Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/D7IbZMa3P-hRRIAm78DqK4wNZ34.roa
File:                     D7IbZMa3P-hRRIAm78DqK4wNZ34.roa (raw, json)
Hash identifier:          3Rvd3MmyWPzVOpIFhMlT5LNPsKGSgahML9FUxKiCMwI=
Subject key identifier:   0F:B2:1B:64:C6:B7:3F:E8:51:44:80:26:EF:C0:EA:2B:8C:0D:67:7E
Certificate issuer:       /CN=4345d0773c7ade08d44819e3b611bd297a3989d3
Certificate serial:       0194258EBA753FA9F0429C9E4A1DCCF3889E
Authority key identifier: 43:45:D0:77:3C:7A:DE:08:D4:48:19:E3:B6:11:BD:29:7A:39:89:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q0XQdzx63gjUSBnjthG9KXo5idM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/D7IbZMa3P-hRRIAm78DqK4wNZ34.roa
Signing time:             Thu 02 Jan 2025 05:48:18 +0000
ROA not before:           Thu 02 Jan 2025 05:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204883
IP address blocks:        185.237.208.0/24 maxlen: 24
                          185.237.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/Q0XQdzx63gjUSBnjthG9KXo5idM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/Q0XQdzx63gjUSBnjthG9KXo5idM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q0XQdzx63gjUSBnjthG9KXo5idM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:ba:75:3f:a9:f0:42:9c:9e:4a:1d:cc:f3:88:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4345d0773c7ade08d44819e3b611bd297a3989d3
        Validity
            Not Before: Jan  2 05:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0fb21b64c6b73fe851448026efc0ea2b8c0d677e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:8c:c2:d9:36:b9:5d:99:b4:3c:21:d2:df:c8:
                    53:c2:05:10:ac:7e:dc:2f:8e:7f:ec:70:df:ae:f9:
                    02:ab:0e:11:83:93:8b:0d:5d:e3:67:1b:92:50:95:
                    1e:50:fb:f3:75:ac:16:63:be:f5:5a:df:f0:37:34:
                    bb:89:1c:3f:27:81:eb:70:66:83:30:67:7d:32:00:
                    b4:2b:3e:8f:59:d3:4e:be:c5:30:3d:73:1f:1b:c7:
                    e9:cb:bc:b6:11:d8:22:c9:31:68:c7:12:8d:bd:9c:
                    d6:74:a3:d1:73:ed:37:29:d4:33:45:31:f3:f7:35:
                    1f:bb:b9:51:dc:19:80:f3:6c:97:e6:05:cb:d3:9d:
                    a9:7b:f7:fc:53:3e:d1:26:5f:51:8e:73:89:20:d6:
                    e7:b1:ac:84:94:ed:a7:a4:9e:4b:3a:d1:bd:90:1a:
                    ac:23:0f:23:6c:7e:97:13:53:8b:d8:a4:51:0e:28:
                    38:a3:79:a9:50:2c:54:3e:d8:38:d1:26:49:6c:2d:
                    c8:55:46:d1:2d:12:bf:39:a8:f9:76:72:b8:24:97:
                    3c:eb:4e:80:62:82:d3:76:07:e8:1f:60:65:d6:63:
                    c1:6d:51:54:4c:25:b1:a8:ad:cf:d6:18:b4:f9:b3:
                    8f:f1:11:46:66:1a:4c:fa:02:9b:ff:8d:e0:d2:62:
                    0b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:B2:1B:64:C6:B7:3F:E8:51:44:80:26:EF:C0:EA:2B:8C:0D:67:7E
            X509v3 Authority Key Identifier:
                keyid:43:45:D0:77:3C:7A:DE:08:D4:48:19:E3:B6:11:BD:29:7A:39:89:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q0XQdzx63gjUSBnjthG9KXo5idM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/D7IbZMa3P-hRRIAm78DqK4wNZ34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/bb9947-172c-48b1-be8e-4c905adbf076/1/Q0XQdzx63gjUSBnjthG9KXo5idM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5a:92:33:e8:6c:db:18:38:61:a7:7b:2d:f8:02:30:35:79:77:
         ef:a8:26:9a:b4:e6:e8:1f:e2:8b:5c:0f:87:7d:ef:15:85:12:
         40:1f:82:66:6e:a5:5e:c0:cc:a9:42:f4:59:f3:b7:22:9c:1d:
         f4:c6:92:bf:e5:5a:e2:e0:bc:9b:7e:fc:a7:ac:15:3f:d2:11:
         6e:e6:d0:4c:aa:5e:94:88:2b:35:0f:c0:3e:95:52:61:31:0e:
         65:bd:9a:f6:38:34:58:fa:06:d6:ba:aa:6b:e9:b7:e7:1e:28:
         8a:43:28:74:f1:a8:4f:cc:d8:8a:ab:29:69:c7:16:f3:0f:3b:
         95:e7:98:67:9d:6a:40:96:08:95:29:9c:b3:1d:7e:58:c2:cd:
         97:d4:f0:f0:9d:e7:4b:97:8a:59:a8:76:2c:da:4c:25:ad:d2:
         25:33:46:5f:c3:5b:d0:54:b2:00:30:d1:ea:3c:3e:9b:70:0e:
         88:4a:d7:e0:d5:a6:7b:91:d6:35:dc:38:79:9b:57:b8:e6:93:
         d5:ef:3a:4b:99:63:11:7e:31:5b:31:d3:97:ab:e5:24:ce:d2:
         94:51:fb:ff:a9:cd:c3:b6:24:0c:91:54:61:35:a8:4d:e8:e0:
         16:03:35:15:5d:4b:4d:2e:f0:b3:19:6a:3b:22:10:71:43:02:
         52:4f:b0:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljrp1P6nwQpyeSh3M84ieMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNDVkMDc3M2M3YWRlMDhkNDQ4MTllM2I2MTFiZDI5N2Ez
OTg5ZDMwHhcNMjUwMTAyMDU0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmIyMWI2NGM2YjczZmU4NTE0NDgwMjZlZmMwZWEyYjhjMGQ2NzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7IzC2Ta5XZm0PCHS38hTwgUQrH7c
L45/7HDfrvkCqw4Rg5OLDV3jZxuSUJUeUPvzdawWY771Wt/wNzS7iRw/J4HrcGaD
MGd9MgC0Kz6PWdNOvsUwPXMfG8fpy7y2EdgiyTFoxxKNvZzWdKPRc+03KdQzRTHz
9zUfu7lR3BmA82yX5gXL052pe/f8Uz7RJl9RjnOJINbnsayElO2npJ5LOtG9kBqs
Iw8jbH6XE1OL2KRRDig4o3mpUCxUPtg40SZJbC3IVUbRLRK/Oaj5dnK4JJc8606A
YoLTdgfoH2Bl1mPBbVFUTCWxqK3P1hi0+bOP8RFGZhpM+gKb/43g0mILEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+yG2TGtz/oUUSAJu/A6iuMDWd+MB8GA1UdIwQY
MBaAFENF0Hc8et4I1EgZ47YRvSl6OYnTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTBYUWR6eDYzZ2pVU0JuanRoRzlLWG81aWRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9iYjk5NDctMTcyYy00OGIxLWJlOGUt
NGM5MDVhZGJmMDc2LzEvRDdJYlpNYTNQLWhSUklBbTc4RHFLNHdOWjM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9iYjk5NDctMTcyYy00OGIxLWJlOGUtNGM5MDVhZGJmMDc2
LzEvUTBYUWR6eDYzZ2pVU0JuanRoRzlLWG81aWRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBue3QMA0G
CSqGSIb3DQEBCwUAA4IBAQBakjPobNsYOGGney34AjA1eXfvqCaatOboH+KLXA+H
fe8VhRJAH4JmbqVewMypQvRZ87cinB30xpK/5Vri4LybfvynrBU/0hFu5tBMql6U
iCs1D8A+lVJhMQ5lvZr2ODRY+gbWuqpr6bfnHiiKQyh08ahPzNiKqylpxxbzDzuV
55hnnWpAlgiVKZyzHX5Yws2X1PDwnedLl4pZqHYs2kwlrdIlM0Zfw1vQVLIAMNHq
PD6bcA6IStfg1aZ7kdY13Dh5m1e45pPV7zpLmWMRfjFbMdOXq+UkztKUUfv/qc3D
tiQMkVRhNahN6OAWAzUVXUtNLvCzGWo7IhBxQwJST7DS
-----END CERTIFICATE-----