Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/Xi6D2TOsmKaKt73p2J8BVcS5X-U.roa
File:                     Xi6D2TOsmKaKt73p2J8BVcS5X-U.roa (raw, json)
Hash identifier:          bCMKnUY3Dzp0FpBoWOs1dTC9ELOluXfiQXdDZqb6JDc=
Subject key identifier:   5E:2E:83:D9:33:AC:98:A6:8A:B7:BD:E9:D8:9F:01:55:C4:B9:5F:E5
Certificate issuer:       /CN=3bccbc70e18b6c69e53ef52a5e925e5f4f0cdcc1
Certificate serial:       019427B5B25C84638384CCC5952F20428C94
Authority key identifier: 3B:CC:BC:70:E1:8B:6C:69:E5:3E:F5:2A:5E:92:5E:5F:4F:0C:DC:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O8y8cOGLbGnlPvUqXpJeX08M3ME.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/Xi6D2TOsmKaKt73p2J8BVcS5X-U.roa
Signing time:             Thu 02 Jan 2025 15:50:06 +0000
ROA not before:           Thu 02 Jan 2025 15:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39386
IP address blocks:        159.0.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/O8y8cOGLbGnlPvUqXpJeX08M3ME.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/O8y8cOGLbGnlPvUqXpJeX08M3ME.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O8y8cOGLbGnlPvUqXpJeX08M3ME.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 23:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:b2:5c:84:63:83:84:cc:c5:95:2f:20:42:8c:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bccbc70e18b6c69e53ef52a5e925e5f4f0cdcc1
        Validity
            Not Before: Jan  2 15:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e2e83d933ac98a68ab7bde9d89f0155c4b95fe5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:5f:e2:3f:a6:9c:04:d8:ed:6a:f3:c2:a6:47:
                    c7:6e:d3:4b:dc:52:7b:59:1b:35:0c:af:64:2b:9a:
                    b6:e0:04:b8:e1:44:fd:24:12:52:fc:30:ee:cf:68:
                    4a:0e:fb:0f:fa:2e:6f:87:28:ea:b4:63:58:36:c1:
                    50:97:91:18:73:4e:b0:39:f5:fe:48:e5:0f:42:99:
                    29:44:e6:35:8a:84:43:fd:a0:84:6c:f8:db:7e:5c:
                    ea:7b:10:86:21:2a:ff:ab:3a:b3:86:c4:4a:13:6a:
                    e3:47:ea:cf:74:7f:4f:00:da:f1:47:5f:0e:ea:f7:
                    22:e1:e0:a5:21:26:98:c4:3a:95:a1:a3:6b:d3:a1:
                    9f:c5:23:2b:d4:58:e8:1f:49:c7:09:13:26:68:4e:
                    c7:94:04:e5:f5:f9:98:d4:23:05:b9:c5:a5:87:67:
                    46:fc:6a:c3:f6:2e:c5:d0:4f:e9:7c:02:c3:1a:8c:
                    3f:1d:e3:ec:ce:8a:91:5d:bd:43:c0:04:4d:6d:85:
                    23:7f:a6:31:d7:d1:87:c8:e6:f3:ca:05:4f:33:6a:
                    3d:e8:f5:4f:9c:33:c5:fb:17:c9:5b:71:5e:cc:ba:
                    51:dc:11:43:05:05:a1:1e:fd:fb:12:8d:96:1f:69:
                    c8:a6:d3:fc:d2:14:99:35:3f:dd:97:50:cc:bd:b0:
                    bb:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:2E:83:D9:33:AC:98:A6:8A:B7:BD:E9:D8:9F:01:55:C4:B9:5F:E5
            X509v3 Authority Key Identifier:
                keyid:3B:CC:BC:70:E1:8B:6C:69:E5:3E:F5:2A:5E:92:5E:5F:4F:0C:DC:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O8y8cOGLbGnlPvUqXpJeX08M3ME.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/Xi6D2TOsmKaKt73p2J8BVcS5X-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/O8y8cOGLbGnlPvUqXpJeX08M3ME.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.0.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:36:66:03:ef:b2:2e:61:51:a6:ff:df:7c:3e:0d:f9:eb:6d:
         3c:92:1a:21:c1:d8:98:7d:94:d0:5a:41:fc:60:75:08:82:e5:
         4f:0a:16:bb:21:87:d7:21:42:4d:ef:ad:96:c0:38:91:4d:d1:
         f6:70:84:9b:d7:82:ca:f9:08:dc:9f:c8:00:70:4e:f4:8e:ca:
         af:a4:3c:29:5d:2e:d5:96:20:d8:95:5d:e3:73:f8:47:b3:3a:
         91:29:f6:b3:99:1f:1a:e4:25:98:46:10:7c:b8:26:6c:56:ac:
         e2:1e:23:e4:c2:9d:39:7e:b8:2c:7d:13:0e:28:f8:07:ff:9e:
         df:cd:18:6d:fa:e6:c3:77:f2:fa:61:27:23:48:47:7e:68:9a:
         ac:8f:d6:94:2e:18:7e:3b:89:f5:b9:a4:e6:c9:0f:64:b4:56:
         3b:34:e4:5f:d2:1c:45:d0:e6:9d:c1:51:75:d5:eb:47:67:08:
         28:9a:92:a9:2b:c2:e2:4d:02:76:bc:67:b7:b0:23:74:38:14:
         5d:93:f9:5d:25:cc:27:c2:cf:7f:33:21:ec:76:bd:88:05:a5:
         e3:c7:03:00:72:0f:28:5d:27:24:0f:b9:39:4b:aa:c9:6f:ca:
         d7:a4:a6:17:d7:29:0c:e9:fa:9a:b4:11:8c:18:a3:9c:ff:b9:
         79:0c:94:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntbJchGODhMzFlS8gQoyUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiY2NiYzcwZTE4YjZjNjllNTNlZjUyYTVlOTI1ZTVmNGYw
Y2RjYzEwHhcNMjUwMTAyMTU1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTJlODNkOTMzYWM5OGE2OGFiN2JkZTlkODlmMDE1NWM0Yjk1ZmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApF/iP6acBNjtavPCpkfHbtNL3FJ7
WRs1DK9kK5q24AS44UT9JBJS/DDuz2hKDvsP+i5vhyjqtGNYNsFQl5EYc06wOfX+
SOUPQpkpROY1ioRD/aCEbPjbflzqexCGISr/qzqzhsRKE2rjR+rPdH9PANrxR18O
6vci4eClISaYxDqVoaNr06GfxSMr1FjoH0nHCRMmaE7HlATl9fmY1CMFucWlh2dG
/GrD9i7F0E/pfALDGow/HePszoqRXb1DwARNbYUjf6Yx19GHyObzygVPM2o96PVP
nDPF+xfJW3FezLpR3BFDBQWhHv37Eo2WH2nIptP80hSZNT/dl1DMvbC7NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF4ug9kzrJimire96difAVXEuV/lMB8GA1UdIwQY
MBaAFDvMvHDhi2xp5T71Kl6SXl9PDNzBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzh5OGNPR0xiR25sUHZVcVhwSmVYMDhNM01FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS84YTQ3NzMtYTJiZC00MGQyLWJmYzgt
YmJlNjBlYTIyMmM1LzEvWGk2RDJUT3NtS2FLdDczcDJKOEJWY1M1WC1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS84YTQ3NzMtYTJiZC00MGQyLWJmYzgtYmJlNjBlYTIyMmM1
LzEvTzh5OGNPR0xiR25sUHZVcVhwSmVYMDhNM01FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnwC4MA0G
CSqGSIb3DQEBCwUAA4IBAQAENmYD77IuYVGm/998Pg356208khohwdiYfZTQWkH8
YHUIguVPCha7IYfXIUJN762WwDiRTdH2cISb14LK+Qjcn8gAcE70jsqvpDwpXS7V
liDYlV3jc/hHszqRKfazmR8a5CWYRhB8uCZsVqziHiPkwp05frgsfRMOKPgH/57f
zRht+ubDd/L6YScjSEd+aJqsj9aULhh+O4n1uaTmyQ9ktFY7NORf0hxF0OadwVF1
1etHZwgompKpK8LiTQJ2vGe3sCN0OBRdk/ldJcwnws9/MyHsdr2IBaXjxwMAcg8o
XSckD7k5S6rJb8rXpKYX1ykM6fqatBGMGKOc/7l5DJQ/
-----END CERTIFICATE-----