Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/9oOMh0CjqydkdSKEbK66nXXsu4E.roa
File:                     9oOMh0CjqydkdSKEbK66nXXsu4E.roa (raw, json)
Hash identifier:          qQJNJWud5A2R6q9LElC5WdsYynVdzga12kQWDH61mWo=
Subject key identifier:   F6:83:8C:87:40:A3:AB:27:64:75:22:84:6C:AE:BA:9D:75:EC:BB:81
Certificate issuer:       /CN=f0521128cf634aa6afa7ef52d531f3fcd55628f9
Certificate serial:       0194244582ADC1CAFC24D47EAC7541360C26
Authority key identifier: F0:52:11:28:CF:63:4A:A6:AF:A7:EF:52:D5:31:F3:FC:D5:56:28:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/9oOMh0CjqydkdSKEbK66nXXsu4E.roa
Signing time:             Wed 01 Jan 2025 23:48:42 +0000
ROA not before:           Wed 01 Jan 2025 23:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62306
IP address blocks:        185.221.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/8FIRKM9jSqavp-9S1THz_NVWKPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/8FIRKM9jSqavp-9S1THz_NVWKPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 10:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:82:ad:c1:ca:fc:24:d4:7e:ac:75:41:36:0c:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0521128cf634aa6afa7ef52d531f3fcd55628f9
        Validity
            Not Before: Jan  1 23:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6838c8740a3ab27647522846caeba9d75ecbb81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:db:8d:58:f2:73:a8:17:cc:a8:6d:0b:5f:88:
                    e2:34:6c:b1:cc:71:44:db:a2:ab:2e:56:73:61:fa:
                    87:77:6a:33:fe:f4:69:4a:97:2c:0b:fb:ba:66:ed:
                    b3:a1:e1:f3:34:94:83:28:d2:4d:bb:28:1f:7d:58:
                    68:12:a7:b1:57:29:0c:e9:4b:fd:52:3d:dd:78:30:
                    57:ff:a5:7e:09:76:26:fc:c2:68:3d:64:02:67:d0:
                    41:1b:bb:18:3f:b3:5e:5c:f7:7c:f4:2e:0a:50:5a:
                    e1:39:ed:77:b3:c1:26:50:9f:a2:93:fc:a4:50:42:
                    b0:8a:38:99:fe:cf:ca:f7:20:92:ba:d6:07:0b:dd:
                    8c:a2:8a:42:b6:ce:c4:64:cd:5a:63:a4:7b:c4:b8:
                    d1:7a:b7:63:6a:5c:47:11:04:fb:31:41:5a:ae:b4:
                    e4:47:0c:70:ce:c0:8d:b9:b1:c8:3b:fa:ca:69:66:
                    14:4b:79:1d:17:a8:bc:8c:68:d8:ab:e9:d2:f1:e0:
                    12:c3:b4:3f:c1:45:5a:2e:00:02:f2:dc:0a:06:99:
                    b4:70:93:eb:67:2d:61:1b:4a:a0:d1:43:47:63:55:
                    1e:10:37:66:52:92:aa:86:bb:10:0b:b8:02:24:5c:
                    30:df:c9:09:8a:30:6a:43:f3:6b:56:20:be:ba:2d:
                    8f:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:83:8C:87:40:A3:AB:27:64:75:22:84:6C:AE:BA:9D:75:EC:BB:81
            X509v3 Authority Key Identifier:
                keyid:F0:52:11:28:CF:63:4A:A6:AF:A7:EF:52:D5:31:F3:FC:D5:56:28:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/9oOMh0CjqydkdSKEbK66nXXsu4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/8FIRKM9jSqavp-9S1THz_NVWKPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:fa:23:a1:1b:43:09:fc:98:51:ab:4d:ae:70:4f:73:5c:97:
         ec:5c:91:dd:6e:9b:55:c7:d9:0e:e5:c9:cc:c0:49:dc:cd:26:
         1a:eb:5c:87:0d:00:67:b8:8f:25:52:e6:bb:68:82:f7:8e:69:
         4d:7c:c5:79:44:6e:9c:c2:b4:63:3a:97:e0:73:a1:b5:79:e2:
         69:be:12:c9:f8:99:ac:0a:48:04:80:02:b7:8f:95:7f:c6:bd:
         7b:bc:ba:50:c2:bf:83:93:1f:81:95:ae:38:10:b1:86:1b:3d:
         ec:fc:c3:1f:13:fb:09:d7:80:91:73:aa:1d:cf:7a:3e:4d:9f:
         0e:df:c0:62:01:cd:a5:98:80:84:be:47:7a:fb:3c:08:c5:60:
         1b:3c:18:43:ef:f0:a2:fe:18:8d:e8:37:5d:1e:b2:1f:7f:3e:
         55:e2:26:6e:1b:89:b9:19:5e:39:f1:69:2a:12:6f:9f:7a:db:
         11:78:13:05:92:12:98:f0:16:93:88:d0:a9:5d:f7:7f:eb:32:
         de:a8:46:42:e6:74:ca:29:bc:51:ed:08:69:ba:10:a3:98:5b:
         ce:a4:c4:36:c1:d1:7a:ed:48:cf:e7:ba:3b:d5:02:7c:85:4c:
         57:88:bb:f9:da:d0:9e:8f:49:5d:f4:56:0f:58:3c:83:bb:9f:
         62:0c:94:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRYKtwcr8JNR+rHVBNgwmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNTIxMTI4Y2Y2MzRhYTZhZmE3ZWY1MmQ1MzFmM2ZjZDU1
NjI4ZjkwHhcNMjUwMTAxMjM0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjgzOGM4NzQwYTNhYjI3NjQ3NTIyODQ2Y2FlYmE5ZDc1ZWNiYjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNuNWPJzqBfMqG0LX4jiNGyxzHFE
26KrLlZzYfqHd2oz/vRpSpcsC/u6Zu2zoeHzNJSDKNJNuygffVhoEqexVykM6Uv9
Uj3deDBX/6V+CXYm/MJoPWQCZ9BBG7sYP7NeXPd89C4KUFrhOe13s8EmUJ+ik/yk
UEKwijiZ/s/K9yCSutYHC92MoopCts7EZM1aY6R7xLjRerdjalxHEQT7MUFarrTk
RwxwzsCNubHIO/rKaWYUS3kdF6i8jGjYq+nS8eASw7Q/wUVaLgAC8twKBpm0cJPr
Zy1hG0qg0UNHY1UeEDdmUpKqhrsQC7gCJFww38kJijBqQ/NrViC+ui2PnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPaDjIdAo6snZHUihGyuup117LuBMB8GA1UdIwQY
MBaAFPBSESjPY0qmr6fvUtUx8/zVVij5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEZJUktNOWpTcWF2cC05UzFUSHpfTlZXS1BrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9iNGIxNTAtZGJiOC00NjVmLTgxNTUt
ZTQ0MTliNjQyMTJlLzEvOW9PTWgwQ2pxeWRrZFNLRWJLNjZuWFhzdTRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9iNGIxNTAtZGJiOC00NjVmLTgxNTUtZTQ0MTliNjQyMTJl
LzEvOEZJUktNOWpTcWF2cC05UzFUSHpfTlZXS1BrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud3cMA0G
CSqGSIb3DQEBCwUAA4IBAQBF+iOhG0MJ/JhRq02ucE9zXJfsXJHdbptVx9kO5cnM
wEnczSYa61yHDQBnuI8lUua7aIL3jmlNfMV5RG6cwrRjOpfgc6G1eeJpvhLJ+Jms
CkgEgAK3j5V/xr17vLpQwr+Dkx+Bla44ELGGGz3s/MMfE/sJ14CRc6odz3o+TZ8O
38BiAc2lmICEvkd6+zwIxWAbPBhD7/Ci/hiN6DddHrIffz5V4iZuG4m5GV458Wkq
Em+fetsReBMFkhKY8BaTiNCpXfd/6zLeqEZC5nTKKbxR7QhpuhCjmFvOpMQ2wdF6
7UjP57o71QJ8hUxXiLv52tCej0ld9FYPWDyDu59iDJSn
-----END CERTIFICATE-----