Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/b314cb-62b5-4fa6-b445-cbfba459d8f7/1/c_4VrUZIMtuPlYj4DhW8ouhaRQw.roa
File:                     c_4VrUZIMtuPlYj4DhW8ouhaRQw.roa (raw, json)
Hash identifier:          3ElLAVX1FXo1T4VYhDu+QaMztPbJUQVgeIUdwTADFRI=
Subject key identifier:   73:FE:15:AD:46:48:32:DB:8F:95:88:F8:0E:15:BC:A2:E8:5A:45:0C
Certificate issuer:       /CN=741736f657221fc134316323b0740585a9c1b20c
Certificate serial:       019424B3F04F149764BB8AAB931BFDFF7AB0
Authority key identifier: 74:17:36:F6:57:22:1F:C1:34:31:63:23:B0:74:05:85:A9:C1:B2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dBc29lciH8E0MWMjsHQFhanBsgw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/b314cb-62b5-4fa6-b445-cbfba459d8f7/1/c_4VrUZIMtuPlYj4DhW8ouhaRQw.roa
Signing time:             Thu 02 Jan 2025 01:49:19 +0000
ROA not before:           Thu 02 Jan 2025 01:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61079
IP address blocks:        185.19.164.0/23 maxlen: 24
                          185.19.166.0/23 maxlen: 24
                          2a04:1240::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/b314cb-62b5-4fa6-b445-cbfba459d8f7/1/dBc29lciH8E0MWMjsHQFhanBsgw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/b314cb-62b5-4fa6-b445-cbfba459d8f7/1/dBc29lciH8E0MWMjsHQFhanBsgw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dBc29lciH8E0MWMjsHQFhanBsgw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 10:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:f0:4f:14:97:64:bb:8a:ab:93:1b:fd:ff:7a:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=741736f657221fc134316323b0740585a9c1b20c
        Validity
            Not Before: Jan  2 01:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=73fe15ad464832db8f9588f80e15bca2e85a450c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:01:60:21:ff:72:9d:cd:03:1f:97:73:c9:c3:
                    25:dd:21:e5:f0:1e:d9:28:55:a2:cf:c5:bf:2a:bd:
                    ea:5b:47:34:83:68:a8:7f:c9:7e:83:4d:9f:51:cb:
                    93:dc:42:2b:ed:a6:c4:a3:06:cd:fa:e7:8f:7f:c0:
                    b4:84:6f:d0:0a:3c:9b:dc:bb:bc:26:7a:c9:74:ab:
                    f7:61:d6:19:a6:2a:0a:d4:89:06:d2:6f:ca:42:83:
                    b0:72:29:5e:ae:bf:d0:af:49:08:2b:2c:d6:88:96:
                    e8:dc:d9:4d:b5:2c:32:8f:93:b6:95:cb:96:9a:63:
                    0d:3d:5f:32:58:ec:f1:3d:98:36:54:37:90:bd:07:
                    35:5f:2e:8d:79:22:0f:20:1f:8e:1d:3f:22:74:92:
                    ae:c4:2a:94:73:1d:3b:06:e9:32:80:ef:7d:c2:7a:
                    66:18:e2:f5:d4:39:bb:35:24:75:67:d8:e3:7a:6e:
                    23:c6:6f:a0:d4:9d:ea:56:d4:c2:d5:27:0e:f9:18:
                    5d:33:ff:ab:d7:46:b8:17:8e:b4:17:9f:6a:8b:79:
                    64:84:6e:0a:26:7a:50:83:a5:84:69:fe:e3:79:4b:
                    7f:54:b5:2e:7a:ee:9c:b6:45:1a:c3:9e:ec:b4:c1:
                    e7:d9:db:be:4b:9b:27:40:81:48:77:52:d8:ed:25:
                    07:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:FE:15:AD:46:48:32:DB:8F:95:88:F8:0E:15:BC:A2:E8:5A:45:0C
            X509v3 Authority Key Identifier:
                keyid:74:17:36:F6:57:22:1F:C1:34:31:63:23:B0:74:05:85:A9:C1:B2:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dBc29lciH8E0MWMjsHQFhanBsgw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/b314cb-62b5-4fa6-b445-cbfba459d8f7/1/c_4VrUZIMtuPlYj4DhW8ouhaRQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/b314cb-62b5-4fa6-b445-cbfba459d8f7/1/dBc29lciH8E0MWMjsHQFhanBsgw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.164.0/22
                IPv6:
                  2a04:1240::/29

    Signature Algorithm: sha256WithRSAEncryption
         51:a3:60:27:1d:bc:a5:62:35:f1:2f:ab:2a:8f:42:16:84:9d:
         82:43:eb:7b:14:a8:af:61:39:a4:14:34:a4:d2:d4:fd:24:b8:
         90:02:a0:a6:c4:4c:eb:74:ba:b0:00:a7:64:07:67:70:3e:31:
         18:3f:4a:5d:77:6c:9b:bd:6e:e4:70:23:c5:46:f6:c6:17:d8:
         ef:b8:3f:f3:40:38:a9:bc:cb:01:ce:c8:d9:0a:f2:f1:74:7f:
         50:7a:32:e3:cc:28:82:91:4c:0a:06:39:55:89:0a:8e:1a:cd:
         fe:be:b9:73:d5:18:10:c4:75:90:de:8c:7d:92:46:7b:03:09:
         f2:eb:a7:e5:91:c0:54:07:df:4a:4c:f7:05:19:f9:1d:ab:0e:
         83:87:73:7d:97:b0:db:c7:d0:77:1c:68:f2:2f:ec:cd:33:62:
         c3:fb:80:dd:83:74:da:38:bc:7a:04:c3:2a:26:4a:8f:44:e5:
         63:5f:76:48:c5:f1:72:19:18:a8:45:8d:12:0d:f0:1d:0c:9f:
         d8:22:d8:b1:5c:91:89:66:95:f2:06:13:e5:b9:7b:dd:84:d8:
         d8:1b:ec:9d:58:27:88:ab:32:96:5f:a3:9b:67:11:28:38:98:
         2b:a5:40:a0:8b:8e:13:3d:52:7c:b8:12:49:61:53:ef:5f:6a:
         cc:1d:bb:07
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQks/BPFJdku4qrkxv9/3qwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MTczNmY2NTcyMjFmYzEzNDMxNjMyM2IwNzQwNTg1YTlj
MWIyMGMwHhcNMjUwMTAyMDE0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2ZlMTVhZDQ2NDgzMmRiOGY5NTg4ZjgwZTE1YmNhMmU4NWE0NTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwFgIf9ync0DH5dzycMl3SHl8B7Z
KFWiz8W/Kr3qW0c0g2iof8l+g02fUcuT3EIr7abEowbN+uePf8C0hG/QCjyb3Lu8
JnrJdKv3YdYZpioK1IkG0m/KQoOwcilerr/Qr0kIKyzWiJbo3NlNtSwyj5O2lcuW
mmMNPV8yWOzxPZg2VDeQvQc1Xy6NeSIPIB+OHT8idJKuxCqUcx07BukygO99wnpm
GOL11Dm7NSR1Z9jjem4jxm+g1J3qVtTC1ScO+RhdM/+r10a4F460F59qi3lkhG4K
JnpQg6WEaf7jeUt/VLUueu6ctkUaw57stMHn2du+S5snQIFId1LY7SUHqQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHP+Fa1GSDLbj5WI+A4VvKLoWkUMMB8GA1UdIwQY
MBaAFHQXNvZXIh/BNDFjI7B0BYWpwbIMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEJjMjlsY2lIOEUwTVdNanNIUUZoYW5Cc2d3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9iMzE0Y2ItNjJiNS00ZmE2LWI0NDUt
Y2JmYmE0NTlkOGY3LzEvY180VnJVWklNdHVQbFlqNERoVzhvdWhhUlF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9iMzE0Y2ItNjJiNS00ZmE2LWI0NDUtY2JmYmE0NTlkOGY3
LzEvZEJjMjlsY2lIOEUwTVdNanNIUUZoYW5Cc2d3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuROkMA0E
AgACMAcDBQMqBBJAMA0GCSqGSIb3DQEBCwUAA4IBAQBRo2AnHbylYjXxL6sqj0IW
hJ2CQ+t7FKivYTmkFDSk0tT9JLiQAqCmxEzrdLqwAKdkB2dwPjEYP0pdd2ybvW7k
cCPFRvbGF9jvuD/zQDipvMsBzsjZCvLxdH9QejLjzCiCkUwKBjlViQqOGs3+vrlz
1RgQxHWQ3ox9kkZ7Awny66flkcBUB99KTPcFGfkdqw6Dh3N9l7Dbx9B3HGjyL+zN
M2LD+4Ddg3TaOLx6BMMqJkqPROVjX3ZIxfFyGRioRY0SDfAdDJ/YItixXJGJZpXy
BhPluXvdhNjYG+ydWCeIqzKWX6ObZxEoOJgrpUCgi44TPVJ8uBJJYVPvX2rMHbsH
-----END CERTIFICATE-----