Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/hG1KSyXr5tG55jI9wBm-tSwn7ZM.roa
File:                     hG1KSyXr5tG55jI9wBm-tSwn7ZM.roa (raw, json)
Hash identifier:          ojUG1DHCfBEX5RoSvSto85jWrWuEE+T8wqBz5z+O87U=
Subject key identifier:   84:6D:4A:4B:25:EB:E6:D1:B9:E6:32:3D:C0:19:BE:B5:2C:27:ED:93
Certificate issuer:       /CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
Certificate serial:       01969F87F82CD4B87044D8842AFEBD7DDCC1
Authority key identifier: B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/hG1KSyXr5tG55jI9wBm-tSwn7ZM.roa
Signing time:             Mon 05 May 2025 08:20:10 +0000
ROA not before:           Mon 05 May 2025 08:20:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200154
IP address blocks:        37.32.67.0/24 maxlen: 24
                          37.32.77.0/24 maxlen: 24
                          37.32.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9f:87:f8:2c:d4:b8:70:44:d8:84:2a:fe:bd:7d:dc:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
        Validity
            Not Before: May  5 08:20:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=846d4a4b25ebe6d1b9e6323dc019beb52c27ed93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:5e:33:a1:38:89:be:6f:92:b0:48:a5:6c:01:
                    52:de:21:2f:9a:ec:09:1b:d2:a8:5b:e7:15:0b:12:
                    87:41:52:6a:23:45:84:da:f7:e7:6e:17:9d:7e:f5:
                    d3:41:2c:08:83:22:d3:ae:fb:8e:12:55:df:50:27:
                    f7:32:60:5d:42:78:92:b5:39:11:55:3d:d6:ed:81:
                    7a:5d:77:36:2b:37:2d:22:da:4a:66:e0:27:52:5a:
                    69:81:c0:f5:b0:69:a6:b0:4c:e6:da:64:88:68:7d:
                    cd:6c:61:e4:f1:8f:86:ad:4c:02:6b:d3:ee:ce:9f:
                    2e:80:95:4a:6a:bf:9b:d8:a5:cd:28:00:e8:a1:43:
                    ab:c0:89:09:ca:7d:f3:b2:97:b6:10:8d:38:19:2c:
                    eb:7a:f1:f5:1a:e7:4d:85:21:8c:87:af:aa:a9:1b:
                    ed:30:7d:33:90:aa:96:dc:f1:3a:60:db:81:99:e5:
                    9e:73:79:8c:2c:ed:b9:3b:2d:c8:7f:1b:14:aa:a2:
                    84:54:4d:1f:fa:ca:96:33:25:8a:a7:5d:fe:0c:72:
                    28:e1:ee:42:51:2b:fd:21:29:e3:c1:67:eb:cd:b6:
                    e2:9f:3b:11:54:15:29:6b:c7:e3:fc:09:ee:0a:d0:
                    79:4a:2f:30:4a:9f:47:3e:3e:00:f3:a9:0a:14:41:
                    99:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:6D:4A:4B:25:EB:E6:D1:B9:E6:32:3D:C0:19:BE:B5:2C:27:ED:93
            X509v3 Authority Key Identifier:
                keyid:B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/hG1KSyXr5tG55jI9wBm-tSwn7ZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.67.0/24
                  37.32.77.0/24
                  37.32.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:1e:3c:30:4f:dd:6d:fd:9e:94:c1:7b:ac:2d:87:c8:1a:95:
         24:cd:73:22:5f:1c:87:c4:72:85:31:ea:28:64:d8:ba:b6:e6:
         bc:a1:70:75:78:50:2c:57:c7:30:35:12:a7:d9:e3:ad:83:61:
         d1:8f:06:2b:59:15:56:75:25:a9:c1:ed:c3:1d:f2:bc:81:38:
         07:d1:ba:6b:82:73:19:86:b9:b3:e3:b1:5d:08:90:bd:24:ee:
         8c:71:e6:dd:89:da:e6:6a:63:e5:68:1a:f1:76:0f:4f:f2:c8:
         71:54:9d:98:0a:83:7c:b9:d7:b1:29:bc:5e:07:06:df:af:9d:
         53:af:21:b6:ae:ea:c5:94:e7:8a:d1:4a:2d:80:71:d9:e6:ad:
         7d:f2:2a:44:11:33:12:19:69:72:69:ab:a5:ec:f8:96:11:2b:
         57:95:e2:12:40:79:37:e9:aa:d0:34:d1:02:f5:07:74:96:16:
         19:f1:35:50:8f:3e:d8:0e:cf:a6:a1:88:76:38:15:be:51:e7:
         ee:22:78:a3:87:bc:8a:2f:12:c1:78:c0:3c:06:bd:98:f4:c3:
         39:48:b1:7c:81:5a:ee:98:d6:68:34:65:29:fb:fb:93:93:cc:
         10:90:f0:0a:39:34:45:db:16:65:c6:d2:6f:cf:66:c0:25:14:
         0d:b0:0d:7c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZafh/gs1LhwRNiEKv69fdzBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZTgyYmExNzE1ZDZhZWFlNWIwMTAyNzI1ZmZlMGM4MzQ3
MzVkN2QwHhcNMjUwNTA1MDgyMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDZkNGE0YjI1ZWJlNmQxYjllNjMyM2RjMDE5YmViNTJjMjdlZDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyV4zoTiJvm+SsEilbAFS3iEvmuwJ
G9KoW+cVCxKHQVJqI0WE2vfnbhedfvXTQSwIgyLTrvuOElXfUCf3MmBdQniStTkR
VT3W7YF6XXc2KzctItpKZuAnUlppgcD1sGmmsEzm2mSIaH3NbGHk8Y+GrUwCa9Pu
zp8ugJVKar+b2KXNKADooUOrwIkJyn3zspe2EI04GSzrevH1GudNhSGMh6+qqRvt
MH0zkKqW3PE6YNuBmeWec3mMLO25Oy3IfxsUqqKEVE0f+sqWMyWKp13+DHIo4e5C
USv9ISnjwWfrzbbinzsRVBUpa8fj/AnuCtB5Si8wSp9HPj4A86kKFEGZVQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIRtSksl6+bRueYyPcAZvrUsJ+2TMB8GA1UdIwQY
MBaAFLToK6FxXWrq5bAQJyX/4Mg0c119MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMt
YzdkMTk5MzBkNjZkLzEvaEcxS1N5WHI1dEc1NWpJOXdCbS10U3duN1pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMtYzdkMTk5MzBkNjZk
LzEvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAJSBDAwQA
JSBNAwQAJSBPMA0GCSqGSIb3DQEBCwUAA4IBAQBoHjwwT91t/Z6UwXusLYfIGpUk
zXMiXxyHxHKFMeooZNi6tua8oXB1eFAsV8cwNRKn2eOtg2HRjwYrWRVWdSWpwe3D
HfK8gTgH0bprgnMZhrmz47FdCJC9JO6McebdidrmamPlaBrxdg9P8shxVJ2YCoN8
udexKbxeBwbfr51TryG2rurFlOeK0UotgHHZ5q198ipEETMSGWlyaaul7PiWEStX
leISQHk36arQNNEC9Qd0lhYZ8TVQjz7YDs+moYh2OBW+UefuInijh7yKLxLBeMA8
Br2Y9MM5SLF8gVrumNZoNGUp+/uTk8wQkPAKOTRF2xZlxtJvz2bAJRQNsA18
-----END CERTIFICATE-----