Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/TQTaN9R3PROnWSlPAnOimZ3OkV0.roa
File:                     TQTaN9R3PROnWSlPAnOimZ3OkV0.roa (raw, json)
Hash identifier:          6MvOdY9qe95Xeb6bYl6JjgUIxMzjpmO+qyLURJWgUDA=
Subject key identifier:   4D:04:DA:37:D4:77:3D:13:A7:59:29:4F:02:73:A2:99:9D:CE:91:5D
Certificate issuer:       /CN=36e7cfdd129193e219c370121ca16250e429b58b
Certificate serial:       01941FFA6EEC951FE62E62298FD9C145A33C
Authority key identifier: 36:E7:CF:DD:12:91:93:E2:19:C3:70:12:1C:A1:62:50:E4:29:B5:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NufP3RKRk-IZw3ASHKFiUOQptYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/TQTaN9R3PROnWSlPAnOimZ3OkV0.roa
Signing time:             Wed 01 Jan 2025 03:48:13 +0000
ROA not before:           Wed 01 Jan 2025 03:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        185.206.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/NufP3RKRk-IZw3ASHKFiUOQptYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/NufP3RKRk-IZw3ASHKFiUOQptYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NufP3RKRk-IZw3ASHKFiUOQptYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:6e:ec:95:1f:e6:2e:62:29:8f:d9:c1:45:a3:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36e7cfdd129193e219c370121ca16250e429b58b
        Validity
            Not Before: Jan  1 03:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d04da37d4773d13a759294f0273a2999dce915d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:fd:b9:a7:a6:bf:bb:f3:72:09:f1:e0:be:8c:
                    9b:39:1e:77:7f:cb:cc:f7:6d:73:77:b3:1c:b4:fb:
                    10:45:94:96:fc:85:30:45:51:22:ad:f6:c4:50:e2:
                    16:5e:6e:d4:64:eb:d9:44:e1:55:1e:12:af:92:4a:
                    1d:aa:1d:79:05:88:28:2b:7a:cc:7a:46:30:74:77:
                    b7:19:f9:bc:92:25:df:62:c3:ce:2d:82:9c:4e:5d:
                    c9:91:46:d6:57:4f:6c:83:29:48:6a:89:68:79:2c:
                    26:68:0f:21:c7:19:ba:db:af:6a:a1:04:0f:ed:5c:
                    fb:ef:a8:d1:f6:d6:bb:df:8e:33:55:b1:9c:b4:b4:
                    bd:e5:e3:a2:4c:c7:f6:7b:d6:4d:61:3a:3d:c1:1f:
                    ac:05:f6:8d:62:7a:4b:b5:df:f4:f6:61:ac:72:62:
                    6b:d3:a5:79:15:c2:e9:e4:3f:32:8a:88:8b:45:d8:
                    0a:78:2b:fd:67:b2:73:70:b0:08:4c:95:d3:03:83:
                    02:c9:2e:9f:e3:2d:65:ec:1c:9b:39:af:da:2e:9a:
                    67:cd:d1:e5:ce:40:4e:5d:2d:6f:ea:45:b6:58:e7:
                    99:87:c3:50:76:4a:26:ea:4a:7f:e6:73:ad:ef:99:
                    81:7e:63:c7:72:de:e9:a2:70:ae:ae:dd:a2:b8:d6:
                    80:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:04:DA:37:D4:77:3D:13:A7:59:29:4F:02:73:A2:99:9D:CE:91:5D
            X509v3 Authority Key Identifier:
                keyid:36:E7:CF:DD:12:91:93:E2:19:C3:70:12:1C:A1:62:50:E4:29:B5:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NufP3RKRk-IZw3ASHKFiUOQptYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/TQTaN9R3PROnWSlPAnOimZ3OkV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3555e0-9443-4e63-a89b-dd17bfd67cd3/1/NufP3RKRk-IZw3ASHKFiUOQptYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:b4:db:03:e0:5e:34:04:9e:b0:3f:79:72:73:a3:5e:bb:b9:
         78:9b:ae:21:2a:bf:38:c6:68:16:c9:3b:06:6d:d9:af:ff:61:
         fe:24:bd:25:b4:de:b9:b0:0f:2e:4a:6b:a5:18:d4:5e:a8:29:
         3e:c1:a4:ea:2d:3c:34:eb:6f:cd:bd:14:6a:a1:11:60:f7:3d:
         05:41:63:af:e4:45:20:20:88:b0:f2:1d:3f:90:f6:c1:60:2c:
         10:48:a1:9f:73:4c:6e:8c:0b:5b:96:7b:4f:47:e6:fa:f2:c8:
         94:7b:21:83:43:a8:0e:11:3c:5e:94:84:8b:54:1f:1b:16:ee:
         66:d9:aa:aa:cf:cb:8a:8f:22:f7:53:dc:94:03:90:59:30:64:
         db:28:13:64:f6:17:6e:7a:f8:6b:3b:44:59:e7:9f:0d:bd:0a:
         42:2f:89:fd:c6:42:4b:c1:e8:27:01:3e:9d:b2:17:97:d6:18:
         bd:75:61:86:dc:3b:da:27:17:e9:4a:bf:59:73:8a:cf:cd:2c:
         0c:f6:17:9e:04:be:19:6f:37:9a:92:62:70:08:bf:97:87:a9:
         aa:1b:cf:d6:26:87:13:eb:4f:11:a3:5f:a0:95:a3:29:cc:bd:
         87:41:5e:a0:5e:36:22:3b:97:92:2e:00:7c:8b:6c:f2:01:3f:
         37:95:e9:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+m7slR/mLmIpj9nBRaM8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ZTdjZmRkMTI5MTkzZTIxOWMzNzAxMjFjYTE2MjUwZTQy
OWI1OGIwHhcNMjUwMTAxMDM0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDA0ZGEzN2Q0NzczZDEzYTc1OTI5NGYwMjczYTI5OTlkY2U5MTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2P25p6a/u/NyCfHgvoybOR53f8vM
921zd7MctPsQRZSW/IUwRVEirfbEUOIWXm7UZOvZROFVHhKvkkodqh15BYgoK3rM
ekYwdHe3Gfm8kiXfYsPOLYKcTl3JkUbWV09sgylIaoloeSwmaA8hxxm6269qoQQP
7Vz776jR9ta7344zVbGctLS95eOiTMf2e9ZNYTo9wR+sBfaNYnpLtd/09mGscmJr
06V5FcLp5D8yioiLRdgKeCv9Z7JzcLAITJXTA4MCyS6f4y1l7BybOa/aLppnzdHl
zkBOXS1v6kW2WOeZh8NQdkom6kp/5nOt75mBfmPHct7ponCurt2iuNaAuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE0E2jfUdz0Tp1kpTwJzopmdzpFdMB8GA1UdIwQY
MBaAFDbnz90SkZPiGcNwEhyhYlDkKbWLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnVmUDNSS1JrLUladzNBU0hLRmlVT1FwdFlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zNTU1ZTAtOTQ0My00ZTYzLWE4OWIt
ZGQxN2JmZDY3Y2QzLzEvVFFUYU45UjNQUk9uV1NsUEFuT2ltWjNPa1YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zNTU1ZTAtOTQ0My00ZTYzLWE4OWItZGQxN2JmZDY3Y2Qz
LzEvTnVmUDNSS1JrLUladzNBU0hLRmlVT1FwdFlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc7kMA0G
CSqGSIb3DQEBCwUAA4IBAQCXtNsD4F40BJ6wP3lyc6Neu7l4m64hKr84xmgWyTsG
bdmv/2H+JL0ltN65sA8uSmulGNReqCk+waTqLTw062/NvRRqoRFg9z0FQWOv5EUg
IIiw8h0/kPbBYCwQSKGfc0xujAtblntPR+b68siUeyGDQ6gOETxelISLVB8bFu5m
2aqqz8uKjyL3U9yUA5BZMGTbKBNk9hduevhrO0RZ558NvQpCL4n9xkJLwegnAT6d
sheX1hi9dWGG3DvaJxfpSr9Zc4rPzSwM9heeBL4ZbzeakmJwCL+Xh6mqG8/WJocT
608Ro1+glaMpzL2HQV6gXjYiO5eSLgB8i2zyAT83lelH
-----END CERTIFICATE-----