Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/ffdb69-680a-465c-a489-66c1442480de/1/Symg0jAPVS-ti1ruCDzymyj_CR0.roa
File:                     Symg0jAPVS-ti1ruCDzymyj_CR0.roa (raw, json)
Hash identifier:          GUIXVLB8gdm1fu+e7gBbFfA+4MoEzWz7SkljoSB1b/4=
Subject key identifier:   4B:29:A0:D2:30:0F:55:2F:AD:8B:5A:EE:08:3C:F2:9B:28:FF:09:1D
Certificate issuer:       /CN=9e3e00c6d2b2f98d51482e943b9793d43bf3bc86
Certificate serial:       019426D9496DD4560219AD2EAD675402DF48
Authority key identifier: 9E:3E:00:C6:D2:B2:F9:8D:51:48:2E:94:3B:97:93:D4:3B:F3:BC:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nj4AxtKy-Y1RSC6UO5eT1DvzvIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/ffdb69-680a-465c-a489-66c1442480de/1/Symg0jAPVS-ti1ruCDzymyj_CR0.roa
Signing time:             Thu 02 Jan 2025 11:49:21 +0000
ROA not before:           Thu 02 Jan 2025 11:49:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205348
IP address blocks:        185.220.124.0/24 maxlen: 24
                          185.220.125.0/24 maxlen: 24
                          185.220.126.0/24 maxlen: 24
                          185.220.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/ffdb69-680a-465c-a489-66c1442480de/1/nj4AxtKy-Y1RSC6UO5eT1DvzvIY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/ffdb69-680a-465c-a489-66c1442480de/1/nj4AxtKy-Y1RSC6UO5eT1DvzvIY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nj4AxtKy-Y1RSC6UO5eT1DvzvIY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:49:6d:d4:56:02:19:ad:2e:ad:67:54:02:df:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e3e00c6d2b2f98d51482e943b9793d43bf3bc86
        Validity
            Not Before: Jan  2 11:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b29a0d2300f552fad8b5aee083cf29b28ff091d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:e3:78:9c:14:1d:ff:eb:b9:49:7f:ef:cb:b4:
                    f0:1c:c6:f8:12:f4:a7:4c:bb:ff:3c:e2:7e:6e:81:
                    23:c7:8e:c2:b8:11:54:99:7f:e1:f0:12:ab:ee:3b:
                    50:b7:ca:6c:34:c4:82:9a:28:ef:9c:8b:8f:0a:ea:
                    ac:88:1e:e3:6c:e4:0c:65:a0:9a:de:c3:95:a3:02:
                    5f:ae:f6:30:1b:84:1a:31:f1:c7:66:56:e5:e2:c4:
                    83:80:ff:b3:2e:b1:8c:4b:49:51:90:d6:c5:d7:83:
                    68:e3:46:e3:12:1b:80:c8:b8:2c:10:56:b3:29:1e:
                    9b:11:1d:86:b7:51:4f:3d:00:ef:6b:26:65:12:d0:
                    63:ca:c7:d7:65:4a:00:9f:32:4f:b2:fa:5b:1f:6b:
                    79:21:70:ce:b7:4b:ec:7f:6e:53:50:fe:bd:72:a5:
                    81:bc:f5:c1:dd:bd:da:d5:3e:df:c9:b0:ce:01:3f:
                    98:f9:77:f1:77:74:ea:db:9c:37:b2:03:83:57:43:
                    8a:d7:a0:64:4f:b4:7e:36:35:0c:5b:4d:68:d4:ef:
                    5f:5a:8b:8d:8e:c3:de:32:96:a2:70:32:a5:51:e7:
                    b4:f0:f4:da:db:ff:19:fc:bd:77:03:7f:18:bf:89:
                    74:20:9f:db:c1:17:84:80:02:2c:cf:1f:ec:79:87:
                    31:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:29:A0:D2:30:0F:55:2F:AD:8B:5A:EE:08:3C:F2:9B:28:FF:09:1D
            X509v3 Authority Key Identifier:
                keyid:9E:3E:00:C6:D2:B2:F9:8D:51:48:2E:94:3B:97:93:D4:3B:F3:BC:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nj4AxtKy-Y1RSC6UO5eT1DvzvIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/ffdb69-680a-465c-a489-66c1442480de/1/Symg0jAPVS-ti1ruCDzymyj_CR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/ffdb69-680a-465c-a489-66c1442480de/1/nj4AxtKy-Y1RSC6UO5eT1DvzvIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:1c:cc:26:e7:c0:66:f9:8b:b2:bd:e4:54:86:f4:ff:46:98:
         24:93:b5:d3:0f:d2:60:12:1e:8d:d5:83:59:04:00:41:b9:12:
         59:63:ea:b5:2c:f0:f2:4d:24:b5:dc:6c:42:89:89:19:a9:d2:
         55:83:2f:18:93:fc:9a:24:53:f4:2d:0a:68:3c:32:e8:ad:29:
         42:b1:59:71:64:fc:97:89:ab:d2:48:e0:a1:bc:b2:7d:c7:45:
         63:bd:9e:3c:7c:11:45:fb:33:6d:a5:39:d0:91:fe:47:76:59:
         86:e9:37:f2:a1:81:3f:b0:68:c9:79:76:fa:a7:f8:8c:dd:48:
         33:5c:1d:dd:a0:86:ae:d5:ba:ea:81:a8:e0:3f:69:71:cf:4f:
         c8:33:a8:9f:ee:96:4f:1a:da:e6:b0:d4:e1:c1:b6:a0:18:c6:
         ef:a5:5e:6c:a9:94:7a:e3:a2:e9:87:31:8e:d2:bd:10:98:da:
         d2:4b:ba:a4:48:e5:1b:d0:e0:3e:8a:03:5b:85:53:62:79:1f:
         95:52:20:b4:3f:2f:08:fb:0c:45:c7:cf:af:9a:9e:97:e6:95:
         bc:35:3f:05:e6:0e:e3:0f:4a:19:08:bd:51:a4:77:41:19:fb:
         19:99:ed:2d:a7:50:de:b0:b2:74:41:fc:38:4d:0c:86:4a:1c:
         7d:4b:5e:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2Ult1FYCGa0urWdUAt9IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllM2UwMGM2ZDJiMmY5OGQ1MTQ4MmU5NDNiOTc5M2Q0M2Jm
M2JjODYwHhcNMjUwMTAyMTE0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjI5YTBkMjMwMGY1NTJmYWQ4YjVhZWUwODNjZjI5YjI4ZmYwOTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2eN4nBQd/+u5SX/vy7TwHMb4EvSn
TLv/POJ+boEjx47CuBFUmX/h8BKr7jtQt8psNMSCmijvnIuPCuqsiB7jbOQMZaCa
3sOVowJfrvYwG4QaMfHHZlbl4sSDgP+zLrGMS0lRkNbF14No40bjEhuAyLgsEFaz
KR6bER2Gt1FPPQDvayZlEtBjysfXZUoAnzJPsvpbH2t5IXDOt0vsf25TUP69cqWB
vPXB3b3a1T7fybDOAT+Y+Xfxd3Tq25w3sgODV0OK16BkT7R+NjUMW01o1O9fWouN
jsPeMpaicDKlUee08PTa2/8Z/L13A38Yv4l0IJ/bwReEgAIszx/seYcxewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEspoNIwD1UvrYta7gg88pso/wkdMB8GA1UdIwQY
MBaAFJ4+AMbSsvmNUUgulDuXk9Q787yGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmo0QXh0S3ktWTFSU0M2VU81ZVQxRHZ6dklZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9mZmRiNjktNjgwYS00NjVjLWE0ODkt
NjZjMTQ0MjQ4MGRlLzEvU3ltZzBqQVBWUy10aTFydUNEenlteWpfQ1IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9mZmRiNjktNjgwYS00NjVjLWE0ODktNjZjMTQ0MjQ4MGRl
LzEvbmo0QXh0S3ktWTFSU0M2VU81ZVQxRHZ6dklZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudx8MA0G
CSqGSIb3DQEBCwUAA4IBAQCDHMwm58Bm+YuyveRUhvT/Rpgkk7XTD9JgEh6N1YNZ
BABBuRJZY+q1LPDyTSS13GxCiYkZqdJVgy8Yk/yaJFP0LQpoPDLorSlCsVlxZPyX
iavSSOChvLJ9x0VjvZ48fBFF+zNtpTnQkf5HdlmG6TfyoYE/sGjJeXb6p/iM3Ugz
XB3doIau1brqgajgP2lxz0/IM6if7pZPGtrmsNThwbagGMbvpV5sqZR646LphzGO
0r0QmNrSS7qkSOUb0OA+igNbhVNieR+VUiC0Py8I+wxFx8+vmp6X5pW8NT8F5g7j
D0oZCL1RpHdBGfsZme0tp1DesLJ0Qfw4TQyGShx9S151
-----END CERTIFICATE-----