Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/249gTQMSJSpG-EMBCDNkFZo6KfY.roa
File:                     249gTQMSJSpG-EMBCDNkFZo6KfY.roa (raw, json)
Hash identifier:          FM2w6rRpmRNy4pkvq/ltjXR9cpyAy1qnATg+Or8+D7c=
Subject key identifier:   DB:8F:60:4D:03:12:25:2A:46:F8:43:01:08:33:64:15:9A:3A:29:F6
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019428267808382E6BCC804CC9E9FD2669AB
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/249gTQMSJSpG-EMBCDNkFZo6KfY.roa
Signing time:             Thu 02 Jan 2025 17:53:17 +0000
ROA not before:           Thu 02 Jan 2025 17:53:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     267507
IP address blocks:        185.21.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:78:08:38:2e:6b:cc:80:4c:c9:e9:fd:26:69:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jan  2 17:53:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db8f604d0312252a46f84301083364159a3a29f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:9c:1b:7b:c4:91:a9:ce:12:ea:bf:a4:05:ff:
                    b1:18:86:93:b7:e6:41:dc:be:54:57:55:c3:93:76:
                    8c:56:f7:8e:e8:3f:dc:cf:9e:ce:bc:80:c9:0d:06:
                    42:9a:9f:67:28:f1:bf:aa:25:69:c3:a6:d8:b8:75:
                    55:17:be:34:d4:ec:da:70:9a:3d:c5:cd:ce:f6:75:
                    3f:7e:3d:72:99:a9:06:05:cf:a7:06:2a:c9:ca:0b:
                    04:91:13:8e:c3:ec:ac:81:85:ab:47:47:8f:8b:ad:
                    46:6d:4c:64:10:ff:dd:e2:68:af:fe:54:a8:5c:7c:
                    85:6b:68:40:d9:61:44:44:73:e4:ac:1a:6a:b1:84:
                    0e:3a:98:46:4f:8b:b3:3b:fc:94:e8:c5:97:c5:06:
                    6a:9c:e1:f8:b9:c5:ea:97:5c:e0:a1:4b:b4:6e:7e:
                    af:a1:db:ad:b1:8a:d3:f6:8e:30:24:0a:6a:ed:6f:
                    ac:8b:29:5c:85:bc:6e:a6:31:6d:b9:fd:01:a2:12:
                    11:d3:95:c4:d9:93:20:ee:4a:c6:9d:82:5b:9d:db:
                    15:7c:30:70:5b:b9:d0:1e:ea:82:d8:c1:88:06:85:
                    96:58:8a:dd:51:1b:ea:ba:99:65:1b:37:57:e1:34:
                    75:ea:ea:2d:0b:3b:3d:c0:7d:bf:7c:1c:ae:e0:c1:
                    ca:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:8F:60:4D:03:12:25:2A:46:F8:43:01:08:33:64:15:9A:3A:29:F6
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/249gTQMSJSpG-EMBCDNkFZo6KfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:10:35:94:6b:82:2e:3b:a0:e0:9d:d8:05:85:94:19:61:89:
         f3:81:b7:28:73:c5:c2:c3:4f:be:ae:2e:ed:68:f7:6a:95:30:
         68:5b:2f:32:f1:60:f4:b3:59:a5:4b:7a:d4:c9:0f:4c:fe:b0:
         ea:a3:3a:69:83:cb:08:9f:f8:1c:b1:2d:17:90:fb:0a:c2:c6:
         cb:b5:19:a2:9a:92:82:00:33:08:1b:11:ae:f9:18:1a:9f:7e:
         e8:1d:18:d1:9f:7b:49:db:67:de:9a:64:10:05:e7:14:b1:89:
         1b:f6:3f:27:67:9e:c6:d2:49:a7:1c:6b:75:87:d5:f6:34:f7:
         e2:07:99:02:c7:09:8e:dd:50:13:33:99:28:80:0a:82:d4:f1:
         35:30:63:db:4a:e0:eb:d5:0a:b0:c6:d8:e2:99:2e:48:b5:d3:
         10:29:68:e6:21:f6:08:54:b4:92:5f:c2:63:28:11:6d:bf:12:
         d1:25:f5:b5:c7:3a:5c:7c:7f:2b:e0:9b:08:d2:79:76:d2:eb:
         75:7d:74:87:e0:a9:c6:01:2a:4c:86:53:1a:6f:da:7c:b8:ea:
         86:f4:22:eb:a8:ae:ea:c5:09:98:68:27:f7:7b:75:0c:7c:51:
         52:52:52:f4:c6:2c:50:32:ce:8a:39:ea:9a:23:cc:58:b3:e7:
         ae:87:47:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJngIOC5rzIBMyen9JmmrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwMTAyMTc1MzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjhmNjA0ZDAzMTIyNTJhNDZmODQzMDEwODMzNjQxNTlhM2EyOWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5wbe8SRqc4S6r+kBf+xGIaTt+ZB
3L5UV1XDk3aMVveO6D/cz57OvIDJDQZCmp9nKPG/qiVpw6bYuHVVF7401OzacJo9
xc3O9nU/fj1ymakGBc+nBirJygsEkROOw+ysgYWrR0ePi61GbUxkEP/d4miv/lSo
XHyFa2hA2WFERHPkrBpqsYQOOphGT4uzO/yU6MWXxQZqnOH4ucXql1zgoUu0bn6v
odutsYrT9o4wJApq7W+siylchbxupjFtuf0BohIR05XE2ZMg7krGnYJbndsVfDBw
W7nQHuqC2MGIBoWWWIrdURvqupllGzdX4TR16uotCzs9wH2/fByu4MHKPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNuPYE0DEiUqRvhDAQgzZBWaOin2MB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvMjQ5Z1RRTVNKU3BHLUVNQkNETmtGWm82S2ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRX8MA0G
CSqGSIb3DQEBCwUAA4IBAQDNEDWUa4IuO6DgndgFhZQZYYnzgbcoc8XCw0++ri7t
aPdqlTBoWy8y8WD0s1mlS3rUyQ9M/rDqozppg8sIn/gcsS0XkPsKwsbLtRmimpKC
ADMIGxGu+Rgan37oHRjRn3tJ22femmQQBecUsYkb9j8nZ57G0kmnHGt1h9X2NPfi
B5kCxwmO3VATM5kogAqC1PE1MGPbSuDr1QqwxtjimS5ItdMQKWjmIfYIVLSSX8Jj
KBFtvxLRJfW1xzpcfH8r4JsI0nl20ut1fXSH4KnGASpMhlMab9p8uOqG9CLrqK7q
xQmYaCf3e3UMfFFSUlL0xixQMs6KOeqaI8xYs+euh0f0
-----END CERTIFICATE-----