Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7a8bf2-6cb3-49ae-9e32-8829ee661c64/1/a0SjSsK93R47m4eRP1Kso9k59CQ.roa
File:                     a0SjSsK93R47m4eRP1Kso9k59CQ.roa (raw, json)
Hash identifier:          4DqaXQky67MktM88+QkXZEvBSJRKln9MtvLpFVmXjJ0=
Subject key identifier:   6B:44:A3:4A:C2:BD:DD:1E:3B:9B:87:91:3F:52:AC:A3:D9:39:F4:24
Certificate issuer:       /CN=a4f86275dc21c61da0cecd127e9774ccaa32b0bb
Certificate serial:       019421B15AC1348A0318305B5BCCEFF6BE37
Authority key identifier: A4:F8:62:75:DC:21:C6:1D:A0:CE:CD:12:7E:97:74:CC:AA:32:B0:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pPhiddwhxh2gzs0Sfpd0zKoysLs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7a8bf2-6cb3-49ae-9e32-8829ee661c64/1/a0SjSsK93R47m4eRP1Kso9k59CQ.roa
Signing time:             Wed 01 Jan 2025 11:47:38 +0000
ROA not before:           Wed 01 Jan 2025 11:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209148
IP address blocks:        85.209.184.0/22 maxlen: 22
                          2a09:9c40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/7a8bf2-6cb3-49ae-9e32-8829ee661c64/1/pPhiddwhxh2gzs0Sfpd0zKoysLs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/7a8bf2-6cb3-49ae-9e32-8829ee661c64/1/pPhiddwhxh2gzs0Sfpd0zKoysLs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pPhiddwhxh2gzs0Sfpd0zKoysLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 02:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:5a:c1:34:8a:03:18:30:5b:5b:cc:ef:f6:be:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4f86275dc21c61da0cecd127e9774ccaa32b0bb
        Validity
            Not Before: Jan  1 11:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b44a34ac2bddd1e3b9b87913f52aca3d939f424
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:28:6b:48:3a:ca:f7:50:ec:8e:a6:8d:1d:0f:
                    12:1f:a0:a8:f7:d6:c2:ca:47:0b:e2:4e:b5:4a:c9:
                    f2:fb:9a:f0:e9:28:7c:33:30:26:88:3f:a8:5e:4b:
                    3a:44:35:ea:3d:a6:bd:ae:e9:45:4d:dc:de:94:f8:
                    6e:5c:1a:74:06:f0:73:bb:85:56:68:89:92:b6:22:
                    37:5b:86:f3:e9:b2:b1:79:18:e6:ef:e2:eb:2d:37:
                    68:43:7e:f1:39:cf:b8:a4:0e:65:19:bb:87:58:f1:
                    ee:58:77:24:5a:d4:17:04:9f:f6:ca:26:1c:17:42:
                    b5:22:0b:57:9c:3f:30:16:c4:e8:3e:98:f6:55:fb:
                    87:0c:2b:b0:7b:c6:82:ed:38:4f:57:29:cb:d6:69:
                    cb:6e:53:c1:9d:5b:9b:a3:c7:c5:b5:9e:5a:a9:03:
                    1c:fb:dd:01:3f:40:74:b8:ad:2b:2d:67:53:6f:39:
                    6b:47:9b:9d:e5:9f:d0:0e:83:39:33:78:09:c6:d9:
                    6e:44:8a:ab:d8:bc:0b:99:d5:a7:e8:20:a5:ab:fd:
                    e4:4a:1a:67:bd:3e:96:df:cd:d5:bf:1e:6b:93:f1:
                    40:6e:03:ec:db:fb:0c:c9:35:e0:40:f1:14:6e:34:
                    b9:06:a1:7d:69:75:d6:13:36:00:77:4d:fa:31:3f:
                    cb:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:44:A3:4A:C2:BD:DD:1E:3B:9B:87:91:3F:52:AC:A3:D9:39:F4:24
            X509v3 Authority Key Identifier:
                keyid:A4:F8:62:75:DC:21:C6:1D:A0:CE:CD:12:7E:97:74:CC:AA:32:B0:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pPhiddwhxh2gzs0Sfpd0zKoysLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7a8bf2-6cb3-49ae-9e32-8829ee661c64/1/a0SjSsK93R47m4eRP1Kso9k59CQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7a8bf2-6cb3-49ae-9e32-8829ee661c64/1/pPhiddwhxh2gzs0Sfpd0zKoysLs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.184.0/22
                IPv6:
                  2a09:9c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         23:84:46:62:0e:70:b1:3e:e5:c3:f6:d6:70:13:69:dd:0d:7d:
         77:d9:1d:ed:ea:f6:16:20:fc:86:b7:76:2e:8b:d9:86:86:60:
         83:d0:07:a2:3c:23:1f:a5:46:77:cc:11:03:b8:71:ec:38:d1:
         9b:a7:78:e2:db:18:38:d2:f1:40:d8:72:fb:b8:64:22:29:5d:
         3a:5b:fa:35:f5:cd:71:31:c1:30:59:e5:09:1c:d0:18:2c:9d:
         95:0f:2a:20:1e:1d:e4:8a:fa:e6:55:69:52:3b:53:29:72:ef:
         f6:2a:ac:27:7e:96:a0:a5:9b:30:5f:9d:92:17:a5:b5:e8:48:
         85:a1:d6:b0:fc:8d:04:5e:d7:41:0d:de:47:94:1a:94:d4:68:
         10:bf:9a:88:dc:99:2c:c9:4e:65:df:87:63:04:97:91:db:75:
         e8:40:4e:35:69:b9:7d:ba:84:8c:94:7b:84:dc:92:27:5c:be:
         05:ee:3d:1c:a5:06:28:14:ea:9a:66:db:51:df:76:11:cd:0a:
         2e:55:0a:1b:01:3a:6b:d9:e8:cf:a1:90:9d:a5:f4:d7:bd:a2:
         ff:2b:47:e2:a9:f0:c6:15:69:70:b3:b0:74:cc:cd:c0:bd:fe:
         12:cc:02:fc:42:ea:ce:0b:42:79:10:94:82:22:c2:2c:b9:4d:
         9f:9c:b2:f2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhsVrBNIoDGDBbW8zv9r43MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Zjg2Mjc1ZGMyMWM2MWRhMGNlY2QxMjdlOTc3NGNjYWEz
MmIwYmIwHhcNMjUwMTAxMTE0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjQ0YTM0YWMyYmRkZDFlM2I5Yjg3OTEzZjUyYWNhM2Q5MzlmNDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnChrSDrK91DsjqaNHQ8SH6Co99bC
ykcL4k61Ssny+5rw6Sh8MzAmiD+oXks6RDXqPaa9rulFTdzelPhuXBp0BvBzu4VW
aImStiI3W4bz6bKxeRjm7+LrLTdoQ37xOc+4pA5lGbuHWPHuWHckWtQXBJ/2yiYc
F0K1IgtXnD8wFsToPpj2VfuHDCuwe8aC7ThPVynL1mnLblPBnVubo8fFtZ5aqQMc
+90BP0B0uK0rLWdTbzlrR5ud5Z/QDoM5M3gJxtluRIqr2LwLmdWn6CClq/3kShpn
vT6W383Vvx5rk/FAbgPs2/sMyTXgQPEUbjS5BqF9aXXWEzYAd036MT/LuwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGtEo0rCvd0eO5uHkT9SrKPZOfQkMB8GA1UdIwQY
MBaAFKT4YnXcIcYdoM7NEn6XdMyqMrC7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFBoaWRkd2h4aDJnenMwU2ZwZDB6S295c0xzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83YThiZjItNmNiMy00OWFlLTllMzIt
ODgyOWVlNjYxYzY0LzEvYTBTalNzSzkzUjQ3bTRlUlAxS3NvOWs1OUNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83YThiZjItNmNiMy00OWFlLTllMzItODgyOWVlNjYxYzY0
LzEvcFBoaWRkd2h4aDJnenMwU2ZwZDB6S295c0xzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCVdG4MA0E
AgACMAcDBQMqCZxAMA0GCSqGSIb3DQEBCwUAA4IBAQAjhEZiDnCxPuXD9tZwE2nd
DX132R3t6vYWIPyGt3Yui9mGhmCD0AeiPCMfpUZ3zBEDuHHsONGbp3ji2xg40vFA
2HL7uGQiKV06W/o19c1xMcEwWeUJHNAYLJ2VDyogHh3kivrmVWlSO1Mpcu/2Kqwn
fpagpZswX52SF6W16EiFodaw/I0EXtdBDd5HlBqU1GgQv5qI3JksyU5l34djBJeR
23XoQE41abl9uoSMlHuE3JInXL4F7j0cpQYoFOqaZttR33YRzQouVQobATpr2ejP
oZCdpfTXvaL/K0fiqfDGFWlws7B0zM3Avf4SzAL8QurOC0J5EJSCIsIsuU2fnLLy
-----END CERTIFICATE-----