Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/obNE3NdMVlCy0XPf9mK-g4oa9eg.roa
File:                     obNE3NdMVlCy0XPf9mK-g4oa9eg.roa (raw, json)
Hash identifier:          7NjsanTWQOoFeSktyUJvcMuLG2S6+z5IgmOffiI6238=
Subject key identifier:   A1:B3:44:DC:D7:4C:56:50:B2:D1:73:DF:F6:62:BE:83:8A:1A:F5:E8
Certificate issuer:       /CN=a7ee182d9c43a5ce7068dfd9ba7aa8ed90e5e0ba
Certificate serial:       0194B71AE10C376E5C31235ECA14E86FFCB1
Authority key identifier: A7:EE:18:2D:9C:43:A5:CE:70:68:DF:D9:BA:7A:A8:ED:90:E5:E0:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/obNE3NdMVlCy0XPf9mK-g4oa9eg.roa
Signing time:             Thu 30 Jan 2025 12:06:19 +0000
ROA not before:           Thu 30 Jan 2025 12:06:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204573
IP address blocks:        185.112.174.0/24 maxlen: 24
                          185.112.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 07:29:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b7:1a:e1:0c:37:6e:5c:31:23:5e:ca:14:e8:6f:fc:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7ee182d9c43a5ce7068dfd9ba7aa8ed90e5e0ba
        Validity
            Not Before: Jan 30 12:06:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a1b344dcd74c5650b2d173dff662be838a1af5e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c3:27:a1:04:15:19:3a:7a:47:39:bc:0b:9b:
                    1e:27:63:b7:b1:34:17:5d:72:e4:ff:16:7c:a7:dd:
                    b2:70:91:9d:3e:7d:38:8c:96:a9:97:92:31:6a:e6:
                    13:3c:7c:b8:70:08:da:b5:60:b9:b9:1e:d3:ae:59:
                    9d:50:2b:1c:a3:4e:07:b6:4e:23:10:67:91:08:1e:
                    72:c7:29:ba:91:b4:ff:a9:02:77:e6:56:9a:fa:ba:
                    fb:1b:10:8a:12:5e:8e:44:ad:3b:50:45:25:a2:e9:
                    6c:12:f9:bc:6d:a5:13:4f:74:e1:eb:08:01:2a:de:
                    e5:9c:f2:ff:91:a4:41:5f:1d:e7:ec:6b:e9:64:33:
                    1a:b6:57:be:40:02:35:6f:2e:0a:da:39:01:77:90:
                    91:f5:88:48:a6:bd:af:2d:98:9a:52:2a:28:a7:48:
                    b1:39:ad:74:c5:b4:cb:0a:30:2b:2d:ae:fa:ac:58:
                    c2:03:c6:2d:45:f6:00:2a:00:34:ca:fc:74:16:ff:
                    32:19:52:63:79:c1:cb:86:e7:f4:7d:3a:e4:54:e8:
                    64:5c:8f:c5:95:8d:53:f4:7f:8a:fb:bb:27:d3:48:
                    18:9c:44:e1:f5:2f:ca:d1:89:b2:74:62:32:dc:2e:
                    fb:8f:52:3b:4a:c6:35:69:52:2b:9d:6d:cc:6f:3f:
                    ec:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:B3:44:DC:D7:4C:56:50:B2:D1:73:DF:F6:62:BE:83:8A:1A:F5:E8
            X509v3 Authority Key Identifier:
                keyid:A7:EE:18:2D:9C:43:A5:CE:70:68:DF:D9:BA:7A:A8:ED:90:E5:E0:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/obNE3NdMVlCy0XPf9mK-g4oa9eg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         e3:81:39:e2:50:ca:3f:62:0a:15:1f:32:81:85:fb:f5:81:b3:
         17:a7:bd:0b:80:8e:58:25:1b:38:15:d8:e5:78:c4:12:e9:de:
         93:44:5c:4c:e3:51:fc:4c:b9:15:02:a2:cd:e5:3e:00:8b:b0:
         59:c8:9f:a7:36:e4:7c:04:fa:f0:6a:1c:24:7b:3a:a3:ae:ec:
         d3:13:a1:4f:98:d4:14:d0:58:bf:65:26:bd:48:a8:7e:a6:5d:
         d6:a2:0b:20:85:ab:62:cd:e8:57:47:8b:7e:d2:d1:80:57:ce:
         51:7a:c5:fa:cc:1e:57:3e:22:e5:49:17:07:3d:b3:d5:f1:15:
         d7:fd:88:7e:d7:13:22:1f:5a:38:64:43:8e:8c:47:42:9b:16:
         ca:1d:d7:1c:ae:af:49:bf:be:26:b6:90:98:fe:3f:8a:d1:db:
         3f:ac:5c:20:3c:ca:1b:25:99:47:99:16:50:05:99:73:e9:ae:
         d9:db:69:e8:a8:fe:cc:39:c9:a5:bb:68:29:27:88:be:d4:4b:
         14:05:53:65:bc:c2:6d:2e:33:6f:19:f0:fe:df:f9:1d:85:8d:
         76:65:7f:bd:14:e7:2d:4f:ef:6b:15:22:a2:e9:ba:d4:9b:64:
         18:26:e0:14:db:ac:74:9b:41:96:4a:c7:e3:7c:93:b8:ab:b4:
         17:6f:8d:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZS3GuEMN25cMSNeyhTob/yxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZWUxODJkOWM0M2E1Y2U3MDY4ZGZkOWJhN2FhOGVkOTBl
NWUwYmEwHhcNMjUwMTMwMTIwNjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWIzNDRkY2Q3NGM1NjUwYjJkMTczZGZmNjYyYmU4MzhhMWFmNWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsMnoQQVGTp6Rzm8C5seJ2O3sTQX
XXLk/xZ8p92ycJGdPn04jJapl5IxauYTPHy4cAjatWC5uR7TrlmdUCsco04Htk4j
EGeRCB5yxym6kbT/qQJ35laa+rr7GxCKEl6ORK07UEUloulsEvm8baUTT3Th6wgB
Kt7lnPL/kaRBXx3n7GvpZDMatle+QAI1by4K2jkBd5CR9YhIpr2vLZiaUioop0ix
Oa10xbTLCjArLa76rFjCA8YtRfYAKgA0yvx0Fv8yGVJjecHLhuf0fTrkVOhkXI/F
lY1T9H+K+7sn00gYnETh9S/K0YmydGIy3C77j1I7SsY1aVIrnW3Mbz/sZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKGzRNzXTFZQstFz3/ZivoOKGvXoMB8GA1UdIwQY
MBaAFKfuGC2cQ6XOcGjf2bp6qO2Q5eC6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcC00WUxaeERwYzV3YU5fWnVucW83WkRsNExvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9kYWI0MjAtMGRlMy00MzIxLTljMDkt
NmI1ZjY4NTIyYTdkLzEvb2JORTNOZE1WbEN5MFhQZjltSy1nNG9hOWVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9kYWI0MjAtMGRlMy00MzIxLTljMDktNmI1ZjY4NTIyYTdk
LzEvcC00WUxaeERwYzV3YU5fWnVucW83WkRsNExvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXCuMA0G
CSqGSIb3DQEBCwUAA4IBAQDjgTniUMo/YgoVHzKBhfv1gbMXp70LgI5YJRs4Fdjl
eMQS6d6TRFxM41H8TLkVAqLN5T4Ai7BZyJ+nNuR8BPrwahwkezqjruzTE6FPmNQU
0Fi/ZSa9SKh+pl3WogsghatizehXR4t+0tGAV85ResX6zB5XPiLlSRcHPbPV8RXX
/Yh+1xMiH1o4ZEOOjEdCmxbKHdccrq9Jv74mtpCY/j+K0ds/rFwgPMobJZlHmRZQ
BZlz6a7Z22noqP7MOcmlu2gpJ4i+1EsUBVNlvMJtLjNvGfD+3/kdhY12ZX+9FOct
T+9rFSKi6brUm2QYJuAU26x0m0GWSsfjfJO4q7QXb43o
-----END CERTIFICATE-----