Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/uBvzEXm5VwGZwiUWFNWddxjZq1E.roa
File:                     uBvzEXm5VwGZwiUWFNWddxjZq1E.roa (raw, json)
Hash identifier:          oD/A8OR3XYpgvQFrjXxLCPlCLhedXuhOhlVHK3hjzlw=
Subject key identifier:   B8:1B:F3:11:79:B9:57:01:99:C2:25:16:14:D5:9D:77:18:D9:AB:51
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       01941FFA3BE5BF2BF2DA5796649F8D20B795
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/uBvzEXm5VwGZwiUWFNWddxjZq1E.roa
Signing time:             Wed 01 Jan 2025 03:48:00 +0000
ROA not before:           Wed 01 Jan 2025 03:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210522
IP address blocks:        37.114.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:3b:e5:bf:2b:f2:da:57:96:64:9f:8d:20:b7:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Jan  1 03:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b81bf31179b9570199c2251614d59d7718d9ab51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:f2:c8:3b:90:be:66:7c:32:57:2b:96:eb:19:
                    e8:17:5d:c2:09:55:9d:b0:50:c9:76:a5:b3:90:3d:
                    56:2d:e3:6b:46:40:cf:dc:05:a3:4f:81:52:35:0c:
                    63:8c:7e:0e:9c:83:4a:89:8a:62:53:8b:40:7f:ff:
                    04:1a:3b:8e:1b:60:1d:5b:6e:93:cd:05:de:7f:da:
                    06:c6:9d:98:33:c1:1b:fa:9f:ca:b6:b6:0b:3e:fa:
                    1d:4a:07:01:d1:b8:97:e2:83:fe:6d:7a:8f:c6:42:
                    5c:6e:0f:b8:bb:d5:48:aa:9d:56:d1:01:d3:f4:69:
                    19:1d:1f:74:f8:3e:c3:35:0b:01:b7:f6:af:a5:29:
                    9e:a2:f5:b1:4a:2f:41:02:c9:28:e2:64:51:56:dd:
                    5f:7f:6d:6b:05:47:d9:af:26:1d:6d:d2:9e:1c:7b:
                    74:19:83:63:26:c7:d6:ba:a2:2c:cb:1a:98:e1:60:
                    65:76:2c:4f:6b:4e:44:18:5a:29:ba:ca:be:b7:9b:
                    06:b0:a5:36:18:4a:19:c6:f9:0b:33:b3:ab:3a:5a:
                    65:70:e2:3f:b8:8f:4e:a6:b1:fd:2c:ec:33:4c:79:
                    d2:ef:7f:4d:3a:08:57:6e:eb:be:a6:20:6d:30:53:
                    81:94:b8:47:55:24:2e:79:a6:e7:c7:cc:6b:68:69:
                    90:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:1B:F3:11:79:B9:57:01:99:C2:25:16:14:D5:9D:77:18:D9:AB:51
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/uBvzEXm5VwGZwiUWFNWddxjZq1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:e3:84:a0:e3:ba:71:0a:84:6e:8a:d9:2b:98:0b:e5:b3:49:
         21:3d:58:1d:38:1a:ae:b3:27:e2:1d:53:ae:50:ae:25:dc:c7:
         be:f2:43:7b:bc:82:f7:ad:5a:1d:16:af:d9:85:12:e6:a9:d2:
         e1:0d:9c:70:69:78:37:04:a4:26:f1:79:29:9a:89:32:c0:f7:
         46:d2:87:ed:5a:c4:69:33:b1:aa:b7:89:64:00:5b:30:45:c8:
         a4:8f:73:b7:1f:6c:dd:2b:3b:52:ba:1b:61:7f:a3:90:f4:21:
         eb:e6:05:eb:ee:68:53:6f:77:36:1e:54:3b:cc:43:ce:eb:4b:
         b9:80:9b:da:16:d1:6b:0f:ca:86:d1:49:a0:6c:03:ca:9a:07:
         41:1e:ac:13:fc:62:91:ea:09:89:8b:f1:47:bd:28:79:a2:75:
         c2:8c:63:79:36:e3:d8:6c:99:4d:32:54:38:43:04:ba:a2:46:
         74:c0:47:25:16:2c:58:fa:2b:12:29:be:73:14:08:44:21:59:
         d8:ef:d0:e5:7b:12:bc:97:10:82:90:a8:89:34:98:f0:66:cf:
         49:82:21:1a:b1:92:3a:82:38:6d:43:cb:74:61:62:8d:4d:f8:
         af:87:67:fd:a6:84:0e:0c:8e:95:9c:07:9f:1c:d7:c9:29:6a:
         be:f3:76:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+jvlvyvy2leWZJ+NILeVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjUwMTAxMDM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODFiZjMxMTc5Yjk1NzAxOTljMjI1MTYxNGQ1OWQ3NzE4ZDlhYjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfLIO5C+ZnwyVyuW6xnoF13CCVWd
sFDJdqWzkD1WLeNrRkDP3AWjT4FSNQxjjH4OnINKiYpiU4tAf/8EGjuOG2AdW26T
zQXef9oGxp2YM8Eb+p/KtrYLPvodSgcB0biX4oP+bXqPxkJcbg+4u9VIqp1W0QHT
9GkZHR90+D7DNQsBt/avpSmeovWxSi9BAsko4mRRVt1ff21rBUfZryYdbdKeHHt0
GYNjJsfWuqIsyxqY4WBldixPa05EGFopusq+t5sGsKU2GEoZxvkLM7OrOlplcOI/
uI9OprH9LOwzTHnS739NOghXbuu+piBtMFOBlLhHVSQueabnx8xraGmQNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLgb8xF5uVcBmcIlFhTVnXcY2atRMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvdUJ2ekVYbTVWd0dad2lVV0ZOV2RkeGpacTFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJXIpMA0G
CSqGSIb3DQEBCwUAA4IBAQCW44Sg47pxCoRuitkrmAvls0khPVgdOBqusyfiHVOu
UK4l3Me+8kN7vIL3rVodFq/ZhRLmqdLhDZxwaXg3BKQm8XkpmokywPdG0oftWsRp
M7Gqt4lkAFswRcikj3O3H2zdKztSuhthf6OQ9CHr5gXr7mhTb3c2HlQ7zEPO60u5
gJvaFtFrD8qG0UmgbAPKmgdBHqwT/GKR6gmJi/FHvSh5onXCjGN5NuPYbJlNMlQ4
QwS6okZ0wEclFixY+isSKb5zFAhEIVnY79DlexK8lxCCkKiJNJjwZs9JgiEasZI6
gjhtQ8t0YWKNTfivh2f9poQODI6VnAefHNfJKWq+83bO
-----END CERTIFICATE-----