Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/23e07b-e9e4-42a5-b8e0-a8d3838052d0/1/3PraL73AFKhJIGCUwHIjxHVvADk.roa
File:                     3PraL73AFKhJIGCUwHIjxHVvADk.roa (raw, json)
Hash identifier:          KskKrA0CeugVxSgnh+9GoZQRJCeyshrXW7c5sBU6dTU=
Subject key identifier:   DC:FA:DA:2F:BD:C0:14:A8:49:20:60:94:C0:72:23:C4:75:6F:00:39
Certificate issuer:       /CN=f7a58d1b12aeb5583328dda525d0698674bb1def
Certificate serial:       018E873F6EA210540DCFD44C7358DC61E25A
Authority key identifier: F7:A5:8D:1B:12:AE:B5:58:33:28:DD:A5:25:D0:69:86:74:BB:1D:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/96WNGxKutVgzKN2lJdBphnS7He8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/23e07b-e9e4-42a5-b8e0-a8d3838052d0/1/3PraL73AFKhJIGCUwHIjxHVvADk.roa
Signing time:             Thu 28 Mar 2024 22:47:44 +0000
ROA not before:           Thu 28 Mar 2024 22:47:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201117
IP address blocks:        185.245.156.0/22 maxlen: 22
                          185.245.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/23e07b-e9e4-42a5-b8e0-a8d3838052d0/1/96WNGxKutVgzKN2lJdBphnS7He8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/23e07b-e9e4-42a5-b8e0-a8d3838052d0/1/96WNGxKutVgzKN2lJdBphnS7He8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/96WNGxKutVgzKN2lJdBphnS7He8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 19:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:87:3f:6e:a2:10:54:0d:cf:d4:4c:73:58:dc:61:e2:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7a58d1b12aeb5583328dda525d0698674bb1def
        Validity
            Not Before: Mar 28 22:47:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcfada2fbdc014a849206094c07223c4756f0039
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:61:70:f2:62:d4:b8:b9:cc:1e:b9:94:4b:cc:
                    a7:3d:79:b0:11:92:f5:95:27:79:b9:40:64:81:0d:
                    f2:48:1d:9d:54:d9:81:a1:2f:cf:9e:be:19:0f:d3:
                    1c:6a:ab:69:ad:20:f6:63:24:b5:fd:91:e8:d1:69:
                    82:48:91:f5:7c:2d:ef:5e:15:86:8a:f7:8b:57:d0:
                    b3:65:12:14:86:04:f2:dc:be:58:83:e8:41:c5:98:
                    e1:01:1a:14:b0:c8:18:f4:55:72:6f:88:2d:45:ac:
                    0c:7b:4c:27:da:19:bd:72:19:3c:5d:f9:cc:e1:a9:
                    cf:91:b6:be:f1:49:35:3c:52:e1:be:12:8d:c9:9a:
                    3f:c0:20:2b:f2:69:61:eb:c5:d5:8a:96:75:03:3f:
                    1d:c2:32:32:64:80:25:cd:f1:71:0a:75:14:3c:07:
                    ae:91:ba:a5:0d:6f:c9:70:9b:6e:d2:94:7d:29:4f:
                    c2:04:13:e5:ad:b9:32:f3:a3:4c:0c:4d:52:8f:9b:
                    a2:53:e5:34:21:78:6a:df:a3:85:d7:ec:ec:cc:35:
                    34:ef:0d:ce:12:96:78:51:97:00:6a:06:4c:e1:b1:
                    e2:32:01:5e:55:1d:ec:32:fc:a5:49:6a:e4:93:06:
                    3f:67:90:46:22:00:ee:8d:de:9d:68:1a:d7:29:23:
                    94:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:FA:DA:2F:BD:C0:14:A8:49:20:60:94:C0:72:23:C4:75:6F:00:39
            X509v3 Authority Key Identifier:
                keyid:F7:A5:8D:1B:12:AE:B5:58:33:28:DD:A5:25:D0:69:86:74:BB:1D:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/96WNGxKutVgzKN2lJdBphnS7He8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/23e07b-e9e4-42a5-b8e0-a8d3838052d0/1/3PraL73AFKhJIGCUwHIjxHVvADk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/23e07b-e9e4-42a5-b8e0-a8d3838052d0/1/96WNGxKutVgzKN2lJdBphnS7He8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:de:3b:86:c8:da:62:7a:2f:95:50:3f:db:bb:23:10:fb:0d:
         10:5c:1b:5e:81:fd:00:e4:fd:c9:ab:6f:58:6f:d3:28:9b:74:
         f2:eb:a4:33:b0:d7:b0:3e:41:49:4e:09:8b:9a:84:ed:b9:5f:
         d6:4b:6e:a5:bf:7f:c8:44:e6:68:46:b5:c8:c9:8d:46:ee:f4:
         bf:c8:32:78:ed:d3:3b:42:3b:d6:c9:e5:f5:fc:29:33:91:5e:
         f7:c4:cf:c4:b9:14:f7:ba:1a:2a:ca:b6:08:b6:49:49:ca:d8:
         24:d5:ad:84:7f:ba:0e:c7:20:4d:bd:01:54:2b:86:2d:a4:eb:
         24:88:21:32:fb:1c:72:dc:65:b3:a3:3d:01:98:03:f7:17:4e:
         be:e7:55:9d:1b:b4:3a:a3:aa:c9:44:b0:3b:dc:71:99:10:7d:
         a2:cc:00:c0:83:2d:34:ef:34:02:39:bb:3c:1a:b7:6f:ae:90:
         2f:2e:0b:36:6d:ab:80:6b:ba:16:8c:67:b2:4a:a9:0b:81:c0:
         26:d1:e9:aa:51:66:63:10:cb:b0:d0:74:95:62:ed:f1:16:ef:
         63:24:3a:dd:67:e1:68:25:7e:fc:27:7f:ee:19:12:01:54:71:
         16:a5:da:c1:95:b4:dc:90:04:8c:4e:94:4d:55:97:b6:8b:32:
         a4:d8:ec:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6HP26iEFQNz9RMc1jcYeJaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YTU4ZDFiMTJhZWI1NTgzMzI4ZGRhNTI1ZDA2OTg2NzRi
YjFkZWYwHhcNMjQwMzI4MjI0NzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2ZhZGEyZmJkYzAxNGE4NDkyMDYwOTRjMDcyMjNjNDc1NmYwMDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGFw8mLUuLnMHrmUS8ynPXmwEZL1
lSd5uUBkgQ3ySB2dVNmBoS/Pnr4ZD9McaqtprSD2YyS1/ZHo0WmCSJH1fC3vXhWG
iveLV9CzZRIUhgTy3L5Yg+hBxZjhARoUsMgY9FVyb4gtRawMe0wn2hm9chk8XfnM
4anPkba+8Uk1PFLhvhKNyZo/wCAr8mlh68XVipZ1Az8dwjIyZIAlzfFxCnUUPAeu
kbqlDW/JcJtu0pR9KU/CBBPlrbky86NMDE1Sj5uiU+U0IXhq36OF1+zszDU07w3O
EpZ4UZcAagZM4bHiMgFeVR3sMvylSWrkkwY/Z5BGIgDujd6daBrXKSOUeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNz62i+9wBSoSSBglMByI8R1bwA5MB8GA1UdIwQY
MBaAFPeljRsSrrVYMyjdpSXQaYZ0ux3vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTZXTkd4S3V0Vmd6S04ybEpkQnBoblM3SGU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8yM2UwN2ItZTllNC00MmE1LWI4ZTAt
YThkMzgzODA1MmQwLzEvM1ByYUw3M0FGS2hKSUdDVXdISWp4SFZ2QURrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8yM2UwN2ItZTllNC00MmE1LWI4ZTAtYThkMzgzODA1MmQw
LzEvOTZXTkd4S3V0Vmd6S04ybEpkQnBoblM3SGU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufWcMA0G
CSqGSIb3DQEBCwUAA4IBAQAw3juGyNpiei+VUD/buyMQ+w0QXBtegf0A5P3Jq29Y
b9Mom3Ty66QzsNewPkFJTgmLmoTtuV/WS26lv3/IROZoRrXIyY1G7vS/yDJ47dM7
QjvWyeX1/CkzkV73xM/EuRT3uhoqyrYItklJytgk1a2Ef7oOxyBNvQFUK4YtpOsk
iCEy+xxy3GWzoz0BmAP3F06+51WdG7Q6o6rJRLA73HGZEH2izADAgy007zQCObs8
GrdvrpAvLgs2bauAa7oWjGeySqkLgcAm0emqUWZjEMuw0HSVYu3xFu9jJDrdZ+Fo
JX78J3/uGRIBVHEWpdrBlbTckASMTpRNVZe2izKk2OwQ
-----END CERTIFICATE-----