Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/31952a-608c-468e-a00e-d633aa70dd66/1/N3Ms1tO5Rc3q58ZodMbwcW3QRxA.roa
File:                     N3Ms1tO5Rc3q58ZodMbwcW3QRxA.roa (raw, json)
Hash identifier:          QeEjLFu1bfyi8L5wOE2F/BxSn3Wihpq/1jEicr1OiIU=
Subject key identifier:   37:73:2C:D6:D3:B9:45:CD:EA:E7:C6:68:74:C6:F0:71:6D:D0:47:10
Certificate issuer:       /CN=88fe1905cd7af36e63ada6366c147b61d85c9f2b
Certificate serial:       019421B24A565F7068EA41C9ADE90C34AEDC
Authority key identifier: 88:FE:19:05:CD:7A:F3:6E:63:AD:A6:36:6C:14:7B:61:D8:5C:9F:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iP4ZBc16825jraY2bBR7Ydhcnys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/31952a-608c-468e-a00e-d633aa70dd66/1/N3Ms1tO5Rc3q58ZodMbwcW3QRxA.roa
Signing time:             Wed 01 Jan 2025 11:48:39 +0000
ROA not before:           Wed 01 Jan 2025 11:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.99.236.0/24 maxlen: 24
                          185.99.237.0/24 maxlen: 24
                          185.99.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/31952a-608c-468e-a00e-d633aa70dd66/1/iP4ZBc16825jraY2bBR7Ydhcnys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/31952a-608c-468e-a00e-d633aa70dd66/1/iP4ZBc16825jraY2bBR7Ydhcnys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iP4ZBc16825jraY2bBR7Ydhcnys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:4a:56:5f:70:68:ea:41:c9:ad:e9:0c:34:ae:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88fe1905cd7af36e63ada6366c147b61d85c9f2b
        Validity
            Not Before: Jan  1 11:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37732cd6d3b945cdeae7c66874c6f0716dd04710
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:52:ee:9b:61:ce:ca:ab:1e:19:41:c7:ac:81:
                    81:b7:ff:cc:1e:1c:f5:15:09:4e:b0:0a:5f:67:3b:
                    5b:ee:06:c0:02:40:23:b4:05:e1:65:12:15:d8:7e:
                    d9:0c:95:dd:11:de:8a:12:99:0a:4a:32:e8:08:97:
                    55:f7:1b:a1:7c:f3:5b:31:93:53:a6:4f:8e:3d:4f:
                    34:74:9c:ee:68:f0:45:56:da:f0:a6:8d:e6:3f:2b:
                    ed:ac:95:b9:ac:40:ea:8d:ab:5e:fa:cd:7e:22:5e:
                    62:cd:17:18:d2:f0:6c:19:03:77:c5:65:cd:36:bb:
                    5d:e8:b6:0e:27:8f:c6:09:96:8a:97:9e:67:f1:83:
                    f1:fe:e5:d3:7e:b7:cb:46:b4:76:0f:0a:e3:36:3e:
                    48:d3:d3:ba:b3:6d:09:87:cc:e1:bc:6a:a6:67:90:
                    fd:ba:28:b9:55:b3:08:08:86:8f:58:07:e2:d4:76:
                    5b:b7:44:f2:de:b9:9f:ca:ca:12:eb:27:d5:91:56:
                    fb:ef:e2:cf:d1:f7:1d:d8:2a:25:41:0e:62:15:a4:
                    ae:e8:36:7a:98:7e:bd:f8:6d:62:6e:e4:59:ca:20:
                    77:be:c1:86:b1:c5:69:d1:6b:15:f7:92:77:79:8f:
                    56:2f:57:95:39:6f:9b:40:22:b3:29:14:1a:71:f0:
                    ee:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:73:2C:D6:D3:B9:45:CD:EA:E7:C6:68:74:C6:F0:71:6D:D0:47:10
            X509v3 Authority Key Identifier:
                keyid:88:FE:19:05:CD:7A:F3:6E:63:AD:A6:36:6C:14:7B:61:D8:5C:9F:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iP4ZBc16825jraY2bBR7Ydhcnys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/31952a-608c-468e-a00e-d633aa70dd66/1/N3Ms1tO5Rc3q58ZodMbwcW3QRxA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/31952a-608c-468e-a00e-d633aa70dd66/1/iP4ZBc16825jraY2bBR7Ydhcnys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.99.236.0-185.99.238.255

    Signature Algorithm: sha256WithRSAEncryption
         a1:eb:27:27:47:bc:d0:fb:84:46:75:ce:bd:55:a6:9f:f9:ff:
         f4:78:86:67:35:7f:aa:92:88:f9:e0:9c:54:18:7a:88:ce:27:
         c5:e5:71:f9:ab:22:5a:c9:92:f3:70:16:7a:2f:38:0e:1b:ea:
         0a:93:0b:78:0e:cb:cb:cc:e6:7e:ca:fd:6d:08:a5:3c:7b:61:
         2e:4a:b3:57:db:09:5d:28:ec:aa:4b:28:db:2d:19:cd:fc:f4:
         61:0a:df:c3:47:1a:21:36:38:ad:2b:dd:35:84:0c:02:74:61:
         a9:3f:27:55:dd:76:e7:3a:4a:f2:e6:dd:dd:57:7a:39:59:22:
         6d:b3:48:27:c3:13:cd:31:9e:ef:14:03:a9:19:a3:7f:b2:01:
         80:26:57:6e:b6:18:02:5e:6a:c6:fc:a6:92:7c:4f:0c:ef:b0:
         d7:0d:80:a0:5b:bd:b1:f1:2b:f3:93:95:f7:98:99:75:ca:c4:
         91:5e:d7:55:bc:29:c0:26:6c:20:a9:86:9e:71:96:ff:1d:15:
         29:4f:14:59:4c:95:ec:e6:68:5b:6e:75:06:f4:96:03:46:57:
         8d:5e:23:6e:5b:06:d2:0d:0d:48:01:b5:ae:35:ff:03:18:e0:
         52:c5:a3:73:a9:71:3c:a0:ec:b8:80:bd:14:48:77:90:b0:66:
         15:bc:06:a6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQhskpWX3Bo6kHJrekMNK7cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZmUxOTA1Y2Q3YWYzNmU2M2FkYTYzNjZjMTQ3YjYxZDg1
YzlmMmIwHhcNMjUwMTAxMTE0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzczMmNkNmQzYjk0NWNkZWFlN2M2Njg3NGM2ZjA3MTZkZDA0NzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVLum2HOyqseGUHHrIGBt//MHhz1
FQlOsApfZztb7gbAAkAjtAXhZRIV2H7ZDJXdEd6KEpkKSjLoCJdV9xuhfPNbMZNT
pk+OPU80dJzuaPBFVtrwpo3mPyvtrJW5rEDqjate+s1+Il5izRcY0vBsGQN3xWXN
Nrtd6LYOJ4/GCZaKl55n8YPx/uXTfrfLRrR2DwrjNj5I09O6s20Jh8zhvGqmZ5D9
uii5VbMICIaPWAfi1HZbt0Ty3rmfysoS6yfVkVb77+LP0fcd2ColQQ5iFaSu6DZ6
mH69+G1ibuRZyiB3vsGGscVp0WsV95J3eY9WL1eVOW+bQCKzKRQacfDuXwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDdzLNbTuUXN6ufGaHTG8HFt0EcQMB8GA1UdIwQY
MBaAFIj+GQXNevNuY62mNmwUe2HYXJ8rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVA0WkJjMTY4MjVqcmFZMmJCUjdZZGhjbnlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8zMTk1MmEtNjA4Yy00NjhlLWEwMGUt
ZDYzM2FhNzBkZDY2LzEvTjNNczF0TzVSYzNxNThab2RNYndjVzNRUnhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy8zMTk1MmEtNjA4Yy00NjhlLWEwMGUtZDYzM2FhNzBkZDY2
LzEvaVA0WkJjMTY4MjVqcmFZMmJCUjdZZGhjbnlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAK5Y+wD
BAC5Y+4wDQYJKoZIhvcNAQELBQADggEBAKHrJydHvND7hEZ1zr1Vpp/5//R4hmc1
f6qSiPngnFQYeojOJ8XlcfmrIlrJkvNwFnovOA4b6gqTC3gOy8vM5n7K/W0IpTx7
YS5Ks1fbCV0o7KpLKNstGc389GEK38NHGiE2OK0r3TWEDAJ0Yak/J1Xdduc6SvLm
3d1XejlZIm2zSCfDE80xnu8UA6kZo3+yAYAmV262GAJeasb8ppJ8TwzvsNcNgKBb
vbHxK/OTlfeYmXXKxJFe11W8KcAmbCCphp5xlv8dFSlPFFlMlezmaFtudQb0lgNG
V41eI25bBtINDUgBta41/wMY4FLFo3OpcTyg7LiAvRRId5CwZhW8BqY=
-----END CERTIFICATE-----