Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/sfUsMcIrItn-6M-6LEpHfM2PmZA.roa
File:                     sfUsMcIrItn-6M-6LEpHfM2PmZA.roa (raw, json)
Hash identifier:          kXBXp2wVH8CqH+KGVUIhNcFki1g+gzcxR7XYL4WqFqA=
Subject key identifier:   B1:F5:2C:31:C2:2B:22:D9:FE:E8:CF:BA:2C:4A:47:7C:CD:8F:99:90
Certificate issuer:       /CN=67e24c7284ef4887e45d4ccd9bde679cd9ab4f00
Certificate serial:       01968B0F7EDB16F83AC36145BCD47A1D5227
Authority key identifier: 67:E2:4C:72:84:EF:48:87:E4:5D:4C:CD:9B:DE:67:9C:D9:AB:4F:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z-JMcoTvSIfkXUzNm95nnNmrTwA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/sfUsMcIrItn-6M-6LEpHfM2PmZA.roa
Signing time:             Thu 01 May 2025 08:56:10 +0000
ROA not before:           Thu 01 May 2025 08:56:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214122
IP address blocks:        45.157.3.0/24 maxlen: 24
                          212.2.248.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/Z-JMcoTvSIfkXUzNm95nnNmrTwA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/Z-JMcoTvSIfkXUzNm95nnNmrTwA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z-JMcoTvSIfkXUzNm95nnNmrTwA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 17:53:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:8b:0f:7e:db:16:f8:3a:c3:61:45:bc:d4:7a:1d:52:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67e24c7284ef4887e45d4ccd9bde679cd9ab4f00
        Validity
            Not Before: May  1 08:56:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1f52c31c22b22d9fee8cfba2c4a477ccd8f9990
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:51:8e:76:8e:eb:6a:41:43:9b:4e:e4:30:67:
                    bc:fb:f7:df:d1:c2:b9:46:b4:fd:fa:38:b4:8c:f5:
                    48:36:b5:3d:74:64:a4:d0:e3:a2:c7:90:eb:79:d5:
                    aa:68:73:85:c0:6c:06:82:ec:62:a4:97:5c:3d:ff:
                    ee:bf:8a:d3:ed:4e:db:b1:c1:2f:a6:d4:c7:df:d3:
                    40:6f:ed:25:93:47:4f:5d:ce:07:be:ef:07:97:e2:
                    81:4b:96:49:5a:e3:af:27:97:fc:74:d8:f4:5e:7f:
                    a0:15:3c:98:c5:5c:cb:b2:78:93:2a:8c:21:72:da:
                    a9:54:78:7b:d4:37:d7:c7:d5:86:f3:bd:ab:33:b0:
                    22:30:78:06:e6:3d:47:76:6d:4a:1d:f5:87:e3:cb:
                    3b:de:95:c6:6b:cf:d3:9b:65:64:b4:af:ab:b3:cb:
                    da:53:87:7e:8d:79:37:69:8b:b1:4d:ac:ba:f1:5b:
                    38:23:41:20:f6:20:ee:14:07:51:4d:f0:1e:e4:07:
                    67:4e:ea:4f:c2:68:3f:9e:4d:7f:0d:67:03:0a:d6:
                    62:6e:07:8c:fb:b7:93:51:b1:51:fa:d1:81:44:7d:
                    74:d3:4c:fc:d6:92:0b:f4:89:77:21:09:22:56:b5:
                    df:96:06:30:7a:39:e2:88:e7:ad:47:f4:1d:c6:71:
                    59:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:F5:2C:31:C2:2B:22:D9:FE:E8:CF:BA:2C:4A:47:7C:CD:8F:99:90
            X509v3 Authority Key Identifier:
                keyid:67:E2:4C:72:84:EF:48:87:E4:5D:4C:CD:9B:DE:67:9C:D9:AB:4F:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z-JMcoTvSIfkXUzNm95nnNmrTwA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/sfUsMcIrItn-6M-6LEpHfM2PmZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/02d3f6-4301-4be5-8c37-0375a9c32b00/1/Z-JMcoTvSIfkXUzNm95nnNmrTwA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.3.0/24
                  212.2.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         91:26:f6:da:ca:33:ec:c4:19:14:73:4b:b3:bd:66:40:a4:9d:
         c5:93:5c:58:0b:d6:19:4b:0a:5e:62:88:af:70:7c:cf:ed:50:
         b2:a5:74:e4:08:70:9d:f2:e3:ac:fd:83:09:b5:35:34:5f:1f:
         49:27:d2:47:48:9f:e5:1a:c5:f0:8e:99:7d:e5:28:6f:85:48:
         f0:ae:c7:6f:8b:9a:08:3b:67:97:fb:94:08:1e:94:60:21:4c:
         8b:e0:3d:99:b6:8a:1b:f7:75:d4:b2:12:0e:55:f6:6b:62:eb:
         7e:c3:7f:7f:fb:f6:80:cc:92:dd:24:55:68:e3:9e:92:0b:4c:
         fe:20:a3:f5:0a:3b:9c:f0:20:f4:0f:c5:50:7d:f8:0d:66:b5:
         86:38:04:df:14:2a:b9:3f:2b:a0:fd:d4:a4:e7:bc:b4:6f:23:
         e7:1d:84:f8:df:3b:98:b6:73:90:28:10:ea:a4:c0:06:bf:e8:
         7d:6d:f1:46:3e:be:58:55:d7:7a:cd:e3:17:d4:8b:5c:72:76:
         b0:b0:a0:33:60:bc:7b:6f:8d:a9:71:8b:a8:35:2f:86:d2:2c:
         2a:c8:70:e0:b2:11:15:c9:15:af:36:8c:5d:11:40:43:fa:a0:
         0e:0a:24:6b:9a:d1:80:10:d7:8b:c1:d1:3c:84:52:27:94:cc:
         98:03:a5:1c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZaLD37bFvg6w2FFvNR6HVInMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZTI0YzcyODRlZjQ4ODdlNDVkNGNjZDliZGU2NzljZDlh
YjRmMDAwHhcNMjUwNTAxMDg1NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWY1MmMzMWMyMmIyMmQ5ZmVlOGNmYmEyYzRhNDc3Y2NkOGY5OTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFGOdo7rakFDm07kMGe8+/ff0cK5
RrT9+ji0jPVINrU9dGSk0OOix5DredWqaHOFwGwGguxipJdcPf/uv4rT7U7bscEv
ptTH39NAb+0lk0dPXc4Hvu8Hl+KBS5ZJWuOvJ5f8dNj0Xn+gFTyYxVzLsniTKowh
ctqpVHh71DfXx9WG872rM7AiMHgG5j1Hdm1KHfWH48s73pXGa8/Tm2VktK+rs8va
U4d+jXk3aYuxTay68Vs4I0Eg9iDuFAdRTfAe5AdnTupPwmg/nk1/DWcDCtZibgeM
+7eTUbFR+tGBRH1000z81pIL9Il3IQkiVrXflgYwejniiOetR/QdxnFZlwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLH1LDHCKyLZ/ujPuixKR3zNj5mQMB8GA1UdIwQY
MBaAFGfiTHKE70iH5F1MzZveZ5zZq08AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWi1KTWNvVHZTSWZrWFV6Tm05NW5uTm1yVHdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8wMmQzZjYtNDMwMS00YmU1LThjMzct
MDM3NWE5YzMyYjAwLzEvc2ZVc01jSXJJdG4tNk0tNkxFcEhmTTJQbVpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8wMmQzZjYtNDMwMS00YmU1LThjMzctMDM3NWE5YzMyYjAw
LzEvWi1KTWNvVHZTSWZrWFV6Tm05NW5uTm1yVHdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZ0DAwQD
1AL4MA0GCSqGSIb3DQEBCwUAA4IBAQCRJvbayjPsxBkUc0uzvWZApJ3Fk1xYC9YZ
SwpeYoivcHzP7VCypXTkCHCd8uOs/YMJtTU0Xx9JJ9JHSJ/lGsXwjpl95ShvhUjw
rsdvi5oIO2eX+5QIHpRgIUyL4D2Ztoob93XUshIOVfZrYut+w39/+/aAzJLdJFVo
456SC0z+IKP1Cjuc8CD0D8VQffgNZrWGOATfFCq5Pyug/dSk57y0byPnHYT43zuY
tnOQKBDqpMAGv+h9bfFGPr5YVdd6zeMX1ItccnawsKAzYLx7b42pcYuoNS+G0iwq
yHDgshEVyRWvNoxdEUBD+qAOCiRrmtGAENeLwdE8hFInlMyYA6Uc
-----END CERTIFICATE-----