Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/3StlQJLBcPu1qxdEZ3JJOhm1Udg.roa
File:                     3StlQJLBcPu1qxdEZ3JJOhm1Udg.roa (raw, json)
Hash identifier:          iujEO2PTtn9nL8OTjRi898AzV+a2An7SXBq6YG65KaI=
Subject key identifier:   DD:2B:65:40:92:C1:70:FB:B5:AB:17:44:67:72:49:3A:19:B5:51:D8
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       01986379482E5A5CC54F1C95F2C1C56F4B6D
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/3StlQJLBcPu1qxdEZ3JJOhm1Udg.roa
Signing time:             Fri 01 Aug 2025 02:32:29 +0000
ROA not before:           Fri 01 Aug 2025 02:32:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     835
IP address blocks:        92.42.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 18:22:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:63:79:48:2e:5a:5c:c5:4f:1c:95:f2:c1:c5:6f:4b:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Aug  1 02:32:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd2b654092c170fbb5ab17446772493a19b551d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:7e:47:50:b9:b9:1a:c8:a6:86:59:28:78:19:
                    4f:a7:57:5b:75:46:a1:ce:d4:91:e2:c9:c1:6e:54:
                    93:af:1a:b1:95:1c:ba:ee:0d:a5:7e:47:1f:d8:90:
                    f0:27:12:fe:aa:26:05:1c:62:6e:52:e1:92:d2:ae:
                    43:15:6f:ab:49:49:01:89:f9:8a:84:c7:29:2e:9d:
                    7a:82:55:38:7b:97:7d:20:1e:cf:e3:3a:5f:b2:a1:
                    1d:c0:10:2d:05:66:99:21:db:3c:ce:3a:78:03:99:
                    1f:05:7b:c4:04:c0:80:5a:86:12:01:c9:d0:ea:9b:
                    20:f0:d7:5a:6a:01:9f:22:2f:b6:0a:bf:71:6e:28:
                    11:c5:e8:81:2e:7e:b9:6c:ae:5a:fe:e3:15:3f:2b:
                    cd:3a:d1:87:7a:71:b9:e0:4d:c8:38:fd:46:ab:a8:
                    a8:c0:51:ba:60:f1:12:ae:3f:64:56:0d:2e:ab:4f:
                    10:99:85:fe:44:25:95:0d:79:99:d0:cd:55:72:a8:
                    7e:29:f2:69:14:18:01:7e:e0:ee:e8:fd:f9:6a:2d:
                    41:d7:49:a6:27:0d:15:48:78:a7:ec:01:54:1d:c5:
                    fc:0c:0b:88:b1:67:01:b1:79:eb:b7:68:6c:de:1b:
                    c4:c8:7b:07:44:9d:2a:4e:73:07:de:78:45:6d:58:
                    3b:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:2B:65:40:92:C1:70:FB:B5:AB:17:44:67:72:49:3A:19:B5:51:D8
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/3StlQJLBcPu1qxdEZ3JJOhm1Udg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:d2:d9:4d:5c:17:61:f0:2d:71:23:7c:21:2d:82:31:b4:d6:
         66:e6:30:67:aa:20:66:c8:5b:b2:a1:c4:d2:8b:d0:ba:e8:e4:
         f9:e7:6f:b6:b4:38:9c:4e:bb:3d:db:2a:11:38:a9:b2:4d:0a:
         54:ef:25:32:36:f6:08:eb:1a:d4:d3:e4:c8:5b:95:d3:37:7e:
         38:40:c1:43:6e:8c:b0:f4:0d:12:bd:a7:94:a9:02:b1:d7:51:
         3b:79:1a:90:fe:90:3e:32:b6:bd:8c:cc:8d:eb:16:32:06:89:
         10:d3:da:ec:d5:f3:d0:37:4b:2d:62:6c:6c:18:83:66:6d:35:
         78:24:28:0b:59:66:82:44:4d:5f:ab:31:bc:c1:c0:9e:61:37:
         f1:b3:30:09:dd:92:fd:10:c8:13:b5:89:69:92:b7:c3:d4:bc:
         35:a7:47:fd:8d:cb:95:28:8b:09:2b:d7:fc:0e:12:cd:e3:05:
         98:11:83:06:e4:c7:5f:f6:3c:06:01:23:f0:61:0e:f1:01:1b:
         f1:97:50:67:9e:df:04:62:06:77:8a:6f:04:79:c1:bb:d6:1a:
         06:bc:06:2a:6f:c7:52:31:32:30:94:e0:dd:33:5d:38:a0:9b:
         63:20:b6:fb:4c:48:5f:9b:8d:3f:b2:ac:0f:67:07:79:14:f5:
         ed:b6:14:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhjeUguWlzFTxyV8sHFb0ttMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUwODAxMDIzMjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDJiNjU0MDkyYzE3MGZiYjVhYjE3NDQ2NzcyNDkzYTE5YjU1MWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzn5HULm5GsimhlkoeBlPp1dbdUah
ztSR4snBblSTrxqxlRy67g2lfkcf2JDwJxL+qiYFHGJuUuGS0q5DFW+rSUkBifmK
hMcpLp16glU4e5d9IB7P4zpfsqEdwBAtBWaZIds8zjp4A5kfBXvEBMCAWoYSAcnQ
6psg8NdaagGfIi+2Cr9xbigRxeiBLn65bK5a/uMVPyvNOtGHenG54E3IOP1Gq6io
wFG6YPESrj9kVg0uq08QmYX+RCWVDXmZ0M1Vcqh+KfJpFBgBfuDu6P35ai1B10mm
Jw0VSHin7AFUHcX8DAuIsWcBsXnrt2hs3hvEyHsHRJ0qTnMH3nhFbVg7dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN0rZUCSwXD7tasXRGdySToZtVHYMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvM1N0bFFKTEJjUHUxcXhkRVozSkpPaG0xVWRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCrIMA0G
CSqGSIb3DQEBCwUAA4IBAQB60tlNXBdh8C1xI3whLYIxtNZm5jBnqiBmyFuyocTS
i9C66OT552+2tDicTrs92yoROKmyTQpU7yUyNvYI6xrU0+TIW5XTN344QMFDboyw
9A0SvaeUqQKx11E7eRqQ/pA+Mra9jMyN6xYyBokQ09rs1fPQN0stYmxsGINmbTV4
JCgLWWaCRE1fqzG8wcCeYTfxszAJ3ZL9EMgTtYlpkrfD1Lw1p0f9jcuVKIsJK9f8
DhLN4wWYEYMG5Mdf9jwGASPwYQ7xARvxl1Bnnt8EYgZ3im8EecG71hoGvAYqb8dS
MTIwlODdM104oJtjILb7TEhfm40/sqwPZwd5FPXtthRP
-----END CERTIFICATE-----