Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/iI0bCqa5AsHfSwpRPlWuGOoV2Ig.roa
File:                     iI0bCqa5AsHfSwpRPlWuGOoV2Ig.roa (raw, json)
Hash identifier:          CQsrA8oezXXW1nWu5mfdaD+N5ZbUdY1dmA9T/nIwVu4=
Subject key identifier:   88:8D:1B:0A:A6:B9:02:C1:DF:4B:0A:51:3E:55:AE:18:EA:15:D8:88
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019424452E27E44E8A540FD2DC7F0E234705
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/iI0bCqa5AsHfSwpRPlWuGOoV2Ig.roa
Signing time:             Wed 01 Jan 2025 23:48:21 +0000
ROA not before:           Wed 01 Jan 2025 23:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203004
IP address blocks:        185.164.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 08:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:2e:27:e4:4e:8a:54:0f:d2:dc:7f:0e:23:47:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jan  1 23:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=888d1b0aa6b902c1df4b0a513e55ae18ea15d888
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:71:6a:21:7d:35:1a:fc:1f:4b:1c:a1:9a:75:
                    b1:08:be:98:e6:99:41:32:d2:c0:e0:59:aa:26:7c:
                    b4:e8:53:14:7a:07:45:1c:d9:8c:41:d5:48:13:96:
                    3e:bf:69:4b:69:fe:1a:d2:8a:4c:ac:68:1d:76:3b:
                    4d:79:d7:fb:4f:b7:c2:86:9d:ea:94:d6:74:31:93:
                    f0:75:56:a0:67:f9:87:fd:2f:80:6f:f5:d8:5e:f4:
                    b0:b5:d5:26:ff:37:43:b8:0a:12:2e:65:2e:2a:de:
                    23:2c:87:da:7d:78:2a:86:b1:0e:f7:dc:5f:72:23:
                    16:10:f0:d8:27:5b:12:9b:f7:7a:0a:ec:f5:1c:9f:
                    52:4b:28:6c:2d:03:c1:8d:b3:9a:b3:0d:0e:88:fb:
                    fa:a6:06:95:db:2c:15:e0:35:bc:3d:4d:7d:21:c5:
                    55:10:13:48:2a:5a:15:c1:f9:ab:1c:ac:3d:b9:e3:
                    df:1e:37:de:e6:81:93:1f:84:02:b1:ff:32:f4:5c:
                    a2:05:b0:fa:29:25:0d:df:6d:29:7e:f3:0e:62:3e:
                    62:7f:86:d5:e9:a1:b4:7f:bb:22:2c:23:06:f2:77:
                    ab:d5:68:7e:a4:18:aa:bb:6a:31:d0:25:8c:ae:c2:
                    67:f8:c4:c4:47:36:5b:bb:97:35:7b:4d:f9:aa:33:
                    57:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:8D:1B:0A:A6:B9:02:C1:DF:4B:0A:51:3E:55:AE:18:EA:15:D8:88
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/iI0bCqa5AsHfSwpRPlWuGOoV2Ig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:b8:79:a2:97:b7:41:34:e1:1f:38:75:58:ef:09:98:9c:b1:
         4f:b9:12:7c:58:e5:33:25:8e:b5:9f:cd:5a:eb:c2:c2:4c:83:
         fb:43:ce:0b:e5:3b:a4:53:96:df:ca:6b:70:91:9c:52:2c:b9:
         55:40:8b:96:4b:a0:4d:2c:f1:68:17:e0:3b:cf:38:78:ec:d1:
         cc:42:9a:da:8c:d8:40:a6:97:cc:02:fe:84:8d:0f:0e:35:f4:
         5d:b9:ad:c8:60:8a:6f:16:6d:5d:a2:c8:df:f4:2a:a4:f1:1c:
         4d:bf:77:37:dc:5f:1c:0c:a3:eb:e2:c6:1b:cd:8f:62:ef:86:
         e5:f4:36:7a:d0:e2:50:5a:42:a5:56:36:1b:ce:6a:e9:a1:a8:
         f7:56:7c:ed:2c:be:14:61:16:62:31:e6:c5:71:1e:41:59:3a:
         80:89:2e:17:73:10:6a:93:14:a8:c9:10:7d:4b:51:49:a4:6e:
         00:b9:bc:dc:cf:8a:84:5a:fd:73:6c:b6:a5:d1:a6:7e:d0:ab:
         65:e2:8a:a1:cd:93:a5:e3:5f:36:27:25:c6:71:15:12:d7:40:
         7c:11:4e:e9:1a:94:f7:49:a6:2a:6f:b0:71:3c:0a:7b:24:f6:
         03:f5:e6:61:14:ad:df:6a:81:ab:65:11:d9:89:8c:a3:1b:62:
         a6:b2:97:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRS4n5E6KVA/S3H8OI0cFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwMTAxMjM0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODhkMWIwYWE2YjkwMmMxZGY0YjBhNTEzZTU1YWUxOGVhMTVkODg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxHFqIX01GvwfSxyhmnWxCL6Y5plB
MtLA4FmqJny06FMUegdFHNmMQdVIE5Y+v2lLaf4a0opMrGgddjtNedf7T7fChp3q
lNZ0MZPwdVagZ/mH/S+Ab/XYXvSwtdUm/zdDuAoSLmUuKt4jLIfafXgqhrEO99xf
ciMWEPDYJ1sSm/d6Cuz1HJ9SSyhsLQPBjbOasw0OiPv6pgaV2ywV4DW8PU19IcVV
EBNIKloVwfmrHKw9uePfHjfe5oGTH4QCsf8y9FyiBbD6KSUN320pfvMOYj5if4bV
6aG0f7siLCMG8ner1Wh+pBiqu2ox0CWMrsJn+MTERzZbu5c1e035qjNX1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIiNGwqmuQLB30sKUT5VrhjqFdiIMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvaUkwYkNxYTVBc0hmU3dwUlBsV3VHT29WMklnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaStMA0G
CSqGSIb3DQEBCwUAA4IBAQBDuHmil7dBNOEfOHVY7wmYnLFPuRJ8WOUzJY61n81a
68LCTIP7Q84L5TukU5bfymtwkZxSLLlVQIuWS6BNLPFoF+A7zzh47NHMQprajNhA
ppfMAv6EjQ8ONfRdua3IYIpvFm1dosjf9Cqk8RxNv3c33F8cDKPr4sYbzY9i74bl
9DZ60OJQWkKlVjYbzmrpoaj3VnztLL4UYRZiMebFcR5BWTqAiS4XcxBqkxSoyRB9
S1FJpG4Aubzcz4qEWv1zbLal0aZ+0Ktl4oqhzZOl4182JyXGcRUS10B8EU7pGpT3
SaYqb7BxPAp7JPYD9eZhFK3faoGrZRHZiYyjG2Kmspe3
-----END CERTIFICATE-----