Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9c5c1f-f4b6-45a8-9c9f-30733d370df3/1/t25kiIn1E1JaqushvudH22_Oin8.roa
File:                     t25kiIn1E1JaqushvudH22_Oin8.roa (raw, json)
Hash identifier:          MldHzVCGVwkubjlvJvGtIUqXljxX6Z5QiyeDzunyRNg=
Subject key identifier:   B7:6E:64:88:89:F5:13:52:5A:AA:EB:21:BE:E7:47:DB:6F:CE:8A:7F
Certificate issuer:       /CN=3b637ccf393f52e0b56fb58ee35af54411daf644
Certificate serial:       0194221F9BF68CB60296CF93561C4CDF9280
Authority key identifier: 3B:63:7C:CF:39:3F:52:E0:B5:6F:B5:8E:E3:5A:F5:44:11:DA:F6:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O2N8zzk_UuC1b7WO41r1RBHa9kQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9c5c1f-f4b6-45a8-9c9f-30733d370df3/1/t25kiIn1E1JaqushvudH22_Oin8.roa
Signing time:             Wed 01 Jan 2025 13:48:04 +0000
ROA not before:           Wed 01 Jan 2025 13:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204732
IP address blocks:        185.63.72.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9c5c1f-f4b6-45a8-9c9f-30733d370df3/1/O2N8zzk_UuC1b7WO41r1RBHa9kQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9c5c1f-f4b6-45a8-9c9f-30733d370df3/1/O2N8zzk_UuC1b7WO41r1RBHa9kQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O2N8zzk_UuC1b7WO41r1RBHa9kQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:9b:f6:8c:b6:02:96:cf:93:56:1c:4c:df:92:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b637ccf393f52e0b56fb58ee35af54411daf644
        Validity
            Not Before: Jan  1 13:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b76e648889f513525aaaeb21bee747db6fce8a7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e4:2d:85:ac:f5:11:05:2b:ba:ec:aa:0e:20:
                    0b:3c:11:de:6b:31:10:e3:c2:51:d9:40:e6:ac:95:
                    79:cf:cb:8b:8d:a6:09:2e:d6:0d:c8:65:b2:0e:cb:
                    22:54:fe:fa:06:1e:cc:25:0e:c4:f5:fa:d8:7c:bb:
                    46:71:d2:05:1d:24:0c:27:5a:06:bd:df:ce:57:02:
                    89:77:66:ed:11:ec:63:51:6c:4f:8b:0d:45:21:0d:
                    72:ab:9f:e6:f8:03:16:64:c9:10:f0:e0:19:36:a7:
                    53:a7:ac:f1:cd:19:25:cc:10:0c:27:23:34:b8:e1:
                    6e:97:a7:c0:36:e4:0d:cf:7c:1d:71:c1:3e:73:b2:
                    c0:ba:21:cc:96:77:dc:62:0a:62:9f:17:22:90:db:
                    df:36:1b:e8:a5:50:8c:00:03:2b:6c:ad:39:44:c4:
                    86:70:88:1d:b2:49:3e:af:5d:b4:64:34:44:8d:60:
                    93:15:13:2a:36:da:1d:72:0a:ba:8b:44:14:95:8f:
                    cf:34:04:4d:ef:77:a4:54:e2:64:62:43:12:ac:7e:
                    3c:f0:da:72:98:6a:50:70:81:de:ba:a1:a7:24:d9:
                    de:3a:bd:c1:0f:60:57:9d:2b:c2:68:60:f1:54:a6:
                    53:1c:3b:bd:08:ba:ec:3a:77:9f:a4:e1:4a:47:42:
                    7c:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:6E:64:88:89:F5:13:52:5A:AA:EB:21:BE:E7:47:DB:6F:CE:8A:7F
            X509v3 Authority Key Identifier:
                keyid:3B:63:7C:CF:39:3F:52:E0:B5:6F:B5:8E:E3:5A:F5:44:11:DA:F6:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O2N8zzk_UuC1b7WO41r1RBHa9kQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9c5c1f-f4b6-45a8-9c9f-30733d370df3/1/t25kiIn1E1JaqushvudH22_Oin8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9c5c1f-f4b6-45a8-9c9f-30733d370df3/1/O2N8zzk_UuC1b7WO41r1RBHa9kQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.63.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:01:22:49:20:ff:b2:9d:72:72:1c:6e:49:d8:a4:68:42:a5:
         69:90:96:c6:15:da:4e:5a:17:c0:ad:77:4e:4e:c4:55:a3:e6:
         3d:3a:b7:78:0a:f4:c2:7b:59:1c:83:48:e7:ab:d4:d5:25:09:
         97:ea:d8:bd:d7:04:df:c4:83:8c:1a:80:7c:87:4d:fb:66:20:
         30:8e:f4:a0:cc:bb:7c:12:53:4d:bb:47:f5:78:8c:ea:58:4c:
         01:01:8a:9a:d6:e7:28:5b:e2:d9:13:4f:05:0f:4c:fa:29:1c:
         40:d9:c1:e8:e4:35:e1:1f:fb:fe:ea:7b:9d:69:d1:ad:0c:4d:
         d8:09:0a:88:73:a5:52:6c:e1:6d:21:00:c5:31:6f:a6:47:17:
         da:6e:10:d9:29:54:bc:49:6c:61:a8:5c:b2:9d:04:d5:20:80:
         95:2f:29:6e:e2:e2:60:13:bf:ac:63:84:f4:9f:1a:c9:db:22:
         bf:80:ad:29:7e:0b:27:11:05:d9:6b:2c:b9:4b:67:17:c3:c2:
         a5:02:24:e9:f2:d6:bc:cb:83:ce:53:b6:39:97:98:03:e2:ea:
         f7:56:4d:43:b4:87:ae:21:28:9e:5d:61:29:74:8b:e4:4e:22:
         96:95:68:4e:c7:38:7e:2e:38:42:3b:b1:fa:de:3b:30:a8:a8:
         ae:06:f6:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH5v2jLYCls+TVhxM35KAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNjM3Y2NmMzkzZjUyZTBiNTZmYjU4ZWUzNWFmNTQ0MTFk
YWY2NDQwHhcNMjUwMTAxMTM0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzZlNjQ4ODg5ZjUxMzUyNWFhYWViMjFiZWU3NDdkYjZmY2U4YTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeQthaz1EQUruuyqDiALPBHeazEQ
48JR2UDmrJV5z8uLjaYJLtYNyGWyDssiVP76Bh7MJQ7E9frYfLtGcdIFHSQMJ1oG
vd/OVwKJd2btEexjUWxPiw1FIQ1yq5/m+AMWZMkQ8OAZNqdTp6zxzRklzBAMJyM0
uOFul6fANuQNz3wdccE+c7LAuiHMlnfcYgpinxcikNvfNhvopVCMAAMrbK05RMSG
cIgdskk+r120ZDREjWCTFRMqNtodcgq6i0QUlY/PNARN73ekVOJkYkMSrH488Npy
mGpQcIHeuqGnJNneOr3BD2BXnSvCaGDxVKZTHDu9CLrsOnefpOFKR0J8AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLduZIiJ9RNSWqrrIb7nR9tvzop/MB8GA1UdIwQY
MBaAFDtjfM85P1LgtW+1juNa9UQR2vZEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzJOOHp6a19VdUMxYjdXTzQxcjFSQkhhOWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85YzVjMWYtZjRiNi00NWE4LTljOWYt
MzA3MzNkMzcwZGYzLzEvdDI1a2lJbjFFMUphcXVzaHZ1ZEgyMl9PaW44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85YzVjMWYtZjRiNi00NWE4LTljOWYtMzA3MzNkMzcwZGYz
LzEvTzJOOHp6a19VdUMxYjdXTzQxcjFSQkhhOWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuT9IMA0G
CSqGSIb3DQEBCwUAA4IBAQB7ASJJIP+ynXJyHG5J2KRoQqVpkJbGFdpOWhfArXdO
TsRVo+Y9Ord4CvTCe1kcg0jnq9TVJQmX6ti91wTfxIOMGoB8h037ZiAwjvSgzLt8
ElNNu0f1eIzqWEwBAYqa1ucoW+LZE08FD0z6KRxA2cHo5DXhH/v+6nudadGtDE3Y
CQqIc6VSbOFtIQDFMW+mRxfabhDZKVS8SWxhqFyynQTVIICVLylu4uJgE7+sY4T0
nxrJ2yK/gK0pfgsnEQXZayy5S2cXw8KlAiTp8ta8y4POU7Y5l5gD4ur3Vk1DtIeu
ISieXWEpdIvkTiKWlWhOxzh+LjhCO7H63jswqKiuBvbf
-----END CERTIFICATE-----