Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b9a283-5c8d-4628-80bc-ee7ba0e9f7ca/1/KgttFz6IodgLZeLta7RLneUK6Ro.roa
File:                     KgttFz6IodgLZeLta7RLneUK6Ro.roa (raw, json)
Hash identifier:          IYP5zin82ggYoVWQmz/dnK+iP1pdsQlzD5cbI7kYfRQ=
Subject key identifier:   2A:0B:6D:17:3E:88:A1:D8:0B:65:E2:ED:6B:B4:4B:9D:E5:0A:E9:1A
Certificate issuer:       /CN=aff4242c10e438537e169ab002bf6be81fa2a5ed
Certificate serial:       019425FC5841DA076A09B40376B589F8DEFB
Authority key identifier: AF:F4:24:2C:10:E4:38:53:7E:16:9A:B0:02:BF:6B:E8:1F:A2:A5:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_QkLBDkOFN-FpqwAr9r6B-ipe0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b9a283-5c8d-4628-80bc-ee7ba0e9f7ca/1/KgttFz6IodgLZeLta7RLneUK6Ro.roa
Signing time:             Thu 02 Jan 2025 07:48:02 +0000
ROA not before:           Thu 02 Jan 2025 07:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42910
IP address blocks:        185.135.220.0/24 maxlen: 24
                          185.135.221.0/24 maxlen: 24
                          185.135.222.0/24 maxlen: 24
                          185.135.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b9a283-5c8d-4628-80bc-ee7ba0e9f7ca/1/r_QkLBDkOFN-FpqwAr9r6B-ipe0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b9a283-5c8d-4628-80bc-ee7ba0e9f7ca/1/r_QkLBDkOFN-FpqwAr9r6B-ipe0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_QkLBDkOFN-FpqwAr9r6B-ipe0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 13:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:58:41:da:07:6a:09:b4:03:76:b5:89:f8:de:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aff4242c10e438537e169ab002bf6be81fa2a5ed
        Validity
            Not Before: Jan  2 07:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a0b6d173e88a1d80b65e2ed6bb44b9de50ae91a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:bc:0a:cc:11:45:bc:e6:f0:c6:4f:b2:5e:e6:
                    40:72:1f:7e:0c:a0:fa:33:d4:23:78:84:af:79:4b:
                    fa:ae:de:f1:62:7d:5b:fd:44:aa:32:50:a6:7a:b4:
                    b0:7c:03:ce:ea:60:dc:de:3b:73:d2:5b:39:78:23:
                    cd:40:2b:37:2d:6c:fd:e3:b9:49:01:6f:95:c6:15:
                    b5:4d:83:ab:fb:d7:a7:e0:2a:e4:c9:75:3c:54:f9:
                    9d:22:d0:76:45:e9:0a:7e:ae:28:9c:56:38:1d:32:
                    70:c4:9a:4f:77:99:44:b1:97:af:c6:76:c6:b4:0a:
                    6e:27:12:c2:b8:1e:06:a5:b3:5e:74:43:9f:fa:21:
                    02:81:c2:c8:c4:5d:35:fc:68:4c:9b:f4:bf:6c:a7:
                    87:1c:4d:11:36:9b:80:4a:43:8d:9b:ae:4a:75:c0:
                    6f:b3:8e:1e:ea:e5:a2:4c:48:80:fc:53:37:95:af:
                    71:58:14:35:f7:d2:aa:19:8d:b2:ed:f1:76:0a:42:
                    0e:ab:ad:cb:26:77:dc:cb:a0:97:30:96:f9:94:76:
                    a1:a8:7f:06:49:e6:27:78:62:e0:a5:92:92:5c:83:
                    e0:78:f3:d6:81:25:2a:33:a7:3a:93:e8:bf:f3:c3:
                    14:35:28:6e:60:6c:7e:c0:3a:d9:7b:ef:23:3c:2c:
                    59:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:0B:6D:17:3E:88:A1:D8:0B:65:E2:ED:6B:B4:4B:9D:E5:0A:E9:1A
            X509v3 Authority Key Identifier:
                keyid:AF:F4:24:2C:10:E4:38:53:7E:16:9A:B0:02:BF:6B:E8:1F:A2:A5:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_QkLBDkOFN-FpqwAr9r6B-ipe0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b9a283-5c8d-4628-80bc-ee7ba0e9f7ca/1/KgttFz6IodgLZeLta7RLneUK6Ro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b9a283-5c8d-4628-80bc-ee7ba0e9f7ca/1/r_QkLBDkOFN-FpqwAr9r6B-ipe0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         49:8d:49:f5:e8:53:91:0c:c1:e6:ad:de:13:99:be:e9:3e:7c:
         0a:cb:aa:9c:1b:24:33:11:67:18:01:21:71:38:7b:53:27:2a:
         5a:75:d5:33:9e:2f:b9:c8:21:90:35:aa:5f:49:8c:89:a7:a1:
         7e:2a:81:49:1e:61:cd:e0:d5:c7:06:e5:1a:8b:ce:5b:9e:a0:
         23:22:3b:ed:14:af:9a:c0:6d:64:10:11:33:39:24:65:67:40:
         0c:72:37:b0:51:ad:29:0a:f6:67:6b:9f:43:96:96:06:f2:15:
         b8:3d:f9:2f:fd:1a:52:0a:ec:b2:d1:2d:8a:76:d1:66:d5:89:
         5a:d1:18:8a:75:ea:ad:ad:e4:ea:c0:58:29:e6:35:52:f6:86:
         14:ae:02:14:c5:66:53:a6:b6:10:61:d9:86:09:a1:d8:62:70:
         4a:2f:9f:5e:bf:b0:60:73:21:3d:57:c7:df:bd:90:96:fd:a3:
         0a:4a:c3:d4:7b:8c:56:4a:4b:26:07:de:05:3d:f9:94:9e:9b:
         60:fb:37:75:d2:8a:3d:6a:92:c0:f4:2c:b0:72:23:2b:a0:43:
         2b:30:7c:d0:2f:1a:cd:2d:1d:a0:ff:c5:c9:e6:f1:61:c4:ac:
         a3:d6:d2:40:f0:27:cc:2b:34:89:19:16:5d:49:39:69:a4:d4:
         b0:2b:68:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/FhB2gdqCbQDdrWJ+N77MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZjQyNDJjMTBlNDM4NTM3ZTE2OWFiMDAyYmY2YmU4MWZh
MmE1ZWQwHhcNMjUwMTAyMDc0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTBiNmQxNzNlODhhMWQ4MGI2NWUyZWQ2YmI0NGI5ZGU1MGFlOTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7wKzBFFvObwxk+yXuZAch9+DKD6
M9QjeISveUv6rt7xYn1b/USqMlCmerSwfAPO6mDc3jtz0ls5eCPNQCs3LWz947lJ
AW+VxhW1TYOr+9en4CrkyXU8VPmdItB2RekKfq4onFY4HTJwxJpPd5lEsZevxnbG
tApuJxLCuB4GpbNedEOf+iECgcLIxF01/GhMm/S/bKeHHE0RNpuASkONm65KdcBv
s44e6uWiTEiA/FM3la9xWBQ199KqGY2y7fF2CkIOq63LJnfcy6CXMJb5lHahqH8G
SeYneGLgpZKSXIPgePPWgSUqM6c6k+i/88MUNShuYGx+wDrZe+8jPCxZKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCoLbRc+iKHYC2Xi7Wu0S53lCukaMB8GA1UdIwQY
MBaAFK/0JCwQ5DhTfhaasAK/a+gfoqXtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcl9Ra0xCRGtPRk4tRnBxd0FyOXI2Qi1pcGUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iOWEyODMtNWM4ZC00NjI4LTgwYmMt
ZWU3YmEwZTlmN2NhLzEvS2d0dEZ6NklvZGdMWmVMdGE3UkxuZVVLNlJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iOWEyODMtNWM4ZC00NjI4LTgwYmMtZWU3YmEwZTlmN2Nh
LzEvcl9Ra0xCRGtPRk4tRnBxd0FyOXI2Qi1pcGUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYfcMA0G
CSqGSIb3DQEBCwUAA4IBAQBJjUn16FORDMHmrd4Tmb7pPnwKy6qcGyQzEWcYASFx
OHtTJypaddUzni+5yCGQNapfSYyJp6F+KoFJHmHN4NXHBuUai85bnqAjIjvtFK+a
wG1kEBEzOSRlZ0AMcjewUa0pCvZna59DlpYG8hW4Pfkv/RpSCuyy0S2KdtFm1Yla
0RiKdeqtreTqwFgp5jVS9oYUrgIUxWZTprYQYdmGCaHYYnBKL59ev7BgcyE9V8ff
vZCW/aMKSsPUe4xWSksmB94FPfmUnptg+zd10oo9apLA9CywciMroEMrMHzQLxrN
LR2g/8XJ5vFhxKyj1tJA8CfMKzSJGRZdSTlppNSwK2gc
-----END CERTIFICATE-----