Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/5cd3e3-d843-4d6b-8136-6abfb8b90132/1/03r9teGlIIoVxROODKNuga9dOzU.roa
File:                     03r9teGlIIoVxROODKNuga9dOzU.roa (raw, json)
Hash identifier:          9Wc2wvu85Dfe1ci9s6U+USNWMFZ0HiJGgzoBgF8mm3Q=
Subject key identifier:   D3:7A:FD:B5:E1:A5:20:8A:15:C5:13:8E:0C:A3:6E:81:AF:5D:3B:35
Certificate issuer:       /CN=04ad12fbae546d0183c6047d4f75e88e00e07053
Certificate serial:       019420D5D56AC3F71F6AF0DB91E47E53DAC4
Authority key identifier: 04:AD:12:FB:AE:54:6D:01:83:C6:04:7D:4F:75:E8:8E:00:E0:70:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BK0S-65UbQGDxgR9T3XojgDgcFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/5cd3e3-d843-4d6b-8136-6abfb8b90132/1/03r9teGlIIoVxROODKNuga9dOzU.roa
Signing time:             Wed 01 Jan 2025 07:47:52 +0000
ROA not before:           Wed 01 Jan 2025 07:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12843
IP address blocks:        194.153.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/5cd3e3-d843-4d6b-8136-6abfb8b90132/1/BK0S-65UbQGDxgR9T3XojgDgcFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/5cd3e3-d843-4d6b-8136-6abfb8b90132/1/BK0S-65UbQGDxgR9T3XojgDgcFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BK0S-65UbQGDxgR9T3XojgDgcFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:d5:6a:c3:f7:1f:6a:f0:db:91:e4:7e:53:da:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04ad12fbae546d0183c6047d4f75e88e00e07053
        Validity
            Not Before: Jan  1 07:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d37afdb5e1a5208a15c5138e0ca36e81af5d3b35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:76:e8:c4:ec:3e:62:82:c5:71:00:74:7d:7c:
                    ab:49:25:8b:bb:a0:9e:55:c4:d8:46:95:fb:e0:c6:
                    b7:db:d4:43:45:fc:5f:e8:29:0e:81:42:2f:50:a2:
                    59:08:53:1e:87:24:5d:a3:cd:36:10:76:ba:82:62:
                    9d:47:e5:57:24:37:40:65:50:9f:20:91:65:9c:10:
                    54:07:c7:a1:71:09:63:77:c5:11:24:95:f9:67:6e:
                    61:2d:e1:22:36:d1:0e:72:a5:cd:c0:25:6f:e7:b6:
                    f7:62:c5:02:08:99:79:8f:c5:40:fa:d8:2b:90:18:
                    21:2f:cb:3e:90:3f:70:a5:04:bb:9a:f2:42:c9:ef:
                    19:ee:9f:eb:a8:ae:99:8b:69:28:cd:cc:3a:42:8f:
                    80:a4:18:18:5e:c9:94:37:01:3d:d8:82:cc:45:ca:
                    b6:c0:2a:15:d2:17:fe:b3:68:2e:b6:6f:27:28:b4:
                    71:37:a3:a3:20:f2:b3:de:c0:bd:d6:65:6e:1d:55:
                    19:38:b1:9a:16:27:a4:7b:71:42:bd:ca:78:38:91:
                    e8:54:11:99:ec:7e:b7:92:63:45:ca:c6:19:7f:c7:
                    3b:bb:f8:8f:cb:1d:7c:54:fe:cd:49:1c:a8:4d:80:
                    5e:c9:41:74:aa:dc:d8:1e:4e:6a:58:5d:3d:df:a8:
                    3d:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:7A:FD:B5:E1:A5:20:8A:15:C5:13:8E:0C:A3:6E:81:AF:5D:3B:35
            X509v3 Authority Key Identifier:
                keyid:04:AD:12:FB:AE:54:6D:01:83:C6:04:7D:4F:75:E8:8E:00:E0:70:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BK0S-65UbQGDxgR9T3XojgDgcFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/5cd3e3-d843-4d6b-8136-6abfb8b90132/1/03r9teGlIIoVxROODKNuga9dOzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/5cd3e3-d843-4d6b-8136-6abfb8b90132/1/BK0S-65UbQGDxgR9T3XojgDgcFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:39:85:1d:f2:43:f4:a0:69:ea:97:e4:a3:2c:92:1a:bc:bb:
         80:8e:7a:11:49:ec:fe:c1:fa:74:1a:b2:b0:c5:ce:8c:fe:af:
         8f:f5:9d:d2:89:fb:88:f6:0e:19:90:43:aa:6e:1f:cc:01:2a:
         64:a0:75:77:6e:88:58:b4:99:6f:a4:64:0c:09:46:d3:ab:d1:
         54:5a:85:1a:5f:74:26:d7:c5:de:3e:af:30:8c:c5:04:f5:15:
         be:7e:05:2f:9d:52:b5:57:3e:d1:e6:4d:eb:d8:98:a9:0e:99:
         2d:15:5c:05:37:78:d0:9a:01:87:35:65:10:1d:28:f2:bf:7e:
         0f:09:f2:4a:b8:52:3b:3f:ce:e3:ed:70:52:31:ef:a9:65:9c:
         47:75:ec:02:86:0f:6d:8e:50:ac:05:70:01:14:f9:75:39:9c:
         4e:54:98:a5:45:43:1f:b9:9f:73:c8:72:f9:d2:f9:fe:88:ee:
         f7:e8:b4:d0:67:75:e9:5f:a4:8e:5e:eb:27:ce:90:54:63:7e:
         07:cc:e2:6f:0e:94:eb:94:59:b5:2c:e6:b4:f4:61:bf:91:b1:
         24:a3:b6:be:e7:61:16:43:38:2f:bc:3b:da:d8:7d:02:87:7f:
         64:85:da:d5:9e:18:4a:7a:32:ea:63:04:eb:4a:be:af:a4:6f:
         a5:5d:1a:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1dVqw/cfavDbkeR+U9rEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YWQxMmZiYWU1NDZkMDE4M2M2MDQ3ZDRmNzVlODhlMDBl
MDcwNTMwHhcNMjUwMTAxMDc0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzdhZmRiNWUxYTUyMDhhMTVjNTEzOGUwY2EzNmU4MWFmNWQzYjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3boxOw+YoLFcQB0fXyrSSWLu6Ce
VcTYRpX74Ma329RDRfxf6CkOgUIvUKJZCFMehyRdo802EHa6gmKdR+VXJDdAZVCf
IJFlnBBUB8ehcQljd8URJJX5Z25hLeEiNtEOcqXNwCVv57b3YsUCCJl5j8VA+tgr
kBghL8s+kD9wpQS7mvJCye8Z7p/rqK6Zi2kozcw6Qo+ApBgYXsmUNwE92ILMRcq2
wCoV0hf+s2gutm8nKLRxN6OjIPKz3sC91mVuHVUZOLGaFieke3FCvcp4OJHoVBGZ
7H63kmNFysYZf8c7u/iPyx18VP7NSRyoTYBeyUF0qtzYHk5qWF0936g9GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNN6/bXhpSCKFcUTjgyjboGvXTs1MB8GA1UdIwQY
MBaAFAStEvuuVG0Bg8YEfU916I4A4HBTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkswUy02NVViUUdEeGdSOVQzWG9qZ0RnY0ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi81Y2QzZTMtZDg0My00ZDZiLTgxMzYt
NmFiZmI4YjkwMTMyLzEvMDNyOXRlR2xJSW9WeFJPT0RLTnVnYTlkT3pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi81Y2QzZTMtZDg0My00ZDZiLTgxMzYtNmFiZmI4YjkwMTMy
LzEvQkswUy02NVViUUdEeGdSOVQzWG9qZ0RnY0ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpmTMA0G
CSqGSIb3DQEBCwUAA4IBAQBeOYUd8kP0oGnql+SjLJIavLuAjnoRSez+wfp0GrKw
xc6M/q+P9Z3SifuI9g4ZkEOqbh/MASpkoHV3bohYtJlvpGQMCUbTq9FUWoUaX3Qm
18XePq8wjMUE9RW+fgUvnVK1Vz7R5k3r2JipDpktFVwFN3jQmgGHNWUQHSjyv34P
CfJKuFI7P87j7XBSMe+pZZxHdewChg9tjlCsBXABFPl1OZxOVJilRUMfuZ9zyHL5
0vn+iO736LTQZ3XpX6SOXusnzpBUY34HzOJvDpTrlFm1LOa09GG/kbEko7a+52EW
QzgvvDva2H0Ch39khdrVnhhKejLqYwTrSr6vpG+lXRoQ
-----END CERTIFICATE-----