Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/067630-306e-4c37-8bcc-4f021c73ef74/1/xHwvN6-vM3aYD0WFb7ooENGYbZk.roa
File:                     xHwvN6-vM3aYD0WFb7ooENGYbZk.roa (raw, json)
Hash identifier:          iMOiUeIxNdKNrUiqdP5pHSRFVDIEoaVwDT8Frv9xIdQ=
Subject key identifier:   C4:7C:2F:37:AF:AF:33:76:98:0F:45:85:6F:BA:28:10:D1:98:6D:99
Certificate issuer:       /CN=344fdad10ee55b3282a64246a41dc61a8922d25d
Certificate serial:       01952DB52B19C6AC1FA7CCCD03620E618D53
Authority key identifier: 34:4F:DA:D1:0E:E5:5B:32:82:A6:42:46:A4:1D:C6:1A:89:22:D2:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NE_a0Q7lWzKCpkJGpB3GGoki0l0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/067630-306e-4c37-8bcc-4f021c73ef74/1/xHwvN6-vM3aYD0WFb7ooENGYbZk.roa
Signing time:             Sat 22 Feb 2025 12:50:02 +0000
ROA not before:           Sat 22 Feb 2025 12:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43395
IP address blocks:        185.145.184.0/22 maxlen: 22
                          185.186.48.0/24 maxlen: 24
                          185.186.49.0/24 maxlen: 24
                          185.186.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/067630-306e-4c37-8bcc-4f021c73ef74/1/NE_a0Q7lWzKCpkJGpB3GGoki0l0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/067630-306e-4c37-8bcc-4f021c73ef74/1/NE_a0Q7lWzKCpkJGpB3GGoki0l0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NE_a0Q7lWzKCpkJGpB3GGoki0l0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 12:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:2d:b5:2b:19:c6:ac:1f:a7:cc:cd:03:62:0e:61:8d:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=344fdad10ee55b3282a64246a41dc61a8922d25d
        Validity
            Not Before: Feb 22 12:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c47c2f37afaf3376980f45856fba2810d1986d99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:6d:7b:5d:92:a4:93:31:21:88:a7:f1:72:e0:
                    c3:e2:e8:53:5a:57:b3:b8:3b:f4:62:4a:b8:77:30:
                    ad:88:c7:2f:e5:81:97:07:88:c9:d6:8c:d3:1b:f8:
                    7a:f2:6a:bc:8c:7a:22:b4:3e:c4:49:65:a5:93:1b:
                    0d:b2:46:41:89:97:56:e0:00:4b:24:eb:c4:55:70:
                    81:42:c5:b8:fd:d1:18:0d:2a:5d:2c:22:96:19:73:
                    a7:81:ee:c2:2e:31:a7:9e:c4:89:21:6f:28:1f:64:
                    d5:4e:7a:33:8d:4a:4e:67:79:b3:d1:06:f4:21:b5:
                    9e:ec:67:cd:0d:25:ed:7f:a8:e5:bc:9c:6e:eb:27:
                    75:6a:77:cf:47:6a:f5:89:9f:62:48:2e:0a:0e:50:
                    7c:0e:eb:f5:07:df:d1:84:bc:ff:6b:ed:aa:f9:0b:
                    e0:f7:a2:dd:3a:c7:1c:5d:53:08:ae:27:06:ed:d8:
                    3b:8c:cc:1c:3d:8a:80:a4:a2:1c:94:f5:26:65:ff:
                    7c:76:ca:66:8d:30:02:cb:0f:55:47:81:a9:9d:56:
                    d1:82:67:b8:07:9a:66:26:1f:c5:9b:ca:b3:8b:7b:
                    a5:d3:77:ca:e0:a8:25:49:f4:e9:af:61:11:fc:97:
                    a2:a0:6d:9f:95:36:5e:b6:90:15:70:b6:c8:32:36:
                    2d:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:7C:2F:37:AF:AF:33:76:98:0F:45:85:6F:BA:28:10:D1:98:6D:99
            X509v3 Authority Key Identifier:
                keyid:34:4F:DA:D1:0E:E5:5B:32:82:A6:42:46:A4:1D:C6:1A:89:22:D2:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NE_a0Q7lWzKCpkJGpB3GGoki0l0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/067630-306e-4c37-8bcc-4f021c73ef74/1/xHwvN6-vM3aYD0WFb7ooENGYbZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/067630-306e-4c37-8bcc-4f021c73ef74/1/NE_a0Q7lWzKCpkJGpB3GGoki0l0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.184.0/22
                  185.186.48.0-185.186.50.255

    Signature Algorithm: sha256WithRSAEncryption
         73:30:03:bc:3a:d5:d7:d5:1c:82:9c:f2:56:2d:dd:58:06:3a:
         36:1a:ef:81:6e:a6:4e:44:4e:35:03:c3:2f:ed:2e:cc:26:3e:
         da:3a:59:6f:00:96:ce:dd:14:f7:25:f2:78:e5:5b:c3:66:dc:
         ab:1c:18:19:bf:1c:cd:0b:aa:9b:cf:07:cc:10:76:bc:6a:2a:
         d9:67:1b:88:c6:f1:3d:b5:8d:ed:e8:56:3b:b4:8c:ad:75:9f:
         fc:7d:5b:e0:9f:96:7e:9f:2f:81:5e:74:28:92:c0:29:07:80:
         4b:41:ed:ba:af:6b:39:6c:54:e4:71:9e:30:06:53:e0:34:2f:
         c7:89:37:01:1f:d1:6f:43:de:b0:44:1d:93:fe:d7:91:d7:d3:
         4f:6d:ce:5a:1f:95:f8:63:09:88:db:70:c7:c7:1a:eb:b9:3a:
         b7:0c:9d:6b:53:ea:17:c0:9a:f0:6d:a2:80:6f:bb:cf:89:ae:
         4b:4c:39:d2:4a:c2:99:b9:a6:f5:53:93:e7:dd:b0:13:96:e0:
         4e:43:13:3a:e4:e0:e5:47:3a:4f:65:3d:9b:7a:cc:91:00:9f:
         73:89:f8:fd:05:ac:43:8e:91:10:57:a6:75:ca:aa:7c:87:64:
         5c:fa:8a:e9:7d:f4:d5:0e:b9:60:07:99:ca:9d:a1:8e:4c:ef:
         e9:67:9d:b3
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZUttSsZxqwfp8zNA2IOYY1TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NGZkYWQxMGVlNTViMzI4MmE2NDI0NmE0MWRjNjFhODky
MmQyNWQwHhcNMjUwMjIyMTI1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDdjMmYzN2FmYWYzMzc2OTgwZjQ1ODU2ZmJhMjgxMGQxOTg2ZDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0W17XZKkkzEhiKfxcuDD4uhTWlez
uDv0Ykq4dzCtiMcv5YGXB4jJ1ozTG/h68mq8jHoitD7ESWWlkxsNskZBiZdW4ABL
JOvEVXCBQsW4/dEYDSpdLCKWGXOnge7CLjGnnsSJIW8oH2TVTnozjUpOZ3mz0Qb0
IbWe7GfNDSXtf6jlvJxu6yd1anfPR2r1iZ9iSC4KDlB8Duv1B9/RhLz/a+2q+Qvg
96LdOsccXVMIricG7dg7jMwcPYqApKIclPUmZf98dspmjTACyw9VR4GpnVbRgme4
B5pmJh/Fm8qzi3ul03fK4KglSfTpr2ER/JeioG2flTZetpAVcLbIMjYtyQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFMR8LzevrzN2mA9FhW+6KBDRmG2ZMB8GA1UdIwQY
MBaAFDRP2tEO5VsygqZCRqQdxhqJItJdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkVfYTBRN2xXektDcGtKR3BCM0dHb2tpMGwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8wNjc2MzAtMzA2ZS00YzM3LThiY2Mt
NGYwMjFjNzNlZjc0LzEveEh3dk42LXZNM2FZRDBXRmI3b29FTkdZYlprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8wNjc2MzAtMzA2ZS00YzM3LThiY2MtNGYwMjFjNzNlZjc0
LzEvTkVfYTBRN2xXektDcGtKR3BCM0dHb2tpMGwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCuZG4MAwD
BAS5ujADBAC5ujIwDQYJKoZIhvcNAQELBQADggEBAHMwA7w61dfVHIKc8lYt3VgG
OjYa74Fupk5ETjUDwy/tLswmPto6WW8Als7dFPcl8njlW8Nm3KscGBm/HM0LqpvP
B8wQdrxqKtlnG4jG8T21je3oVju0jK11n/x9W+Cfln6fL4FedCiSwCkHgEtB7bqv
azlsVORxnjAGU+A0L8eJNwEf0W9D3rBEHZP+15HX009tzloflfhjCYjbcMfHGuu5
OrcMnWtT6hfAmvBtooBvu8+JrktMOdJKwpm5pvVTk+fdsBOW4E5DEzrk4OVHOk9l
PZt6zJEAn3OJ+P0FrEOOkRBXpnXKqnyHZFz6iul99NUOuWAHmcqdoY5M7+lnnbM=
-----END CERTIFICATE-----