Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/b92cc3-ddf1-43cb-b4b1-4154da5ceb9b/1/IVNizmINzGKtS16vA6MUtf-GXl0.roa
File:                     IVNizmINzGKtS16vA6MUtf-GXl0.roa (raw, json)
Hash identifier:          G8i6jSbmxzUZcDObDJ5m5iiPjmE+XboSGsF4lQOtdC8=
Subject key identifier:   21:53:62:CE:62:0D:CC:62:AD:4B:5E:AF:03:A3:14:B5:FF:86:5E:5D
Certificate issuer:       /CN=b90f40bdb9e664769e917590f78db6e77193d751
Certificate serial:       019424B3C20226D540BDDF3D025DE6B1DDD4
Authority key identifier: B9:0F:40:BD:B9:E6:64:76:9E:91:75:90:F7:8D:B6:E7:71:93:D7:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uQ9AvbnmZHaekXWQ942253GT11E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/b92cc3-ddf1-43cb-b4b1-4154da5ceb9b/1/IVNizmINzGKtS16vA6MUtf-GXl0.roa
Signing time:             Thu 02 Jan 2025 01:49:07 +0000
ROA not before:           Thu 02 Jan 2025 01:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204851
IP address blocks:        185.237.240.0/22 maxlen: 22
                          185.237.240.0/24 maxlen: 24
                          185.237.241.0/24 maxlen: 24
                          185.237.242.0/24 maxlen: 24
                          185.237.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/b92cc3-ddf1-43cb-b4b1-4154da5ceb9b/1/uQ9AvbnmZHaekXWQ942253GT11E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/b92cc3-ddf1-43cb-b4b1-4154da5ceb9b/1/uQ9AvbnmZHaekXWQ942253GT11E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uQ9AvbnmZHaekXWQ942253GT11E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c2:02:26:d5:40:bd:df:3d:02:5d:e6:b1:dd:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b90f40bdb9e664769e917590f78db6e77193d751
        Validity
            Not Before: Jan  2 01:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=215362ce620dcc62ad4b5eaf03a314b5ff865e5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:c1:39:e7:3e:37:fe:69:32:e9:fd:a0:27:e0:
                    84:4c:f5:b5:d6:b0:b5:71:9c:97:e9:c1:36:5a:3a:
                    e7:31:20:97:21:df:3d:2a:c0:a9:1f:70:48:3a:cc:
                    4a:0e:be:1d:ce:ea:8e:f4:2e:b2:fc:01:8f:a4:09:
                    23:2d:a3:e6:41:3f:41:90:a2:e9:21:61:5f:d5:55:
                    ed:2b:0b:bd:bb:b1:8c:cf:59:6e:25:5a:b5:08:95:
                    38:63:cc:0d:40:2c:b1:08:19:ba:19:20:1a:fb:70:
                    d2:88:14:ff:75:f9:bf:81:e0:00:f0:38:a7:80:85:
                    d9:e5:b5:79:ec:57:cb:68:f6:a0:35:30:9a:b3:a8:
                    62:48:b6:86:e9:05:f9:2b:43:a6:8d:c1:b3:1c:8e:
                    1e:c4:8e:08:a4:47:a7:b2:23:fc:cc:25:b7:89:82:
                    c9:40:28:b9:cb:85:16:65:af:78:d0:4b:7f:7a:71:
                    1d:ac:61:db:0a:32:7f:c9:05:52:e7:5c:9b:2a:45:
                    0f:34:1d:63:9e:5e:7f:4a:3b:fa:c2:42:1b:fa:64:
                    73:6b:10:53:00:78:d6:dc:2e:5f:12:31:f5:b1:9c:
                    86:5b:15:b8:78:41:f3:89:a5:30:bd:98:85:89:8a:
                    9a:8f:6f:97:8a:c2:e3:1d:18:0e:2d:bc:29:0f:9a:
                    d4:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:53:62:CE:62:0D:CC:62:AD:4B:5E:AF:03:A3:14:B5:FF:86:5E:5D
            X509v3 Authority Key Identifier:
                keyid:B9:0F:40:BD:B9:E6:64:76:9E:91:75:90:F7:8D:B6:E7:71:93:D7:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uQ9AvbnmZHaekXWQ942253GT11E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/b92cc3-ddf1-43cb-b4b1-4154da5ceb9b/1/IVNizmINzGKtS16vA6MUtf-GXl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/b92cc3-ddf1-43cb-b4b1-4154da5ceb9b/1/uQ9AvbnmZHaekXWQ942253GT11E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:ed:c6:89:c6:8a:fc:d2:41:7b:52:d7:0e:2e:3c:cc:19:6b:
         66:4e:8b:e3:af:6e:e5:68:ff:ef:ce:91:9f:8f:5f:63:50:61:
         1a:03:a7:e8:20:fb:4b:99:17:94:1c:fa:12:98:56:c0:61:bf:
         c0:e8:4f:d8:8a:ca:94:ec:d0:23:b5:5f:52:33:7d:16:13:89:
         26:1d:e2:11:81:6c:17:bb:3d:8e:5b:e1:3f:60:a9:e1:4d:5e:
         c2:7d:dc:fe:75:97:48:a3:1a:03:4b:f7:cc:75:c1:80:b9:59:
         0f:8c:e2:85:79:04:15:a1:d6:4a:75:ee:aa:7f:00:fb:d5:d7:
         d8:9b:63:4a:84:c6:e5:0f:a8:79:a4:53:df:69:f8:52:1f:82:
         8b:50:91:3e:7b:d2:fb:86:4f:ae:ff:da:fc:ab:08:84:e5:7f:
         aa:9a:98:81:37:6b:40:ad:79:28:04:c1:7a:f1:ec:24:b2:34:
         55:ee:cf:b6:9f:4c:c3:df:5b:68:ac:67:90:e0:26:78:5b:df:
         82:ee:b8:4b:56:6a:95:c0:34:f0:47:7d:25:b6:75:9b:b5:a9:
         2d:ea:f3:a7:08:d4:c2:14:a5:df:12:88:3e:80:f8:e6:86:32:
         23:99:10:eb:e9:b5:e4:2f:2b:d4:e5:30:7a:a2:87:d6:06:88:
         db:4f:9e:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks8ICJtVAvd89Al3msd3UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MGY0MGJkYjllNjY0NzY5ZTkxNzU5MGY3OGRiNmU3NzE5
M2Q3NTEwHhcNMjUwMTAyMDE0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTUzNjJjZTYyMGRjYzYyYWQ0YjVlYWYwM2EzMTRiNWZmODY1ZTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA88E55z43/mky6f2gJ+CETPW11rC1
cZyX6cE2WjrnMSCXId89KsCpH3BIOsxKDr4dzuqO9C6y/AGPpAkjLaPmQT9BkKLp
IWFf1VXtKwu9u7GMz1luJVq1CJU4Y8wNQCyxCBm6GSAa+3DSiBT/dfm/geAA8Din
gIXZ5bV57FfLaPagNTCas6hiSLaG6QX5K0OmjcGzHI4exI4IpEensiP8zCW3iYLJ
QCi5y4UWZa940Et/enEdrGHbCjJ/yQVS51ybKkUPNB1jnl5/Sjv6wkIb+mRzaxBT
AHjW3C5fEjH1sZyGWxW4eEHziaUwvZiFiYqaj2+XisLjHRgOLbwpD5rUVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCFTYs5iDcxirUterwOjFLX/hl5dMB8GA1UdIwQY
MBaAFLkPQL255mR2npF1kPeNtudxk9dRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVE5QXZibm1aSGFla1hXUTk0MjI1M0dUMTFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9iOTJjYzMtZGRmMS00M2NiLWI0YjEt
NDE1NGRhNWNlYjliLzEvSVZOaXptSU56R0t0UzE2dkE2TVV0Zi1HWGwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9iOTJjYzMtZGRmMS00M2NiLWI0YjEtNDE1NGRhNWNlYjli
LzEvdVE5QXZibm1aSGFla1hXUTk0MjI1M0dUMTFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue3wMA0G
CSqGSIb3DQEBCwUAA4IBAQCD7caJxor80kF7UtcOLjzMGWtmTovjr27laP/vzpGf
j19jUGEaA6foIPtLmReUHPoSmFbAYb/A6E/YisqU7NAjtV9SM30WE4kmHeIRgWwX
uz2OW+E/YKnhTV7Cfdz+dZdIoxoDS/fMdcGAuVkPjOKFeQQVodZKde6qfwD71dfY
m2NKhMblD6h5pFPfafhSH4KLUJE+e9L7hk+u/9r8qwiE5X+qmpiBN2tArXkoBMF6
8ewksjRV7s+2n0zD31torGeQ4CZ4W9+C7rhLVmqVwDTwR30ltnWbtakt6vOnCNTC
FKXfEog+gPjmhjIjmRDr6bXkLyvU5TB6oofWBojbT55o
-----END CERTIFICATE-----