Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/4WJWIXQl6DfjK6AaWL3Rp2i--vQ.roa
File:                     4WJWIXQl6DfjK6AaWL3Rp2i--vQ.roa (raw, json)
Hash identifier:          KhbbWhBCJSYZ246VIWEuaLq193n7KxuY5H2uWCzNGyM=
Subject key identifier:   E1:62:56:21:74:25:E8:37:E3:2B:A0:1A:58:BD:D1:A7:68:BE:FA:F4
Certificate issuer:       /CN=d44de659759b0274124a7b481d0976840b7ade06
Certificate serial:       0194258F5C1F6E4A50016302C23A5CC7E67B
Authority key identifier: D4:4D:E6:59:75:9B:02:74:12:4A:7B:48:1D:09:76:84:0B:7A:DE:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/4WJWIXQl6DfjK6AaWL3Rp2i--vQ.roa
Signing time:             Thu 02 Jan 2025 05:48:59 +0000
ROA not before:           Thu 02 Jan 2025 05:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205087
IP address blocks:        37.143.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/1E3mWXWbAnQSSntIHQl2hAt63gY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/1E3mWXWbAnQSSntIHQl2hAt63gY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:5c:1f:6e:4a:50:01:63:02:c2:3a:5c:c7:e6:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d44de659759b0274124a7b481d0976840b7ade06
        Validity
            Not Before: Jan  2 05:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e16256217425e837e32ba01a58bdd1a768befaf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:50:5e:33:1a:61:e9:89:3e:43:04:e5:64:02:
                    bc:1c:89:49:8f:b5:73:8b:ac:9b:c6:92:af:13:94:
                    8e:00:3f:34:a1:74:ff:5d:de:df:70:1b:40:12:0c:
                    d3:51:b7:be:63:41:6e:2b:df:7c:ff:98:f8:f0:c0:
                    76:9a:f4:bb:90:ee:44:f1:f7:16:4f:12:92:b9:3b:
                    97:fe:ed:ed:e5:1c:ef:9e:65:e3:1d:ee:42:a5:96:
                    1d:01:1a:10:b6:2d:04:03:3c:2f:ce:b1:de:d1:fd:
                    57:d4:8d:fa:9a:9f:78:bc:87:80:be:cb:8f:07:1f:
                    8e:e1:c4:13:9f:7c:b7:f3:c9:b9:a7:ce:f2:c6:79:
                    17:46:45:8a:bd:2a:b3:21:38:11:33:d4:d6:4c:c5:
                    fc:09:a5:a9:a0:af:fd:a7:ae:55:e3:6b:90:a5:a0:
                    c8:42:e7:ae:ac:d9:5b:6b:2d:d8:d7:a5:e6:a2:d8:
                    0a:ee:01:19:5d:95:cd:d1:94:45:79:a4:63:da:9f:
                    e0:cb:2b:e4:0a:ea:2c:b0:3f:b1:25:fe:c1:56:ff:
                    0b:b3:f8:8a:4d:f3:58:bb:6d:b2:a9:0f:61:b0:53:
                    9f:c9:f1:d5:73:45:35:b3:d6:a4:01:39:5c:99:69:
                    b7:48:b0:ce:8a:03:6d:19:75:44:ee:e1:90:f6:b3:
                    73:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:62:56:21:74:25:E8:37:E3:2B:A0:1A:58:BD:D1:A7:68:BE:FA:F4
            X509v3 Authority Key Identifier:
                keyid:D4:4D:E6:59:75:9B:02:74:12:4A:7B:48:1D:09:76:84:0B:7A:DE:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/4WJWIXQl6DfjK6AaWL3Rp2i--vQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/1E3mWXWbAnQSSntIHQl2hAt63gY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:dc:fc:72:53:cf:4b:aa:57:ed:e8:42:f1:bf:a9:ee:54:ad:
         ba:ca:43:1f:85:e9:cd:57:bc:c2:b4:60:51:c4:5b:ac:6b:a3:
         13:27:ce:96:38:c2:7a:b3:fd:9e:bc:02:c4:fe:97:00:81:ea:
         84:8e:5d:4b:99:2b:90:cb:3f:73:e2:99:31:a2:a3:99:48:de:
         2c:10:26:2b:10:0d:7f:01:64:67:c3:38:8e:29:6e:b9:4e:87:
         de:85:af:72:17:d3:ad:a3:24:28:cd:00:60:23:d5:ea:30:a2:
         d8:3d:6c:a1:b6:0c:6a:b2:c6:43:18:82:cb:84:d2:d2:7c:4f:
         07:16:a1:0b:97:7b:3d:d6:b7:b9:9e:b9:31:74:88:16:26:e1:
         47:c0:eb:28:a3:8d:3a:7d:75:26:c9:25:da:f7:a4:ce:21:f7:
         1f:50:22:93:b5:3e:f3:b8:b7:d0:0c:12:a7:07:ed:cb:a9:71:
         d4:46:3d:d4:dc:ac:10:5e:50:c2:b4:2e:af:e1:87:ab:72:7c:
         cb:81:e9:b6:ef:92:00:8f:1f:f7:fc:32:1b:ad:13:48:6e:d7:
         0b:b9:b2:4f:c8:a9:66:b8:46:f4:52:ca:05:94:b9:f5:05:68:
         a5:c8:38:f1:73:94:5c:60:f2:e1:bf:ad:ac:d5:1b:1c:78:2f:
         4a:cf:24:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj1wfbkpQAWMCwjpcx+Z7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NGRlNjU5NzU5YjAyNzQxMjRhN2I0ODFkMDk3Njg0MGI3
YWRlMDYwHhcNMjUwMTAyMDU0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTYyNTYyMTc0MjVlODM3ZTMyYmEwMWE1OGJkZDFhNzY4YmVmYWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAplBeMxph6Yk+QwTlZAK8HIlJj7Vz
i6ybxpKvE5SOAD80oXT/Xd7fcBtAEgzTUbe+Y0FuK998/5j48MB2mvS7kO5E8fcW
TxKSuTuX/u3t5RzvnmXjHe5CpZYdARoQti0EAzwvzrHe0f1X1I36mp94vIeAvsuP
Bx+O4cQTn3y388m5p87yxnkXRkWKvSqzITgRM9TWTMX8CaWpoK/9p65V42uQpaDI
QueurNlbay3Y16XmotgK7gEZXZXN0ZRFeaRj2p/gyyvkCuossD+xJf7BVv8Ls/iK
TfNYu22yqQ9hsFOfyfHVc0U1s9akATlcmWm3SLDOigNtGXVE7uGQ9rNzOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFiViF0Jeg34yugGli90adovvr0MB8GA1UdIwQY
MBaAFNRN5ll1mwJ0Ekp7SB0JdoQLet4GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUUzbVdYV2JBblFTU250SUhRbDJoQXQ2M2dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy83NTIxNmQtNjg0Yi00N2NjLWE5NWUt
ZGI0ZDM5ZGM0ZWM3LzEvNFdKV0lYUWw2RGZqSzZBYVdMM1JwMmktLXZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy83NTIxNmQtNjg0Yi00N2NjLWE5NWUtZGI0ZDM5ZGM0ZWM3
LzEvMUUzbVdYV2JBblFTU250SUhRbDJoQXQ2M2dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJY+pMA0G
CSqGSIb3DQEBCwUAA4IBAQCa3PxyU89Lqlft6ELxv6nuVK26ykMfhenNV7zCtGBR
xFusa6MTJ86WOMJ6s/2evALE/pcAgeqEjl1LmSuQyz9z4pkxoqOZSN4sECYrEA1/
AWRnwziOKW65Tofeha9yF9OtoyQozQBgI9XqMKLYPWyhtgxqssZDGILLhNLSfE8H
FqELl3s91re5nrkxdIgWJuFHwOsoo406fXUmySXa96TOIfcfUCKTtT7zuLfQDBKn
B+3LqXHURj3U3KwQXlDCtC6v4YercnzLgem275IAjx/3/DIbrRNIbtcLubJPyKlm
uEb0UsoFlLn1BWilyDjxc5RcYPLhv62s1RsceC9KzyRV
-----END CERTIFICATE-----