Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/tCM-YzARaVDyW-OQaZaVTDM9hdw.roa
File:                     tCM-YzARaVDyW-OQaZaVTDM9hdw.roa (raw, json)
Hash identifier:          Zk+3b9CBDKX5LhK5B9m6s2GatigbK42F9x72Xc+hT8I=
Subject key identifier:   B4:23:3E:63:30:11:69:50:F2:5B:E3:90:69:96:95:4C:33:3D:85:DC
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       01942746C04141286110864DC1A22F254245
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/tCM-YzARaVDyW-OQaZaVTDM9hdw.roa
Signing time:             Thu 02 Jan 2025 13:48:55 +0000
ROA not before:           Thu 02 Jan 2025 13:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216192
IP address blocks:        185.17.138.0/24 maxlen: 24
                          212.68.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 01:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:c0:41:41:28:61:10:86:4d:c1:a2:2f:25:42:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: Jan  2 13:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4233e6330116950f25be3906996954c333d85dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:f8:b3:99:4b:96:b1:9a:63:1c:17:8e:30:4b:
                    c9:3f:80:51:9f:9c:57:50:ea:3a:21:cb:95:95:8c:
                    52:0c:48:25:5a:4f:71:36:0b:9f:79:d5:79:37:09:
                    53:04:dd:16:24:07:fa:a6:4b:1f:f9:20:c3:f1:d8:
                    75:d5:7a:55:7c:b0:b8:2d:ef:b9:89:de:2e:da:60:
                    5c:f6:20:da:f6:10:95:de:12:ef:c1:c5:90:2c:c5:
                    4b:c9:c8:a9:af:a6:fb:89:9c:27:7a:a0:23:6a:fe:
                    96:b5:67:08:5f:51:64:bf:37:84:a6:ca:6c:51:c6:
                    73:55:48:8a:6b:94:5b:88:b5:ca:82:b7:2b:ed:1b:
                    3c:29:dd:23:8c:9d:40:77:cc:a2:b8:b6:8a:65:f6:
                    9b:12:7a:6e:f0:ee:a5:77:06:ea:01:c2:b3:f0:6d:
                    7f:5f:18:5e:d2:af:bf:c1:ef:63:aa:66:73:5c:68:
                    5b:39:96:19:75:b2:48:97:10:19:c9:94:ae:b3:2d:
                    d6:c9:a4:62:47:a9:3a:5a:54:16:dd:eb:92:e3:5e:
                    ff:fd:e3:41:88:c8:d1:84:88:a5:4f:4f:84:36:6f:
                    60:40:a9:89:b4:e3:6d:54:0f:2d:86:d3:91:e7:e3:
                    c2:e5:f0:0b:0f:bf:1b:9d:9d:02:43:fa:b1:19:56:
                    f1:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:23:3E:63:30:11:69:50:F2:5B:E3:90:69:96:95:4C:33:3D:85:DC
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/tCM-YzARaVDyW-OQaZaVTDM9hdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.138.0/24
                  212.68.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:5d:2e:22:74:4d:9d:d4:27:ed:d2:c4:99:73:7e:89:11:f8:
         d8:15:01:2f:b4:f3:d0:05:59:0f:d1:6d:b1:fb:39:6c:21:e2:
         f6:b7:e2:97:21:c5:14:b0:56:fc:dd:07:7e:62:21:c4:b9:ba:
         d2:69:06:f8:b2:2a:f0:f2:b1:65:9e:05:d2:3e:0f:a5:99:bc:
         85:82:e1:a1:88:5b:15:62:fc:7c:eb:6c:bb:74:75:2f:b7:6c:
         97:51:52:20:85:cf:c6:34:19:a6:de:ef:4b:66:be:fd:2c:2d:
         6c:e0:4d:57:51:0b:fb:82:79:33:1b:16:77:20:e7:e3:a9:21:
         34:e9:67:d7:1a:df:f6:04:b9:0a:0c:fc:b6:5e:11:98:12:1a:
         fa:fe:76:c7:1e:c2:b0:77:48:30:01:85:54:60:83:ed:e1:e7:
         8f:c4:7f:7e:7c:55:f5:ce:ec:c4:ea:23:7a:9c:28:8a:3f:b0:
         ba:30:7c:cd:f4:47:2e:41:ac:a7:10:30:d1:6e:5a:2b:7c:8d:
         e8:09:a4:ca:ff:36:39:31:f7:83:90:0a:29:1f:7d:14:77:9f:
         85:05:e9:63:9d:57:d5:c5:0c:ed:6d:15:b6:43:10:78:02:03:
         93:af:21:31:fe:43:82:b6:ed:b2:67:64:87:9b:ed:72:a5:e7:
         e8:72:a5:71
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnRsBBQShhEIZNwaIvJUJFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwMTAyMTM0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDIzM2U2MzMwMTE2OTUwZjI1YmUzOTA2OTk2OTU0YzMzM2Q4NWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfizmUuWsZpjHBeOMEvJP4BRn5xX
UOo6IcuVlYxSDEglWk9xNgufedV5NwlTBN0WJAf6pksf+SDD8dh11XpVfLC4Le+5
id4u2mBc9iDa9hCV3hLvwcWQLMVLycipr6b7iZwneqAjav6WtWcIX1FkvzeEpsps
UcZzVUiKa5RbiLXKgrcr7Rs8Kd0jjJ1Ad8yiuLaKZfabEnpu8O6ldwbqAcKz8G1/
Xxhe0q+/we9jqmZzXGhbOZYZdbJIlxAZyZSusy3WyaRiR6k6WlQW3euS417//eNB
iMjRhIilT0+ENm9gQKmJtONtVA8thtOR5+PC5fALD78bnZ0CQ/qxGVbxpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLQjPmMwEWlQ8lvjkGmWlUwzPYXcMB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvdENNLVl6QVJhVkR5Vy1PUWFaYVZURE05aGR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuRGKAwQA
1EQlMA0GCSqGSIb3DQEBCwUAA4IBAQBHXS4idE2d1Cft0sSZc36JEfjYFQEvtPPQ
BVkP0W2x+zlsIeL2t+KXIcUUsFb83Qd+YiHEubrSaQb4sirw8rFlngXSPg+lmbyF
guGhiFsVYvx862y7dHUvt2yXUVIghc/GNBmm3u9LZr79LC1s4E1XUQv7gnkzGxZ3
IOfjqSE06WfXGt/2BLkKDPy2XhGYEhr6/nbHHsKwd0gwAYVUYIPt4eePxH9+fFX1
zuzE6iN6nCiKP7C6MHzN9EcuQaynEDDRblorfI3oCaTK/zY5MfeDkAopH30Ud5+F
BeljnVfVxQztbRW2QxB4AgOTryEx/kOCtu2yZ2SHm+1ypefocqVx
-----END CERTIFICATE-----