Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/3oJYFvNTUZ4Yq6rRg8VrkFttiaI.roa
File:                     3oJYFvNTUZ4Yq6rRg8VrkFttiaI.roa (raw, json)
Hash identifier:          tVhQhW0ksEUrDXgEzTEf+p/0GWJeaPb4f4uv/8rY1Xg=
Subject key identifier:   DE:82:58:16:F3:53:51:9E:18:AB:AA:D1:83:C5:6B:90:5B:6D:89:A2
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       01963A5C9E41854F3ECCA1CE2DFF7215757F
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/3oJYFvNTUZ4Yq6rRg8VrkFttiaI.roa
Signing time:             Tue 15 Apr 2025 16:51:10 +0000
ROA not before:           Tue 15 Apr 2025 16:51:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213245
IP address blocks:        188.132.211.0/24 maxlen: 24
                          188.132.225.0/24 maxlen: 24
                          212.68.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 07:29:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3a:5c:9e:41:85:4f:3e:cc:a1:ce:2d:ff:72:15:75:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Apr 15 16:51:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de825816f353519e18abaad183c56b905b6d89a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:38:33:51:c3:f6:9e:36:76:5c:28:f6:22:5e:
                    2f:fe:03:99:6e:fa:27:bd:78:f2:a2:c6:1a:78:3b:
                    f7:ca:82:8d:96:7d:7d:82:7b:66:3b:ba:69:95:63:
                    e4:14:5e:7f:76:43:16:bb:3d:b5:df:1c:1a:0f:f2:
                    74:e1:f1:b2:1c:0c:cd:0a:40:0c:f4:29:dd:33:f3:
                    50:c5:1d:e5:b6:b7:b9:9a:42:09:d3:fb:dd:e1:b1:
                    09:f7:4d:bf:21:ae:e6:bc:fc:b6:8b:aa:eb:1c:c1:
                    a2:28:46:f4:9a:9c:f7:e8:c3:4c:43:79:80:16:9c:
                    8e:47:54:70:06:53:82:8b:a4:35:b3:59:5a:26:26:
                    da:7b:90:98:26:33:3c:91:e1:13:fe:85:64:da:08:
                    c7:ca:ed:1e:49:46:0f:7e:37:1f:75:fd:b9:cd:7a:
                    91:76:76:54:19:5d:13:48:39:1d:c5:ef:1b:d8:54:
                    81:7a:57:ae:42:34:36:b1:aa:76:41:80:f3:c8:c5:
                    2e:63:60:10:c3:7f:f9:e3:d1:6e:aa:03:64:f6:4c:
                    1a:92:25:74:fa:1a:5e:11:df:43:bb:8a:88:d5:97:
                    42:fc:aa:f3:fe:6f:61:e4:3f:2e:af:8f:70:f7:02:
                    3d:fe:a2:f6:24:3f:32:30:65:66:ac:0c:9b:23:a0:
                    a3:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:82:58:16:F3:53:51:9E:18:AB:AA:D1:83:C5:6B:90:5B:6D:89:A2
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/3oJYFvNTUZ4Yq6rRg8VrkFttiaI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.132.211.0/24
                  188.132.225.0/24
                  212.68.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:83:5b:c8:f9:42:14:5d:ba:e6:05:4b:df:de:13:99:78:61:
         1a:ce:27:80:af:e1:90:c6:ff:c5:4c:9b:ae:27:53:8a:33:0f:
         4a:e1:88:b2:62:25:2e:4f:6e:3c:91:a6:d9:94:bd:3f:f1:80:
         ae:b3:c0:34:e2:f1:44:6b:a7:ca:4b:11:ca:13:a0:cf:5e:83:
         cc:35:db:0d:44:27:2a:9a:89:9b:99:9d:b6:dd:e5:5b:c3:70:
         84:76:75:f8:fe:74:a6:3d:29:04:b4:97:c5:b9:4b:ba:a5:79:
         fe:43:cf:d2:87:35:2d:70:89:c8:e7:2b:aa:ca:d2:2c:ec:b8:
         59:d6:4a:e9:c5:56:0e:67:aa:99:ad:8c:99:17:6a:55:c6:d1:
         64:13:65:20:db:be:64:1b:84:c9:89:0d:d4:30:6f:3c:48:e8:
         c0:d2:15:fd:dd:da:7e:93:50:bb:0f:3c:98:aa:42:84:4d:36:
         e1:45:6e:13:78:81:ef:29:1b:05:9c:88:06:38:6b:8f:fe:9f:
         fa:4e:dd:b2:28:45:18:21:9b:79:55:86:8f:55:54:78:08:ce:
         98:79:81:64:20:46:41:62:66:96:d4:ba:86:8f:2c:70:c8:90:
         15:d7:5f:6e:71:c5:70:26:cb:17:56:d1:d4:44:65:38:c2:9d:
         82:bc:14:6b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZY6XJ5BhU8+zKHOLf9yFXV/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwNDE1MTY1MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTgyNTgxNmYzNTM1MTllMThhYmFhZDE4M2M1NmI5MDViNmQ4OWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzgzUcP2njZ2XCj2Il4v/gOZbvon
vXjyosYaeDv3yoKNln19gntmO7pplWPkFF5/dkMWuz213xwaD/J04fGyHAzNCkAM
9CndM/NQxR3ltre5mkIJ0/vd4bEJ902/Ia7mvPy2i6rrHMGiKEb0mpz36MNMQ3mA
FpyOR1RwBlOCi6Q1s1laJibae5CYJjM8keET/oVk2gjHyu0eSUYPfjcfdf25zXqR
dnZUGV0TSDkdxe8b2FSBeleuQjQ2sap2QYDzyMUuY2AQw3/549FuqgNk9kwakiV0
+hpeEd9Du4qI1ZdC/Krz/m9h5D8ur49w9wI9/qL2JD8yMGVmrAybI6CjEwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN6CWBbzU1GeGKuq0YPFa5BbbYmiMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvM29KWUZ2TlRVWjRZcTZyUmc4VnJrRnR0aWFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAvITTAwQA
vIThAwQA1EQ4MA0GCSqGSIb3DQEBCwUAA4IBAQBug1vI+UIUXbrmBUvf3hOZeGEa
zieAr+GQxv/FTJuuJ1OKMw9K4YiyYiUuT248kabZlL0/8YCus8A04vFEa6fKSxHK
E6DPXoPMNdsNRCcqmombmZ223eVbw3CEdnX4/nSmPSkEtJfFuUu6pXn+Q8/ShzUt
cInI5yuqytIs7LhZ1krpxVYOZ6qZrYyZF2pVxtFkE2Ug275kG4TJiQ3UMG88SOjA
0hX93dp+k1C7DzyYqkKETTbhRW4TeIHvKRsFnIgGOGuP/p/6Tt2yKEUYIZt5VYaP
VVR4CM6YeYFkIEZBYmaW1LqGjyxwyJAV119uccVwJssXVtHURGU4wp2CvBRr
-----END CERTIFICATE-----