Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/55c2a0-49df-4d96-988f-4f9d04010710/1/_BrWLEBfYPYfGOoM_00MeFoB9s8.roa
File:                     _BrWLEBfYPYfGOoM_00MeFoB9s8.roa (raw, json)
Hash identifier:          ONS0Sr1NVQgM4PQUgLtLkyRNai6z7sLm2R6unFgdvYQ=
Subject key identifier:   FC:1A:D6:2C:40:5F:60:F6:1F:18:EA:0C:FF:4D:0C:78:5A:01:F6:CF
Certificate issuer:       /CN=675fbe4b1f00233ed767990071f04590c90c887d
Certificate serial:       01942143EAE0D1F84044647713F4BD6EF9E3
Authority key identifier: 67:5F:BE:4B:1F:00:23:3E:D7:67:99:00:71:F0:45:90:C9:0C:88:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z1--Sx8AIz7XZ5kAcfBFkMkMiH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/55c2a0-49df-4d96-988f-4f9d04010710/1/_BrWLEBfYPYfGOoM_00MeFoB9s8.roa
Signing time:             Wed 01 Jan 2025 09:48:06 +0000
ROA not before:           Wed 01 Jan 2025 09:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198479
IP address blocks:        37.128.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/55c2a0-49df-4d96-988f-4f9d04010710/1/Z1--Sx8AIz7XZ5kAcfBFkMkMiH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/55c2a0-49df-4d96-988f-4f9d04010710/1/Z1--Sx8AIz7XZ5kAcfBFkMkMiH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z1--Sx8AIz7XZ5kAcfBFkMkMiH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 06:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:ea:e0:d1:f8:40:44:64:77:13:f4:bd:6e:f9:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=675fbe4b1f00233ed767990071f04590c90c887d
        Validity
            Not Before: Jan  1 09:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc1ad62c405f60f61f18ea0cff4d0c785a01f6cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:6c:ff:65:a6:b4:38:9b:7d:de:1e:c6:28:bb:
                    3d:5c:ed:63:bc:3d:88:b9:1c:4d:09:4f:10:a8:80:
                    45:38:a1:93:d7:89:27:ba:78:7b:c4:78:a9:ca:4b:
                    22:e9:d4:e5:75:78:6b:7c:15:61:4c:82:f2:83:d0:
                    b4:a8:e8:d4:f1:a3:73:3e:c0:03:4f:eb:7c:9e:cb:
                    a0:71:3a:bc:ad:0a:8b:9f:47:50:3c:68:65:c3:3c:
                    1a:0e:b9:82:0a:2c:f6:86:6f:0f:7f:e7:ec:4d:63:
                    e7:71:ef:79:83:50:7f:38:75:22:1c:81:89:4c:63:
                    65:1e:b5:23:8f:ea:15:ad:43:30:19:a6:a7:4e:ac:
                    c6:88:b6:7f:a3:a9:83:7f:7c:e2:8c:f3:93:1d:0a:
                    78:12:83:0b:9c:07:85:ab:6a:93:a9:55:02:2f:a9:
                    0d:b8:b0:f6:db:eb:c7:19:3a:d0:84:8d:5c:2c:95:
                    91:4e:eb:c0:63:c5:c3:b5:48:b1:2f:ca:66:07:32:
                    09:91:8e:7f:fe:7c:96:bc:08:92:d7:ac:40:f2:94:
                    d8:6a:e8:f8:88:17:4a:0b:09:0f:d1:ec:fc:02:64:
                    f5:a6:9f:84:c3:79:9e:a0:9c:12:0a:81:74:bd:f7:
                    d4:c5:34:57:a3:6b:52:43:be:45:ee:5f:62:aa:6c:
                    3a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:1A:D6:2C:40:5F:60:F6:1F:18:EA:0C:FF:4D:0C:78:5A:01:F6:CF
            X509v3 Authority Key Identifier:
                keyid:67:5F:BE:4B:1F:00:23:3E:D7:67:99:00:71:F0:45:90:C9:0C:88:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z1--Sx8AIz7XZ5kAcfBFkMkMiH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/55c2a0-49df-4d96-988f-4f9d04010710/1/_BrWLEBfYPYfGOoM_00MeFoB9s8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/55c2a0-49df-4d96-988f-4f9d04010710/1/Z1--Sx8AIz7XZ5kAcfBFkMkMiH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.128.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:1a:a1:ad:5e:3b:4e:e3:7a:1b:12:30:f3:aa:0b:92:81:00:
         d4:7c:4b:d8:65:b2:91:c6:bf:3b:37:a0:38:ed:1c:44:8e:be:
         dd:31:b7:1f:cf:dd:3e:9c:03:3e:98:0c:35:5b:88:91:5c:ea:
         18:83:1b:1b:ed:75:68:85:8b:20:1c:e0:83:59:d2:e4:8b:83:
         36:a5:8d:d7:e2:12:0d:2e:bb:5e:98:9b:7a:db:d6:9f:4e:c5:
         92:d5:18:b4:f4:b0:ab:bf:b0:b9:e1:7f:74:3a:57:0a:22:a2:
         7b:2c:df:1b:98:0c:7d:69:54:4f:1c:6a:86:43:16:91:1b:00:
         29:5c:b5:0e:01:8b:ba:91:43:10:41:18:bf:e9:72:0e:a2:8c:
         04:2c:eb:74:f4:4d:63:4b:3f:bb:cf:4c:02:86:2e:40:85:48:
         48:73:3d:2e:fc:ef:54:9d:ee:f9:f4:15:57:f8:0d:e6:08:ff:
         5a:99:3c:4f:2f:2c:aa:59:11:ce:16:3c:35:ae:9a:ba:7e:38:
         e3:70:f6:78:db:02:89:6f:9b:c4:bc:ad:a2:79:66:f5:94:43:
         79:01:27:57:8e:e5:2f:8f:39:d4:ba:9c:2c:e3:f8:85:81:99:
         06:c1:6d:2b:3a:74:ca:e5:ba:10:55:90:2b:da:05:78:5d:66:
         61:11:a1:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ+rg0fhARGR3E/S9bvnjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NWZiZTRiMWYwMDIzM2VkNzY3OTkwMDcxZjA0NTkwYzkw
Yzg4N2QwHhcNMjUwMTAxMDk0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzFhZDYyYzQwNWY2MGY2MWYxOGVhMGNmZjRkMGM3ODVhMDFmNmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWz/Zaa0OJt93h7GKLs9XO1jvD2I
uRxNCU8QqIBFOKGT14knunh7xHipyksi6dTldXhrfBVhTILyg9C0qOjU8aNzPsAD
T+t8nsugcTq8rQqLn0dQPGhlwzwaDrmCCiz2hm8Pf+fsTWPnce95g1B/OHUiHIGJ
TGNlHrUjj+oVrUMwGaanTqzGiLZ/o6mDf3zijPOTHQp4EoMLnAeFq2qTqVUCL6kN
uLD22+vHGTrQhI1cLJWRTuvAY8XDtUixL8pmBzIJkY5//nyWvAiS16xA8pTYauj4
iBdKCwkP0ez8AmT1pp+Ew3meoJwSCoF0vffUxTRXo2tSQ75F7l9iqmw64wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwa1ixAX2D2HxjqDP9NDHhaAfbPMB8GA1UdIwQY
MBaAFGdfvksfACM+12eZAHHwRZDJDIh9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjEtLVN4OEFJejdYWjVrQWNmQkZrTWtNaUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS81NWMyYTAtNDlkZi00ZDk2LTk4OGYt
NGY5ZDA0MDEwNzEwLzEvX0JyV0xFQmZZUFlmR09vTV8wME1lRm9COXM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS81NWMyYTAtNDlkZi00ZDk2LTk4OGYtNGY5ZDA0MDEwNzEw
LzEvWjEtLVN4OEFJejdYWjVrQWNmQkZrTWtNaUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJYCoMA0G
CSqGSIb3DQEBCwUAA4IBAQB3GqGtXjtO43obEjDzqguSgQDUfEvYZbKRxr87N6A4
7RxEjr7dMbcfz90+nAM+mAw1W4iRXOoYgxsb7XVohYsgHOCDWdLki4M2pY3X4hIN
LrtemJt629afTsWS1Ri09LCrv7C54X90OlcKIqJ7LN8bmAx9aVRPHGqGQxaRGwAp
XLUOAYu6kUMQQRi/6XIOoowELOt09E1jSz+7z0wChi5AhUhIcz0u/O9Une759BVX
+A3mCP9amTxPLyyqWRHOFjw1rpq6fjjjcPZ42wKJb5vEvK2ieWb1lEN5ASdXjuUv
jznUupws4/iFgZkGwW0rOnTK5boQVZAr2gV4XWZhEaHv
-----END CERTIFICATE-----