Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/G9vL664p3gyums3iGir7T1cPZRs.roa
File:                     G9vL664p3gyums3iGir7T1cPZRs.roa (raw, json)
Hash identifier:          YfY1TJlSZKKcFp3XSVPoSG8PXZclf/V23dpeSPZpsKA=
Subject key identifier:   1B:DB:CB:EB:AE:29:DE:0C:AE:9A:CD:E2:1A:2A:FB:4F:57:0F:65:1B
Certificate issuer:       /CN=ca34b13387fab1dcf8b67f16a0a437608600c4c2
Certificate serial:       01956F983233FC1B6F089C135370BF56AE68
Authority key identifier: CA:34:B1:33:87:FA:B1:DC:F8:B6:7F:16:A0:A4:37:60:86:00:C4:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/G9vL664p3gyums3iGir7T1cPZRs.roa
Signing time:             Fri 07 Mar 2025 07:53:20 +0000
ROA not before:           Fri 07 Mar 2025 07:53:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.112.132.0/24 maxlen: 24
                          185.112.133.0/24 maxlen: 24
                          185.112.134.0/24 maxlen: 24
                          185.112.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6f:98:32:33:fc:1b:6f:08:9c:13:53:70:bf:56:ae:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca34b13387fab1dcf8b67f16a0a437608600c4c2
        Validity
            Not Before: Mar  7 07:53:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1bdbcbebae29de0cae9acde21a2afb4f570f651b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:28:58:63:bd:85:19:6b:f5:65:6a:d1:ec:0a:
                    1e:18:04:ae:09:d0:d2:60:22:89:05:28:9c:7f:52:
                    53:b6:40:72:d6:a6:a8:79:51:1a:2c:5d:0f:90:4c:
                    e6:62:13:8d:22:8e:56:54:99:4d:13:dc:ed:ad:64:
                    b8:01:bd:11:9c:78:b6:e0:c7:d5:83:82:76:9f:6e:
                    fb:77:c6:75:2b:cc:4f:07:10:c7:bc:19:8a:c2:43:
                    9c:fb:ea:cf:8a:eb:40:ff:c1:c7:af:27:e1:4b:3e:
                    b7:c9:f5:59:1b:9a:c0:c1:12:ca:f1:f3:a6:f0:da:
                    af:e3:6b:81:15:c6:cd:e9:cd:db:f7:e7:5c:e4:f8:
                    f1:21:ed:45:ec:74:5b:3b:76:13:49:21:ad:63:2c:
                    9a:f3:b1:43:16:f2:30:d2:56:da:b9:01:f9:25:8b:
                    34:f4:70:15:d7:47:09:15:f9:e4:b0:7e:8b:9f:b3:
                    7b:cc:0d:cb:f7:ac:cf:02:08:48:60:5d:99:e4:11:
                    92:66:9d:66:b1:eb:49:e1:53:ca:2e:47:11:8c:40:
                    0b:46:49:b8:54:8d:4f:fb:75:c3:10:08:83:b4:60:
                    05:8e:c4:0a:99:7f:81:64:e7:37:80:aa:a7:85:a6:
                    fc:c2:67:2e:81:aa:90:1b:c8:d0:9f:00:ed:ea:1d:
                    08:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:DB:CB:EB:AE:29:DE:0C:AE:9A:CD:E2:1A:2A:FB:4F:57:0F:65:1B
            X509v3 Authority Key Identifier:
                keyid:CA:34:B1:33:87:FA:B1:DC:F8:B6:7F:16:A0:A4:37:60:86:00:C4:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/G9vL664p3gyums3iGir7T1cPZRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:f2:cc:1a:6e:89:45:2a:87:2f:6b:38:8e:a0:b1:28:56:90:
         3d:ee:0e:1d:43:ad:39:f8:c9:78:c6:76:c1:fd:30:88:f8:c0:
         27:ea:eb:5e:35:ca:60:5e:87:b2:c2:29:42:d1:d2:89:a8:51:
         cc:ac:27:0d:f6:d1:4f:c6:d6:99:68:c7:ef:79:2c:34:d8:e6:
         71:07:5c:d3:17:b2:eb:ae:76:7a:5a:55:91:8c:f1:16:58:c3:
         54:d6:5b:31:d5:21:e6:80:71:24:a9:71:73:c0:15:0f:3e:2b:
         85:6b:f8:63:17:39:e4:35:c6:22:6e:50:99:0e:60:f8:20:ea:
         94:1c:2d:0a:51:f0:36:5b:97:02:2d:30:19:34:5e:9d:6b:8e:
         4a:52:e5:da:62:d0:cf:47:4f:75:de:25:bf:1d:8d:4a:b2:61:
         20:2c:02:98:6d:35:cb:4f:8d:8d:b7:9b:8e:de:bf:de:1e:75:
         3f:62:d4:1a:08:cb:f3:3c:07:9e:94:3c:b4:fe:1e:c5:45:46:
         49:6e:38:19:0e:15:1d:3b:a0:05:e7:a3:ff:18:d6:2d:33:ad:
         f7:46:69:7d:2c:30:de:8c:c5:17:30:71:33:d8:58:f2:47:76:
         8f:53:96:20:c4:4e:92:73:20:be:78:8d:26:d3:64:3b:d7:ec:
         7e:4b:f0:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVvmDIz/BtvCJwTU3C/Vq5oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhMzRiMTMzODdmYWIxZGNmOGI2N2YxNmEwYTQzNzYwODYw
MGM0YzIwHhcNMjUwMzA3MDc1MzIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmRiY2JlYmFlMjlkZTBjYWU5YWNkZTIxYTJhZmI0ZjU3MGY2NTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtShYY72FGWv1ZWrR7AoeGASuCdDS
YCKJBSicf1JTtkBy1qaoeVEaLF0PkEzmYhONIo5WVJlNE9ztrWS4Ab0RnHi24MfV
g4J2n277d8Z1K8xPBxDHvBmKwkOc++rPiutA/8HHryfhSz63yfVZG5rAwRLK8fOm
8Nqv42uBFcbN6c3b9+dc5PjxIe1F7HRbO3YTSSGtYyya87FDFvIw0lbauQH5JYs0
9HAV10cJFfnksH6Ln7N7zA3L96zPAghIYF2Z5BGSZp1msetJ4VPKLkcRjEALRkm4
VI1P+3XDEAiDtGAFjsQKmX+BZOc3gKqnhab8wmcugaqQG8jQnwDt6h0IOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvby+uuKd4MrprN4hoq+09XD2UbMB8GA1UdIwQY
MBaAFMo0sTOH+rHc+LZ/FqCkN2CGAMTCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWpTeE00ZjZzZHo0dG44V29LUTNZSVlBeE1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8xMTdjYTMtYjYwMy00ZGI4LTk2MjYt
MDQwNTIzNGFiM2YxLzEvRzl2TDY2NHAzZ3l1bXMzaUdpcjdUMWNQWlJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8xMTdjYTMtYjYwMy00ZGI4LTk2MjYtMDQwNTIzNGFiM2Yx
LzEveWpTeE00ZjZzZHo0dG44V29LUTNZSVlBeE1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXCEMA0G
CSqGSIb3DQEBCwUAA4IBAQA/8swabolFKocvaziOoLEoVpA97g4dQ605+Ml4xnbB
/TCI+MAn6uteNcpgXoeywilC0dKJqFHMrCcN9tFPxtaZaMfveSw02OZxB1zTF7Lr
rnZ6WlWRjPEWWMNU1lsx1SHmgHEkqXFzwBUPPiuFa/hjFznkNcYiblCZDmD4IOqU
HC0KUfA2W5cCLTAZNF6da45KUuXaYtDPR0913iW/HY1KsmEgLAKYbTXLT42Nt5uO
3r/eHnU/YtQaCMvzPAeelDy0/h7FRUZJbjgZDhUdO6AF56P/GNYtM633Rml9LDDe
jMUXMHEz2FjyR3aPU5YgxE6ScyC+eI0m02Q71+x+S/AP
-----END CERTIFICATE-----