Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/2024e2-4a49-491a-b082-d775c0021b60/1/PRnE6qJLXu--qHqmEaaawZPaMRw.roa
File:                     PRnE6qJLXu--qHqmEaaawZPaMRw.roa (raw, json)
Hash identifier:          JZBMrYwyQ5gAIyYxMGZPjRANfDCXB1r4XoWIqBWtSzs=
Subject key identifier:   3D:19:C4:EA:A2:4B:5E:EF:BE:A8:7A:A6:11:A6:9A:C1:93:DA:31:1C
Certificate issuer:       /CN=8d630b89d0b22f2ebd9e84de83511c94e3874f0b
Certificate serial:       0196EDA26DA765358C63590FB19EB482382C
Authority key identifier: 8D:63:0B:89:D0:B2:2F:2E:BD:9E:84:DE:83:51:1C:94:E3:87:4F:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jWMLidCyLy69noTeg1EclOOHTws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/2024e2-4a49-491a-b082-d775c0021b60/1/PRnE6qJLXu--qHqmEaaawZPaMRw.roa
Signing time:             Tue 20 May 2025 12:19:26 +0000
ROA not before:           Tue 20 May 2025 12:19:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47290
IP address blocks:        195.182.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/2024e2-4a49-491a-b082-d775c0021b60/1/jWMLidCyLy69noTeg1EclOOHTws.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/2024e2-4a49-491a-b082-d775c0021b60/1/jWMLidCyLy69noTeg1EclOOHTws.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jWMLidCyLy69noTeg1EclOOHTws.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:a2:6d:a7:65:35:8c:63:59:0f:b1:9e:b4:82:38:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d630b89d0b22f2ebd9e84de83511c94e3874f0b
        Validity
            Not Before: May 20 12:19:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d19c4eaa24b5eefbea87aa611a69ac193da311c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:8c:3c:9f:d2:d3:d2:9b:07:a1:2c:27:ff:9e:
                    d6:1b:b0:3f:87:46:bf:23:15:a2:15:bb:16:6c:52:
                    e3:08:cb:37:13:66:f0:2b:d5:8b:b1:6f:ce:1b:03:
                    9a:da:a8:d8:d3:a4:14:33:77:21:61:43:bd:c4:24:
                    b1:89:b5:6c:15:ec:af:d6:30:c8:8b:2c:8c:9c:24:
                    8c:af:eb:12:f4:2e:85:a1:58:cf:9e:6e:9f:25:2f:
                    72:86:3b:b0:1a:2f:24:18:85:99:00:05:18:57:c4:
                    e7:db:82:c0:34:18:77:48:0f:0b:f6:38:28:cd:a6:
                    98:55:d4:de:0b:bd:cf:0f:7d:39:e1:20:44:49:87:
                    b7:f4:5c:49:f5:96:a2:39:ea:e0:42:df:b8:67:cf:
                    2e:b2:30:4e:91:ee:f5:3c:30:c9:4f:07:1a:03:11:
                    5b:8a:7b:ca:05:0e:b1:ec:ad:0a:be:f9:ea:6f:c8:
                    84:73:ee:21:fa:58:7f:6d:5c:c6:bf:a6:89:10:5d:
                    49:ea:bd:79:2e:2e:92:05:b6:44:c2:7b:0e:d0:fe:
                    e3:51:f0:a5:0e:1d:4f:ef:1c:fa:d0:8b:d2:2f:4b:
                    0d:b2:11:5a:a2:aa:b3:fb:39:37:db:33:e3:02:e6:
                    fa:b4:4c:c9:31:b3:07:34:d8:68:4a:ea:cc:11:ff:
                    55:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:19:C4:EA:A2:4B:5E:EF:BE:A8:7A:A6:11:A6:9A:C1:93:DA:31:1C
            X509v3 Authority Key Identifier:
                keyid:8D:63:0B:89:D0:B2:2F:2E:BD:9E:84:DE:83:51:1C:94:E3:87:4F:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jWMLidCyLy69noTeg1EclOOHTws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/2024e2-4a49-491a-b082-d775c0021b60/1/PRnE6qJLXu--qHqmEaaawZPaMRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/2024e2-4a49-491a-b082-d775c0021b60/1/jWMLidCyLy69noTeg1EclOOHTws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:c4:39:a0:2a:dd:1f:b8:03:a1:df:a7:e3:04:8a:90:26:2f:
         d7:da:b4:f1:b7:10:be:2d:eb:91:99:ae:d1:ac:7a:45:a5:e9:
         ba:86:e3:e2:81:62:56:be:4f:e9:48:87:31:7b:08:7a:fd:b9:
         d3:9a:7d:1f:3d:8e:f3:a4:47:55:e0:01:9d:ea:47:8a:b2:3f:
         a8:91:90:55:cd:77:77:81:6e:73:c7:52:d2:d1:8d:2d:36:83:
         b2:28:77:a2:60:7d:c9:42:08:f2:e9:35:3f:ed:3d:50:ac:1e:
         93:b3:03:94:f9:d5:85:8c:68:45:af:f4:0e:13:fe:b2:f2:3f:
         1d:72:d8:96:e7:39:32:cd:da:3a:3c:af:de:00:31:df:54:27:
         8a:42:48:b0:ae:18:32:d5:fc:ce:d5:e8:be:b6:95:90:0e:53:
         e7:67:aa:1f:b0:f0:d1:ee:f3:1b:64:91:c8:3f:1a:55:6a:68:
         8f:0e:f9:cc:12:93:e1:c3:46:bf:de:83:bc:08:9a:eb:c5:96:
         df:b4:37:a6:b5:c6:56:be:2e:c2:c2:90:1b:ea:17:16:17:13:
         39:e0:1e:54:28:93:59:16:e9:e4:2b:a0:4c:bd:a1:3b:01:b9:
         fb:8e:e5:f8:66:97:1a:35:6d:27:b3:5d:93:16:61:ba:ab:ae:
         6c:8c:aa:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbtom2nZTWMY1kPsZ60gjgsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNjMwYjg5ZDBiMjJmMmViZDllODRkZTgzNTExYzk0ZTM4
NzRmMGIwHhcNMjUwNTIwMTIxOTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDE5YzRlYWEyNGI1ZWVmYmVhODdhYTYxMWE2OWFjMTkzZGEzMTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4w8n9LT0psHoSwn/57WG7A/h0a/
IxWiFbsWbFLjCMs3E2bwK9WLsW/OGwOa2qjY06QUM3chYUO9xCSxibVsFeyv1jDI
iyyMnCSMr+sS9C6FoVjPnm6fJS9yhjuwGi8kGIWZAAUYV8Tn24LANBh3SA8L9jgo
zaaYVdTeC73PD3054SBESYe39FxJ9ZaiOergQt+4Z88usjBOke71PDDJTwcaAxFb
invKBQ6x7K0Kvvnqb8iEc+4h+lh/bVzGv6aJEF1J6r15Li6SBbZEwnsO0P7jUfCl
Dh1P7xz60IvSL0sNshFaoqqz+zk32zPjAub6tEzJMbMHNNhoSurMEf9VwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD0ZxOqiS17vvqh6phGmmsGT2jEcMB8GA1UdIwQY
MBaAFI1jC4nQsi8uvZ6E3oNRHJTjh08LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaldNTGlkQ3lMeTY5bm9UZWcxRWNsT09IVHdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy8yMDI0ZTItNGE0OS00OTFhLWIwODIt
ZDc3NWMwMDIxYjYwLzEvUFJuRTZxSkxYdS0tcUhxbUVhYWF3WlBhTVJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy8yMDI0ZTItNGE0OS00OTFhLWIwODItZDc3NWMwMDIxYjYw
LzEvaldNTGlkQ3lMeTY5bm9UZWcxRWNsT09IVHdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7YjMA0G
CSqGSIb3DQEBCwUAA4IBAQBvxDmgKt0fuAOh36fjBIqQJi/X2rTxtxC+LeuRma7R
rHpFpem6huPigWJWvk/pSIcxewh6/bnTmn0fPY7zpEdV4AGd6keKsj+okZBVzXd3
gW5zx1LS0Y0tNoOyKHeiYH3JQgjy6TU/7T1QrB6TswOU+dWFjGhFr/QOE/6y8j8d
ctiW5zkyzdo6PK/eADHfVCeKQkiwrhgy1fzO1ei+tpWQDlPnZ6ofsPDR7vMbZJHI
PxpVamiPDvnMEpPhw0a/3oO8CJrrxZbftDemtcZWvi7CwpAb6hcWFxM54B5UKJNZ
FunkK6BMvaE7Abn7juX4ZpcaNW0ns12TFmG6q65sjKov
-----END CERTIFICATE-----