Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/b77e6a-ace3-4ff2-b22a-582f9d2e38b2/1/dtGqDCamv_hVVWZjpqsIRYZCyw8.roa
File:                     dtGqDCamv_hVVWZjpqsIRYZCyw8.roa (raw, json)
Hash identifier:          eV1f95aHCVJX6WIYYc+AMUUHYQd1RjaDWI8sAgDgSqE=
Subject key identifier:   76:D1:AA:0C:26:A6:BF:F8:55:55:66:63:A6:AB:08:45:86:42:CB:0F
Certificate issuer:       /CN=252a182d91f456d850210dbf72da7e475fbf3c08
Certificate serial:       019422FC4779103287C7DE0AEDCE4EE9ED47
Authority key identifier: 25:2A:18:2D:91:F4:56:D8:50:21:0D:BF:72:DA:7E:47:5F:BF:3C:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JSoYLZH0VthQIQ2_ctp-R1-_PAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/b77e6a-ace3-4ff2-b22a-582f9d2e38b2/1/dtGqDCamv_hVVWZjpqsIRYZCyw8.roa
Signing time:             Wed 01 Jan 2025 17:49:06 +0000
ROA not before:           Wed 01 Jan 2025 17:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203150
IP address blocks:        185.73.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/b77e6a-ace3-4ff2-b22a-582f9d2e38b2/1/JSoYLZH0VthQIQ2_ctp-R1-_PAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/b77e6a-ace3-4ff2-b22a-582f9d2e38b2/1/JSoYLZH0VthQIQ2_ctp-R1-_PAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JSoYLZH0VthQIQ2_ctp-R1-_PAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:47:79:10:32:87:c7:de:0a:ed:ce:4e:e9:ed:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=252a182d91f456d850210dbf72da7e475fbf3c08
        Validity
            Not Before: Jan  1 17:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76d1aa0c26a6bff855556663a6ab08458642cb0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:53:ab:09:3b:db:ca:3f:3e:e6:5f:35:89:dc:
                    04:40:3c:27:4f:c7:c0:49:87:37:00:44:2b:ef:d7:
                    61:71:72:a4:67:ec:96:93:14:a3:92:a3:19:9e:22:
                    00:c7:89:06:0c:21:ac:6a:83:10:fd:53:99:02:61:
                    2d:9e:47:a2:b8:a3:f7:9e:37:4f:2a:e9:80:86:12:
                    54:a1:7d:6b:70:79:75:1d:a9:37:18:52:be:59:63:
                    cc:4d:a0:c8:a7:80:de:29:b4:89:f6:39:f9:21:c3:
                    d0:6c:90:f6:b1:c8:9e:7d:79:73:52:7e:a8:bf:a9:
                    1e:50:38:29:0a:a6:86:88:00:f4:eb:95:ff:9f:35:
                    9a:6f:05:a6:fd:85:2d:88:59:c9:1d:f8:da:cc:ec:
                    9c:f6:26:dc:24:79:10:a8:a4:87:72:4a:8b:1b:41:
                    fa:64:d3:05:c6:f1:2f:d3:c4:b4:d0:16:e7:b9:28:
                    09:a1:a1:bb:bd:c5:7b:f1:86:b4:ba:31:32:d4:48:
                    3f:01:73:de:5c:48:8e:66:c4:3a:dd:5b:b4:43:b1:
                    37:83:83:ad:82:22:f9:b1:34:42:b5:ac:29:5e:e2:
                    d8:2e:02:20:ae:34:a4:c5:00:c3:a9:be:5f:d3:d8:
                    b2:6a:09:33:61:5e:7a:f6:bf:be:2d:75:8e:58:d6:
                    7b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:D1:AA:0C:26:A6:BF:F8:55:55:66:63:A6:AB:08:45:86:42:CB:0F
            X509v3 Authority Key Identifier:
                keyid:25:2A:18:2D:91:F4:56:D8:50:21:0D:BF:72:DA:7E:47:5F:BF:3C:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JSoYLZH0VthQIQ2_ctp-R1-_PAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/b77e6a-ace3-4ff2-b22a-582f9d2e38b2/1/dtGqDCamv_hVVWZjpqsIRYZCyw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/b77e6a-ace3-4ff2-b22a-582f9d2e38b2/1/JSoYLZH0VthQIQ2_ctp-R1-_PAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:5e:7a:2a:09:69:63:79:5d:5a:8c:9b:65:14:72:c5:39:39:
         6d:1d:86:f4:64:01:3e:1d:1f:67:35:97:e7:ad:39:de:88:64:
         97:61:30:0a:9e:d2:99:59:f4:da:df:f3:8d:4c:a9:b8:5d:59:
         44:5e:b4:50:fd:ce:8e:a4:41:0d:04:d2:bb:51:8f:3c:8d:a7:
         05:99:8f:fe:bf:4b:d6:0b:a4:f8:a6:db:fd:83:9c:a6:a0:d1:
         07:f1:2f:dd:ac:ab:ea:c1:50:bb:5d:17:69:55:88:fb:e1:8b:
         6e:dd:4c:f7:b1:3d:e5:84:1a:23:7f:41:8e:dc:1e:c5:ca:9b:
         b0:c4:97:44:3c:69:b6:59:93:cd:80:69:62:0a:52:ec:24:9c:
         72:44:8f:14:eb:7e:3f:5d:d0:17:97:50:72:32:42:5b:db:48:
         cf:6c:56:00:50:96:76:c2:93:1a:90:30:0d:ce:55:9e:49:26:
         8a:d8:e5:ae:37:3c:3b:ab:44:f9:99:d0:19:5e:b2:bd:3f:de:
         e3:3d:de:47:1f:9a:f9:92:4f:67:51:7d:34:84:2f:38:56:02:
         9b:6b:95:79:42:ed:b5:4c:fb:38:a1:71:f6:6a:f7:f4:2d:af:
         18:26:f6:72:64:b6:8b:bf:f9:72:e1:09:2d:72:d9:8f:da:20:
         2d:a5:00:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/Ed5EDKHx94K7c5O6e1HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1MmExODJkOTFmNDU2ZDg1MDIxMGRiZjcyZGE3ZTQ3NWZi
ZjNjMDgwHhcNMjUwMTAxMTc0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmQxYWEwYzI2YTZiZmY4NTU1NTY2NjNhNmFiMDg0NTg2NDJjYjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFOrCTvbyj8+5l81idwEQDwnT8fA
SYc3AEQr79dhcXKkZ+yWkxSjkqMZniIAx4kGDCGsaoMQ/VOZAmEtnkeiuKP3njdP
KumAhhJUoX1rcHl1Hak3GFK+WWPMTaDIp4DeKbSJ9jn5IcPQbJD2sciefXlzUn6o
v6keUDgpCqaGiAD065X/nzWabwWm/YUtiFnJHfjazOyc9ibcJHkQqKSHckqLG0H6
ZNMFxvEv08S00BbnuSgJoaG7vcV78Ya0ujEy1Eg/AXPeXEiOZsQ63Vu0Q7E3g4Ot
giL5sTRCtawpXuLYLgIgrjSkxQDDqb5f09iyagkzYV569r++LXWOWNZ7yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHbRqgwmpr/4VVVmY6arCEWGQssPMB8GA1UdIwQY
MBaAFCUqGC2R9FbYUCENv3LafkdfvzwIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlNvWUxaSDBWdGhRSVEyX2N0cC1SMS1fUEFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9iNzdlNmEtYWNlMy00ZmYyLWIyMmEt
NTgyZjlkMmUzOGIyLzEvZHRHcURDYW12X2hWVldaanBxc0lSWVpDeXc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9iNzdlNmEtYWNlMy00ZmYyLWIyMmEtNTgyZjlkMmUzOGIy
LzEvSlNvWUxaSDBWdGhRSVEyX2N0cC1SMS1fUEFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUn7MA0G
CSqGSIb3DQEBCwUAA4IBAQBaXnoqCWljeV1ajJtlFHLFOTltHYb0ZAE+HR9nNZfn
rTneiGSXYTAKntKZWfTa3/ONTKm4XVlEXrRQ/c6OpEENBNK7UY88jacFmY/+v0vW
C6T4ptv9g5ymoNEH8S/drKvqwVC7XRdpVYj74Ytu3Uz3sT3lhBojf0GO3B7Fypuw
xJdEPGm2WZPNgGliClLsJJxyRI8U634/XdAXl1ByMkJb20jPbFYAUJZ2wpMakDAN
zlWeSSaK2OWuNzw7q0T5mdAZXrK9P97jPd5HH5r5kk9nUX00hC84VgKba5V5Qu21
TPs4oXH2avf0La8YJvZyZLaLv/ly4QktctmP2iAtpQAM
-----END CERTIFICATE-----