Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6dd756-3899-4a49-b6fe-15515ad9b605/1/nK8r6BW7X2Id54DEAsyFnRHZOsA.roa
File:                     nK8r6BW7X2Id54DEAsyFnRHZOsA.roa (raw, json)
Hash identifier:          ++ZMcQT7NmyLhSBPeMlDbkE+/3o7EgGxMfB7gUiQzt0=
Subject key identifier:   9C:AF:2B:E8:15:BB:5F:62:1D:E7:80:C4:02:CC:85:9D:11:D9:3A:C0
Certificate issuer:       /CN=439e4321cf218b9265d563b5bea51dbf1766cec8
Certificate serial:       01942521DD2969E7E8137BF895EA82CB1F52
Authority key identifier: 43:9E:43:21:CF:21:8B:92:65:D5:63:B5:BE:A5:1D:BF:17:66:CE:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q55DIc8hi5Jl1WO1vqUdvxdmzsg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6dd756-3899-4a49-b6fe-15515ad9b605/1/nK8r6BW7X2Id54DEAsyFnRHZOsA.roa
Signing time:             Thu 02 Jan 2025 03:49:23 +0000
ROA not before:           Thu 02 Jan 2025 03:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12552
IP address blocks:        185.134.100.0/22 maxlen: 22
                          2a06:ecc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/6dd756-3899-4a49-b6fe-15515ad9b605/1/Q55DIc8hi5Jl1WO1vqUdvxdmzsg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/6dd756-3899-4a49-b6fe-15515ad9b605/1/Q55DIc8hi5Jl1WO1vqUdvxdmzsg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q55DIc8hi5Jl1WO1vqUdvxdmzsg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:dd:29:69:e7:e8:13:7b:f8:95:ea:82:cb:1f:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=439e4321cf218b9265d563b5bea51dbf1766cec8
        Validity
            Not Before: Jan  2 03:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9caf2be815bb5f621de780c402cc859d11d93ac0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:90:fa:19:22:74:19:8d:32:ee:a5:cc:83:a8:
                    27:5a:76:ae:e2:ec:bf:f9:6e:66:90:05:38:d2:22:
                    be:22:ac:e4:b6:15:6d:97:61:13:64:30:33:a4:de:
                    8a:31:67:b3:e5:94:41:d3:96:34:d2:37:f9:ea:67:
                    67:5a:50:25:49:2e:20:53:c9:7f:c5:53:0b:ce:a1:
                    94:bf:43:70:8c:58:5f:67:2a:23:d5:51:a1:05:09:
                    e0:be:a4:d3:65:b7:61:bc:9e:9a:9a:90:fe:e7:90:
                    01:a8:03:f4:10:e1:4c:5b:15:80:34:af:b9:70:c7:
                    97:94:25:ff:02:85:15:37:13:66:8b:59:6c:10:f9:
                    2f:65:b3:39:18:c4:3f:80:35:cf:78:47:46:1e:91:
                    ed:c6:66:5a:6e:7f:ac:45:73:e5:33:f1:65:01:ad:
                    3a:15:06:4a:63:4e:87:f9:36:46:74:3d:7b:26:97:
                    fa:0b:b1:b7:6b:92:7f:f2:03:91:f9:84:dd:8e:0c:
                    e9:ee:e1:15:96:76:db:7c:f3:25:46:79:49:c5:ab:
                    eb:55:90:6a:9a:bc:16:de:ab:cf:f9:7f:ae:0d:49:
                    ec:c1:ec:26:07:55:83:b5:88:48:32:f7:8e:5f:67:
                    4b:ae:78:c9:3a:2e:a7:43:ef:fc:b6:9c:0c:ca:0a:
                    c6:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:AF:2B:E8:15:BB:5F:62:1D:E7:80:C4:02:CC:85:9D:11:D9:3A:C0
            X509v3 Authority Key Identifier:
                keyid:43:9E:43:21:CF:21:8B:92:65:D5:63:B5:BE:A5:1D:BF:17:66:CE:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q55DIc8hi5Jl1WO1vqUdvxdmzsg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6dd756-3899-4a49-b6fe-15515ad9b605/1/nK8r6BW7X2Id54DEAsyFnRHZOsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6dd756-3899-4a49-b6fe-15515ad9b605/1/Q55DIc8hi5Jl1WO1vqUdvxdmzsg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.100.0/22
                IPv6:
                  2a06:ecc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:92:c5:2d:e6:42:23:54:84:77:8e:95:3e:41:85:c2:3d:50:
         03:db:7f:5a:e6:20:df:21:98:e2:33:72:56:67:b7:bc:6d:67:
         b5:42:59:34:f3:da:b0:d8:b8:46:a2:4f:c6:ce:08:69:20:95:
         a1:32:fd:d2:ee:e7:64:38:df:61:7b:26:3c:bf:d1:ef:06:21:
         23:fa:d7:fb:85:69:9c:3d:3e:c9:9f:b3:eb:44:4b:86:93:f4:
         71:c6:4a:51:01:a2:2a:ae:0d:91:7b:70:90:f6:a7:74:56:ec:
         e2:b9:42:41:2a:c2:9b:f8:a6:1d:48:83:ba:c9:ea:7a:86:8b:
         f4:43:ae:fd:4b:e1:49:e2:2e:38:e2:33:ed:04:fa:6d:fd:06:
         10:15:aa:50:54:38:d4:22:10:f6:25:1f:43:37:e8:f5:4f:40:
         65:a5:f7:31:b1:e4:2d:17:c7:1d:a5:71:98:9a:01:77:6c:01:
         07:bf:73:2b:5b:00:b3:4a:13:39:a1:32:ac:d9:ef:5e:68:64:
         89:f4:2e:26:30:d1:ba:30:20:fc:4f:0e:85:f0:42:95:1f:5f:
         66:5b:2e:bd:69:bf:90:d9:23:32:21:01:a4:a6:72:0b:e8:29:
         80:90:31:50:d2:52:39:31:ea:8a:e3:4b:3c:e2:33:96:94:db:
         19:65:44:fc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlId0paefoE3v4leqCyx9SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzOWU0MzIxY2YyMThiOTI2NWQ1NjNiNWJlYTUxZGJmMTc2
NmNlYzgwHhcNMjUwMTAyMDM0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2FmMmJlODE1YmI1ZjYyMWRlNzgwYzQwMmNjODU5ZDExZDkzYWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5D6GSJ0GY0y7qXMg6gnWnau4uy/
+W5mkAU40iK+IqzkthVtl2ETZDAzpN6KMWez5ZRB05Y00jf56mdnWlAlSS4gU8l/
xVMLzqGUv0NwjFhfZyoj1VGhBQngvqTTZbdhvJ6ampD+55ABqAP0EOFMWxWANK+5
cMeXlCX/AoUVNxNmi1lsEPkvZbM5GMQ/gDXPeEdGHpHtxmZabn+sRXPlM/FlAa06
FQZKY06H+TZGdD17Jpf6C7G3a5J/8gOR+YTdjgzp7uEVlnbbfPMlRnlJxavrVZBq
mrwW3qvP+X+uDUnswewmB1WDtYhIMveOX2dLrnjJOi6nQ+/8tpwMygrGCQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJyvK+gVu19iHeeAxALMhZ0R2TrAMB8GA1UdIwQY
MBaAFEOeQyHPIYuSZdVjtb6lHb8XZs7IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTU1REljOGhpNUpsMVdPMXZxVWR2eGRtenNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ZGQ3NTYtMzg5OS00YTQ5LWI2ZmUt
MTU1MTVhZDliNjA1LzEvbks4cjZCVzdYMklkNTRERUFzeUZuUkhaT3NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ZGQ3NTYtMzg5OS00YTQ5LWI2ZmUtMTU1MTVhZDliNjA1
LzEvUTU1REljOGhpNUpsMVdPMXZxVWR2eGRtenNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYZkMA0E
AgACMAcDBQMqBuzAMA0GCSqGSIb3DQEBCwUAA4IBAQAUksUt5kIjVIR3jpU+QYXC
PVAD239a5iDfIZjiM3JWZ7e8bWe1Qlk089qw2LhGok/GzghpIJWhMv3S7udkON9h
eyY8v9HvBiEj+tf7hWmcPT7Jn7PrREuGk/RxxkpRAaIqrg2Re3CQ9qd0VuziuUJB
KsKb+KYdSIO6yep6hov0Q679S+FJ4i444jPtBPpt/QYQFapQVDjUIhD2JR9DN+j1
T0BlpfcxseQtF8cdpXGYmgF3bAEHv3MrWwCzShM5oTKs2e9eaGSJ9C4mMNG6MCD8
Tw6F8EKVH19mWy69ab+Q2SMyIQGkpnIL6CmAkDFQ0lI5MeqK40s84jOWlNsZZUT8
-----END CERTIFICATE-----