Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/36d6e4-8d77-48d5-afb6-e0ac7263db12/1/3bt8Km81z8fgEHaLeSOeYgfebxU.roa
File:                     3bt8Km81z8fgEHaLeSOeYgfebxU.roa (raw, json)
Hash identifier:          pKoz7jrxy/U6s9br1hGRmLBPhCh8rgMf271vqsN5GJk=
Subject key identifier:   DD:BB:7C:2A:6F:35:CF:C7:E0:10:76:8B:79:23:9E:62:07:DE:6F:15
Certificate issuer:       /CN=3de2681dda00702a7597a71257e14f7a725e890e
Certificate serial:       0198096EBB81E39A3ED1019F6D56110C67E0
Authority key identifier: 3D:E2:68:1D:DA:00:70:2A:75:97:A7:12:57:E1:4F:7A:72:5E:89:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PeJoHdoAcCp1l6cSV-FPenJeiQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/36d6e4-8d77-48d5-afb6-e0ac7263db12/1/3bt8Km81z8fgEHaLeSOeYgfebxU.roa
Signing time:             Mon 14 Jul 2025 14:55:08 +0000
ROA not before:           Mon 14 Jul 2025 14:55:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50799
IP address blocks:        145.43.248.0/24 maxlen: 24
                          145.43.249.0/24 maxlen: 24
                          145.43.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/36d6e4-8d77-48d5-afb6-e0ac7263db12/1/PeJoHdoAcCp1l6cSV-FPenJeiQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/36d6e4-8d77-48d5-afb6-e0ac7263db12/1/PeJoHdoAcCp1l6cSV-FPenJeiQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PeJoHdoAcCp1l6cSV-FPenJeiQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:6e:bb:81:e3:9a:3e:d1:01:9f:6d:56:11:0c:67:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3de2681dda00702a7597a71257e14f7a725e890e
        Validity
            Not Before: Jul 14 14:55:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ddbb7c2a6f35cfc7e010768b79239e6207de6f15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:9e:e3:41:0d:c1:3a:0e:d1:b5:92:04:6f:2f:
                    1f:f0:f3:85:bf:fe:03:34:94:33:d8:80:9c:f3:90:
                    8b:71:29:1a:dd:4e:ff:ef:27:d0:68:52:e5:9f:bd:
                    b6:e1:11:75:6e:ad:ec:e0:3c:d3:cd:56:36:56:69:
                    98:7c:b2:e7:84:2f:8b:8e:c4:f0:aa:00:5b:fc:c1:
                    76:d9:52:07:85:7f:1b:6e:43:47:92:b4:79:d0:58:
                    b5:b4:dc:57:45:1d:a8:1d:00:67:66:19:ab:a7:20:
                    c1:21:e7:3a:a0:25:2e:8b:47:4d:51:b5:62:ff:b6:
                    84:76:56:f6:87:87:3b:e4:fe:19:98:98:1b:26:fc:
                    6f:74:66:51:e5:d2:81:49:07:69:f7:51:13:0a:7c:
                    c7:be:d9:e8:24:ab:33:72:dc:b1:a1:0c:cd:03:1e:
                    e3:60:19:c6:6b:7f:34:52:8b:50:15:41:1f:49:51:
                    13:59:66:08:1d:13:d3:68:32:8e:31:e9:cb:c8:72:
                    96:58:db:3f:34:ba:d6:bf:36:c0:57:90:bc:05:ba:
                    9a:7d:7e:42:47:f3:3d:de:b6:12:20:52:97:14:8f:
                    68:5f:aa:e0:91:3c:71:be:b2:83:15:70:fa:25:f4:
                    c6:26:e6:38:ee:43:13:cd:4d:8a:ac:a8:46:db:3e:
                    2a:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:BB:7C:2A:6F:35:CF:C7:E0:10:76:8B:79:23:9E:62:07:DE:6F:15
            X509v3 Authority Key Identifier:
                keyid:3D:E2:68:1D:DA:00:70:2A:75:97:A7:12:57:E1:4F:7A:72:5E:89:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PeJoHdoAcCp1l6cSV-FPenJeiQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/36d6e4-8d77-48d5-afb6-e0ac7263db12/1/3bt8Km81z8fgEHaLeSOeYgfebxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/36d6e4-8d77-48d5-afb6-e0ac7263db12/1/PeJoHdoAcCp1l6cSV-FPenJeiQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.43.248.0-145.43.250.255

    Signature Algorithm: sha256WithRSAEncryption
         39:9f:d6:eb:81:c1:9a:9a:08:74:3f:7f:06:d2:84:76:21:a2:
         78:77:e0:a8:97:db:04:67:fd:51:db:91:6c:57:14:a5:14:7e:
         09:5d:cd:e0:07:13:ed:10:11:76:1a:15:ec:10:b7:e5:7a:58:
         66:29:58:37:4a:8a:87:3c:6a:d9:a6:f3:87:ec:67:6e:7c:85:
         69:e2:eb:f4:fb:d9:04:df:4a:c6:8a:74:5a:56:ce:a0:d6:19:
         82:30:8c:74:0a:ed:94:bd:07:f5:5c:8d:89:8d:c0:9e:77:56:
         24:01:4b:2c:22:e8:b3:14:bf:b7:1e:a1:5a:67:ce:94:6c:bb:
         30:1a:4d:b7:cc:12:e9:22:a0:82:0d:57:bb:0e:92:74:fb:73:
         63:7c:62:5f:f8:9d:19:de:f5:03:76:8d:a6:2c:b6:ad:f2:8b:
         a1:1a:ac:32:d5:82:2e:3b:8e:9c:6a:34:7d:7a:cb:dc:1f:cf:
         0f:21:fc:5b:3b:4c:99:ce:5e:f8:1a:5a:fd:c5:8c:af:6a:98:
         48:a5:be:54:7b:09:c0:89:d3:d2:62:e0:54:11:ea:b2:ff:37:
         b8:2e:bd:13:b9:da:88:ef:ee:f2:8c:d1:6f:d6:69:58:89:06:
         4a:51:38:0b:9f:57:76:fb:74:4f:7d:52:64:02:ad:0f:70:5b:
         4d:be:16:e1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZgJbruB45o+0QGfbVYRDGfgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZTI2ODFkZGEwMDcwMmE3NTk3YTcxMjU3ZTE0ZjdhNzI1
ZTg5MGUwHhcNMjUwNzE0MTQ1NTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGJiN2MyYTZmMzVjZmM3ZTAxMDc2OGI3OTIzOWU2MjA3ZGU2ZjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZ7jQQ3BOg7RtZIEby8f8POFv/4D
NJQz2ICc85CLcSka3U7/7yfQaFLln7224RF1bq3s4DzTzVY2VmmYfLLnhC+LjsTw
qgBb/MF22VIHhX8bbkNHkrR50Fi1tNxXRR2oHQBnZhmrpyDBIec6oCUui0dNUbVi
/7aEdlb2h4c75P4ZmJgbJvxvdGZR5dKBSQdp91ETCnzHvtnoJKszctyxoQzNAx7j
YBnGa380UotQFUEfSVETWWYIHRPTaDKOMenLyHKWWNs/NLrWvzbAV5C8BbqafX5C
R/M93rYSIFKXFI9oX6rgkTxxvrKDFXD6JfTGJuY47kMTzU2KrKhG2z4qNwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFN27fCpvNc/H4BB2i3kjnmIH3m8VMB8GA1UdIwQY
MBaAFD3iaB3aAHAqdZenElfhT3pyXokOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGVKb0hkb0FjQ3AxbDZjU1YtRlBlbkplaVE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8zNmQ2ZTQtOGQ3Ny00OGQ1LWFmYjYt
ZTBhYzcyNjNkYjEyLzEvM2J0OEttODF6OGZnRUhhTGVTT2VZZ2ZlYnhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8zNmQ2ZTQtOGQ3Ny00OGQ1LWFmYjYtZTBhYzcyNjNkYjEy
LzEvUGVKb0hkb0FjQ3AxbDZjU1YtRlBlbkplaVE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAORK/gD
BACRK/owDQYJKoZIhvcNAQELBQADggEBADmf1uuBwZqaCHQ/fwbShHYhonh34KiX
2wRn/VHbkWxXFKUUfgldzeAHE+0QEXYaFewQt+V6WGYpWDdKioc8atmm84fsZ258
hWni6/T72QTfSsaKdFpWzqDWGYIwjHQK7ZS9B/VcjYmNwJ53ViQBSywi6LMUv7ce
oVpnzpRsuzAaTbfMEukioIINV7sOknT7c2N8Yl/4nRne9QN2jaYstq3yi6EarDLV
gi47jpxqNH16y9wfzw8h/Fs7TJnOXvgaWv3FjK9qmEilvlR7CcCJ09Ji4FQR6rL/
N7guvRO52ojv7vKM0W/WaViJBkpROAufV3b7dE99UmQCrQ9wW02+FuE=
-----END CERTIFICATE-----
Generated at Wed Aug 6 16:17:35 2025 by rpki-client