Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/614b05-7445-4046-9fb1-2fde80435f4d/1/TlEgVdPwV6Gl0yxcaSKSOXS8BDk.roa
File:                     TlEgVdPwV6Gl0yxcaSKSOXS8BDk.roa (raw, json)
Hash identifier:          rOzs3FdYqLMRuICzpdxO1YhRALyW7K6gs5XgNJ8pgZU=
Subject key identifier:   4E:51:20:55:D3:F0:57:A1:A5:D3:2C:5C:69:22:92:39:74:BC:04:39
Certificate issuer:       /CN=6dbd5cb29940ac2a8553b6ec0a8cec7c209f7ce7
Certificate serial:       0194B864456A83E475C27113F7401E2FE212
Authority key identifier: 6D:BD:5C:B2:99:40:AC:2A:85:53:B6:EC:0A:8C:EC:7C:20:9F:7C:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bb1csplArCqFU7bsCozsfCCffOc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/614b05-7445-4046-9fb1-2fde80435f4d/1/TlEgVdPwV6Gl0yxcaSKSOXS8BDk.roa
Signing time:             Thu 30 Jan 2025 18:06:06 +0000
ROA not before:           Thu 30 Jan 2025 18:06:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43824
IP address blocks:        185.212.220.0/24 maxlen: 24
                          185.212.221.0/24 maxlen: 24
                          185.212.222.0/24 maxlen: 24
                          185.212.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/614b05-7445-4046-9fb1-2fde80435f4d/1/bb1csplArCqFU7bsCozsfCCffOc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/614b05-7445-4046-9fb1-2fde80435f4d/1/bb1csplArCqFU7bsCozsfCCffOc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bb1csplArCqFU7bsCozsfCCffOc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 09:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b8:64:45:6a:83:e4:75:c2:71:13:f7:40:1e:2f:e2:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6dbd5cb29940ac2a8553b6ec0a8cec7c209f7ce7
        Validity
            Not Before: Jan 30 18:06:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e512055d3f057a1a5d32c5c6922923974bc0439
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:8c:f2:9c:ee:29:b3:6d:c4:1d:2c:50:ef:e9:
                    2b:3e:ce:a9:b0:0a:ff:05:68:76:92:07:cc:04:dd:
                    0b:c1:1c:83:da:42:20:ef:29:29:f9:c3:fa:ae:e5:
                    7d:4d:44:91:0d:d0:6b:7b:fa:63:89:df:86:21:49:
                    c5:38:06:ed:b9:71:c6:03:5d:a3:7c:bd:a6:2e:ce:
                    5c:7c:89:3b:af:fd:0f:8b:0a:f0:6c:32:5f:f9:50:
                    c5:89:af:f2:b8:41:a4:dc:3c:29:6b:c5:50:04:6b:
                    c7:bd:b2:00:a7:41:cd:67:26:b4:5b:44:8d:ea:0e:
                    c0:df:a8:af:3d:19:5c:4f:10:7c:db:b1:0a:60:95:
                    5d:f6:14:b2:54:29:a9:2b:98:3e:66:8e:33:f7:1d:
                    a5:bc:aa:9a:d8:89:52:43:3f:7f:21:2e:d6:52:f1:
                    e4:60:d8:c4:d8:15:68:ef:0d:fc:c4:76:b7:a8:23:
                    ec:f1:6a:f2:0c:28:01:b6:d3:a2:f8:c6:9b:c2:54:
                    b9:27:a2:d1:95:db:e9:72:e6:06:48:b6:59:ea:e1:
                    60:14:da:e1:30:c1:d9:4f:29:b3:c4:a6:13:dc:82:
                    a2:0f:8e:7e:9a:09:3c:6f:e9:d1:1c:85:cf:04:70:
                    03:33:28:da:e2:85:f1:0a:8a:93:69:33:ea:f9:98:
                    db:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:51:20:55:D3:F0:57:A1:A5:D3:2C:5C:69:22:92:39:74:BC:04:39
            X509v3 Authority Key Identifier:
                keyid:6D:BD:5C:B2:99:40:AC:2A:85:53:B6:EC:0A:8C:EC:7C:20:9F:7C:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb1csplArCqFU7bsCozsfCCffOc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/614b05-7445-4046-9fb1-2fde80435f4d/1/TlEgVdPwV6Gl0yxcaSKSOXS8BDk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/614b05-7445-4046-9fb1-2fde80435f4d/1/bb1csplArCqFU7bsCozsfCCffOc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:25:88:6b:d4:83:6f:26:33:84:df:8a:b2:6e:71:0d:b4:a8:
         2e:25:da:cf:bb:fe:0d:d4:de:01:07:ed:32:50:cb:80:7c:8d:
         a7:c4:10:1f:ba:04:d1:76:6b:cc:fb:ac:3e:ae:4e:0e:df:64:
         22:f3:d5:72:2b:61:10:60:b4:e9:55:04:f2:ae:f5:a7:5c:54:
         52:8b:79:4a:88:80:23:91:62:c3:a9:4c:8d:6f:54:e2:fe:2e:
         0a:09:84:ff:7c:84:cf:79:b1:81:02:93:d6:a1:0f:e0:c4:4f:
         ae:09:f4:d7:80:e9:9e:37:5f:a6:14:63:3b:cd:1a:97:6a:73:
         08:53:dc:a5:5e:cf:26:49:7f:f9:e8:95:f7:70:b7:e2:91:50:
         cd:84:5f:a0:30:9a:c2:87:6d:de:6a:13:a6:4a:62:fe:c0:84:
         f6:36:ae:6c:af:01:65:87:b3:6b:38:59:63:1f:a7:5a:b8:48:
         21:80:8c:a6:ab:13:51:77:47:ea:f8:45:aa:92:8e:e5:92:4c:
         92:bf:27:1d:f0:ad:b5:3d:f2:ca:97:b0:70:b7:b1:92:bd:a8:
         8b:3c:08:ff:1e:1d:da:2d:b9:ed:e1:06:06:b7:0e:4a:46:bf:
         39:08:96:3e:06:9d:a4:91:1c:95:34:51:d9:ff:92:7b:db:c8:
         63:25:dc:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZS4ZEVqg+R1wnET90AeL+ISMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkYmQ1Y2IyOTk0MGFjMmE4NTUzYjZlYzBhOGNlYzdjMjA5
ZjdjZTcwHhcNMjUwMTMwMTgwNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTUxMjA1NWQzZjA1N2ExYTVkMzJjNWM2OTIyOTIzOTc0YmMwNDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYzynO4ps23EHSxQ7+krPs6psAr/
BWh2kgfMBN0LwRyD2kIg7ykp+cP6ruV9TUSRDdBre/pjid+GIUnFOAbtuXHGA12j
fL2mLs5cfIk7r/0PiwrwbDJf+VDFia/yuEGk3Dwpa8VQBGvHvbIAp0HNZya0W0SN
6g7A36ivPRlcTxB827EKYJVd9hSyVCmpK5g+Zo4z9x2lvKqa2IlSQz9/IS7WUvHk
YNjE2BVo7w38xHa3qCPs8WryDCgBttOi+MabwlS5J6LRldvpcuYGSLZZ6uFgFNrh
MMHZTymzxKYT3IKiD45+mgk8b+nRHIXPBHADMyja4oXxCoqTaTPq+Zjb/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5RIFXT8FehpdMsXGkikjl0vAQ5MB8GA1UdIwQY
MBaAFG29XLKZQKwqhVO27AqM7Hwgn3znMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmIxY3NwbEFyQ3FGVTdic0NvenNmQ0NmZk9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC82MTRiMDUtNzQ0NS00MDQ2LTlmYjEt
MmZkZTgwNDM1ZjRkLzEvVGxFZ1ZkUHdWNkdsMHl4Y2FTS1NPWFM4QkRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC82MTRiMDUtNzQ0NS00MDQ2LTlmYjEtMmZkZTgwNDM1ZjRk
LzEvYmIxY3NwbEFyQ3FGVTdic0NvenNmQ0NmZk9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudTcMA0G
CSqGSIb3DQEBCwUAA4IBAQBmJYhr1INvJjOE34qybnENtKguJdrPu/4N1N4BB+0y
UMuAfI2nxBAfugTRdmvM+6w+rk4O32Qi89VyK2EQYLTpVQTyrvWnXFRSi3lKiIAj
kWLDqUyNb1Ti/i4KCYT/fITPebGBApPWoQ/gxE+uCfTXgOmeN1+mFGM7zRqXanMI
U9ylXs8mSX/56JX3cLfikVDNhF+gMJrCh23eahOmSmL+wIT2Nq5srwFlh7NrOFlj
H6dauEghgIymqxNRd0fq+EWqko7lkkySvycd8K21PfLKl7Bwt7GSvaiLPAj/Hh3a
Lbnt4QYGtw5KRr85CJY+Bp2kkRyVNFHZ/5J728hjJdxn
-----END CERTIFICATE-----