Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/aTMRrwo9_4SayQ9D7LTyaVFK_Xc.roa
File:                     aTMRrwo9_4SayQ9D7LTyaVFK_Xc.roa (raw, json)
Hash identifier:          +IcvkZ/Lt7dooQvX8ekK5PfLV+YRr5hiDK4PBIh/lAA=
Subject key identifier:   69:33:11:AF:0A:3D:FF:84:9A:C9:0F:43:EC:B4:F2:69:51:4A:FD:77
Certificate issuer:       /CN=0c90c356e2864f43894857443555d8b5c0352819
Certificate serial:       0194228DDF2A0995C352051361DC1714E5FB
Authority key identifier: 0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/aTMRrwo9_4SayQ9D7LTyaVFK_Xc.roa
Signing time:             Wed 01 Jan 2025 15:48:30 +0000
ROA not before:           Wed 01 Jan 2025 15:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42688
IP address blocks:        37.157.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:df:2a:09:95:c3:52:05:13:61:dc:17:14:e5:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c90c356e2864f43894857443555d8b5c0352819
        Validity
            Not Before: Jan  1 15:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=693311af0a3dff849ac90f43ecb4f269514afd77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:9f:8b:dc:5e:92:37:e6:24:49:90:e2:24:ce:
                    f3:29:f9:5e:da:90:2d:76:0f:a4:3a:1f:b5:57:0a:
                    b4:c3:77:f3:84:65:51:b9:c7:6f:12:e0:6d:f2:4d:
                    d1:e7:54:cb:94:2c:67:db:08:79:e9:2f:b5:3e:ea:
                    09:27:ba:95:f3:cf:06:4f:46:5b:fa:d0:8e:ea:7b:
                    f2:32:9d:cc:02:96:b3:ce:c5:5f:8d:0c:75:12:aa:
                    d2:fa:1e:90:09:fa:a5:6e:92:f6:0f:0d:b6:b9:69:
                    74:25:27:8c:37:b0:fd:68:3c:c8:fb:27:d2:69:10:
                    41:b4:92:3b:cb:5b:9c:3a:e1:4b:08:04:86:34:03:
                    6d:68:ce:1e:cc:42:fa:b7:fe:7e:dc:76:fa:98:95:
                    9b:39:b1:18:bf:77:35:f7:8d:ab:3f:ec:c9:dd:8e:
                    18:b1:a6:fb:80:4e:25:8d:be:d7:88:0b:eb:a7:75:
                    ec:02:96:cc:54:e5:b6:4f:c2:3c:e5:20:22:61:1d:
                    e9:2d:3a:db:c7:ee:09:48:48:54:75:05:92:35:55:
                    ee:0c:e2:58:f8:0c:a9:f2:81:48:aa:19:86:f8:95:
                    3c:d2:95:a8:98:86:9d:53:e7:1d:8e:c2:ce:9e:50:
                    31:17:97:5b:7d:c7:56:d9:02:36:2d:bd:c4:c8:7b:
                    7e:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:33:11:AF:0A:3D:FF:84:9A:C9:0F:43:EC:B4:F2:69:51:4A:FD:77
            X509v3 Authority Key Identifier:
                keyid:0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/aTMRrwo9_4SayQ9D7LTyaVFK_Xc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.157.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:fe:3b:a9:fe:1a:60:b8:82:c1:a2:a3:61:71:e2:b3:ac:88:
         f9:ae:cb:8c:69:23:e9:11:6e:c9:23:e2:62:b5:55:1a:b4:80:
         00:1f:d2:4a:53:7a:8e:3a:bf:3f:05:5f:52:39:57:3b:44:b6:
         33:19:67:60:53:9e:4a:9e:5b:11:af:77:94:c1:1e:67:ac:0b:
         c0:99:2c:d9:02:7f:92:78:2b:26:4c:9c:ed:4c:0c:95:c1:83:
         52:67:4a:04:31:9f:d5:7c:88:41:dd:0c:5f:7f:42:a7:f5:fe:
         e8:48:cd:ee:dd:86:45:0b:61:b2:58:b9:2a:e4:ca:d0:aa:2a:
         b1:df:27:e0:68:cd:6d:44:8c:c0:73:7c:60:74:c2:f8:16:89:
         c3:a4:ec:d8:2e:99:f3:58:6c:1d:0b:96:21:9b:6a:30:18:70:
         62:08:c7:c4:ec:f6:77:e2:49:c1:01:66:03:bf:d1:be:cb:22:
         e5:99:37:7d:a1:10:15:ba:6c:a3:29:f1:cc:ae:5c:04:e0:a4:
         e0:2a:57:3c:61:3c:f2:5d:13:8b:65:80:b9:54:90:32:54:4c:
         80:7f:af:41:2f:c5:c9:7c:58:d3:f0:43:54:3e:21:2f:f8:ba:
         84:0f:98:dc:ca:73:f3:12:dc:99:47:2e:5d:30:55:d1:b0:11:
         08:63:e5:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijd8qCZXDUgUTYdwXFOX7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjOTBjMzU2ZTI4NjRmNDM4OTQ4NTc0NDM1NTVkOGI1YzAz
NTI4MTkwHhcNMjUwMTAxMTU0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTMzMTFhZjBhM2RmZjg0OWFjOTBmNDNlY2I0ZjI2OTUxNGFmZDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5+L3F6SN+YkSZDiJM7zKfle2pAt
dg+kOh+1Vwq0w3fzhGVRucdvEuBt8k3R51TLlCxn2wh56S+1PuoJJ7qV888GT0Zb
+tCO6nvyMp3MApazzsVfjQx1EqrS+h6QCfqlbpL2Dw22uWl0JSeMN7D9aDzI+yfS
aRBBtJI7y1ucOuFLCASGNANtaM4ezEL6t/5+3Hb6mJWbObEYv3c1942rP+zJ3Y4Y
sab7gE4ljb7XiAvrp3XsApbMVOW2T8I85SAiYR3pLTrbx+4JSEhUdQWSNVXuDOJY
+Ayp8oFIqhmG+JU80pWomIadU+cdjsLOnlAxF5dbfcdW2QI2Lb3EyHt+qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGkzEa8KPf+EmskPQ+y08mlRSv13MB8GA1UdIwQY
MBaAFAyQw1bihk9DiUhXRDVV2LXANSgZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDct
ZTM3OTlhZGU5ZGZlLzEvYVRNUnJ3bzlfNFNheVE5RDdMVHlhVkZLX1hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDctZTM3OTlhZGU5ZGZl
LzEvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZ3QMA0G
CSqGSIb3DQEBCwUAA4IBAQCs/jup/hpguILBoqNhceKzrIj5rsuMaSPpEW7JI+Ji
tVUatIAAH9JKU3qOOr8/BV9SOVc7RLYzGWdgU55KnlsRr3eUwR5nrAvAmSzZAn+S
eCsmTJztTAyVwYNSZ0oEMZ/VfIhB3Qxff0Kn9f7oSM3u3YZFC2GyWLkq5MrQqiqx
3yfgaM1tRIzAc3xgdML4FonDpOzYLpnzWGwdC5Yhm2owGHBiCMfE7PZ34knBAWYD
v9G+yyLlmTd9oRAVumyjKfHMrlwE4KTgKlc8YTzyXROLZYC5VJAyVEyAf69BL8XJ
fFjT8ENUPiEv+LqED5jcynPzEtyZRy5dMFXRsBEIY+Vd
-----END CERTIFICATE-----