Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/sXoE76O0g9HbvTQdsrTuLQ6BEGY.roa
File:                     sXoE76O0g9HbvTQdsrTuLQ6BEGY.roa (raw, json)
Hash identifier:          2c9XhIaXdBcwGvuorQuJKcEG+b0v5OcuRLvlracJLGY=
Subject key identifier:   B1:7A:04:EF:A3:B4:83:D1:DB:BD:34:1D:B2:B4:EE:2D:0E:81:10:66
Certificate issuer:       /CN=848d9800d69debae11b7f8161c3ce88181fde7b4
Certificate serial:       01944CDD4C69EB66A7AAD425F71851A3BFAA
Authority key identifier: 84:8D:98:00:D6:9D:EB:AE:11:B7:F8:16:1C:3C:E8:81:81:FD:E7:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hI2YANad664Rt_gWHDzogYH957Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/sXoE76O0g9HbvTQdsrTuLQ6BEGY.roa
Signing time:             Thu 09 Jan 2025 20:59:18 +0000
ROA not before:           Thu 09 Jan 2025 20:59:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204862
IP address blocks:        185.237.168.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/hI2YANad664Rt_gWHDzogYH957Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/hI2YANad664Rt_gWHDzogYH957Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hI2YANad664Rt_gWHDzogYH957Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4c:dd:4c:69:eb:66:a7:aa:d4:25:f7:18:51:a3:bf:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=848d9800d69debae11b7f8161c3ce88181fde7b4
        Validity
            Not Before: Jan  9 20:59:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b17a04efa3b483d1dbbd341db2b4ee2d0e811066
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:4a:4f:40:1a:0f:33:f5:b0:51:e3:41:73:f1:
                    e7:88:f6:df:92:50:67:54:78:be:83:46:c8:9b:84:
                    5b:45:c4:ea:a2:17:75:43:d0:16:57:15:3a:02:42:
                    41:1f:95:8d:78:db:8e:1a:a6:bc:d4:98:54:d5:e8:
                    50:86:b4:d6:09:87:c5:c7:e9:ab:82:41:07:4e:4c:
                    d3:6e:9a:80:ce:45:13:3c:48:63:4c:76:c2:f2:38:
                    78:20:20:d9:52:3f:a4:43:4f:6f:e7:0b:29:10:92:
                    4a:d0:d4:dc:17:87:55:63:7f:a5:0b:86:f6:32:01:
                    6b:71:28:b4:97:24:29:b5:c8:b0:56:17:26:d8:6c:
                    86:2f:e9:d8:09:fb:86:46:30:30:12:e9:44:1f:10:
                    75:97:dd:76:07:dc:9a:88:ec:0a:5b:62:1b:8d:b7:
                    c7:5c:05:8c:54:f9:1b:20:8d:75:d2:2a:87:30:91:
                    c6:97:f4:41:f8:c1:6a:eb:a7:65:3c:82:ca:35:8d:
                    19:aa:37:f6:c4:86:f7:ed:18:28:50:44:2e:56:53:
                    37:33:2e:87:96:09:a6:dd:8a:a3:5c:ba:a9:58:4a:
                    dd:71:f0:44:ed:7c:89:ba:83:1d:77:a7:ac:a9:ef:
                    20:26:33:d8:dd:66:ea:e4:9b:8a:9b:c9:cd:4e:c3:
                    7a:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:7A:04:EF:A3:B4:83:D1:DB:BD:34:1D:B2:B4:EE:2D:0E:81:10:66
            X509v3 Authority Key Identifier:
                keyid:84:8D:98:00:D6:9D:EB:AE:11:B7:F8:16:1C:3C:E8:81:81:FD:E7:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hI2YANad664Rt_gWHDzogYH957Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/sXoE76O0g9HbvTQdsrTuLQ6BEGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/hI2YANad664Rt_gWHDzogYH957Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:8a:bd:fe:4a:bc:19:fd:d0:40:24:7b:fd:1c:fd:04:be:be:
         79:d1:cb:f8:fa:f7:7b:da:c0:69:6c:fb:6e:cc:f7:36:77:6e:
         1c:a4:36:9d:b2:85:9c:79:b0:0b:dc:10:02:27:5d:91:ba:62:
         be:21:b9:46:90:18:35:64:c3:77:fc:21:d3:da:37:13:7e:1f:
         4b:f8:5f:02:69:f5:67:65:ce:dc:95:32:0c:81:d3:ba:3c:44:
         3c:27:98:1c:5a:57:11:00:28:e4:3a:b3:bc:e8:93:da:25:f1:
         4f:62:41:6e:4c:81:63:76:c9:77:1e:f2:61:b0:84:8d:71:50:
         3c:8e:d6:be:1a:0f:20:74:b0:8c:f3:ab:32:30:41:74:5a:f3:
         e6:18:f6:16:e3:15:08:d9:61:8f:34:93:e8:ee:6a:a6:b9:bc:
         8d:8b:fc:e4:a0:4c:01:90:d4:8b:e2:78:2e:d0:f2:71:fd:fd:
         46:03:f8:eb:10:d9:59:71:e8:3f:8f:e3:7c:4d:ad:a9:ff:10:
         32:59:91:01:64:cf:fd:92:2e:fe:3b:b7:de:b4:27:51:fb:5e:
         c8:95:dc:e9:a3:9d:5a:a3:cf:99:31:61:ef:9e:06:d5:f7:a2:
         fd:4e:4d:af:ec:34:8a:3a:b6:43:5a:4c:ae:a2:28:b9:7f:c6:
         d9:ab:2a:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRM3Uxp62anqtQl9xhRo7+qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0OGQ5ODAwZDY5ZGViYWUxMWI3ZjgxNjFjM2NlODgxODFm
ZGU3YjQwHhcNMjUwMTA5MjA1OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTdhMDRlZmEzYjQ4M2QxZGJiZDM0MWRiMmI0ZWUyZDBlODExMDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUpPQBoPM/WwUeNBc/HniPbfklBn
VHi+g0bIm4RbRcTqohd1Q9AWVxU6AkJBH5WNeNuOGqa81JhU1ehQhrTWCYfFx+mr
gkEHTkzTbpqAzkUTPEhjTHbC8jh4ICDZUj+kQ09v5wspEJJK0NTcF4dVY3+lC4b2
MgFrcSi0lyQptciwVhcm2GyGL+nYCfuGRjAwEulEHxB1l912B9yaiOwKW2IbjbfH
XAWMVPkbII110iqHMJHGl/RB+MFq66dlPILKNY0Zqjf2xIb37RgoUEQuVlM3My6H
lgmm3YqjXLqpWErdcfBE7XyJuoMdd6esqe8gJjPY3Wbq5JuKm8nNTsN6MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLF6BO+jtIPR2700HbK07i0OgRBmMB8GA1UdIwQY
MBaAFISNmADWneuuEbf4Fhw86IGB/ee0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEkyWUFOYWQ2NjRSdF9nV0hEem9nWUg5NTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zODcxMzYtM2M3MC00NjE5LTgzMjEt
M2Q5M2ZlNmQyMGFhLzEvc1hvRTc2TzBnOUhidlRRZHNyVHVMUTZCRUdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zODcxMzYtM2M3MC00NjE5LTgzMjEtM2Q5M2ZlNmQyMGFh
LzEvaEkyWUFOYWQ2NjRSdF9nV0hEem9nWUg5NTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue2oMA0G
CSqGSIb3DQEBCwUAA4IBAQBBir3+SrwZ/dBAJHv9HP0Evr550cv4+vd72sBpbPtu
zPc2d24cpDadsoWcebAL3BACJ12RumK+IblGkBg1ZMN3/CHT2jcTfh9L+F8CafVn
Zc7clTIMgdO6PEQ8J5gcWlcRACjkOrO86JPaJfFPYkFuTIFjdsl3HvJhsISNcVA8
jta+Gg8gdLCM86syMEF0WvPmGPYW4xUI2WGPNJPo7mqmubyNi/zkoEwBkNSL4ngu
0PJx/f1GA/jrENlZceg/j+N8Ta2p/xAyWZEBZM/9ki7+O7fetCdR+17Ildzpo51a
o8+ZMWHvngbV96L9Tk2v7DSKOrZDWkyuoii5f8bZqyp8
-----END CERTIFICATE-----