Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/478977-05bb-43fe-9ead-9cef792a5f6b/1/hGnhNt09WVSvAvlRb80VOz0njRw.roa
File:                     hGnhNt09WVSvAvlRb80VOz0njRw.roa (raw, json)
Hash identifier:          reYotro4wzpVN+aJarCV//yL8yhlq3gQQiQttC9Xbrk=
Subject key identifier:   84:69:E1:36:DD:3D:59:54:AF:02:F9:51:6F:CD:15:3B:3D:27:8D:1C
Certificate issuer:       /CN=c8294a2c0c49dc936cb988b685b3a7d95c8fe0b7
Certificate serial:       0195F115256DCF717659A4C21880B659BFEB
Authority key identifier: C8:29:4A:2C:0C:49:DC:93:6C:B9:88:B6:85:B3:A7:D9:5C:8F:E0:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yClKLAxJ3JNsuYi2hbOn2VyP4Lc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/478977-05bb-43fe-9ead-9cef792a5f6b/1/hGnhNt09WVSvAvlRb80VOz0njRw.roa
Signing time:             Tue 01 Apr 2025 11:20:49 +0000
ROA not before:           Tue 01 Apr 2025 11:20:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34183
IP address blocks:        185.117.40.0/22 maxlen: 22
                          194.48.236.0/22 maxlen: 22
                          2a00:1610::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/478977-05bb-43fe-9ead-9cef792a5f6b/1/yClKLAxJ3JNsuYi2hbOn2VyP4Lc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/478977-05bb-43fe-9ead-9cef792a5f6b/1/yClKLAxJ3JNsuYi2hbOn2VyP4Lc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yClKLAxJ3JNsuYi2hbOn2VyP4Lc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f1:15:25:6d:cf:71:76:59:a4:c2:18:80:b6:59:bf:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8294a2c0c49dc936cb988b685b3a7d95c8fe0b7
        Validity
            Not Before: Apr  1 11:20:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8469e136dd3d5954af02f9516fcd153b3d278d1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7d:3e:46:e5:9c:66:dd:88:d1:dc:a1:5f:b3:
                    33:2e:93:72:42:7e:ee:db:65:82:06:59:aa:11:75:
                    a6:f3:79:08:9a:55:32:82:c8:ca:1d:c2:85:0e:ef:
                    67:b7:6c:3e:87:c4:be:69:08:0d:8e:6c:7e:20:47:
                    2e:75:40:fe:1a:44:db:f5:b1:36:37:50:75:b3:4c:
                    e5:73:fc:2b:de:59:d2:e3:05:2f:7e:26:ab:6a:d3:
                    ab:f6:75:c6:95:6b:11:b8:17:8f:24:42:6b:3b:94:
                    c4:6f:c1:65:c6:43:28:4a:f5:b2:85:35:67:99:65:
                    39:cd:52:9e:59:6d:d9:68:91:9b:88:82:7f:0e:eb:
                    2f:56:52:13:33:f5:8c:2a:cc:dd:c4:85:fe:99:5b:
                    49:bd:d4:33:85:b3:63:bb:96:a2:65:23:9b:cf:1e:
                    8f:6b:d4:fd:56:b5:36:a4:08:90:34:b0:ae:72:b8:
                    4f:b0:ad:74:47:7b:ce:1a:a9:c9:3e:8c:99:a6:18:
                    34:b4:07:ac:b3:4a:1b:b1:54:84:1f:ba:e1:47:36:
                    e7:bc:29:c4:b6:08:52:5c:95:0a:79:51:b1:6c:71:
                    38:7b:e7:4c:79:0d:b8:39:a1:ef:8d:09:bf:26:e8:
                    c8:3e:57:09:15:f3:d3:dd:67:5a:87:20:79:72:7c:
                    78:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:69:E1:36:DD:3D:59:54:AF:02:F9:51:6F:CD:15:3B:3D:27:8D:1C
            X509v3 Authority Key Identifier:
                keyid:C8:29:4A:2C:0C:49:DC:93:6C:B9:88:B6:85:B3:A7:D9:5C:8F:E0:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yClKLAxJ3JNsuYi2hbOn2VyP4Lc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/478977-05bb-43fe-9ead-9cef792a5f6b/1/hGnhNt09WVSvAvlRb80VOz0njRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/478977-05bb-43fe-9ead-9cef792a5f6b/1/yClKLAxJ3JNsuYi2hbOn2VyP4Lc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.40.0/22
                  194.48.236.0/22
                IPv6:
                  2a00:1610::/29

    Signature Algorithm: sha256WithRSAEncryption
         17:02:c5:6a:2a:98:08:26:96:65:83:5e:84:e3:2e:dd:0e:20:
         a9:6d:7d:12:85:b1:ff:26:a4:3d:06:d0:cc:95:c9:43:9e:ca:
         f8:0c:86:48:61:33:2d:bb:95:e0:9f:48:7e:8c:fa:eb:82:78:
         ad:c5:19:2e:91:c0:1c:ff:90:72:57:48:b6:fb:a8:ca:1f:59:
         a7:25:aa:94:af:05:b1:75:ae:18:d5:d2:26:fc:32:91:c1:1a:
         91:26:60:11:24:fe:9e:e7:d9:ec:c5:db:e3:fc:0c:33:a7:b6:
         5c:8b:7b:64:80:fd:98:4d:da:25:48:d8:66:d2:cc:c3:16:5f:
         b1:33:5c:fc:5c:b4:92:80:f2:55:e9:1f:8f:73:f8:03:e5:72:
         93:ab:13:52:19:5a:03:58:a7:93:a6:fc:85:f3:21:42:86:f3:
         ab:3a:23:70:26:b8:51:8f:c1:85:21:df:64:b2:c4:1b:71:bd:
         32:17:69:ef:30:f3:c4:80:5d:61:b5:0c:e6:43:be:80:61:fe:
         01:2b:74:0a:11:1e:85:9a:5f:7f:9b:f7:dc:f4:3a:c9:5d:5c:
         a8:5b:85:e4:2b:29:aa:fb:c0:88:87:c5:a8:42:fc:ea:3f:54:
         c6:85:38:31:c3:84:b5:d6:ec:eb:43:47:37:24:08:50:cc:f5:
         21:3d:ac:94
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZXxFSVtz3F2WaTCGIC2Wb/rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4Mjk0YTJjMGM0OWRjOTM2Y2I5ODhiNjg1YjNhN2Q5NWM4
ZmUwYjcwHhcNMjUwNDAxMTEyMDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDY5ZTEzNmRkM2Q1OTU0YWYwMmY5NTE2ZmNkMTUzYjNkMjc4ZDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArX0+RuWcZt2I0dyhX7MzLpNyQn7u
22WCBlmqEXWm83kImlUygsjKHcKFDu9nt2w+h8S+aQgNjmx+IEcudUD+GkTb9bE2
N1B1s0zlc/wr3lnS4wUvfiaratOr9nXGlWsRuBePJEJrO5TEb8FlxkMoSvWyhTVn
mWU5zVKeWW3ZaJGbiIJ/DusvVlITM/WMKszdxIX+mVtJvdQzhbNju5aiZSObzx6P
a9T9VrU2pAiQNLCucrhPsK10R3vOGqnJPoyZphg0tAess0obsVSEH7rhRzbnvCnE
tghSXJUKeVGxbHE4e+dMeQ24OaHvjQm/JujIPlcJFfPT3WdahyB5cnx4IwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIRp4TbdPVlUrwL5UW/NFTs9J40cMB8GA1UdIwQY
MBaAFMgpSiwMSdyTbLmItoWzp9lcj+C3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUNsS0xBeEozSk5zdVlpMmhiT24yVnlQNExjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC80Nzg5NzctMDViYi00M2ZlLTllYWQt
OWNlZjc5MmE1ZjZiLzEvaEduaE50MDlXVlN2QXZsUmI4MFZPejBualJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC80Nzg5NzctMDViYi00M2ZlLTllYWQtOWNlZjc5MmE1ZjZi
LzEveUNsS0xBeEozSk5zdVlpMmhiT24yVnlQNExjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuXUoAwQC
wjDsMA0EAgACMAcDBQMqABYQMA0GCSqGSIb3DQEBCwUAA4IBAQAXAsVqKpgIJpZl
g16E4y7dDiCpbX0ShbH/JqQ9BtDMlclDnsr4DIZIYTMtu5Xgn0h+jPrrgnitxRku
kcAc/5ByV0i2+6jKH1mnJaqUrwWxda4Y1dIm/DKRwRqRJmARJP6e59nsxdvj/Awz
p7Zci3tkgP2YTdolSNhm0szDFl+xM1z8XLSSgPJV6R+Pc/gD5XKTqxNSGVoDWKeT
pvyF8yFChvOrOiNwJrhRj8GFId9kssQbcb0yF2nvMPPEgF1htQzmQ76AYf4BK3QK
ER6Fml9/m/fc9DrJXVyoW4XkKymq+8CIh8WoQvzqP1TGhTgxw4S11uzrQ0c3JAhQ
zPUhPayU
-----END CERTIFICATE-----