Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/4db770-d7f5-4bcb-ba44-857712720a35/1/HOKH-4cqRMA_yXERkwbNDzuMfg0.roa
File:                     HOKH-4cqRMA_yXERkwbNDzuMfg0.roa (raw, json)
Hash identifier:          BxrSjj1tg8yper8hXCVO7HyCIeXNMBvlZBpIdnV+E/w=
Subject key identifier:   1C:E2:87:FB:87:2A:44:C0:3F:C9:71:11:93:06:CD:0F:3B:8C:7E:0D
Certificate issuer:       /CN=eab9a157e12a2ef717d13231af06fd85454b3151
Certificate serial:       01941FFA3E4D76E62F90749172AAB9B0C480
Authority key identifier: EA:B9:A1:57:E1:2A:2E:F7:17:D1:32:31:AF:06:FD:85:45:4B:31:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6rmhV-EqLvcX0TIxrwb9hUVLMVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/4db770-d7f5-4bcb-ba44-857712720a35/1/HOKH-4cqRMA_yXERkwbNDzuMfg0.roa
Signing time:             Wed 01 Jan 2025 03:48:01 +0000
ROA not before:           Wed 01 Jan 2025 03:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47292
IP address blocks:        37.157.0.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/4db770-d7f5-4bcb-ba44-857712720a35/1/6rmhV-EqLvcX0TIxrwb9hUVLMVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/4db770-d7f5-4bcb-ba44-857712720a35/1/6rmhV-EqLvcX0TIxrwb9hUVLMVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6rmhV-EqLvcX0TIxrwb9hUVLMVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:3e:4d:76:e6:2f:90:74:91:72:aa:b9:b0:c4:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eab9a157e12a2ef717d13231af06fd85454b3151
        Validity
            Not Before: Jan  1 03:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ce287fb872a44c03fc971119306cd0f3b8c7e0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:8a:d7:49:6e:2f:28:3b:0d:92:aa:8b:e9:33:
                    72:50:7e:97:c7:1f:ff:d6:3b:23:88:ea:ed:70:1b:
                    db:9a:8b:ea:60:26:7c:60:41:b1:d3:4b:59:a6:e8:
                    f8:0f:02:aa:15:e6:87:7f:54:32:7a:80:b4:10:08:
                    42:8a:e5:a7:ee:69:50:29:5e:7a:ab:3a:1a:6c:57:
                    c6:e6:b7:f9:fa:20:02:e6:ba:f3:b7:02:6f:af:ea:
                    b6:39:b3:f9:bb:09:68:0e:a1:3c:5c:bd:6c:a2:65:
                    7f:1b:5f:61:7d:ee:74:9b:48:fa:26:0e:7e:23:6b:
                    2f:a1:5c:89:a0:0c:67:71:98:a3:a5:35:80:eb:ad:
                    18:0e:99:f8:b8:1d:3b:0e:a7:16:8b:b3:eb:4c:43:
                    61:64:d5:f6:2d:20:7e:22:3c:20:17:c7:2b:1f:f9:
                    7f:b7:96:c6:32:79:14:35:e5:98:04:bb:b9:48:0e:
                    ec:37:e7:c1:d9:f2:d6:ce:a1:fd:ea:e5:a9:66:d9:
                    99:1d:8e:b9:07:32:73:55:f5:f9:d8:36:c6:1d:98:
                    6b:89:30:f7:95:0e:e6:33:7d:f2:fb:02:86:17:29:
                    9a:9b:4b:6f:bb:c2:b7:bd:ac:df:3f:75:36:ba:27:
                    1d:0d:4b:53:b2:b9:ce:be:54:e6:e0:f5:ab:fc:33:
                    b7:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:E2:87:FB:87:2A:44:C0:3F:C9:71:11:93:06:CD:0F:3B:8C:7E:0D
            X509v3 Authority Key Identifier:
                keyid:EA:B9:A1:57:E1:2A:2E:F7:17:D1:32:31:AF:06:FD:85:45:4B:31:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6rmhV-EqLvcX0TIxrwb9hUVLMVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/4db770-d7f5-4bcb-ba44-857712720a35/1/HOKH-4cqRMA_yXERkwbNDzuMfg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/4db770-d7f5-4bcb-ba44-857712720a35/1/6rmhV-EqLvcX0TIxrwb9hUVLMVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.157.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         19:c1:5c:dc:44:7c:db:c4:20:2e:31:28:41:36:83:66:f2:ff:
         d3:1e:25:fc:f2:3a:ad:93:6d:c6:07:39:58:27:91:78:b1:d1:
         14:d4:e4:d0:f5:78:88:f2:23:1d:f2:c2:54:bd:09:e5:df:81:
         42:bf:04:24:67:da:d5:4f:a6:f0:4b:27:35:1d:06:65:e6:00:
         8b:19:dc:34:43:dd:a4:09:4e:88:03:a0:37:7c:2b:cc:c3:f0:
         d1:f1:af:69:57:90:36:59:49:82:3e:33:37:d3:8f:66:6b:ee:
         3c:2c:bc:7e:10:f5:ea:be:eb:22:00:34:d2:30:3d:04:d5:b7:
         cd:e6:77:81:63:51:73:6b:af:ca:07:1a:5d:89:56:7b:59:79:
         db:b7:c7:c4:42:51:8b:0c:a6:3b:21:76:1a:88:7c:ed:50:97:
         84:c4:fd:72:b8:1a:92:0e:6f:74:7c:58:08:df:98:7f:db:66:
         42:75:9c:a8:09:43:15:00:b4:a1:4a:e0:2f:a6:d9:69:3d:fd:
         76:24:d6:e5:98:1f:35:a4:c5:97:9a:9d:c4:48:a7:66:ce:19:
         42:56:47:c9:d1:bc:fa:39:e0:72:f3:b8:04:bb:a6:1f:68:49:
         84:8d:3a:97:fd:bb:7c:ec:76:a9:37:7b:1a:15:54:39:5b:a0:
         e8:31:5b:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+j5NduYvkHSRcqq5sMSAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYjlhMTU3ZTEyYTJlZjcxN2QxMzIzMWFmMDZmZDg1NDU0
YjMxNTEwHhcNMjUwMTAxMDM0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2UyODdmYjg3MmE0NGMwM2ZjOTcxMTE5MzA2Y2QwZjNiOGM3ZTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4rXSW4vKDsNkqqL6TNyUH6Xxx//
1jsjiOrtcBvbmovqYCZ8YEGx00tZpuj4DwKqFeaHf1QyeoC0EAhCiuWn7mlQKV56
qzoabFfG5rf5+iAC5rrztwJvr+q2ObP5uwloDqE8XL1somV/G19hfe50m0j6Jg5+
I2svoVyJoAxncZijpTWA660YDpn4uB07DqcWi7PrTENhZNX2LSB+IjwgF8crH/l/
t5bGMnkUNeWYBLu5SA7sN+fB2fLWzqH96uWpZtmZHY65BzJzVfX52DbGHZhriTD3
lQ7mM33y+wKGFymam0tvu8K3vazfP3U2uicdDUtTsrnOvlTm4PWr/DO3uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBzih/uHKkTAP8lxEZMGzQ87jH4NMB8GA1UdIwQY
MBaAFOq5oVfhKi73F9EyMa8G/YVFSzFRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnJtaFYtRXFMdmNYMFRJeHJ3YjloVVZMTVZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi80ZGI3NzAtZDdmNS00YmNiLWJhNDQt
ODU3NzEyNzIwYTM1LzEvSE9LSC00Y3FSTUFfeVhFUmt3Yk5EenVNZmcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi80ZGI3NzAtZDdmNS00YmNiLWJhNDQtODU3NzEyNzIwYTM1
LzEvNnJtaFYtRXFMdmNYMFRJeHJ3YjloVVZMTVZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDJZ0AMA0G
CSqGSIb3DQEBCwUAA4IBAQAZwVzcRHzbxCAuMShBNoNm8v/THiX88jqtk23GBzlY
J5F4sdEU1OTQ9XiI8iMd8sJUvQnl34FCvwQkZ9rVT6bwSyc1HQZl5gCLGdw0Q92k
CU6IA6A3fCvMw/DR8a9pV5A2WUmCPjM3049ma+48LLx+EPXqvusiADTSMD0E1bfN
5neBY1Fza6/KBxpdiVZ7WXnbt8fEQlGLDKY7IXYaiHztUJeExP1yuBqSDm90fFgI
35h/22ZCdZyoCUMVALShSuAvptlpPf12JNblmB81pMWXmp3ESKdmzhlCVkfJ0bz6
OeBy87gEu6YfaEmEjTqX/bt87HapN3saFVQ5W6DoMVvx
-----END CERTIFICATE-----