Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/2d6237-e584-4bef-9c35-7ef24099db85/1/I4q92VajZXPlw9QYtmNI4uQ6GtM.roa
File:                     I4q92VajZXPlw9QYtmNI4uQ6GtM.roa (raw, json)
Hash identifier:          1MIUh7t1a8Oi5v6mo6yeYyqi8+Xbxa0dw1T/gUvyI5M=
Subject key identifier:   23:8A:BD:D9:56:A3:65:73:E5:C3:D4:18:B6:63:48:E2:E4:3A:1A:D3
Certificate issuer:       /CN=36a32e14a2ffece5679f3ed117c30ff77b45b0f4
Certificate serial:       0194221F5D7BBBEA4996CB4343EE37D76A2B
Authority key identifier: 36:A3:2E:14:A2:FF:EC:E5:67:9F:3E:D1:17:C3:0F:F7:7B:45:B0:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NqMuFKL_7OVnnz7RF8MP93tFsPQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/2d6237-e584-4bef-9c35-7ef24099db85/1/I4q92VajZXPlw9QYtmNI4uQ6GtM.roa
Signing time:             Wed 01 Jan 2025 13:47:48 +0000
ROA not before:           Wed 01 Jan 2025 13:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21413
IP address blocks:        185.217.176.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/2d6237-e584-4bef-9c35-7ef24099db85/1/NqMuFKL_7OVnnz7RF8MP93tFsPQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/2d6237-e584-4bef-9c35-7ef24099db85/1/NqMuFKL_7OVnnz7RF8MP93tFsPQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NqMuFKL_7OVnnz7RF8MP93tFsPQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:5d:7b:bb:ea:49:96:cb:43:43:ee:37:d7:6a:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36a32e14a2ffece5679f3ed117c30ff77b45b0f4
        Validity
            Not Before: Jan  1 13:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=238abdd956a36573e5c3d418b66348e2e43a1ad3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:bb:fd:95:78:ab:92:3b:64:2d:af:61:07:6a:
                    76:f1:f3:ed:3a:6a:ba:96:0e:1b:55:d6:fb:02:5d:
                    f2:f0:d0:10:67:f4:cb:80:93:7d:4c:18:2b:4b:f6:
                    84:de:0b:72:1a:d7:48:11:fd:9c:77:ed:a4:a1:dc:
                    52:0e:70:87:d3:b9:29:87:5a:b7:66:ac:9c:6b:3c:
                    0c:77:08:b6:89:86:3d:26:ca:68:c3:a2:c1:b9:10:
                    05:ab:f7:50:9f:fb:7f:3a:3a:42:b4:9e:a9:4f:f2:
                    68:3b:86:56:c2:22:95:f9:9f:b3:b2:bf:70:49:27:
                    d9:3c:4c:ea:fb:ed:6c:a5:13:8e:a2:53:05:5c:79:
                    f3:4a:c3:70:32:05:dd:68:27:53:53:71:41:6c:10:
                    5f:3f:b2:57:ec:8f:fd:57:e6:21:31:a3:8a:09:60:
                    40:61:9f:86:83:52:70:91:82:a2:40:69:a0:6c:f0:
                    a1:3e:83:3d:9b:71:4f:03:83:1f:0f:35:ad:d1:26:
                    a0:61:5e:70:da:bd:ed:80:47:b3:c9:c0:3c:0c:b3:
                    bc:37:d7:92:62:33:28:eb:15:9e:18:28:8e:9f:b4:
                    21:bc:b7:43:18:7e:6b:2b:b6:f7:61:e1:4a:86:61:
                    7b:a1:57:c0:fe:71:95:e7:9d:37:0c:53:18:6d:fd:
                    d1:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:8A:BD:D9:56:A3:65:73:E5:C3:D4:18:B6:63:48:E2:E4:3A:1A:D3
            X509v3 Authority Key Identifier:
                keyid:36:A3:2E:14:A2:FF:EC:E5:67:9F:3E:D1:17:C3:0F:F7:7B:45:B0:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NqMuFKL_7OVnnz7RF8MP93tFsPQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/2d6237-e584-4bef-9c35-7ef24099db85/1/I4q92VajZXPlw9QYtmNI4uQ6GtM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/2d6237-e584-4bef-9c35-7ef24099db85/1/NqMuFKL_7OVnnz7RF8MP93tFsPQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:bc:aa:f3:cc:97:83:2f:e6:af:35:97:f5:7c:a7:0c:9b:7a:
         f8:88:14:41:b8:09:be:1b:66:39:b4:4f:48:79:30:58:b6:05:
         30:8e:b7:8c:10:1d:89:da:96:16:65:57:70:d4:25:ed:74:f0:
         7f:8d:ff:79:71:8c:58:44:bd:d4:45:02:3e:8c:93:4b:9d:3a:
         5e:5f:8f:8d:c2:b9:07:d7:ba:4c:f1:f2:ce:53:8f:f7:56:86:
         f1:16:b8:d9:e7:d5:22:8e:f3:83:b5:0b:73:17:8b:94:dc:a3:
         4a:d1:85:35:f1:51:53:d7:e2:8c:d8:fa:4a:18:f4:47:b4:9e:
         b1:c7:a2:46:5c:df:51:82:a0:e2:0a:46:55:1e:d2:93:a7:81:
         f7:82:a8:b0:ba:ce:c7:a5:be:c7:d1:86:65:7e:75:c8:c8:4b:
         d6:ff:05:43:fe:c5:5b:f9:b5:26:36:13:03:a8:32:d4:df:e6:
         bf:ad:a4:60:a4:02:91:86:f9:cb:73:e3:dd:ed:5d:b6:5d:ae:
         b9:9e:fc:9f:e5:b7:af:70:7e:32:e2:37:f4:3d:a5:bb:2b:c8:
         ad:ac:70:e0:78:a5:9b:88:6e:b3:bf:4f:a4:10:f3:69:d5:e8:
         89:5a:58:b5:0a:76:af:75:c8:e4:e6:55:90:bf:a1:c1:46:b6:
         52:9b:b6:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH117u+pJlstDQ+4312orMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YTMyZTE0YTJmZmVjZTU2NzlmM2VkMTE3YzMwZmY3N2I0
NWIwZjQwHhcNMjUwMTAxMTM0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzhhYmRkOTU2YTM2NTczZTVjM2Q0MThiNjYzNDhlMmU0M2ExYWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurv9lXirkjtkLa9hB2p28fPtOmq6
lg4bVdb7Al3y8NAQZ/TLgJN9TBgrS/aE3gtyGtdIEf2cd+2kodxSDnCH07kph1q3
ZqycazwMdwi2iYY9Jspow6LBuRAFq/dQn/t/OjpCtJ6pT/JoO4ZWwiKV+Z+zsr9w
SSfZPEzq++1spROOolMFXHnzSsNwMgXdaCdTU3FBbBBfP7JX7I/9V+YhMaOKCWBA
YZ+Gg1JwkYKiQGmgbPChPoM9m3FPA4MfDzWt0SagYV5w2r3tgEezycA8DLO8N9eS
YjMo6xWeGCiOn7QhvLdDGH5rK7b3YeFKhmF7oVfA/nGV5503DFMYbf3RHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCOKvdlWo2Vz5cPUGLZjSOLkOhrTMB8GA1UdIwQY
MBaAFDajLhSi/+zlZ58+0RfDD/d7RbD0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnFNdUZLTF83T1Zubno3UkY4TVA5M3RGc1BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS8yZDYyMzctZTU4NC00YmVmLTljMzUt
N2VmMjQwOTlkYjg1LzEvSTRxOTJWYWpaWFBsdzlRWXRtTkk0dVE2R3RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS8yZDYyMzctZTU4NC00YmVmLTljMzUtN2VmMjQwOTlkYjg1
LzEvTnFNdUZLTF83T1Zubno3UkY4TVA5M3RGc1BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudmwMA0G
CSqGSIb3DQEBCwUAA4IBAQBevKrzzJeDL+avNZf1fKcMm3r4iBRBuAm+G2Y5tE9I
eTBYtgUwjreMEB2J2pYWZVdw1CXtdPB/jf95cYxYRL3URQI+jJNLnTpeX4+NwrkH
17pM8fLOU4/3VobxFrjZ59UijvODtQtzF4uU3KNK0YU18VFT1+KM2PpKGPRHtJ6x
x6JGXN9RgqDiCkZVHtKTp4H3gqiwus7Hpb7H0YZlfnXIyEvW/wVD/sVb+bUmNhMD
qDLU3+a/raRgpAKRhvnLc+Pd7V22Xa65nvyf5bevcH4y4jf0PaW7K8itrHDgeKWb
iG6zv0+kEPNp1eiJWli1Cnavdcjk5lWQv6HBRrZSm7YP
-----END CERTIFICATE-----