Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/289606-9f5b-4d34-aacf-2fd650cefd21/1/kclE4AGa3IQ3ANoqx8hNmFyyOPc.roa
File:                     kclE4AGa3IQ3ANoqx8hNmFyyOPc.roa (raw, json)
Hash identifier:          era/rLdikRzOubIlTwlZQUllh2OgF4bxbh9GfJNQo5I=
Subject key identifier:   91:C9:44:E0:01:9A:DC:84:37:00:DA:2A:C7:C8:4D:98:5C:B2:38:F7
Certificate issuer:       /CN=8478b76c69c9915294fdc39135e20dac73762225
Certificate serial:       019420D5F64901AB01515983446442DDCA23
Authority key identifier: 84:78:B7:6C:69:C9:91:52:94:FD:C3:91:35:E2:0D:AC:73:76:22:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hHi3bGnJkVKU_cORNeINrHN2IiU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/289606-9f5b-4d34-aacf-2fd650cefd21/1/kclE4AGa3IQ3ANoqx8hNmFyyOPc.roa
Signing time:             Wed 01 Jan 2025 07:48:00 +0000
ROA not before:           Wed 01 Jan 2025 07:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204425
IP address blocks:        185.245.224.0/22 maxlen: 22
                          185.245.224.0/24 maxlen: 24
                          2a0d:7c80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/289606-9f5b-4d34-aacf-2fd650cefd21/1/hHi3bGnJkVKU_cORNeINrHN2IiU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/289606-9f5b-4d34-aacf-2fd650cefd21/1/hHi3bGnJkVKU_cORNeINrHN2IiU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hHi3bGnJkVKU_cORNeINrHN2IiU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:f6:49:01:ab:01:51:59:83:44:64:42:dd:ca:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8478b76c69c9915294fdc39135e20dac73762225
        Validity
            Not Before: Jan  1 07:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91c944e0019adc843700da2ac7c84d985cb238f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f7:1a:29:76:fe:58:2d:e2:f7:f7:3c:24:b5:
                    2b:7c:6d:91:a7:a7:d4:06:84:3f:2c:a3:fe:23:6a:
                    5d:97:29:bd:f2:ca:53:b4:ab:2b:92:ad:96:6c:4a:
                    9a:bf:b1:9e:52:7e:43:1f:12:58:cc:44:6c:94:7f:
                    4c:5f:b2:53:0f:68:f6:81:b8:6a:7f:ac:d2:56:a3:
                    f0:1c:58:90:1b:e5:bd:ee:b7:2e:02:4b:a4:4f:e5:
                    40:b8:7d:e9:3f:e2:04:82:06:c7:01:09:ab:ae:04:
                    93:0d:38:8d:e5:f7:80:3a:fc:fa:f9:0d:91:17:c1:
                    03:0e:44:86:1a:d7:9b:4a:d2:14:25:42:18:e3:10:
                    2b:9d:c8:76:b7:41:b9:a0:1e:75:19:35:e4:a7:0a:
                    a8:3d:3f:37:2f:53:a8:11:46:9d:0e:04:1a:38:b6:
                    07:1e:15:ca:25:38:ca:7d:88:a3:a3:3b:54:9f:af:
                    4f:44:6c:2a:4e:7f:65:93:4b:20:da:e2:6b:96:07:
                    3e:bd:70:be:6e:50:5a:4c:2e:47:fa:a8:8e:6e:fc:
                    ad:fd:14:47:0d:35:2a:9e:32:23:12:0e:a3:42:7a:
                    ae:2c:34:e5:ff:3b:5d:2a:d5:fa:8e:00:78:08:e3:
                    60:99:58:14:60:29:10:cd:47:2b:65:ca:a5:06:b6:
                    e2:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:C9:44:E0:01:9A:DC:84:37:00:DA:2A:C7:C8:4D:98:5C:B2:38:F7
            X509v3 Authority Key Identifier:
                keyid:84:78:B7:6C:69:C9:91:52:94:FD:C3:91:35:E2:0D:AC:73:76:22:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hHi3bGnJkVKU_cORNeINrHN2IiU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/289606-9f5b-4d34-aacf-2fd650cefd21/1/kclE4AGa3IQ3ANoqx8hNmFyyOPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/289606-9f5b-4d34-aacf-2fd650cefd21/1/hHi3bGnJkVKU_cORNeINrHN2IiU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.224.0/22
                IPv6:
                  2a0d:7c80::/32

    Signature Algorithm: sha256WithRSAEncryption
         58:99:f2:58:ba:48:51:2f:8c:09:4f:50:8c:b7:b5:f0:e6:f4:
         cb:e0:09:71:24:77:b9:5c:fb:ff:c1:38:ea:d0:2a:b1:fa:7d:
         1d:00:14:a8:93:6d:0e:4c:17:8e:d0:99:97:54:4d:12:af:bf:
         47:77:e5:f2:6d:83:a5:76:4b:06:22:bc:4c:d3:05:23:50:04:
         b7:6f:2d:17:53:18:8f:41:b5:79:58:d3:c7:79:a9:b5:68:33:
         3b:1c:e7:2d:90:9b:c1:06:b3:ea:60:67:08:41:e9:11:a4:4e:
         b4:cf:81:f6:84:d4:c4:76:26:46:96:73:d7:08:ce:4e:d4:0d:
         4b:f9:c6:7a:a9:2a:1b:b8:ee:11:1e:47:f1:ee:b5:32:c5:6f:
         46:7f:c9:be:6a:66:3b:d9:a2:23:69:bd:47:a9:1e:2a:31:0d:
         2b:56:4e:f4:f9:ef:d4:fd:fb:c8:5b:ea:1f:5e:62:d0:62:d9:
         02:9f:ed:6a:b4:ae:bd:75:ff:22:87:19:75:d4:58:bd:b8:85:
         8d:4c:21:d5:e9:e8:71:3d:49:a6:87:3f:8b:c2:7e:ec:d6:7d:
         63:68:20:73:3b:a1:60:bb:f0:28:4d:4e:89:5c:fc:34:bb:92:
         7b:25:ea:03:e4:18:71:6d:76:c0:b9:b4:d4:50:80:fa:79:42:
         2b:28:a8:66
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQg1fZJAasBUVmDRGRC3cojMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NzhiNzZjNjljOTkxNTI5NGZkYzM5MTM1ZTIwZGFjNzM3
NjIyMjUwHhcNMjUwMTAxMDc0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWM5NDRlMDAxOWFkYzg0MzcwMGRhMmFjN2M4NGQ5ODVjYjIzOGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfcaKXb+WC3i9/c8JLUrfG2Rp6fU
BoQ/LKP+I2pdlym98spTtKsrkq2WbEqav7GeUn5DHxJYzERslH9MX7JTD2j2gbhq
f6zSVqPwHFiQG+W97rcuAkukT+VAuH3pP+IEggbHAQmrrgSTDTiN5feAOvz6+Q2R
F8EDDkSGGtebStIUJUIY4xArnch2t0G5oB51GTXkpwqoPT83L1OoEUadDgQaOLYH
HhXKJTjKfYijoztUn69PRGwqTn9lk0sg2uJrlgc+vXC+blBaTC5H+qiObvyt/RRH
DTUqnjIjEg6jQnquLDTl/ztdKtX6jgB4CONgmVgUYCkQzUcrZcqlBrbihwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJHJROABmtyENwDaKsfITZhcsjj3MB8GA1UdIwQY
MBaAFIR4t2xpyZFSlP3DkTXiDaxzdiIlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEhpM2JHbkprVktVX2NPUk5lSU5ySE4ySWlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8yODk2MDYtOWY1Yi00ZDM0LWFhY2Yt
MmZkNjUwY2VmZDIxLzEva2NsRTRBR2EzSVEzQU5vcXg4aE5tRnl5T1BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8yODk2MDYtOWY1Yi00ZDM0LWFhY2YtMmZkNjUwY2VmZDIx
LzEvaEhpM2JHbkprVktVX2NPUk5lSU5ySE4ySWlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufXgMA0E
AgACMAcDBQAqDXyAMA0GCSqGSIb3DQEBCwUAA4IBAQBYmfJYukhRL4wJT1CMt7Xw
5vTL4AlxJHe5XPv/wTjq0Cqx+n0dABSok20OTBeO0JmXVE0Sr79Hd+XybYOldksG
IrxM0wUjUAS3by0XUxiPQbV5WNPHeam1aDM7HOctkJvBBrPqYGcIQekRpE60z4H2
hNTEdiZGlnPXCM5O1A1L+cZ6qSobuO4RHkfx7rUyxW9Gf8m+amY72aIjab1HqR4q
MQ0rVk70+e/U/fvIW+ofXmLQYtkCn+1qtK69df8ihxl11Fi9uIWNTCHV6ehxPUmm
hz+Lwn7s1n1jaCBzO6Fgu/AoTU6JXPw0u5J7JeoD5BhxbXbAubTUUID6eUIrKKhm
-----END CERTIFICATE-----