Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/Kot_9W-z5W9clQssyO_RwTkY8os.roa
File:                     Kot_9W-z5W9clQssyO_RwTkY8os.roa (raw, json)
Hash identifier:          RiAmjKyPe+jYgz0emcbcNd9sovJ3TU3wuyEDxRv4KU8=
Subject key identifier:   2A:8B:7F:F5:6F:B3:E5:6F:5C:95:0B:2C:C8:EF:D1:C1:39:18:F2:8B
Certificate issuer:       /CN=18a84a8e475f6606e7a12f92b330d63d8f880be0
Certificate serial:       019426D9D5A6F7AF3F57BA71252EB9E97B0F
Authority key identifier: 18:A8:4A:8E:47:5F:66:06:E7:A1:2F:92:B3:30:D6:3D:8F:88:0B:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GKhKjkdfZgbnoS-SszDWPY-IC-A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/Kot_9W-z5W9clQssyO_RwTkY8os.roa
Signing time:             Thu 02 Jan 2025 11:49:57 +0000
ROA not before:           Thu 02 Jan 2025 11:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62240
IP address blocks:        185.208.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/GKhKjkdfZgbnoS-SszDWPY-IC-A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/GKhKjkdfZgbnoS-SszDWPY-IC-A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GKhKjkdfZgbnoS-SszDWPY-IC-A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Apr 2025 13:43:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:d5:a6:f7:af:3f:57:ba:71:25:2e:b9:e9:7b:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18a84a8e475f6606e7a12f92b330d63d8f880be0
        Validity
            Not Before: Jan  2 11:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a8b7ff56fb3e56f5c950b2cc8efd1c13918f28b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:7a:67:83:79:80:26:a9:bd:67:91:45:99:96:
                    0f:6c:25:a0:9f:32:b4:80:8a:ea:b3:1e:0d:f1:91:
                    d3:7b:38:aa:81:85:69:17:dd:cb:a9:24:46:f2:36:
                    dd:13:b7:73:30:63:b3:98:73:79:97:b9:84:a4:5c:
                    ff:95:76:3d:9f:8b:be:99:89:41:4f:f5:f4:ed:d4:
                    2b:c9:c6:38:db:80:ee:ff:bc:08:a9:df:25:93:c8:
                    f8:a8:3c:a9:63:d2:c5:0c:96:5e:a2:33:9f:26:42:
                    79:e5:7b:0f:a4:f7:f0:e1:5f:7d:50:7a:d5:c9:b7:
                    b6:c7:88:d0:d6:ad:16:07:29:5a:6a:8f:ff:78:23:
                    74:5e:8b:70:f2:54:1a:a6:29:3b:72:73:82:fc:a0:
                    8b:cb:b1:27:19:fc:d9:40:3f:16:f8:14:3c:69:43:
                    b7:a1:cd:94:5f:8c:04:d4:f5:1c:e5:8f:f8:e0:cb:
                    e9:da:4e:ae:81:ca:d7:f1:fa:0a:c1:a9:66:a5:0f:
                    43:3e:75:d7:ba:cd:09:7c:3a:91:3d:37:89:fc:99:
                    2d:c9:64:7c:c7:4e:55:73:86:c0:35:43:9f:57:17:
                    54:39:f0:c5:f6:85:fd:9a:bd:45:4b:69:30:4f:83:
                    38:5c:b0:e7:3b:da:04:7c:df:ed:0b:38:30:23:ae:
                    dc:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:8B:7F:F5:6F:B3:E5:6F:5C:95:0B:2C:C8:EF:D1:C1:39:18:F2:8B
            X509v3 Authority Key Identifier:
                keyid:18:A8:4A:8E:47:5F:66:06:E7:A1:2F:92:B3:30:D6:3D:8F:88:0B:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GKhKjkdfZgbnoS-SszDWPY-IC-A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/Kot_9W-z5W9clQssyO_RwTkY8os.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/GKhKjkdfZgbnoS-SszDWPY-IC-A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:6a:fe:c6:88:2e:af:0d:3e:38:65:68:f1:2a:79:de:e2:38:
         8b:d4:4e:d2:37:5f:9a:36:34:a4:70:cb:d1:00:77:eb:69:6b:
         cb:88:48:f6:ec:2d:de:2f:aa:d4:1b:56:f5:9e:44:91:a0:0b:
         b5:dc:db:6b:85:36:30:9f:a5:35:2b:9d:a4:cb:fb:ac:6f:c3:
         1d:72:51:ba:28:94:8f:c1:3c:76:00:86:ca:ab:8b:c6:32:85:
         c5:9d:e2:02:87:b8:b1:b7:1b:ee:6f:9e:f6:f0:4e:2e:f4:53:
         6e:54:73:7f:7e:b5:18:52:fd:96:fd:5b:7f:32:75:d2:8e:38:
         b1:19:3f:90:61:2f:28:8f:dc:92:ee:d6:7a:1a:64:6f:69:db:
         41:5b:f1:3c:6b:3e:6b:b7:52:fd:0e:df:36:8e:d6:10:a9:b1:
         fa:ce:f4:5f:27:d4:15:ee:1e:b6:c9:b1:90:9d:f4:41:5f:1c:
         8e:85:13:9f:97:bf:bc:30:e9:5d:57:c8:57:6d:ef:bf:9b:a9:
         57:d8:15:84:68:dd:f3:cb:3b:c4:41:9c:b9:08:7b:20:d6:68:
         de:91:cc:18:84:af:6a:6b:78:71:81:5f:25:87:40:1e:43:ae:
         06:95:c0:37:eb:c6:8f:3f:30:17:e7:63:2b:fd:f5:55:ec:c1:
         b5:0b:82:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2dWm968/V7pxJS656XsPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4YTg0YThlNDc1ZjY2MDZlN2ExMmY5MmIzMzBkNjNkOGY4
ODBiZTAwHhcNMjUwMTAyMTE0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYThiN2ZmNTZmYjNlNTZmNWM5NTBiMmNjOGVmZDFjMTM5MThmMjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHpng3mAJqm9Z5FFmZYPbCWgnzK0
gIrqsx4N8ZHTeziqgYVpF93LqSRG8jbdE7dzMGOzmHN5l7mEpFz/lXY9n4u+mYlB
T/X07dQrycY424Du/7wIqd8lk8j4qDypY9LFDJZeojOfJkJ55XsPpPfw4V99UHrV
ybe2x4jQ1q0WBylaao//eCN0Xotw8lQapik7cnOC/KCLy7EnGfzZQD8W+BQ8aUO3
oc2UX4wE1PUc5Y/44Mvp2k6ugcrX8foKwalmpQ9DPnXXus0JfDqRPTeJ/JktyWR8
x05Vc4bANUOfVxdUOfDF9oX9mr1FS2kwT4M4XLDnO9oEfN/tCzgwI67clQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCqLf/Vvs+VvXJULLMjv0cE5GPKLMB8GA1UdIwQY
MBaAFBioSo5HX2YG56EvkrMw1j2PiAvgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0toS2prZGZaZ2Jub1MtU3N6RFdQWS1JQy1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC84OTJhMjctZmRiNi00Mjg1LTgyOWEt
ODdmNWI2NDc5ZDFlLzEvS290XzlXLXo1VzljbFFzc3lPX1J3VGtZOG9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC84OTJhMjctZmRiNi00Mjg1LTgyOWEtODdmNWI2NDc5ZDFl
LzEvR0toS2prZGZaZ2Jub1MtU3N6RFdQWS1JQy1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudAJMA0G
CSqGSIb3DQEBCwUAA4IBAQCkav7GiC6vDT44ZWjxKnne4jiL1E7SN1+aNjSkcMvR
AHfraWvLiEj27C3eL6rUG1b1nkSRoAu13NtrhTYwn6U1K52ky/usb8MdclG6KJSP
wTx2AIbKq4vGMoXFneICh7ixtxvub5728E4u9FNuVHN/frUYUv2W/Vt/MnXSjjix
GT+QYS8oj9yS7tZ6GmRvadtBW/E8az5rt1L9Dt82jtYQqbH6zvRfJ9QV7h62ybGQ
nfRBXxyOhROfl7+8MOldV8hXbe+/m6lX2BWEaN3zyzvEQZy5CHsg1mjekcwYhK9q
a3hxgV8lh0AeQ64GlcA368aPPzAX52Mr/fVV7MG1C4Lg
-----END CERTIFICATE-----