Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/rkMUgmhsqbXXRN9oFUiXQpZDv8U.roa
File:                     rkMUgmhsqbXXRN9oFUiXQpZDv8U.roa (raw, json)
Hash identifier:          qJePBEGYHTN0gemfII7b2mdoR3N62f9upxA2WFELbiU=
Subject key identifier:   AE:43:14:82:68:6C:A9:B5:D7:44:DF:68:15:48:97:42:96:43:BF:C5
Certificate issuer:       /CN=d7219ec7383fa0610480ddfa62c3f82c400cd56f
Certificate serial:       01982D9B8D1190DB381F3931B760420EB5D2
Authority key identifier: D7:21:9E:C7:38:3F:A0:61:04:80:DD:FA:62:C3:F8:2C:40:0C:D5:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1yGexzg_oGEEgN36YsP4LEAM1W8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/rkMUgmhsqbXXRN9oFUiXQpZDv8U.roa
Signing time:             Mon 21 Jul 2025 15:30:25 +0000
ROA not before:           Mon 21 Jul 2025 15:30:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41000
IP address blocks:        37.61.232.0/21 maxlen: 24
                          37.61.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1yGexzg_oGEEgN36YsP4LEAM1W8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1yGexzg_oGEEgN36YsP4LEAM1W8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1yGexzg_oGEEgN36YsP4LEAM1W8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 18:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2d:9b:8d:11:90:db:38:1f:39:31:b7:60:42:0e:b5:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7219ec7383fa0610480ddfa62c3f82c400cd56f
        Validity
            Not Before: Jul 21 15:30:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae431482686ca9b5d744df68154897429643bfc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e1:5c:c1:c8:be:58:31:5e:56:dc:e6:45:e7:
                    78:d5:6b:9e:11:a7:18:51:29:ab:4f:ef:f2:1b:47:
                    d4:e5:92:c9:82:02:1f:fe:30:05:9d:c0:bb:ca:72:
                    bf:70:97:c4:7c:a7:23:07:f4:7c:f1:00:a7:23:65:
                    c0:49:ec:6f:ea:1e:39:14:f3:77:b9:11:37:80:13:
                    0d:6b:f8:9e:67:12:bb:87:9d:cc:0c:c2:cd:b8:36:
                    86:7c:f0:97:c3:69:8a:ad:57:c1:ce:27:5b:e8:c0:
                    69:88:ef:8f:33:ee:a5:20:0b:97:aa:63:86:00:5d:
                    44:81:39:92:ad:4d:8a:40:2e:02:0d:33:63:b2:a5:
                    9b:e1:43:a0:f4:61:30:3f:59:ad:fa:6a:8b:67:fc:
                    c3:ca:a6:08:4a:29:cf:29:7b:94:fa:cb:27:ee:ab:
                    3d:72:92:76:91:99:39:0b:db:43:fd:3f:34:7c:76:
                    93:6c:4a:3c:31:58:77:6b:03:88:b7:61:74:20:bf:
                    74:80:74:03:49:c4:14:6a:01:86:93:29:2c:73:86:
                    b9:d8:31:84:af:20:b7:d3:a4:e6:75:3e:3c:cc:3c:
                    6a:df:50:81:f4:7e:9d:fe:5d:2a:79:f5:22:80:de:
                    2f:58:c0:77:9a:d2:5d:94:ca:80:5e:9d:a3:12:dc:
                    89:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:43:14:82:68:6C:A9:B5:D7:44:DF:68:15:48:97:42:96:43:BF:C5
            X509v3 Authority Key Identifier:
                keyid:D7:21:9E:C7:38:3F:A0:61:04:80:DD:FA:62:C3:F8:2C:40:0C:D5:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1yGexzg_oGEEgN36YsP4LEAM1W8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/rkMUgmhsqbXXRN9oFUiXQpZDv8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1yGexzg_oGEEgN36YsP4LEAM1W8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.61.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9a:2e:30:01:8c:ea:3a:36:a1:85:b0:aa:5d:48:da:14:e2:c6:
         2e:20:27:7d:d2:7a:43:ed:d4:a2:96:5b:dd:1b:15:90:b1:c7:
         0c:91:78:d0:d0:b2:d2:2c:11:cb:54:01:4b:6f:c7:83:76:ef:
         bc:27:7a:a7:e2:e1:32:64:38:ab:92:92:b9:5c:8b:c1:de:b6:
         78:ef:e8:34:d5:00:77:ad:71:d8:91:6b:9f:87:ea:b8:4e:5b:
         15:1c:3e:dc:25:bc:f9:47:88:6b:de:8e:aa:b8:2d:1c:fc:b1:
         5b:a7:50:40:aa:31:3c:98:fd:f8:4c:b2:ea:23:b4:42:2b:6a:
         19:99:60:a6:ad:ef:7f:eb:cd:aa:2b:ba:94:b2:22:5a:69:5e:
         e6:e9:21:89:0c:02:9e:0e:8e:81:00:64:95:9a:b4:bd:4d:4a:
         b4:9f:86:43:ba:53:d7:74:97:95:27:dc:c0:c8:24:b7:48:aa:
         c3:d5:c9:72:b7:4d:ef:6e:4b:f3:6f:e4:b0:ef:21:8a:50:a8:
         23:7e:8e:b3:2c:75:b3:15:2f:19:b9:c1:ef:c0:06:da:6a:d7:
         38:94:d7:cb:0a:86:e8:f6:ea:db:e4:02:dd:20:a7:2f:40:5f:
         b1:b0:77:0f:bb:9b:42:a2:54:0d:ac:f1:c1:69:53:ae:44:dd:
         14:c6:d8:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgtm40RkNs4Hzkxt2BCDrXSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MjE5ZWM3MzgzZmEwNjEwNDgwZGRmYTYyYzNmODJjNDAw
Y2Q1NmYwHhcNMjUwNzIxMTUzMDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTQzMTQ4MjY4NmNhOWI1ZDc0NGRmNjgxNTQ4OTc0Mjk2NDNiZmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+Fcwci+WDFeVtzmRed41WueEacY
USmrT+/yG0fU5ZLJggIf/jAFncC7ynK/cJfEfKcjB/R88QCnI2XASexv6h45FPN3
uRE3gBMNa/ieZxK7h53MDMLNuDaGfPCXw2mKrVfBzidb6MBpiO+PM+6lIAuXqmOG
AF1EgTmSrU2KQC4CDTNjsqWb4UOg9GEwP1mt+mqLZ/zDyqYISinPKXuU+ssn7qs9
cpJ2kZk5C9tD/T80fHaTbEo8MVh3awOIt2F0IL90gHQDScQUagGGkyksc4a52DGE
ryC306TmdT48zDxq31CB9H6d/l0qefUigN4vWMB3mtJdlMqAXp2jEtyJHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK5DFIJobKm110TfaBVIl0KWQ7/FMB8GA1UdIwQY
MBaAFNchnsc4P6BhBIDd+mLD+CxADNVvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXlHZXh6Z19vR0VFZ04zNllzUDRMRUFNMVc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9mYmZmYmMtYWI4Mi00MDU4LWI4Yjct
ZDBjODJhM2NmNGI2LzEvcmtNVWdtaHNxYlhYUk45b0ZVaVhRcFpEdjhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9mYmZmYmMtYWI4Mi00MDU4LWI4YjctZDBjODJhM2NmNGI2
LzEvMXlHZXh6Z19vR0VFZ04zNllzUDRMRUFNMVc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDJT3oMA0G
CSqGSIb3DQEBCwUAA4IBAQCaLjABjOo6NqGFsKpdSNoU4sYuICd90npD7dSillvd
GxWQsccMkXjQ0LLSLBHLVAFLb8eDdu+8J3qn4uEyZDirkpK5XIvB3rZ47+g01QB3
rXHYkWufh+q4TlsVHD7cJbz5R4hr3o6quC0c/LFbp1BAqjE8mP34TLLqI7RCK2oZ
mWCmre9/682qK7qUsiJaaV7m6SGJDAKeDo6BAGSVmrS9TUq0n4ZDulPXdJeVJ9zA
yCS3SKrD1clyt03vbkvzb+Sw7yGKUKgjfo6zLHWzFS8ZucHvwAbaatc4lNfLCobo
9urb5ALdIKcvQF+xsHcPu5tColQNrPHBaVOuRN0Uxtjy
-----END CERTIFICATE-----