Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/1G4hJtK-Q6kU7icYScQRC5-Be-s.roa
File:                     1G4hJtK-Q6kU7icYScQRC5-Be-s.roa (raw, json)
Hash identifier:          dMz2je+c/O1VWWnftEtGiGhh3+EYMNwffk18Dr9qsq8=
Subject key identifier:   D4:6E:21:26:D2:BE:43:A9:14:EE:27:18:49:C4:11:0B:9F:81:7B:EB
Certificate issuer:       /CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
Certificate serial:       01996B33D89F525DC0225663ADA90737BA31
Authority key identifier: C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/1G4hJtK-Q6kU7icYScQRC5-Be-s.roa
Signing time:             Sun 21 Sep 2025 07:36:23 +0000
ROA not before:           Sun 21 Sep 2025 07:36:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210356
IP address blocks:        37.148.132.0/22 maxlen: 22
                          37.148.132.0/23 maxlen: 24
                          37.148.134.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:6b:33:d8:9f:52:5d:c0:22:56:63:ad:a9:07:37:ba:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6a249a0eacd8abcbea0d82ef71016d386e8ef94
        Validity
            Not Before: Sep 21 07:36:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d46e2126d2be43a914ee271849c4110b9f817beb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:84:3f:00:a8:c3:20:04:1d:03:3e:3f:f6:a1:
                    de:cc:29:af:25:86:6d:b7:36:04:38:61:ed:31:da:
                    f3:5c:0d:09:a4:e6:bd:12:09:14:e3:87:be:7b:f9:
                    25:71:b2:85:cc:d0:fe:1a:b3:8e:69:76:3c:d8:24:
                    b0:10:70:c8:89:0c:ee:82:10:b2:2f:3d:90:c7:ad:
                    69:2b:04:25:b4:96:fc:ce:d3:d1:ff:47:90:60:36:
                    17:42:46:61:82:b4:68:5c:b7:ca:fd:02:cf:ab:8b:
                    cb:83:a4:ca:3a:fc:5f:35:dc:bc:46:5b:80:63:a0:
                    f1:4a:99:ad:fc:bd:51:4e:da:49:ba:69:f3:05:1a:
                    2b:0e:a8:87:26:d0:c5:fd:40:a7:4f:89:03:37:e0:
                    fd:60:e1:99:46:a5:a5:27:78:15:32:a2:41:b2:d1:
                    16:fd:e5:49:41:1d:be:1b:09:35:45:aa:8b:1d:a8:
                    7c:06:8b:25:20:2f:2c:f8:1e:e3:94:18:e5:71:c2:
                    f2:50:66:28:9b:21:2b:73:e0:9e:1b:f8:e2:ca:34:
                    44:84:7e:86:c4:83:db:61:34:c7:26:02:70:68:b6:
                    6a:32:e5:71:c5:1b:c2:d5:96:ce:a0:8e:4a:95:f2:
                    b8:2f:5c:ed:bd:03:91:5f:c4:90:cd:9d:5f:a0:75:
                    4e:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:6E:21:26:D2:BE:43:A9:14:EE:27:18:49:C4:11:0B:9F:81:7B:EB
            X509v3 Authority Key Identifier:
                keyid:C6:A2:49:A0:EA:CD:8A:BC:BE:A0:D8:2E:F7:10:16:D3:86:E8:EF:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xqJJoOrNiry-oNgu9xAW04bo75Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/1G4hJtK-Q6kU7icYScQRC5-Be-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/30f186-90e2-4ca6-917e-21057d228d05/1/xqJJoOrNiry-oNgu9xAW04bo75Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.148.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:f5:f6:30:ee:ef:b1:10:1a:58:ad:2e:13:c5:76:c0:5a:3a:
         eb:c0:4c:6f:43:b5:33:dc:63:3d:b8:7a:51:91:5b:64:74:d5:
         69:96:c6:bc:38:f3:17:72:05:30:19:01:ae:79:82:5a:fa:17:
         3f:c1:97:34:7f:76:42:58:36:75:11:df:61:77:45:eb:11:a1:
         e9:73:01:5a:28:52:fa:99:b9:af:9b:fb:f0:91:bf:20:05:7e:
         24:2e:59:9d:f0:66:ed:8c:fe:07:fb:7c:0a:b4:27:26:9a:fe:
         f8:e9:ee:84:4b:91:fd:a5:9b:ff:37:54:fc:6b:62:42:3b:34:
         58:b7:b4:14:01:cf:6c:91:e9:4c:60:27:7b:20:d5:b2:96:69:
         46:07:16:eb:4d:47:19:17:4b:3e:7f:50:3e:89:68:ba:e2:84:
         fc:32:02:db:a1:80:c4:8f:8e:81:fa:a5:22:51:f4:1b:98:6e:
         15:ca:b0:e1:0b:5c:cc:bb:7b:95:85:4b:4b:4f:73:6c:52:84:
         e5:46:10:15:85:90:b9:bd:cb:48:ff:88:88:aa:be:69:32:cc:
         b5:77:19:68:af:0a:dd:89:bb:ac:9d:e7:8a:a9:8b:4d:57:a4:
         d6:a7:b4:7e:b8:18:57:87:a5:09:79:c6:de:f4:1d:1f:a1:fa:
         6a:5e:db:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlrM9ifUl3AIlZjrakHN7oxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YTI0OWEwZWFjZDhhYmNiZWEwZDgyZWY3MTAxNmQzODZl
OGVmOTQwHhcNMjUwOTIxMDczNjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDZlMjEyNmQyYmU0M2E5MTRlZTI3MTg0OWM0MTEwYjlmODE3YmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIQ/AKjDIAQdAz4/9qHezCmvJYZt
tzYEOGHtMdrzXA0JpOa9EgkU44e+e/klcbKFzND+GrOOaXY82CSwEHDIiQzughCy
Lz2Qx61pKwQltJb8ztPR/0eQYDYXQkZhgrRoXLfK/QLPq4vLg6TKOvxfNdy8RluA
Y6DxSpmt/L1RTtpJumnzBRorDqiHJtDF/UCnT4kDN+D9YOGZRqWlJ3gVMqJBstEW
/eVJQR2+Gwk1RaqLHah8BoslIC8s+B7jlBjlccLyUGYomyErc+CeG/jiyjREhH6G
xIPbYTTHJgJwaLZqMuVxxRvC1ZbOoI5KlfK4L1ztvQORX8SQzZ1foHVOmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNRuISbSvkOpFO4nGEnEEQufgXvrMB8GA1UdIwQY
MBaAFMaiSaDqzYq8vqDYLvcQFtOG6O+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2Ut
MjEwNTdkMjI4ZDA1LzEvMUc0aEp0Sy1RNmtVN2ljWVNjUVJDNS1CZS1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8zMGYxODYtOTBlMi00Y2E2LTkxN2UtMjEwNTdkMjI4ZDA1
LzEveHFKSm9Pck5pcnktb05ndTl4QVcwNGJvNzVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJZSEMA0G
CSqGSIb3DQEBCwUAA4IBAQA79fYw7u+xEBpYrS4TxXbAWjrrwExvQ7Uz3GM9uHpR
kVtkdNVplsa8OPMXcgUwGQGueYJa+hc/wZc0f3ZCWDZ1Ed9hd0XrEaHpcwFaKFL6
mbmvm/vwkb8gBX4kLlmd8GbtjP4H+3wKtCcmmv746e6ES5H9pZv/N1T8a2JCOzRY
t7QUAc9skelMYCd7INWylmlGBxbrTUcZF0s+f1A+iWi64oT8MgLboYDEj46B+qUi
UfQbmG4VyrDhC1zMu3uVhUtLT3NsUoTlRhAVhZC5vctI/4iIqr5pMsy1dxlorwrd
ibusneeKqYtNV6TWp7R+uBhXh6UJecbe9B0fofpqXttw
-----END CERTIFICATE-----