Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/cKm65Eb_WOsg0rJgahrGEn-QzNM.roa
File:                     cKm65Eb_WOsg0rJgahrGEn-QzNM.roa (raw, json)
Hash identifier:          pkezS3MrD2s+itmukvNwqj5ekac2E5fRWqLx+Gd03qs=
Subject key identifier:   70:A9:BA:E4:46:FF:58:EB:20:D2:B2:60:6A:1A:C6:12:7F:90:CC:D3
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019427B555DD08C662B9FDFD522982994FAB
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/cKm65Eb_WOsg0rJgahrGEn-QzNM.roa
Signing time:             Thu 02 Jan 2025 15:49:42 +0000
ROA not before:           Thu 02 Jan 2025 15:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60861
IP address blocks:        37.221.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 12:37:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:55:dd:08:c6:62:b9:fd:fd:52:29:82:99:4f:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  2 15:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70a9bae446ff58eb20d2b2606a1ac6127f90ccd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:54:7b:96:67:ba:ee:6b:c1:d3:fd:f9:a5:84:
                    66:b0:31:a0:40:d7:aa:83:f9:cf:58:2b:40:bc:b9:
                    4c:c8:46:35:7f:a6:14:f1:8c:93:cb:68:e4:a2:a0:
                    87:1d:9f:0a:54:69:02:01:a8:80:42:cc:26:24:fa:
                    0c:a5:98:a4:9c:dc:d9:67:a7:05:8d:3d:ac:e1:77:
                    25:3a:a0:13:51:db:2c:4e:93:24:07:d3:00:4d:ec:
                    06:39:c9:b1:e4:6d:ef:a9:54:c3:ed:e7:ba:5f:3e:
                    61:a1:ec:38:20:26:87:14:d1:2a:f5:b2:2d:2f:73:
                    1e:95:2e:bd:03:5a:e0:3c:ef:e9:ec:b0:9f:23:2c:
                    a7:1d:1e:36:c5:56:83:40:bb:c2:a1:76:28:e5:10:
                    52:d5:7a:e4:a6:9a:6d:84:86:fe:13:19:83:4c:94:
                    40:68:be:c7:e0:51:70:d2:4d:3b:08:57:89:67:36:
                    fa:92:0b:52:dd:51:ba:00:ef:a9:07:b0:0c:43:84:
                    b0:89:cb:60:67:1f:ee:75:76:c1:14:37:f8:49:22:
                    86:ab:ae:ba:ec:b9:28:68:1e:2e:a3:5a:2c:35:21:
                    9f:13:21:68:84:53:c4:19:a8:7a:ea:b2:bc:7d:20:
                    25:a2:c4:8e:27:d9:07:d1:d8:fd:b2:b7:19:54:64:
                    5a:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:A9:BA:E4:46:FF:58:EB:20:D2:B2:60:6A:1A:C6:12:7F:90:CC:D3
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/cKm65Eb_WOsg0rJgahrGEn-QzNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:9a:ef:79:0e:88:59:fc:00:b6:9f:db:ef:2c:62:36:2d:2c:
         ed:33:a6:d4:67:7c:53:77:a1:2d:d6:ac:9f:d7:28:ca:e1:27:
         ac:f2:5e:f6:b0:55:87:e8:3d:16:f9:33:53:86:00:0d:b1:77:
         99:21:4d:3b:aa:b9:df:08:44:49:ea:0f:40:34:37:4c:2d:21:
         b7:c1:ff:3e:ab:0a:33:e9:e0:21:6b:1a:a5:5e:b2:bd:15:3d:
         a2:9f:17:63:b2:f7:db:99:9f:a2:77:c1:13:0a:89:ef:4a:7b:
         98:00:9e:08:6a:61:65:34:71:96:39:64:7c:f2:da:23:62:cc:
         c4:1e:47:44:e5:5b:1e:87:52:11:9d:15:20:20:74:4a:94:24:
         d5:4b:44:db:54:04:8b:b3:c1:77:ed:ed:22:d6:24:72:e8:b5:
         c2:6f:f8:50:54:a4:9f:40:d6:b3:2a:f2:7a:d3:3b:9b:cc:b8:
         66:e1:dd:ec:83:cd:57:7a:82:dc:61:58:0e:df:9b:76:4b:1c:
         eb:5a:f3:d6:ef:c3:ce:da:86:af:81:af:c9:23:bb:f7:21:19:
         66:9f:d4:bf:9d:61:36:6b:85:86:f4:42:e8:58:31:92:bb:4f:
         65:cc:a8:1e:c1:8c:2a:75:76:83:91:8b:db:2d:7b:0a:d3:6b:
         79:bb:63:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntVXdCMZiuf39UimCmU+rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUwMTAyMTU0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGE5YmFlNDQ2ZmY1OGViMjBkMmIyNjA2YTFhYzYxMjdmOTBjY2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3FR7lme67mvB0/35pYRmsDGgQNeq
g/nPWCtAvLlMyEY1f6YU8YyTy2jkoqCHHZ8KVGkCAaiAQswmJPoMpZiknNzZZ6cF
jT2s4XclOqATUdssTpMkB9MATewGOcmx5G3vqVTD7ee6Xz5hoew4ICaHFNEq9bIt
L3MelS69A1rgPO/p7LCfIyynHR42xVaDQLvCoXYo5RBS1XrkpppthIb+ExmDTJRA
aL7H4FFw0k07CFeJZzb6kgtS3VG6AO+pB7AMQ4SwictgZx/udXbBFDf4SSKGq666
7LkoaB4uo1osNSGfEyFohFPEGah66rK8fSAlosSOJ9kH0dj9srcZVGRa2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCpuuRG/1jrINKyYGoaxhJ/kMzTMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvY0ttNjVFYl9XT3NnMHJKZ2FockdFbi1Rek5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJd20MA0G
CSqGSIb3DQEBCwUAA4IBAQCdmu95DohZ/AC2n9vvLGI2LSztM6bUZ3xTd6Et1qyf
1yjK4Ses8l72sFWH6D0W+TNThgANsXeZIU07qrnfCERJ6g9ANDdMLSG3wf8+qwoz
6eAhaxqlXrK9FT2inxdjsvfbmZ+id8ETConvSnuYAJ4IamFlNHGWOWR88tojYszE
HkdE5Vseh1IRnRUgIHRKlCTVS0TbVASLs8F37e0i1iRy6LXCb/hQVKSfQNazKvJ6
0zubzLhm4d3sg81XeoLcYVgO35t2SxzrWvPW78PO2oavga/JI7v3IRlmn9S/nWE2
a4WG9ELoWDGSu09lzKgewYwqdXaDkYvbLXsK02t5u2Oq
-----END CERTIFICATE-----