09-524803ee2949/1/3FcBSSiJh8aVrK9iYZdzbMgTqW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/03cc4f-60c2-475e-9e09-524803ee2949/1/eA-G0ESkoqIzMZQYqo2prYN8duo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.124.0/22
                IPv6:
                  2a10:2980::/29

    Signature Algorithm: sha256WithRSAEncryption
         42:f4:dd:80:04:71:6c:77:3b:77:5c:98:ed:d4:11:18:1f:49:
         10:77:39:3c:33:d1:bc:b7:4a:c5:16:f2:ea:b4:1b:38:00:0f:
         4e:2e:95:76:60:a5:02:f3:43:e3:bc:ef:9a:39:93:a6:cb:04:
         23:e1:35:9e:b1:5a:0d:ec:31:a4:52:92:b2:74:eb:f1:55:11:
         18:ed:aa:a7:2e:f9:74:cb:89:c2:25:3a:02:1d:b4:d4:d7:47:
         a8:f4:00:be:99:3a:6a:05:e2:4d:70:20:bf:35:7c:25:99:b7:
         7c:65:b7:74:41:5f:a6:c3:a3:94:d5:ab:42:70:e6:8d:d5:47:
         7d:96:49:ae:77:df:da:45:fe:7b:e9:de:2f:f3:c4:26:11:b6:
         3f:22:30:8d:8a:2f:78:30:77:29:5b:91:ca:09:65:ba:ee:6e:
         35:40:fc:49:d5:8f:4d:fd:9d:98:38:cb:03:52:b8:80:7c:0e:
         f9:26:39:0f:1a:46:1b:19:8c:08:57:96:d8:37:be:6c:15:fa:
         2f:b5:af:83:52:0c:15:6a:bf:59:2d:58:45:3a:ad:6b:8d:bb:
         d3:a0:39:02:31:79:da:65:95:a2:8b:9e:30:d6:d0:e0:f0:78:
         4b:7a:0b:49:3c:ff:31:86:0c:25:7b:bb:4c:4e:06:7d:eb:8f:
         8a:36:23:f2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2apMWvSjCCWTjnOcTl/cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MGY4NmQwNDRhNGEyYTIzMzMxOTQxOGFhOGRhOWFkODM3
Yzc2ZWEwHhcNMjUwMTAyMTE0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzU3MDE0OTI4ODk4N2M2OTVhY2FmNjI2MTk3NzM2Y2M4MTNhOTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2iDh/fF19gSfhwGzUP5CuFV62qx
E2EhCJvLeJ2/XgwDSxzdzqSBXlNpul8qY2EUUjJQVkAuC6/H7kt3g1H90K3qeiaT
mOthq6tbjCvbE8/rda00DyEN2SSsEPDkpZrdTrnjlFOfcBQCsqtUO8PJcLLYuF18
kBd2xpPltT4ns696x2Y2X5WGaYbtdgCLsyNPzaB0qGwmbtSHOqmqaAh2KF+j/DK9
okhG87BzEXNgW1docier44vSDBpavPOHUfzd+VyRzaRpJ9a7pluwQkp4ULqIYsx1
22jbeIXpOKmCSyQS8k6TaFtIX6yb+SUdXp+FEyXfCBpMDoDKv3tkkE5lkwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNxXAUkoiYfGlayvYmGXc2zIE6luMB8GA1UdIwQY
MBaAFHgPhtBEpKKiMzGUGKqNqa2DfHbqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUEtRzBFU2tvcUl6TVpRWXFvMnByWU44ZHVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wM2NjNGYtNjBjMi00NzVlLTllMDkt
NTI0ODAzZWUyOTQ5LzEvM0ZjQlNTaUpoOGFWcks5aVlaZHpiTWdUcVc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wM2NjNGYtNjBjMi00NzVlLTllMDktNTI0ODAzZWUyOTQ5
LzEvZUEtRzBFU2tvcUl6TVpRWXFvMnByWU44ZHVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCjWJ8MA0E
AgACMAcDBQMqECmAMA0GCSqGSIb3DQEBCwUAA4IBAQBC9N2ABHFsdzt3XJjt1BEY
H0kQdzk8M9G8t0rFFvLqtBs4AA9OLpV2YKUC80PjvO+aOZOmywQj4TWesVoN7DGk
UpKydOvxVREY7aqnLvl0y4nCJToCHbTU10eo9AC+mTpqBeJNcCC/NXwlmbd8Zbd0
QV+mw6OU1atCcOaN1Ud9lkmud9/aRf576d4v88QmEbY/IjCNii94MHcpW5HKCWW6
7m41QPxJ1Y9N/Z2YOMsDUriAfA75JjkPGkYbGYwIV5bYN75sFfovta+DUgwVar9Z
LVhFOq1rjbvToDkCMXnaZZWii54w1tDg8HhLegtJPP8xhgwle7tMTgZ964+KNiPy
-----END CERTIFICATE-----