Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/2hjMikwQnrrEAN1yMmo4yNGPigk.roa
File:                     2hjMikwQnrrEAN1yMmo4yNGPigk.roa (raw, json)
Hash identifier:          va6CTRy1tpKgbw+4WXa+7xdTzdjfkhLrL6uUCxg03v4=
Subject key identifier:   DA:18:CC:8A:4C:10:9E:BA:C4:00:DD:72:32:6A:38:C8:D1:8F:8A:09
Certificate issuer:       /CN=311d62b7fd9fcfc87dfea987515767c838e21bb9
Certificate serial:       019426D9D62F573E444F7B4EFD91E7E46FC8
Authority key identifier: 31:1D:62:B7:FD:9F:CF:C8:7D:FE:A9:87:51:57:67:C8:38:E2:1B:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MR1it_2fz8h9_qmHUVdnyDjiG7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/2hjMikwQnrrEAN1yMmo4yNGPigk.roa
Signing time:             Thu 02 Jan 2025 11:49:57 +0000
ROA not before:           Thu 02 Jan 2025 11:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57734
IP address blocks:        37.49.234.0/23 maxlen: 24
                          37.49.234.0/24 maxlen: 24
                          2a00:a4c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/MR1it_2fz8h9_qmHUVdnyDjiG7k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/MR1it_2fz8h9_qmHUVdnyDjiG7k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MR1it_2fz8h9_qmHUVdnyDjiG7k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:d6:2f:57:3e:44:4f:7b:4e:fd:91:e7:e4:6f:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=311d62b7fd9fcfc87dfea987515767c838e21bb9
        Validity
            Not Before: Jan  2 11:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da18cc8a4c109ebac400dd72326a38c8d18f8a09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:14:3c:06:f6:09:7d:b2:8c:8f:f4:19:e2:65:
                    1d:7e:dc:41:c0:ee:01:5d:13:8f:7a:b0:60:6e:75:
                    3d:d1:40:ef:45:67:ce:61:85:37:07:87:df:c7:c4:
                    d3:a5:bf:31:49:f7:da:12:fa:cd:20:74:e7:b9:77:
                    2d:ea:42:5c:6a:11:e1:70:25:c4:e5:9a:d3:e0:d9:
                    3c:22:11:28:a6:6e:ca:f1:55:24:03:b4:38:4f:45:
                    4c:69:00:35:fb:33:be:8a:30:57:34:2a:33:f8:dc:
                    fe:e5:61:da:bf:0a:1f:1b:5e:0d:d5:8f:d1:70:1c:
                    f1:e8:a7:a5:16:d5:8a:05:17:84:f0:ba:4c:1b:81:
                    a8:a6:73:85:d0:eb:1d:07:87:22:dd:ec:f5:96:f2:
                    bb:c8:89:b9:f8:31:f1:52:da:fe:a5:a0:be:f8:78:
                    f8:92:48:a1:3e:34:d0:f5:60:98:3a:1e:7b:fb:b7:
                    cf:42:f3:0f:98:86:26:54:6a:20:87:6d:1a:82:25:
                    a7:f1:87:fb:59:3d:34:c0:82:23:d0:1a:6f:44:fd:
                    f6:23:bd:1b:03:c7:21:29:22:71:8d:0b:18:70:63:
                    55:65:dc:dc:15:7e:64:f5:e9:62:15:58:f7:60:5b:
                    0b:54:66:d0:65:98:95:67:2a:85:15:d9:06:15:0e:
                    5d:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:18:CC:8A:4C:10:9E:BA:C4:00:DD:72:32:6A:38:C8:D1:8F:8A:09
            X509v3 Authority Key Identifier:
                keyid:31:1D:62:B7:FD:9F:CF:C8:7D:FE:A9:87:51:57:67:C8:38:E2:1B:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MR1it_2fz8h9_qmHUVdnyDjiG7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/2hjMikwQnrrEAN1yMmo4yNGPigk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/MR1it_2fz8h9_qmHUVdnyDjiG7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.49.234.0/23
                IPv6:
                  2a00:a4c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         2b:e7:1a:1a:ac:06:d2:43:5f:a1:41:57:fa:72:22:55:6d:6c:
         ef:93:bf:dd:7f:f1:70:57:32:71:e1:e3:12:17:5d:ad:4e:a2:
         ca:8b:3f:53:c0:14:dd:37:64:a5:62:74:50:29:77:3e:e3:e0:
         57:15:b9:e1:b5:ed:48:5f:15:d3:65:82:b0:7b:e8:d2:35:15:
         54:79:cb:3b:61:fb:c8:fd:dc:35:ca:dc:c4:ac:9c:3c:83:f1:
         62:99:2a:17:0b:0a:20:ef:76:b9:8c:66:08:e6:42:cf:40:09:
         64:9c:8c:f9:3a:7d:5f:35:ec:d4:81:dd:66:d5:19:c6:2c:05:
         0c:52:c8:d4:06:19:c6:62:79:e4:06:fb:6f:18:46:b2:e3:7c:
         af:4b:16:13:d5:bc:55:cc:80:17:2d:c0:26:79:a1:68:ef:ab:
         a6:81:66:c6:f3:02:7c:79:f3:f4:19:bd:0f:91:fa:0f:98:35:
         f0:05:3a:48:f3:12:1c:00:4f:c8:e2:b4:4d:18:f7:1b:1a:1d:
         13:a4:d4:da:c5:58:f6:a4:57:15:82:cb:cc:58:a8:9f:c8:91:
         09:6d:87:ea:ca:e2:50:7b:3c:0e:1f:81:f4:79:be:31:e0:04:
         57:8e:14:9c:df:f9:21:39:3c:ad:9b:e8:01:dc:b5:47:89:02:
         8d:f7:8f:b3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2dYvVz5ET3tO/ZHn5G/IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMWQ2MmI3ZmQ5ZmNmYzg3ZGZlYTk4NzUxNTc2N2M4Mzhl
MjFiYjkwHhcNMjUwMTAyMTE0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTE4Y2M4YTRjMTA5ZWJhYzQwMGRkNzIzMjZhMzhjOGQxOGY4YTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxQ8BvYJfbKMj/QZ4mUdftxBwO4B
XROPerBgbnU90UDvRWfOYYU3B4ffx8TTpb8xSffaEvrNIHTnuXct6kJcahHhcCXE
5ZrT4Nk8IhEopm7K8VUkA7Q4T0VMaQA1+zO+ijBXNCoz+Nz+5WHavwofG14N1Y/R
cBzx6KelFtWKBReE8LpMG4GopnOF0OsdB4ci3ez1lvK7yIm5+DHxUtr+paC++Hj4
kkihPjTQ9WCYOh57+7fPQvMPmIYmVGogh20agiWn8Yf7WT00wIIj0BpvRP32I70b
A8chKSJxjQsYcGNVZdzcFX5k9eliFVj3YFsLVGbQZZiVZyqFFdkGFQ5dbQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNoYzIpMEJ66xADdcjJqOMjRj4oJMB8GA1UdIwQY
MBaAFDEdYrf9n8/Iff6ph1FXZ8g44hu5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVIxaXRfMmZ6OGg5X3FtSFVWZG55RGppRzdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy81NzY4OGUtYTk2NC00OTMzLTg2MzEt
ODUwZjM0OTA2MjI5LzEvMmhqTWlrd1FucnJFQU4xeU1tbzR5TkdQaWdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy81NzY4OGUtYTk2NC00OTMzLTg2MzEtODUwZjM0OTA2MjI5
LzEvTVIxaXRfMmZ6OGg5X3FtSFVWZG55RGppRzdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBJTHqMA0E
AgACMAcDBQAqAKTAMA0GCSqGSIb3DQEBCwUAA4IBAQAr5xoarAbSQ1+hQVf6ciJV
bWzvk7/df/FwVzJx4eMSF12tTqLKiz9TwBTdN2SlYnRQKXc+4+BXFbnhte1IXxXT
ZYKwe+jSNRVUecs7YfvI/dw1ytzErJw8g/FimSoXCwog73a5jGYI5kLPQAlknIz5
On1fNezUgd1m1RnGLAUMUsjUBhnGYnnkBvtvGEay43yvSxYT1bxVzIAXLcAmeaFo
76umgWbG8wJ8efP0Gb0PkfoPmDXwBTpI8xIcAE/I4rRNGPcbGh0TpNTaxVj2pFcV
gsvMWKifyJEJbYfqyuJQezwOH4H0eb4x4ARXjhSc3/khOTytm+gB3LVHiQKN94+z
-----END CERTIFICATE-----