Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/3jf0qN8pQHNEeZXSK9GB9T1D4_E.roa
File:                     3jf0qN8pQHNEeZXSK9GB9T1D4_E.roa (raw, json)
Hash identifier:          DRAm1n/nD8B8BQj+jf77wLhiQpGtxWx72r8uwhAFjaU=
Subject key identifier:   DE:37:F4:A8:DF:29:40:73:44:79:95:D2:2B:D1:81:F5:3D:43:E3:F1
Certificate issuer:       /CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
Certificate serial:       0198842EDA24C283A451C70211483912CE82
Authority key identifier: 1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/3jf0qN8pQHNEeZXSK9GB9T1D4_E.roa
Signing time:             Thu 07 Aug 2025 10:58:39 +0000
ROA not before:           Thu 07 Aug 2025 10:58:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197537
IP address blocks:        45.156.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:84:2e:da:24:c2:83:a4:51:c7:02:11:48:39:12:ce:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
        Validity
            Not Before: Aug  7 10:58:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de37f4a8df294073447995d22bd181f53d43e3f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e0:b1:6f:e0:87:db:ac:cb:cd:9a:99:8a:e5:
                    a5:da:91:e7:e6:2a:87:bf:bc:35:47:23:0c:13:ef:
                    11:e0:17:a0:cd:96:82:e2:78:89:44:48:14:7f:fa:
                    56:e5:28:76:2f:c3:6b:33:9a:46:80:0e:8b:43:25:
                    bc:0f:a3:c0:97:d4:e6:e1:30:d8:3a:3a:c2:dd:ba:
                    34:60:eb:67:d6:52:02:23:e5:79:0b:67:86:3d:0f:
                    43:7f:19:d5:41:34:0c:95:10:64:9f:38:b9:77:b4:
                    77:dc:3b:b1:87:37:1a:72:33:ea:dc:a3:da:24:ba:
                    13:18:70:3a:e9:25:5b:67:50:32:16:f7:08:59:c0:
                    c3:4e:03:b9:65:36:ad:40:3c:8e:2b:16:d7:b0:d1:
                    3a:8a:9a:24:f4:27:95:db:94:9d:af:37:00:c0:20:
                    23:dc:c8:ef:6b:7c:19:85:10:68:a2:fe:c5:ad:14:
                    14:13:84:cc:70:42:bd:0c:d3:b3:f1:c8:d5:56:a8:
                    e0:f7:f0:df:7a:d2:8c:ee:a0:5a:9e:c3:9f:97:57:
                    02:8e:82:99:e3:2b:e5:37:a3:99:b4:45:bc:de:b4:
                    10:bb:b3:a9:5e:7b:73:ca:df:39:66:51:29:2d:23:
                    1e:10:ed:9e:fb:57:aa:af:7b:26:05:4d:fd:00:79:
                    4b:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:37:F4:A8:DF:29:40:73:44:79:95:D2:2B:D1:81:F5:3D:43:E3:F1
            X509v3 Authority Key Identifier:
                keyid:1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/3jf0qN8pQHNEeZXSK9GB9T1D4_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:41:9d:5e:82:93:b5:c3:ff:7a:73:05:f2:7f:2b:0c:11:bb:
         d4:97:ca:1e:35:c0:e8:1e:c1:59:fc:cf:0f:ff:42:08:a5:75:
         7f:d1:9a:e0:07:0b:26:10:df:2c:6f:a3:ce:0a:65:3f:cc:ef:
         c9:03:4a:aa:62:be:08:da:86:b2:dc:2d:ab:ef:ea:54:cb:7b:
         dd:64:3c:dc:d4:60:6f:82:c3:8d:62:3c:7b:8a:9e:21:df:01:
         76:1b:4a:c6:1d:79:ea:e0:de:cd:57:e0:d6:88:31:fa:ff:b0:
         93:1d:f6:33:f7:13:70:ff:d9:1e:20:9e:66:65:97:b9:04:1b:
         cf:87:99:66:5d:f6:f7:fa:f6:ab:8d:83:b0:2d:4a:78:d7:34:
         68:88:db:f6:64:d7:61:dc:cf:37:de:91:d6:13:84:ea:1b:3e:
         8b:50:5f:34:49:8c:df:5d:7c:0a:be:75:a0:b3:63:62:09:15:
         3f:a2:91:86:83:2d:01:98:d0:c6:15:5d:a1:09:b7:82:78:d4:
         bd:e4:59:62:3a:d0:a8:e1:47:cc:c3:f9:f8:20:7b:bd:8c:b5:
         8b:79:8c:78:9a:70:85:15:9c:e0:f1:fa:b1:fc:8b:e7:6b:51:
         77:99:9c:02:03:9f:97:40:3d:46:fb:bb:eb:b5:94:e0:93:67:
         5a:31:94:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiELtokwoOkUccCEUg5Es6CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhN2YwMzZlMjU5MjM5MWZiNDVhM2RkMzNjYWYwYjA3OTU2
OTczY2YwHhcNMjUwODA3MTA1ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTM3ZjRhOGRmMjk0MDczNDQ3OTk1ZDIyYmQxODFmNTNkNDNlM2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOCxb+CH26zLzZqZiuWl2pHn5iqH
v7w1RyMME+8R4BegzZaC4niJREgUf/pW5Sh2L8NrM5pGgA6LQyW8D6PAl9Tm4TDY
OjrC3bo0YOtn1lICI+V5C2eGPQ9DfxnVQTQMlRBknzi5d7R33DuxhzcacjPq3KPa
JLoTGHA66SVbZ1AyFvcIWcDDTgO5ZTatQDyOKxbXsNE6ipok9CeV25SdrzcAwCAj
3Mjva3wZhRBoov7FrRQUE4TMcEK9DNOz8cjVVqjg9/DfetKM7qBansOfl1cCjoKZ
4yvlN6OZtEW83rQQu7OpXntzyt85ZlEpLSMeEO2e+1eqr3smBU39AHlLXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN439KjfKUBzRHmV0ivRgfU9Q+PxMB8GA1UdIwQY
MBaAFBp/A24lkjkftFo90zyvCweVaXPPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2It
MzQwZDYyNWM2ZGJhLzEvM2pmMHFOOHBRSE5FZVpYU0s5R0I5VDFENF9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2ItMzQwZDYyNWM2ZGJh
LzEvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZyTMA0G
CSqGSIb3DQEBCwUAA4IBAQBEQZ1egpO1w/96cwXyfysMEbvUl8oeNcDoHsFZ/M8P
/0IIpXV/0ZrgBwsmEN8sb6POCmU/zO/JA0qqYr4I2oay3C2r7+pUy3vdZDzc1GBv
gsONYjx7ip4h3wF2G0rGHXnq4N7NV+DWiDH6/7CTHfYz9xNw/9keIJ5mZZe5BBvP
h5lmXfb3+varjYOwLUp41zRoiNv2ZNdh3M833pHWE4TqGz6LUF80SYzfXXwKvnWg
s2NiCRU/opGGgy0BmNDGFV2hCbeCeNS95FliOtCo4UfMw/n4IHu9jLWLeYx4mnCF
FZzg8fqx/Ivna1F3mZwCA5+XQD1G+7vrtZTgk2daMZTO
-----END CERTIFICATE-----