Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/dHqe2g1gPOsNegmLcIQI5U9SNfQ.roa
File:                     dHqe2g1gPOsNegmLcIQI5U9SNfQ.roa (raw, json)
Hash identifier:          9F/5Kpf5xOdn6kNdotAo01R2YGp/WqJkDJDDXyXxvig=
Subject key identifier:   74:7A:9E:DA:0D:60:3C:EB:0D:7A:09:8B:70:84:08:E5:4F:52:35:F4
Certificate issuer:       /CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
Certificate serial:       0194CCC232FFA2822DCEB3AF854AA1A67064
Authority key identifier: 95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/dHqe2g1gPOsNegmLcIQI5U9SNfQ.roa
Signing time:             Mon 03 Feb 2025 17:01:06 +0000
ROA not before:           Mon 03 Feb 2025 17:01:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6079
IP address blocks:        185.37.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:cc:c2:32:ff:a2:82:2d:ce:b3:af:85:4a:a1:a6:70:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
        Validity
            Not Before: Feb  3 17:01:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=747a9eda0d603ceb0d7a098b708408e54f5235f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a2:07:8b:38:29:f3:da:70:44:92:f2:67:b2:
                    38:10:bc:f4:62:d5:c9:2d:14:80:7b:02:59:8c:d1:
                    c7:e3:9e:89:9d:ad:41:4f:b7:6b:29:98:ce:de:ad:
                    8b:73:a6:76:cf:23:39:79:31:30:1f:9d:45:a4:2e:
                    8a:f5:a9:49:f6:63:76:2b:55:80:7d:3c:9e:ac:97:
                    65:85:6a:dc:2e:7d:a4:a2:44:81:1d:f3:8b:65:9d:
                    8a:21:4e:25:19:d4:45:6b:48:a6:0c:1f:89:29:c4:
                    91:c1:73:4d:af:8d:42:01:ec:e0:cc:20:a0:c2:68:
                    26:e4:ad:9d:8a:bb:49:74:2c:c5:bf:d5:41:ab:60:
                    b5:c6:c8:f9:eb:a9:f6:cc:1f:a5:a6:b5:20:40:ee:
                    db:2c:0d:af:e9:24:ed:0d:52:51:80:11:88:91:71:
                    ec:b7:3a:49:51:f8:20:f0:04:f8:97:01:07:e5:3d:
                    ab:cf:fc:b1:bb:2e:96:d6:87:25:4b:1f:ba:1d:47:
                    ce:50:b5:db:6c:3a:e0:e5:37:f5:ca:f7:43:58:62:
                    3f:73:02:2e:2a:62:ae:7e:c7:05:0c:f8:4f:6c:49:
                    5c:05:48:39:09:9b:5c:0e:38:c8:a6:e9:24:3e:4b:
                    b1:4a:b5:a9:cd:8d:eb:60:7f:5b:cf:98:e4:a1:a1:
                    24:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:7A:9E:DA:0D:60:3C:EB:0D:7A:09:8B:70:84:08:E5:4F:52:35:F4
            X509v3 Authority Key Identifier:
                keyid:95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/dHqe2g1gPOsNegmLcIQI5U9SNfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:45:f6:2a:61:e8:9a:fe:0b:51:3d:a6:1a:f7:75:89:1f:37:
         92:2f:65:9b:f1:fd:1c:ab:4b:b8:ce:93:e6:a9:9b:7f:ba:74:
         7f:80:5f:ed:1a:38:80:0c:5f:87:ed:29:8e:fb:b3:17:4f:f1:
         a8:2d:d9:60:84:c8:5b:27:b5:fb:99:0f:ab:12:70:eb:14:65:
         dd:55:02:77:dd:05:d7:5f:46:20:fd:9e:fa:4d:e5:f3:d1:20:
         9b:d7:f1:33:ee:09:ce:36:fb:4d:97:09:ec:33:42:cc:48:b9:
         06:8c:07:f8:32:5e:8a:a7:2e:52:48:0e:5b:d2:ea:82:96:8e:
         51:a3:6e:6a:5d:48:af:4b:43:0c:35:3f:53:03:10:ab:83:08:
         f3:ed:80:ad:78:05:7e:6c:30:f8:83:56:c6:92:c0:70:f7:47:
         82:67:f8:6c:81:8d:88:bc:33:b7:62:c2:3f:4e:34:ea:ac:8e:
         21:db:f4:4e:8b:fb:e6:92:90:c1:42:8b:04:26:5e:c1:4c:40:
         ca:b9:45:45:0f:e3:05:68:fe:43:8b:59:e3:fb:4d:bf:4c:6b:
         b8:6e:c3:9a:5a:70:72:81:42:e2:f0:c6:37:f4:20:6e:89:1a:
         7d:bb:64:70:09:29:39:b3:ae:53:ef:a2:11:ce:d7:31:14:0e:
         dc:89:36:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTMwjL/ooItzrOvhUqhpnBkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjJhYjY3OTIyY2UwMjc1ZThjNjFhYmZhODJkMmE3NTRh
ZjZkYzQwHhcNMjUwMjAzMTcwMTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDdhOWVkYTBkNjAzY2ViMGQ3YTA5OGI3MDg0MDhlNTRmNTIzNWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaIHizgp89pwRJLyZ7I4ELz0YtXJ
LRSAewJZjNHH456Jna1BT7drKZjO3q2Lc6Z2zyM5eTEwH51FpC6K9alJ9mN2K1WA
fTyerJdlhWrcLn2kokSBHfOLZZ2KIU4lGdRFa0imDB+JKcSRwXNNr41CAezgzCCg
wmgm5K2dirtJdCzFv9VBq2C1xsj566n2zB+lprUgQO7bLA2v6STtDVJRgBGIkXHs
tzpJUfgg8AT4lwEH5T2rz/yxuy6W1oclSx+6HUfOULXbbDrg5Tf1yvdDWGI/cwIu
KmKufscFDPhPbElcBUg5CZtcDjjIpukkPkuxSrWpzY3rYH9bz5jkoaEkWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHR6ntoNYDzrDXoJi3CECOVPUjX0MB8GA1UdIwQY
MBaAFJUiq2eSLOAnXoxhq/qC0qdUr23EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEt
ZTUyNmE5NDA5ZmI4LzEvZEhxZTJnMWdQT3NOZWdtTGNJUUk1VTlTTmZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEtZTUyNmE5NDA5ZmI4
LzEvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSVnMA0G
CSqGSIb3DQEBCwUAA4IBAQCnRfYqYeia/gtRPaYa93WJHzeSL2Wb8f0cq0u4zpPm
qZt/unR/gF/tGjiADF+H7SmO+7MXT/GoLdlghMhbJ7X7mQ+rEnDrFGXdVQJ33QXX
X0Yg/Z76TeXz0SCb1/Ez7gnONvtNlwnsM0LMSLkGjAf4Ml6Kpy5SSA5b0uqClo5R
o25qXUivS0MMNT9TAxCrgwjz7YCteAV+bDD4g1bGksBw90eCZ/hsgY2IvDO3YsI/
TjTqrI4h2/ROi/vmkpDBQosEJl7BTEDKuUVFD+MFaP5Di1nj+02/TGu4bsOaWnBy
gULi8MY39CBuiRp9u2RwCSk5s65T76IRztcxFA7ciTaX
-----END CERTIFICATE-----