Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/0U3Gso3ODnWaRUyku2KbHXOd2nE.roa
File:                     0U3Gso3ODnWaRUyku2KbHXOd2nE.roa (raw, json)
Hash identifier:          OjHUqZ7uYTApLthTiQNLejjbsCRnlAUYsAqNFNIG54g=
Subject key identifier:   D1:4D:C6:B2:8D:CE:0E:75:9A:45:4C:A4:BB:62:9B:1D:73:9D:DA:71
Certificate issuer:       /CN=c6e1c8c65c86e8d26ddbeb68658a39a7a8e27866
Certificate serial:       01957A73BC7D9660CB1A004838174637D058
Authority key identifier: C6:E1:C8:C6:5C:86:E8:D2:6D:DB:EB:68:65:8A:39:A7:A8:E2:78:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xuHIxlyG6NJt2-toZYo5p6jieGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/0U3Gso3ODnWaRUyku2KbHXOd2nE.roa
Signing time:             Sun 09 Mar 2025 10:29:20 +0000
ROA not before:           Sun 09 Mar 2025 10:29:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213852
IP address blocks:        46.34.163.0/24 maxlen: 24
                          89.42.199.0/24 maxlen: 24
                          92.114.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/xuHIxlyG6NJt2-toZYo5p6jieGY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/xuHIxlyG6NJt2-toZYo5p6jieGY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xuHIxlyG6NJt2-toZYo5p6jieGY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 21:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:7a:73:bc:7d:96:60:cb:1a:00:48:38:17:46:37:d0:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6e1c8c65c86e8d26ddbeb68658a39a7a8e27866
        Validity
            Not Before: Mar  9 10:29:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d14dc6b28dce0e759a454ca4bb629b1d739dda71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:94:c7:7b:a4:50:eb:a5:a1:37:b0:e3:d2:d0:
                    0c:41:1d:bf:31:c7:40:09:f0:04:93:f8:a9:be:9e:
                    99:0d:a2:27:e9:f9:63:c7:52:f4:c3:16:d3:37:f8:
                    05:b0:e5:d6:a5:cd:a8:25:91:75:cc:d6:99:17:9f:
                    3b:f0:a0:40:7c:1e:fc:e7:39:74:ee:24:09:b9:f8:
                    17:99:ea:43:56:0f:b3:0d:41:ef:fc:3a:58:ab:4a:
                    30:98:c1:cb:7f:2a:85:0d:23:74:27:ae:b2:9a:1c:
                    31:c0:7d:12:e0:57:1b:8d:4a:37:8c:d9:16:d4:78:
                    57:7d:c0:28:49:a6:99:da:43:0b:eb:85:9f:fb:50:
                    ee:74:3d:95:23:43:1b:3a:c8:ad:90:8b:44:9d:9f:
                    2f:bf:17:4f:96:5d:a9:0d:f4:43:1d:fb:76:20:9c:
                    13:fe:68:c0:ee:b7:f5:f5:b5:c1:29:b4:e6:f6:48:
                    96:88:43:1a:a2:11:5e:0a:b9:96:fc:e1:00:92:40:
                    c0:f9:da:f0:85:af:fb:e2:82:37:03:3b:6d:87:8a:
                    d1:ea:d8:e6:88:c1:ba:0b:1a:2b:ec:3d:8b:2e:da:
                    a9:57:7d:46:1f:69:50:0f:e9:2c:1a:10:1b:58:cf:
                    60:58:46:a9:19:25:e8:1a:27:20:f9:7c:7f:fd:28:
                    db:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:4D:C6:B2:8D:CE:0E:75:9A:45:4C:A4:BB:62:9B:1D:73:9D:DA:71
            X509v3 Authority Key Identifier:
                keyid:C6:E1:C8:C6:5C:86:E8:D2:6D:DB:EB:68:65:8A:39:A7:A8:E2:78:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xuHIxlyG6NJt2-toZYo5p6jieGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/0U3Gso3ODnWaRUyku2KbHXOd2nE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/xuHIxlyG6NJt2-toZYo5p6jieGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.163.0/24
                  89.42.199.0/24
                  92.114.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:b9:95:ca:05:e0:2f:c7:79:9f:f4:73:a7:cd:68:7c:e1:47:
         29:89:d1:ae:fc:0e:f9:50:1d:fe:69:ed:b5:cf:fd:51:a9:78:
         95:50:f6:44:fa:d7:ab:08:1a:98:9a:2a:81:77:40:e7:a5:3c:
         59:95:fe:96:13:13:35:98:52:4b:df:41:10:f1:b6:3f:76:c7:
         94:02:56:ad:30:65:e1:e1:53:d9:a0:97:ca:05:2e:f4:df:72:
         e2:18:5e:66:74:7e:a9:c0:32:cf:f5:e3:4d:46:b7:55:f2:23:
         93:ee:70:f9:6b:81:66:e6:88:c9:e8:7d:3a:ab:98:ad:3e:24:
         18:d8:c0:2c:0b:70:02:61:2b:3e:fe:13:ce:a4:ba:db:78:b4:
         e2:89:c2:87:fc:a2:94:3f:eb:27:a5:f1:83:64:01:ba:d9:19:
         c2:c8:14:11:a3:4b:11:cc:bf:11:b9:41:8d:13:af:17:c0:6d:
         41:c3:c2:4e:df:00:91:d4:6a:0d:8a:5b:1c:f6:34:13:80:69:
         d3:74:a7:97:49:4c:dc:30:7f:c0:ce:99:dd:f2:5f:75:d8:1b:
         91:b3:a0:45:47:de:75:7c:08:48:97:89:e6:1c:c4:f3:db:c2:
         7d:58:64:8e:94:de:a2:8f:c7:11:b3:1d:d6:76:a2:d4:1d:c8:
         ef:36:72:37
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZV6c7x9lmDLGgBIOBdGN9BYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2ZTFjOGM2NWM4NmU4ZDI2ZGRiZWI2ODY1OGEzOWE3YThl
Mjc4NjYwHhcNMjUwMzA5MTAyOTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTRkYzZiMjhkY2UwZTc1OWE0NTRjYTRiYjYyOWIxZDczOWRkYTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJTHe6RQ66WhN7Dj0tAMQR2/McdA
CfAEk/ipvp6ZDaIn6fljx1L0wxbTN/gFsOXWpc2oJZF1zNaZF5878KBAfB785zl0
7iQJufgXmepDVg+zDUHv/DpYq0owmMHLfyqFDSN0J66ymhwxwH0S4FcbjUo3jNkW
1HhXfcAoSaaZ2kML64Wf+1DudD2VI0MbOsitkItEnZ8vvxdPll2pDfRDHft2IJwT
/mjA7rf19bXBKbTm9kiWiEMaohFeCrmW/OEAkkDA+drwha/74oI3Aztth4rR6tjm
iMG6Cxor7D2LLtqpV31GH2lQD+ksGhAbWM9gWEapGSXoGicg+Xx//SjbbQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNFNxrKNzg51mkVMpLtimx1zndpxMB8GA1UdIwQY
MBaAFMbhyMZchujSbdvraGWKOaeo4nhmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHVISXhseUc2Tkp0Mi10b1pZbzVwNmppZUdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9hNDUzZmUtYTY2NC00N2EyLThiOGEt
Y2U1ZTAxZTcxYzkxLzEvMFUzR3NvM09EbldhUlV5a3UyS2JIWE9kMm5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9hNDUzZmUtYTY2NC00N2EyLThiOGEtY2U1ZTAxZTcxYzkx
LzEveHVISXhseUc2Tkp0Mi10b1pZbzVwNmppZUdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALiKjAwQA
WSrHAwQAXHIzMA0GCSqGSIb3DQEBCwUAA4IBAQCluZXKBeAvx3mf9HOnzWh84Ucp
idGu/A75UB3+ae21z/1RqXiVUPZE+terCBqYmiqBd0DnpTxZlf6WExM1mFJL30EQ
8bY/dseUAlatMGXh4VPZoJfKBS7033LiGF5mdH6pwDLP9eNNRrdV8iOT7nD5a4Fm
5ojJ6H06q5itPiQY2MAsC3ACYSs+/hPOpLrbeLTiicKH/KKUP+snpfGDZAG62RnC
yBQRo0sRzL8RuUGNE68XwG1Bw8JO3wCR1GoNilsc9jQTgGnTdKeXSUzcMH/Azpnd
8l912BuRs6BFR951fAhIl4nmHMTz28J9WGSOlN6ij8cRsx3WdqLUHcjvNnI3
-----END CERTIFICATE-----