Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/cc4eb3-768a-4f91-882c-0db10850c794/1/3pfVgFLkg2TMIc7JovHte5RB3LQ.roa
File:                     3pfVgFLkg2TMIc7JovHte5RB3LQ.roa (raw, json)
Hash identifier:          j4B7Ylwr/iwmSITFsOtorwc6XSZcp3QAqhv7YbCMN5c=
Subject key identifier:   DE:97:D5:80:52:E4:83:64:CC:21:CE:C9:A2:F1:ED:7B:94:41:DC:B4
Certificate issuer:       /CN=3deaededa105d7e9129a9b0ce56b9bfcb9c67394
Certificate serial:       018CC2DAFCF0CE24BAD3FA057594B72E24C7
Authority key identifier: 3D:EA:ED:ED:A1:05:D7:E9:12:9A:9B:0C:E5:6B:9B:FC:B9:C6:73:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pert7aEF1-kSmpsM5Wub_LnGc5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/cc4eb3-768a-4f91-882c-0db10850c794/1/3pfVgFLkg2TMIc7JovHte5RB3LQ.roa
Signing time:             Mon 01 Jan 2024 02:29:40 +0000
ROA not before:           Mon 01 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39190
IP address blocks:        194.147.125.0/24 maxlen: 24
                          194.147.124.0/24 maxlen: 24
                          194.147.127.0/24 maxlen: 24
                          194.147.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/cc4eb3-768a-4f91-882c-0db10850c794/1/Pert7aEF1-kSmpsM5Wub_LnGc5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/cc4eb3-768a-4f91-882c-0db10850c794/1/Pert7aEF1-kSmpsM5Wub_LnGc5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pert7aEF1-kSmpsM5Wub_LnGc5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:02:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fc:f0:ce:24:ba:d3:fa:05:75:94:b7:2e:24:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3deaededa105d7e9129a9b0ce56b9bfcb9c67394
        Validity
            Not Before: Jan  1 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de97d58052e48364cc21cec9a2f1ed7b9441dcb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ef:b3:e1:63:f7:da:50:4f:26:cf:ef:5a:82:
                    c9:9c:52:3f:47:04:37:29:c8:ea:c8:d6:82:b6:77:
                    44:b6:1f:40:c6:ef:7a:9b:1d:8c:26:b8:fb:62:1a:
                    d1:7d:ff:e3:cf:a3:ed:57:4e:97:fb:28:5b:a2:bc:
                    64:0d:51:dd:67:85:8e:c9:0e:e7:c2:8d:a7:fd:b7:
                    55:c2:07:52:00:86:30:09:2b:a6:5f:5d:f8:d7:38:
                    dd:d0:55:bd:eb:ca:ba:ba:46:a5:c9:1d:7d:af:a1:
                    50:0f:34:da:fd:e7:c5:79:7a:94:8c:74:5b:67:16:
                    6a:35:f9:4f:c4:57:2f:01:4e:6b:be:46:2a:44:fe:
                    b7:0c:97:ed:bf:14:3f:4b:39:d6:ec:08:c2:ea:10:
                    63:59:e9:29:bc:de:db:65:a3:02:48:e6:f8:20:81:
                    13:eb:4b:f8:3e:6a:af:08:40:f6:c4:3a:8d:92:58:
                    f7:b5:0a:8f:49:9a:c8:ce:79:27:d2:ef:58:d8:c9:
                    56:2e:c4:d6:3d:4b:a5:94:f4:ae:d6:f2:38:13:ec:
                    20:5c:f5:15:9d:b9:c3:c4:0c:ac:5d:12:4c:d8:03:
                    ed:ab:8a:1b:ba:3e:97:b7:87:ca:a0:cb:cf:61:da:
                    fc:42:59:93:80:16:a3:88:b5:e0:23:eb:ac:25:90:
                    07:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:97:D5:80:52:E4:83:64:CC:21:CE:C9:A2:F1:ED:7B:94:41:DC:B4
            X509v3 Authority Key Identifier:
                keyid:3D:EA:ED:ED:A1:05:D7:E9:12:9A:9B:0C:E5:6B:9B:FC:B9:C6:73:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pert7aEF1-kSmpsM5Wub_LnGc5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/cc4eb3-768a-4f91-882c-0db10850c794/1/3pfVgFLkg2TMIc7JovHte5RB3LQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/cc4eb3-768a-4f91-882c-0db10850c794/1/Pert7aEF1-kSmpsM5Wub_LnGc5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c1:1a:69:d4:ba:e8:18:94:74:80:c6:bc:03:b8:75:e1:d4:76:
         fe:e3:88:f2:ce:a5:0c:03:8e:dd:2c:d6:9b:7d:3d:50:be:52:
         b7:73:92:16:3c:40:0c:02:53:a7:40:16:43:1a:ef:82:c2:e2:
         45:f3:a4:d8:57:62:d2:89:7a:77:85:8e:e4:a8:61:2d:b2:90:
         4b:08:2e:85:6f:f7:5c:fe:02:d3:69:65:56:24:74:e6:4b:87:
         2f:0d:08:a1:06:5f:06:c8:43:a4:fd:0c:f3:0a:56:0b:74:e7:
         42:bf:f9:a6:72:78:d5:04:dc:5b:a9:f1:33:0d:a2:23:d0:70:
         ac:df:4f:4b:00:f7:09:be:72:9c:2e:bc:77:e4:6a:bd:99:fa:
         d4:c3:00:4b:61:e2:86:6e:76:b9:38:04:5a:b9:4a:a0:79:c4:
         38:90:2e:86:40:07:a6:d0:0d:b3:a8:54:a7:68:58:a8:0a:b5:
         17:0a:27:01:7d:b1:94:f6:57:82:f4:5a:cc:da:4a:2e:b7:53:
         db:fc:f9:cc:4b:f5:c1:64:21:40:69:a2:c8:97:dd:0e:a9:3f:
         66:84:ec:9b:37:3d:7b:14:ac:73:6b:66:bb:de:37:10:26:66:
         b1:06:e5:f7:44:d6:fe:be:a1:17:4b:77:e3:4a:f9:16:08:8b:
         1c:bd:97:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2vzwziS60/oFdZS3LiTHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZWFlZGVkYTEwNWQ3ZTkxMjlhOWIwY2U1NmI5YmZjYjlj
NjczOTQwHhcNMjQwMTAxMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTk3ZDU4MDUyZTQ4MzY0Y2MyMWNlYzlhMmYxZWQ3Yjk0NDFkY2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj++z4WP32lBPJs/vWoLJnFI/RwQ3
KcjqyNaCtndEth9Axu96mx2MJrj7YhrRff/jz6PtV06X+yhborxkDVHdZ4WOyQ7n
wo2n/bdVwgdSAIYwCSumX1341zjd0FW968q6ukalyR19r6FQDzTa/efFeXqUjHRb
ZxZqNflPxFcvAU5rvkYqRP63DJftvxQ/SznW7AjC6hBjWekpvN7bZaMCSOb4IIET
60v4PmqvCED2xDqNklj3tQqPSZrIznkn0u9Y2MlWLsTWPUullPSu1vI4E+wgXPUV
nbnDxAysXRJM2APtq4obuj6Xt4fKoMvPYdr8QlmTgBajiLXgI+usJZAH5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN6X1YBS5INkzCHOyaLx7XuUQdy0MB8GA1UdIwQY
MBaAFD3q7e2hBdfpEpqbDOVrm/y5xnOUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGVydDdhRUYxLWtTbXBzTTVXdWJfTG5HYzVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9jYzRlYjMtNzY4YS00ZjkxLTg4MmMt
MGRiMTA4NTBjNzk0LzEvM3BmVmdGTGtnMlRNSWM3Sm92SHRlNVJCM0xRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9jYzRlYjMtNzY4YS00ZjkxLTg4MmMtMGRiMTA4NTBjNzk0
LzEvUGVydDdhRUYxLWtTbXBzTTVXdWJfTG5HYzVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwpN8MA0G
CSqGSIb3DQEBCwUAA4IBAQDBGmnUuugYlHSAxrwDuHXh1Hb+44jyzqUMA47dLNab
fT1QvlK3c5IWPEAMAlOnQBZDGu+CwuJF86TYV2LSiXp3hY7kqGEtspBLCC6Fb/dc
/gLTaWVWJHTmS4cvDQihBl8GyEOk/QzzClYLdOdCv/mmcnjVBNxbqfEzDaIj0HCs
309LAPcJvnKcLrx35Gq9mfrUwwBLYeKGbna5OARauUqgecQ4kC6GQAem0A2zqFSn
aFioCrUXCicBfbGU9leC9FrM2kout1Pb/PnMS/XBZCFAaaLIl90OqT9mhOybNz17
FKxza2a73jcQJmaxBuX3RNb+vqEXS3fjSvkWCIscvZfM
-----END CERTIFICATE-----