Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/SsU_hevSpCMxRICHNvRhGuqJl1M.roa
File:                     SsU_hevSpCMxRICHNvRhGuqJl1M.roa (raw, json)
Hash identifier:          1JAmA6OyEuXd481Jl9UTpVGADh2xyB9dz46taIyZEKE=
Subject key identifier:   4A:C5:3F:85:EB:D2:A4:23:31:44:80:87:36:F4:61:1A:EA:89:97:53
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       01941FFA2FD6B777E52BDBB8CBFBB733BBE8
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/SsU_hevSpCMxRICHNvRhGuqJl1M.roa
Signing time:             Wed 01 Jan 2025 03:47:57 +0000
ROA not before:           Wed 01 Jan 2025 03:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24961
IP address blocks:        37.114.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:2f:d6:b7:77:e5:2b:db:b8:cb:fb:b7:33:bb:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Jan  1 03:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ac53f85ebd2a4233144808736f4611aea899753
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:67:9f:51:83:3c:9c:20:d1:6b:de:f1:a5:d8:
                    44:c1:5a:d0:2f:22:d6:a8:d5:60:a1:de:a2:73:8c:
                    ea:ef:6c:c5:71:b1:23:77:c8:ce:5d:de:a3:1c:ec:
                    41:5e:c4:ad:29:d4:48:f8:a4:c6:ec:13:3a:25:36:
                    c2:fc:b5:a9:89:6f:2b:e7:f3:4e:c8:24:9c:21:bf:
                    c8:95:47:b0:27:bf:f7:7f:a2:5e:05:1c:b7:96:7c:
                    45:10:ff:b2:58:6a:34:6c:6d:34:0d:87:0c:c2:a6:
                    55:07:44:03:2b:4e:09:60:e9:25:9d:91:64:63:4c:
                    94:e7:a5:2b:52:ae:9e:63:c1:05:af:3c:db:2c:9f:
                    eb:86:c9:5d:78:27:cc:03:57:4b:5a:c7:c9:5f:4e:
                    a0:47:24:64:c7:df:b0:f1:32:cc:ac:d0:aa:0f:fb:
                    0b:2f:db:5d:fe:77:f0:85:d7:5f:1c:03:a1:65:49:
                    91:8e:27:c0:d3:e4:35:18:93:00:39:d3:cd:32:d8:
                    84:f5:e2:31:3b:12:1c:52:7a:25:55:b5:2a:b4:27:
                    0e:cb:a6:1f:b1:2e:ee:09:ec:68:cc:7e:ea:50:6f:
                    d4:45:14:fa:cf:b6:4e:dc:10:01:94:0b:db:02:6c:
                    13:3c:e5:37:0a:9c:59:fe:c0:3b:9a:d3:c7:24:93:
                    f9:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:C5:3F:85:EB:D2:A4:23:31:44:80:87:36:F4:61:1A:EA:89:97:53
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/SsU_hevSpCMxRICHNvRhGuqJl1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:70:9c:4b:d0:6f:ef:54:1d:d0:34:5f:c6:9d:e8:6d:5a:02:
         1d:9e:fc:00:a5:44:7f:a7:0a:3e:72:6f:34:6b:db:e9:ac:30:
         57:66:ad:8d:74:76:4a:b0:dc:9a:64:25:aa:c7:90:aa:ed:8b:
         a4:79:08:9f:6d:88:39:90:29:13:9d:da:8d:77:6c:ff:06:5b:
         a6:cb:e3:9a:60:17:1c:91:50:b0:1e:1a:60:ef:c6:55:d3:63:
         eb:c9:d6:80:c8:83:36:0d:6a:a1:74:45:32:31:50:a2:de:fe:
         d5:58:83:b1:5e:45:97:10:7c:64:6d:b9:54:39:fd:c5:bf:7c:
         97:c1:e1:62:e7:3a:48:b0:6d:04:7c:0b:82:3c:82:50:9a:13:
         1a:7b:c0:bc:72:9a:59:14:6e:cd:09:48:19:7a:af:80:68:86:
         64:7e:c6:ab:c4:91:49:cf:13:45:f9:fc:a3:66:17:2d:2a:ea:
         70:fa:ba:23:12:75:5b:a7:c7:52:cd:f1:bc:ce:b6:c6:ea:5d:
         f9:c3:a7:ab:2d:a6:77:95:8c:32:bd:64:48:77:4c:52:16:31:
         d1:62:80:a9:f8:f2:f3:4c:fa:9d:c3:b7:a9:53:b7:02:a5:2d:
         58:88:81:5b:e7:de:fb:5c:e8:b8:c1:cf:30:c7:0c:0f:6c:74:
         ee:ce:98:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+i/Wt3flK9u4y/u3M7voMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjUwMTAxMDM0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWM1M2Y4NWViZDJhNDIzMzE0NDgwODczNmY0NjExYWVhODk5NzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2efUYM8nCDRa97xpdhEwVrQLyLW
qNVgod6ic4zq72zFcbEjd8jOXd6jHOxBXsStKdRI+KTG7BM6JTbC/LWpiW8r5/NO
yCScIb/IlUewJ7/3f6JeBRy3lnxFEP+yWGo0bG00DYcMwqZVB0QDK04JYOklnZFk
Y0yU56UrUq6eY8EFrzzbLJ/rhsldeCfMA1dLWsfJX06gRyRkx9+w8TLMrNCqD/sL
L9td/nfwhddfHAOhZUmRjifA0+Q1GJMAOdPNMtiE9eIxOxIcUnolVbUqtCcOy6Yf
sS7uCexozH7qUG/URRT6z7ZO3BABlAvbAmwTPOU3CpxZ/sA7mtPHJJP55QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFErFP4Xr0qQjMUSAhzb0YRrqiZdTMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvU3NVX2hldlNwQ014UklDSE52UmhHdXFKbDFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJXIoMA0G
CSqGSIb3DQEBCwUAA4IBAQAbcJxL0G/vVB3QNF/GnehtWgIdnvwApUR/pwo+cm80
a9vprDBXZq2NdHZKsNyaZCWqx5Cq7YukeQifbYg5kCkTndqNd2z/Blumy+OaYBcc
kVCwHhpg78ZV02PrydaAyIM2DWqhdEUyMVCi3v7VWIOxXkWXEHxkbblUOf3Fv3yX
weFi5zpIsG0EfAuCPIJQmhMae8C8cppZFG7NCUgZeq+AaIZkfsarxJFJzxNF+fyj
ZhctKupw+rojEnVbp8dSzfG8zrbG6l35w6erLaZ3lYwyvWRId0xSFjHRYoCp+PLz
TPqdw7epU7cCpS1YiIFb5977XOi4wc8wxwwPbHTuzpix
-----END CERTIFICATE-----