Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/2f3eda-7c73-4675-8e42-052452ddff33/1/khHultJCFa3nBly7QTF7zo9naB4.roa
File:                     khHultJCFa3nBly7QTF7zo9naB4.roa (raw, json)
Hash identifier:          /naXDZk2skS2PhGpa7/4jGbmXTrs9w04D97umrofRsw=
Subject key identifier:   92:11:EE:96:D2:42:15:AD:E7:06:5C:BB:41:31:7B:CE:8F:67:68:1E
Certificate issuer:       /CN=e9b2d146e58663316fd16d3346b5e623fee8eb6a
Certificate serial:       019424B31F338F29D9A1DE96B31819EF42B3
Authority key identifier: E9:B2:D1:46:E5:86:63:31:6F:D1:6D:33:46:B5:E6:23:FE:E8:EB:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6bLRRuWGYzFv0W0zRrXmI_7o62o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/2f3eda-7c73-4675-8e42-052452ddff33/1/khHultJCFa3nBly7QTF7zo9naB4.roa
Signing time:             Thu 02 Jan 2025 01:48:25 +0000
ROA not before:           Thu 02 Jan 2025 01:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57307
IP address blocks:        185.100.148.0/22 maxlen: 24
                          188.227.240.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/2f3eda-7c73-4675-8e42-052452ddff33/1/6bLRRuWGYzFv0W0zRrXmI_7o62o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/2f3eda-7c73-4675-8e42-052452ddff33/1/6bLRRuWGYzFv0W0zRrXmI_7o62o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6bLRRuWGYzFv0W0zRrXmI_7o62o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:1f:33:8f:29:d9:a1:de:96:b3:18:19:ef:42:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9b2d146e58663316fd16d3346b5e623fee8eb6a
        Validity
            Not Before: Jan  2 01:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9211ee96d24215ade7065cbb41317bce8f67681e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:fd:bb:5c:16:63:66:ff:a5:bc:f9:e2:47:b8:
                    c3:1f:e8:e1:01:65:7e:40:a7:ab:3a:c9:45:8d:3a:
                    c6:df:48:5d:e2:1d:98:be:27:9d:34:81:19:d7:51:
                    3b:a9:9b:c0:ce:8d:9b:79:2e:41:3c:61:69:11:89:
                    21:33:48:91:d6:cf:07:22:75:80:b7:b5:59:91:84:
                    2a:0a:22:27:73:9d:3e:4c:2d:aa:bc:c3:de:5f:46:
                    23:77:ee:9e:c3:51:51:8f:9b:28:e6:74:c6:c7:de:
                    a8:d6:a9:b8:5f:a1:0c:bd:cb:a9:af:80:3f:7b:7f:
                    a0:0f:79:e7:5f:5e:eb:06:2e:84:af:20:28:ba:8c:
                    58:09:8b:a0:10:83:e2:6a:9d:17:a9:08:db:34:00:
                    5a:14:ed:c5:30:b2:4c:a0:48:cf:0b:5a:50:8b:c1:
                    e3:61:39:6e:58:83:58:10:d1:12:04:58:9f:49:ba:
                    75:1b:0c:fc:e2:ad:1a:30:08:57:29:78:8f:bb:ad:
                    03:6e:00:4a:49:5f:72:dc:b9:6d:c4:fe:30:d7:7a:
                    e5:af:04:13:b8:bb:7a:fc:37:a6:dc:27:f3:ad:e3:
                    dd:46:67:0d:7b:1f:3f:3d:0f:ec:8f:cd:e1:ab:10:
                    dc:18:50:5a:10:e7:5e:35:08:64:eb:77:ae:cf:38:
                    a6:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:11:EE:96:D2:42:15:AD:E7:06:5C:BB:41:31:7B:CE:8F:67:68:1E
            X509v3 Authority Key Identifier:
                keyid:E9:B2:D1:46:E5:86:63:31:6F:D1:6D:33:46:B5:E6:23:FE:E8:EB:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6bLRRuWGYzFv0W0zRrXmI_7o62o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/2f3eda-7c73-4675-8e42-052452ddff33/1/khHultJCFa3nBly7QTF7zo9naB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/2f3eda-7c73-4675-8e42-052452ddff33/1/6bLRRuWGYzFv0W0zRrXmI_7o62o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.148.0/22
                  188.227.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         24:4f:00:f8:78:4d:26:ff:c0:3c:fa:f0:8c:3c:17:b1:b5:29:
         f8:ed:1c:cb:b6:43:9e:dd:87:3a:e3:bd:b6:83:da:c2:e5:81:
         c4:c1:0e:5a:61:48:4e:77:66:89:b9:b8:e3:56:ff:b7:10:34:
         f2:82:13:a5:48:1b:74:31:fb:cf:dd:91:81:1e:6b:79:9c:f1:
         fa:95:bc:ea:b4:86:71:90:ce:e9:9d:a1:04:84:cc:fc:4c:5d:
         c3:c8:66:67:1c:8e:ca:d4:f0:48:a7:09:8c:37:16:b2:85:ef:
         8a:9c:54:85:1b:60:ec:bd:95:f9:58:b8:d8:cb:a0:51:02:b2:
         0d:03:96:2e:49:57:84:13:d4:1f:d9:3d:06:49:16:7f:05:50:
         0d:ac:b2:ae:bf:8b:9b:ef:5a:ba:19:64:87:1d:d8:15:f7:02:
         33:c5:fd:15:55:28:51:ea:5b:a4:86:00:1f:fa:1d:22:51:4a:
         89:7c:42:6e:78:14:ae:7a:1a:97:28:ce:ab:ca:83:c3:95:b4:
         b3:ed:e9:6b:7b:2c:8b:16:3e:9a:77:c3:d3:09:1e:53:03:69:
         d8:04:e8:cc:d0:82:6d:c9:63:0f:6c:10:d1:2e:c0:a0:07:0e:
         1e:00:68:c5:fc:f3:a4:8d:60:e4:91:47:3d:c2:67:bf:6d:ea:
         22:0f:94:e2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQksx8zjynZod6WsxgZ70KzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YjJkMTQ2ZTU4NjYzMzE2ZmQxNmQzMzQ2YjVlNjIzZmVl
OGViNmEwHhcNMjUwMTAyMDE0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjExZWU5NmQyNDIxNWFkZTcwNjVjYmI0MTMxN2JjZThmNjc2ODFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP27XBZjZv+lvPniR7jDH+jhAWV+
QKerOslFjTrG30hd4h2YviedNIEZ11E7qZvAzo2beS5BPGFpEYkhM0iR1s8HInWA
t7VZkYQqCiInc50+TC2qvMPeX0Yjd+6ew1FRj5so5nTGx96o1qm4X6EMvcupr4A/
e3+gD3nnX17rBi6EryAouoxYCYugEIPiap0XqQjbNABaFO3FMLJMoEjPC1pQi8Hj
YTluWINYENESBFifSbp1Gwz84q0aMAhXKXiPu60DbgBKSV9y3LltxP4w13rlrwQT
uLt6/Dem3CfzrePdRmcNex8/PQ/sj83hqxDcGFBaEOdeNQhk63euzzimnwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJIR7pbSQhWt5wZcu0Exe86PZ2geMB8GA1UdIwQY
MBaAFOmy0UblhmMxb9FtM0a15iP+6OtqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmJMUlJ1V0dZekZ2MFcwelJyWG1JXzdvNjJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8yZjNlZGEtN2M3My00Njc1LThlNDIt
MDUyNDUyZGRmZjMzLzEva2hIdWx0SkNGYTNuQmx5N1FURjd6bzluYUI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8yZjNlZGEtN2M3My00Njc1LThlNDItMDUyNDUyZGRmZjMz
LzEvNmJMUlJ1V0dZekZ2MFcwelJyWG1JXzdvNjJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuWSUAwQD
vOPwMA0GCSqGSIb3DQEBCwUAA4IBAQAkTwD4eE0m/8A8+vCMPBextSn47RzLtkOe
3Yc64722g9rC5YHEwQ5aYUhOd2aJubjjVv+3EDTyghOlSBt0MfvP3ZGBHmt5nPH6
lbzqtIZxkM7pnaEEhMz8TF3DyGZnHI7K1PBIpwmMNxayhe+KnFSFG2DsvZX5WLjY
y6BRArINA5YuSVeEE9Qf2T0GSRZ/BVANrLKuv4ub71q6GWSHHdgV9wIzxf0VVShR
6lukhgAf+h0iUUqJfEJueBSuehqXKM6ryoPDlbSz7elreyyLFj6ad8PTCR5TA2nY
BOjM0IJtyWMPbBDRLsCgBw4eAGjF/POkjWDkkUc9wme/beoiD5Ti
-----END CERTIFICATE-----