Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/kSeV1NXuoW2kMAhRuEJXNL0G3J8.roa
File:                     kSeV1NXuoW2kMAhRuEJXNL0G3J8.roa (raw, json)
Hash identifier:          BCpFIjkEeCfOQHY9iAYyAPzCmQqEp82NEt+xGk7yxzQ=
Subject key identifier:   91:27:95:D4:D5:EE:A1:6D:A4:30:08:51:B8:42:57:34:BD:06:DC:9F
Certificate issuer:       /CN=848d9800d69debae11b7f8161c3ce88181fde7b4
Certificate serial:       019424449F88196DBE6F07F29C32D412625C
Authority key identifier: 84:8D:98:00:D6:9D:EB:AE:11:B7:F8:16:1C:3C:E8:81:81:FD:E7:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hI2YANad664Rt_gWHDzogYH957Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/kSeV1NXuoW2kMAhRuEJXNL0G3J8.roa
Signing time:             Wed 01 Jan 2025 23:47:44 +0000
ROA not before:           Wed 01 Jan 2025 23:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8245
IP address blocks:        185.237.169.0/24 maxlen: 24
                          185.237.170.0/24 maxlen: 24
                          185.237.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/hI2YANad664Rt_gWHDzogYH957Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/hI2YANad664Rt_gWHDzogYH957Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hI2YANad664Rt_gWHDzogYH957Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:9f:88:19:6d:be:6f:07:f2:9c:32:d4:12:62:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=848d9800d69debae11b7f8161c3ce88181fde7b4
        Validity
            Not Before: Jan  1 23:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=912795d4d5eea16da4300851b8425734bd06dc9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:28:31:0a:6c:f3:70:6f:75:30:4b:c1:b6:2a:
                    71:d6:57:35:a9:ba:11:9f:a2:e9:0a:73:05:42:be:
                    da:22:86:ca:cb:c7:d3:0b:a5:76:c6:ba:46:c9:2e:
                    87:66:e4:74:bc:4a:cd:e2:bd:1b:34:81:e7:bf:6e:
                    19:0a:cf:3e:dc:51:38:c8:75:ec:96:ca:dd:ae:97:
                    70:4c:42:fd:cb:9b:a2:ab:ca:85:9a:98:d3:0f:02:
                    f5:71:0c:76:d2:c1:99:54:25:65:f1:22:a3:7e:51:
                    bb:a6:77:ab:a4:0b:cf:65:e7:0a:07:82:31:48:ba:
                    67:dd:42:74:59:e3:f7:89:d9:f2:96:d3:24:d2:49:
                    23:6c:dc:fa:c1:cc:8e:d4:9d:e0:a8:8e:ff:f5:56:
                    88:29:f8:68:ad:c6:29:84:c8:aa:3d:04:e2:7d:08:
                    18:fb:7d:2d:a9:9e:db:4c:36:36:ea:f9:29:db:6e:
                    e5:39:9c:83:9e:15:c6:9e:a2:35:0f:5e:d7:30:47:
                    23:40:d8:b9:b3:8b:90:0f:53:7d:cc:89:b5:c8:8f:
                    1c:57:c2:12:64:fa:20:13:be:1f:ae:a5:39:21:0b:
                    17:7c:9e:eb:a6:bd:b3:88:8e:ed:c3:70:bc:86:74:
                    46:ca:cc:d8:e4:e5:74:72:b2:d9:77:f6:d9:a4:88:
                    98:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:27:95:D4:D5:EE:A1:6D:A4:30:08:51:B8:42:57:34:BD:06:DC:9F
            X509v3 Authority Key Identifier:
                keyid:84:8D:98:00:D6:9D:EB:AE:11:B7:F8:16:1C:3C:E8:81:81:FD:E7:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hI2YANad664Rt_gWHDzogYH957Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/kSeV1NXuoW2kMAhRuEJXNL0G3J8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/hI2YANad664Rt_gWHDzogYH957Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.169.0-185.237.171.255

    Signature Algorithm: sha256WithRSAEncryption
         00:85:bf:4f:49:fc:3a:44:ca:3e:6f:72:f3:79:e1:bb:62:c9:
         19:4a:15:16:0c:0b:4a:57:56:69:fe:ed:ea:dd:a3:92:ae:73:
         13:a6:ca:d7:3e:c6:89:45:17:32:ad:e1:54:ea:88:49:ff:f8:
         9f:13:31:15:64:68:cf:65:8e:15:20:bc:10:78:25:a4:86:7d:
         65:92:ce:54:a1:60:61:a5:2c:cf:d9:db:3b:50:01:c3:9b:37:
         30:5e:7b:e1:b5:80:d1:16:c7:b5:f4:82:dd:fa:d4:34:5d:18:
         2d:07:e9:0e:d2:79:4b:71:76:ed:71:65:b8:fc:1b:cf:d5:36:
         2b:3a:98:3f:3f:96:d2:7f:44:7b:ad:32:51:d8:9c:b9:2a:14:
         04:37:aa:a0:49:23:1f:13:f6:47:ed:5a:b2:57:66:bf:e5:bc:
         37:1a:9d:75:e6:f5:ed:47:8f:b0:35:d1:de:4f:b3:12:82:5c:
         c6:08:a0:c8:ef:fe:ec:0d:f1:c7:ad:1c:51:66:3b:9f:f6:02:
         1e:5f:cb:a6:e9:b4:da:fd:55:3b:ef:b0:b3:52:c8:31:51:39:
         d2:ad:f9:b9:30:76:74:2a:40:8f:eb:51:dd:cc:e1:96:95:e5:
         40:5b:2e:22:e7:cc:79:56:fa:ca:e8:02:1d:18:e9:12:32:78:
         b3:0b:33:c0
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQkRJ+IGW2+bwfynDLUEmJcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0OGQ5ODAwZDY5ZGViYWUxMWI3ZjgxNjFjM2NlODgxODFm
ZGU3YjQwHhcNMjUwMTAxMjM0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTI3OTVkNGQ1ZWVhMTZkYTQzMDA4NTFiODQyNTczNGJkMDZkYzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzygxCmzzcG91MEvBtipx1lc1qboR
n6LpCnMFQr7aIobKy8fTC6V2xrpGyS6HZuR0vErN4r0bNIHnv24ZCs8+3FE4yHXs
lsrdrpdwTEL9y5uiq8qFmpjTDwL1cQx20sGZVCVl8SKjflG7pnerpAvPZecKB4Ix
SLpn3UJ0WeP3idnyltMk0kkjbNz6wcyO1J3gqI7/9VaIKfhorcYphMiqPQTifQgY
+30tqZ7bTDY26vkp227lOZyDnhXGnqI1D17XMEcjQNi5s4uQD1N9zIm1yI8cV8IS
ZPogE74frqU5IQsXfJ7rpr2ziI7tw3C8hnRGyszY5OV0crLZd/bZpIiYYwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJEnldTV7qFtpDAIUbhCVzS9BtyfMB8GA1UdIwQY
MBaAFISNmADWneuuEbf4Fhw86IGB/ee0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEkyWUFOYWQ2NjRSdF9nV0hEem9nWUg5NTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zODcxMzYtM2M3MC00NjE5LTgzMjEt
M2Q5M2ZlNmQyMGFhLzEva1NlVjFOWHVvVzJrTUFoUnVFSlhOTDBHM0o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zODcxMzYtM2M3MC00NjE5LTgzMjEtM2Q5M2ZlNmQyMGFh
LzEvaEkyWUFOYWQ2NjRSdF9nV0hEem9nWUg5NTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC57akD
BAK57agwDQYJKoZIhvcNAQELBQADggEBAACFv09J/DpEyj5vcvN54btiyRlKFRYM
C0pXVmn+7erdo5KucxOmytc+xolFFzKt4VTqiEn/+J8TMRVkaM9ljhUgvBB4JaSG
fWWSzlShYGGlLM/Z2ztQAcObNzBee+G1gNEWx7X0gt361DRdGC0H6Q7SeUtxdu1x
Zbj8G8/VNis6mD8/ltJ/RHutMlHYnLkqFAQ3qqBJIx8T9kftWrJXZr/lvDcanXXm
9e1Hj7A10d5PsxKCXMYIoMjv/uwN8cetHFFmO5/2Ah5fy6bptNr9VTvvsLNSyDFR
OdKt+bkwdnQqQI/rUd3M4ZaV5UBbLiLnzHlW+sroAh0Y6RIyeLMLM8A=
-----END CERTIFICATE-----