Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/20bb49-e509-4c7b-8e5a-8d3dcc33ad0a/1/_t0G-nTb4aukqy0OCUwpkcnZ1II.roa
File:                     _t0G-nTb4aukqy0OCUwpkcnZ1II.roa (raw, json)
Hash identifier:          KNLLqIEJ5dlRl5uPgTAYCRT2GgZHFc+269aOuK3BWNQ=
Subject key identifier:   FE:DD:06:FA:74:DB:E1:AB:A4:AB:2D:0E:09:4C:29:91:C9:D9:D4:82
Certificate issuer:       /CN=20c0b9b33dce5eba0aea6489158d3fb27022ace7
Certificate serial:       0194266C04883045CA5825B219FB06B453FD
Authority key identifier: 20:C0:B9:B3:3D:CE:5E:BA:0A:EA:64:89:15:8D:3F:B2:70:22:AC:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IMC5sz3OXroK6mSJFY0_snAirOc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/20bb49-e509-4c7b-8e5a-8d3dcc33ad0a/1/_t0G-nTb4aukqy0OCUwpkcnZ1II.roa
Signing time:             Thu 02 Jan 2025 09:50:00 +0000
ROA not before:           Thu 02 Jan 2025 09:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36351
IP address blocks:        185.150.176.0/24 maxlen: 24
                          185.150.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/20bb49-e509-4c7b-8e5a-8d3dcc33ad0a/1/IMC5sz3OXroK6mSJFY0_snAirOc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/20bb49-e509-4c7b-8e5a-8d3dcc33ad0a/1/IMC5sz3OXroK6mSJFY0_snAirOc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IMC5sz3OXroK6mSJFY0_snAirOc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 09:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:04:88:30:45:ca:58:25:b2:19:fb:06:b4:53:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20c0b9b33dce5eba0aea6489158d3fb27022ace7
        Validity
            Not Before: Jan  2 09:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fedd06fa74dbe1aba4ab2d0e094c2991c9d9d482
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:9e:b9:ae:46:d1:19:37:83:c0:4a:38:77:65:
                    03:11:3e:e3:22:1e:52:c7:2f:d5:9b:77:3d:f9:a0:
                    ef:ef:65:d2:f5:5c:c0:20:63:88:1c:e9:51:c5:9a:
                    f8:d3:6b:12:54:74:88:eb:6f:96:a0:53:a0:ee:ff:
                    3c:b2:eb:67:1b:a8:ff:08:80:df:7b:93:56:9f:7f:
                    c1:ec:91:32:2c:5c:1f:e5:f2:8e:31:8f:e0:f9:56:
                    05:9b:4b:f6:ad:18:54:85:52:6d:ca:db:d0:02:c5:
                    4e:0c:09:e1:fb:53:08:99:3c:a8:fd:3e:f9:35:e3:
                    4b:5d:57:f0:56:60:4b:45:04:ed:98:5f:c0:5e:bd:
                    01:ff:51:0c:45:7e:fd:d2:da:36:a6:6e:b1:a1:ca:
                    7d:e8:fa:d0:0b:cc:9a:5c:f1:0a:1f:1a:a2:a1:ab:
                    c9:9c:ab:bd:91:37:20:b7:f8:2a:53:1a:46:b8:a7:
                    b4:ce:64:90:8c:f8:97:90:2a:7b:76:64:70:82:cb:
                    46:5d:3a:d2:ce:43:c6:84:6e:28:23:be:a3:7a:8f:
                    8b:81:98:54:37:2b:70:90:ca:e4:d8:5a:f7:9a:f9:
                    f1:b2:72:4c:4e:8c:74:78:f1:5b:48:e4:d6:13:47:
                    c9:0e:15:4d:87:fe:c1:f4:36:fa:96:c8:7a:d0:cd:
                    09:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:DD:06:FA:74:DB:E1:AB:A4:AB:2D:0E:09:4C:29:91:C9:D9:D4:82
            X509v3 Authority Key Identifier:
                keyid:20:C0:B9:B3:3D:CE:5E:BA:0A:EA:64:89:15:8D:3F:B2:70:22:AC:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IMC5sz3OXroK6mSJFY0_snAirOc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/20bb49-e509-4c7b-8e5a-8d3dcc33ad0a/1/_t0G-nTb4aukqy0OCUwpkcnZ1II.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/20bb49-e509-4c7b-8e5a-8d3dcc33ad0a/1/IMC5sz3OXroK6mSJFY0_snAirOc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.176.0/23

    Signature Algorithm: sha256WithRSAEncryption
         10:85:d3:10:91:c2:bc:09:4c:b8:ac:55:24:5f:5c:67:9a:98:
         42:80:42:de:bb:71:df:2a:f6:a7:b9:43:ea:e8:ad:2e:98:51:
         59:3b:2b:cd:60:53:1e:07:c2:e0:93:ee:83:38:fe:58:3f:4c:
         56:64:3b:5b:df:73:ab:9c:46:24:9e:23:3f:ca:fd:9b:98:0e:
         8e:93:b3:fe:fb:78:da:48:57:ca:4a:a0:ec:8e:b7:41:50:4a:
         5a:37:55:ea:de:27:08:96:fe:90:89:21:3e:39:aa:2a:7b:1f:
         53:7b:f2:e0:5b:22:2e:f2:64:49:eb:ed:c3:21:af:5a:62:0b:
         a1:e7:4a:8e:e3:d8:cc:95:79:2f:f9:54:9c:4e:36:d3:f2:64:
         f2:ae:47:20:d5:21:59:62:a2:3c:a9:58:03:68:57:ef:8a:4d:
         e6:99:94:05:fe:ce:ce:8b:8c:df:0e:ff:d4:ac:25:4d:87:04:
         1e:31:e4:a4:d0:3c:2e:bf:38:93:d9:a3:bd:f0:be:b4:ff:4a:
         b5:17:23:b4:92:9b:f5:38:e9:58:14:b0:43:9f:17:52:d0:a2:
         ba:bc:32:4a:98:b3:c1:a3:3e:e9:e9:df:82:89:ee:74:19:0d:
         49:35:93:bf:54:50:d0:0d:94:8a:4f:54:f9:82:88:85:c9:43:
         41:35:6e:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbASIMEXKWCWyGfsGtFP9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYzBiOWIzM2RjZTVlYmEwYWVhNjQ4OTE1OGQzZmIyNzAy
MmFjZTcwHhcNMjUwMTAyMDk1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWRkMDZmYTc0ZGJlMWFiYTRhYjJkMGUwOTRjMjk5MWM5ZDlkNDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu565rkbRGTeDwEo4d2UDET7jIh5S
xy/Vm3c9+aDv72XS9VzAIGOIHOlRxZr402sSVHSI62+WoFOg7v88sutnG6j/CIDf
e5NWn3/B7JEyLFwf5fKOMY/g+VYFm0v2rRhUhVJtytvQAsVODAnh+1MImTyo/T75
NeNLXVfwVmBLRQTtmF/AXr0B/1EMRX790to2pm6xocp96PrQC8yaXPEKHxqioavJ
nKu9kTcgt/gqUxpGuKe0zmSQjPiXkCp7dmRwgstGXTrSzkPGhG4oI76jeo+LgZhU
NytwkMrk2Fr3mvnxsnJMTox0ePFbSOTWE0fJDhVNh/7B9Db6lsh60M0J5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP7dBvp02+GrpKstDglMKZHJ2dSCMB8GA1UdIwQY
MBaAFCDAubM9zl66CupkiRWNP7JwIqznMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU1DNXN6M09Ycm9LNm1TSkZZMF9zbkFpck9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8yMGJiNDktZTUwOS00YzdiLThlNWEt
OGQzZGNjMzNhZDBhLzEvX3QwRy1uVGI0YXVrcXkwT0NVd3BrY25aMUlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8yMGJiNDktZTUwOS00YzdiLThlNWEtOGQzZGNjMzNhZDBh
LzEvSU1DNXN6M09Ycm9LNm1TSkZZMF9zbkFpck9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZawMA0G
CSqGSIb3DQEBCwUAA4IBAQAQhdMQkcK8CUy4rFUkX1xnmphCgELeu3HfKvanuUPq
6K0umFFZOyvNYFMeB8Lgk+6DOP5YP0xWZDtb33OrnEYkniM/yv2bmA6Ok7P++3ja
SFfKSqDsjrdBUEpaN1Xq3icIlv6QiSE+Oaoqex9Te/LgWyIu8mRJ6+3DIa9aYguh
50qO49jMlXkv+VScTjbT8mTyrkcg1SFZYqI8qVgDaFfvik3mmZQF/s7Oi4zfDv/U
rCVNhwQeMeSk0DwuvziT2aO98L60/0q1FyO0kpv1OOlYFLBDnxdS0KK6vDJKmLPB
oz7p6d+Cie50GQ1JNZO/VFDQDZSKT1T5goiFyUNBNW4i
-----END CERTIFICATE-----