Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/4RiMrm8aaExTJ5NxhFCCQc-LTfQ.roa
File:                     4RiMrm8aaExTJ5NxhFCCQc-LTfQ.roa (raw, json)
Hash identifier:          xT77mBm76fvxQ/4syBVoQsoquUiDMD7RefgDewlMNII=
Subject key identifier:   E1:18:8C:AE:6F:1A:68:4C:53:27:93:71:84:50:82:41:CF:8B:4D:F4
Certificate issuer:       /CN=d0ee0389687dbd445de6f9239c1d02c3770cf574
Certificate serial:       01942522384A4D58C56CE5D704EBC6F1E10E
Authority key identifier: D0:EE:03:89:68:7D:BD:44:5D:E6:F9:23:9C:1D:02:C3:77:0C:F5:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/4RiMrm8aaExTJ5NxhFCCQc-LTfQ.roa
Signing time:             Thu 02 Jan 2025 03:49:47 +0000
ROA not before:           Thu 02 Jan 2025 03:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198551
IP address blocks:        185.238.36.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:38:4a:4d:58:c5:6c:e5:d7:04:eb:c6:f1:e1:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0ee0389687dbd445de6f9239c1d02c3770cf574
        Validity
            Not Before: Jan  2 03:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1188cae6f1a684c5327937184508241cf8b4df4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:21:93:0b:82:b7:82:62:60:b1:77:2e:71:31:
                    c2:84:4b:c3:4a:24:67:18:d7:5c:3d:3c:19:f1:5d:
                    d7:ab:61:91:0a:09:49:43:7a:f0:9e:9e:36:1d:84:
                    d1:67:5f:35:37:c4:b4:76:2f:e4:e7:8b:5b:75:94:
                    64:fa:b5:79:91:7b:55:78:d6:3d:12:b2:52:9d:c4:
                    6f:18:d2:3c:8d:95:e0:31:f2:94:4d:be:8f:8f:61:
                    21:97:44:31:66:97:15:02:0c:e7:2c:65:0c:c3:8a:
                    7d:e8:5a:a2:b1:0c:9c:be:c9:82:d0:05:1a:db:20:
                    1a:49:4b:b7:5c:3b:0f:23:dd:2c:7b:aa:b8:1c:cf:
                    c8:6d:71:7e:4d:6a:26:01:22:89:33:f2:88:8f:7b:
                    19:a9:71:b7:90:2a:0e:36:92:4a:2e:af:69:dc:2a:
                    d3:96:79:c3:d7:2b:6d:7e:8f:e2:7a:19:79:56:df:
                    0b:8b:91:57:9b:f8:04:c4:e7:a2:3a:d0:a1:e9:f5:
                    f8:68:98:e1:45:09:cb:c7:d0:da:6d:3f:0f:c2:a8:
                    15:84:90:18:3e:65:b8:27:02:92:fc:60:65:5c:40:
                    f6:e7:de:b5:ce:c5:0c:8a:58:fb:8b:3e:ae:c3:56:
                    8d:59:63:7f:0a:03:55:19:ac:54:9d:d1:dd:f8:af:
                    3f:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:18:8C:AE:6F:1A:68:4C:53:27:93:71:84:50:82:41:CF:8B:4D:F4
            X509v3 Authority Key Identifier:
                keyid:D0:EE:03:89:68:7D:BD:44:5D:E6:F9:23:9C:1D:02:C3:77:0C:F5:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/4RiMrm8aaExTJ5NxhFCCQc-LTfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a11417-6abc-4c0d-8afa-1a29a448d309/1/0O4DiWh9vURd5vkjnB0Cw3cM9XQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:f9:f4:43:cf:ec:fb:fe:fa:25:58:76:15:b8:08:d8:37:8a:
         ad:be:bf:83:77:7d:48:e3:fe:e9:16:d3:c4:7e:eb:0f:40:1e:
         3d:39:a5:7d:32:58:1a:5b:e4:35:c5:9e:ba:54:b2:6d:a8:3b:
         c8:d2:5e:d7:51:ba:fe:b3:0d:6d:b8:93:bf:27:1b:90:97:c8:
         6a:f4:1a:25:51:aa:9b:9b:11:08:1a:17:60:c5:cc:16:5b:38:
         95:6b:51:27:1a:af:fb:eb:f7:5c:8d:36:25:5d:06:a3:a0:b3:
         2d:ba:66:e6:5a:88:df:f3:7f:97:22:fb:53:a5:1d:08:b6:68:
         eb:2d:be:db:d8:43:dc:84:c0:2e:26:d6:09:9f:99:d3:4c:15:
         2d:f3:be:18:4b:ec:34:b3:29:5e:b3:b0:05:24:db:bd:b2:81:
         be:c1:ce:a2:06:af:ab:bd:24:b8:1d:ce:5d:9b:d4:d8:d5:0d:
         ae:43:b6:d1:83:16:b9:5e:60:71:8b:16:d5:37:28:96:51:66:
         91:da:c2:55:82:92:f1:d2:78:18:d5:ad:48:fa:74:79:04:fc:
         df:22:f5:42:80:bb:36:5f:1b:9d:97:3d:27:6d:b8:08:1c:1b:
         6d:06:80:a1:49:a4:5d:fc:5d:97:91:2a:7a:6a:6d:e9:5b:e3:
         1d:8e:63:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIjhKTVjFbOXXBOvG8eEOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZWUwMzg5Njg3ZGJkNDQ1ZGU2ZjkyMzljMWQwMmMzNzcw
Y2Y1NzQwHhcNMjUwMTAyMDM0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTE4OGNhZTZmMWE2ODRjNTMyNzkzNzE4NDUwODI0MWNmOGI0ZGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyGTC4K3gmJgsXcucTHChEvDSiRn
GNdcPTwZ8V3Xq2GRCglJQ3rwnp42HYTRZ181N8S0di/k54tbdZRk+rV5kXtVeNY9
ErJSncRvGNI8jZXgMfKUTb6Pj2Ehl0QxZpcVAgznLGUMw4p96FqisQycvsmC0AUa
2yAaSUu3XDsPI90se6q4HM/IbXF+TWomASKJM/KIj3sZqXG3kCoONpJKLq9p3CrT
lnnD1yttfo/iehl5Vt8Li5FXm/gExOeiOtCh6fX4aJjhRQnLx9DabT8PwqgVhJAY
PmW4JwKS/GBlXED25961zsUMilj7iz6uw1aNWWN/CgNVGaxUndHd+K8/SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOEYjK5vGmhMUyeTcYRQgkHPi030MB8GA1UdIwQY
MBaAFNDuA4lofb1EXeb5I5wdAsN3DPV0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvME80RGlXaDl2VVJkNXZram5CMEN3M2NNOVhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9hMTE0MTctNmFiYy00YzBkLThhZmEt
MWEyOWE0NDhkMzA5LzEvNFJpTXJtOGFhRXhUSjVOeGhGQ0NRYy1MVGZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9hMTE0MTctNmFiYy00YzBkLThhZmEtMWEyOWE0NDhkMzA5
LzEvME80RGlXaDl2VVJkNXZram5CMEN3M2NNOVhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue4kMA0G
CSqGSIb3DQEBCwUAA4IBAQA1+fRDz+z7/volWHYVuAjYN4qtvr+Dd31I4/7pFtPE
fusPQB49OaV9MlgaW+Q1xZ66VLJtqDvI0l7XUbr+sw1tuJO/JxuQl8hq9BolUaqb
mxEIGhdgxcwWWziVa1EnGq/76/dcjTYlXQajoLMtumbmWojf83+XIvtTpR0Itmjr
Lb7b2EPchMAuJtYJn5nTTBUt874YS+w0syles7AFJNu9soG+wc6iBq+rvSS4Hc5d
m9TY1Q2uQ7bRgxa5XmBxixbVNyiWUWaR2sJVgpLx0ngY1a1I+nR5BPzfIvVCgLs2
Xxudlz0nbbgIHBttBoChSaRd/F2XkSp6am3pW+MdjmPq
-----END CERTIFICATE-----