Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/wWkcOa8cqDGRhn8j-1x_z-ePvg0.roa
File:                     wWkcOa8cqDGRhn8j-1x_z-ePvg0.roa (raw, json)
Hash identifier:          gQMjNWFHknHqWjiClHplw+oae04KXbyQbF9fSFE9xPI=
Subject key identifier:   C1:69:1C:39:AF:1C:A8:31:91:86:7F:23:FB:5C:7F:CF:E7:8F:BE:0D
Certificate issuer:       /CN=3f3f554b80281dea2a300318aaad6d2d97f1ce44
Certificate serial:       0195563B4630998B5BDB4F5DF79CD602A3D8
Authority key identifier: 3F:3F:55:4B:80:28:1D:EA:2A:30:03:18:AA:AD:6D:2D:97:F1:CE:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/wWkcOa8cqDGRhn8j-1x_z-ePvg0.roa
Signing time:             Sun 02 Mar 2025 09:41:19 +0000
ROA not before:           Sun 02 Mar 2025 09:41:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36680
IP address blocks:        185.224.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:56:3b:46:30:99:8b:5b:db:4f:5d:f7:9c:d6:02:a3:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f3f554b80281dea2a300318aaad6d2d97f1ce44
        Validity
            Not Before: Mar  2 09:41:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1691c39af1ca83191867f23fb5c7fcfe78fbe0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0e:5a:bc:92:e8:a2:0c:18:1a:c0:eb:6f:2b:
                    0a:14:41:17:bd:67:75:a9:88:e3:d4:fb:61:a8:eb:
                    27:f9:ca:43:97:86:8a:b8:3f:38:9b:5b:de:da:aa:
                    fa:fe:27:86:4e:d4:20:ac:9d:dc:f2:9c:17:2d:ff:
                    2f:87:4b:74:7c:9b:f1:9e:f0:10:31:9b:5f:d0:5c:
                    47:01:61:cc:2a:20:fb:5f:ec:e5:b2:65:43:32:eb:
                    18:dc:67:58:fd:2d:0c:7e:95:5e:8b:fd:89:d8:2d:
                    74:00:cd:2b:eb:48:f7:72:a5:7e:14:29:a9:ac:01:
                    0a:de:e2:a0:4d:5e:77:aa:02:98:b3:ca:f2:7d:46:
                    07:de:7d:d6:67:53:58:ad:eb:56:67:6d:d1:95:ff:
                    14:1e:98:0d:ca:8c:1f:b2:5c:01:3b:0b:12:cb:84:
                    1f:b8:93:97:fd:a5:2e:6b:be:a1:21:08:52:86:9d:
                    a3:b4:0d:cd:7a:89:f0:27:f2:7d:10:2d:3f:e8:d9:
                    40:55:f8:12:a2:c2:36:f1:87:7a:65:d1:ff:21:0e:
                    e1:05:fb:69:82:7f:66:35:d1:29:6e:75:47:82:67:
                    54:32:e7:9d:b2:3c:2d:75:0d:52:bc:99:e4:26:8f:
                    f2:7f:9e:d3:0d:19:90:bd:c5:42:0e:af:2c:4a:2c:
                    ca:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:69:1C:39:AF:1C:A8:31:91:86:7F:23:FB:5C:7F:CF:E7:8F:BE:0D
            X509v3 Authority Key Identifier:
                keyid:3F:3F:55:4B:80:28:1D:EA:2A:30:03:18:AA:AD:6D:2D:97:F1:CE:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/wWkcOa8cqDGRhn8j-1x_z-ePvg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/78d528-7cdf-44c0-acdd-f533b8df80a9/1/Pz9VS4AoHeoqMAMYqq1tLZfxzkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:28:6e:58:b7:51:76:6b:bb:40:3c:30:ae:31:5c:9a:fb:a7:
         70:72:bc:20:73:86:ef:8a:88:85:30:43:80:7a:6b:da:55:1b:
         13:e5:dd:e2:7e:15:1b:e6:11:1d:e1:4d:91:fe:ba:35:f3:e1:
         43:af:63:3f:76:90:fc:21:de:0e:fb:c5:90:9a:5a:4a:35:1a:
         95:23:58:df:8c:b0:5f:49:eb:5f:fe:a2:80:d9:7c:e3:4c:e8:
         ea:f6:aa:a7:6b:bc:29:79:13:96:cf:16:08:34:e8:f2:27:50:
         49:4d:b2:75:42:00:76:c7:3a:dc:42:7d:0c:7c:79:4b:14:3d:
         e6:62:0f:96:3b:44:e9:12:a5:fe:fd:48:5e:2f:3b:0f:8d:e4:
         de:fa:9d:c8:be:b6:aa:f9:1a:b5:07:89:62:4b:b3:cb:ca:39:
         d5:a2:39:99:19:44:45:87:75:e9:86:84:67:a9:a8:96:45:1a:
         f9:b2:74:ad:51:db:74:03:e1:ff:35:17:59:e0:76:2f:8f:cd:
         48:81:2a:cf:32:75:f3:85:95:0d:ba:ae:a4:f6:5c:51:84:2b:
         41:f5:2b:32:48:b3:f4:85:29:39:b9:50:be:83:62:b4:4e:a3:
         c3:f0:3e:9f:9e:c1:e8:d0:a0:e3:f3:62:a8:1a:5c:d6:c9:67:
         ec:29:0d:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVWO0YwmYtb209d95zWAqPYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmM2Y1NTRiODAyODFkZWEyYTMwMDMxOGFhYWQ2ZDJkOTdm
MWNlNDQwHhcNMjUwMzAyMDk0MTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTY5MWMzOWFmMWNhODMxOTE4NjdmMjNmYjVjN2ZjZmU3OGZiZTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxA5avJLoogwYGsDrbysKFEEXvWd1
qYjj1PthqOsn+cpDl4aKuD84m1ve2qr6/ieGTtQgrJ3c8pwXLf8vh0t0fJvxnvAQ
MZtf0FxHAWHMKiD7X+zlsmVDMusY3GdY/S0MfpVei/2J2C10AM0r60j3cqV+FCmp
rAEK3uKgTV53qgKYs8ryfUYH3n3WZ1NYretWZ23Rlf8UHpgNyowfslwBOwsSy4Qf
uJOX/aUua76hIQhShp2jtA3NeonwJ/J9EC0/6NlAVfgSosI28Yd6ZdH/IQ7hBftp
gn9mNdEpbnVHgmdUMuedsjwtdQ1SvJnkJo/yf57TDRmQvcVCDq8sSizKHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMFpHDmvHKgxkYZ/I/tcf8/nj74NMB8GA1UdIwQY
MBaAFD8/VUuAKB3qKjADGKqtbS2X8c5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHo5VlM0QW9IZW9xTUFNWXFxMXRMWmZ4emtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy83OGQ1MjgtN2NkZi00NGMwLWFjZGQt
ZjUzM2I4ZGY4MGE5LzEvd1drY09hOGNxREdSaG44ai0xeF96LWVQdmcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy83OGQ1MjgtN2NkZi00NGMwLWFjZGQtZjUzM2I4ZGY4MGE5
LzEvUHo5VlM0QW9IZW9xTUFNWXFxMXRMWmZ4emtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueAAMA0G
CSqGSIb3DQEBCwUAA4IBAQAyKG5Yt1F2a7tAPDCuMVya+6dwcrwgc4bvioiFMEOA
emvaVRsT5d3ifhUb5hEd4U2R/ro18+FDr2M/dpD8Id4O+8WQmlpKNRqVI1jfjLBf
Setf/qKA2XzjTOjq9qqna7wpeROWzxYINOjyJ1BJTbJ1QgB2xzrcQn0MfHlLFD3m
Yg+WO0TpEqX+/UheLzsPjeTe+p3Ivraq+Rq1B4liS7PLyjnVojmZGURFh3XphoRn
qaiWRRr5snStUdt0A+H/NRdZ4HYvj81IgSrPMnXzhZUNuq6k9lxRhCtB9SsySLP0
hSk5uVC+g2K0TqPD8D6fnsHo0KDj82KoGlzWyWfsKQ16
-----END CERTIFICATE-----