Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/aqmkhJlTlqxL9qQ_4a7JuspIios.roa
File:                     aqmkhJlTlqxL9qQ_4a7JuspIios.roa (raw, json)
Hash identifier:          fNPDsnQHTC9xg63koJtaKMKA62LHo0SqQzdTvfn/WNI=
Subject key identifier:   6A:A9:A4:84:99:53:96:AC:4B:F6:A4:3F:E1:AE:C9:BA:CA:48:8A:8B
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       0194228E4A0BCBD50C0474EB87BF8553F46E
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/aqmkhJlTlqxL9qQ_4a7JuspIios.roa
Signing time:             Wed 01 Jan 2025 15:48:57 +0000
ROA not before:           Wed 01 Jan 2025 15:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396356
IP address blocks:        213.145.85.0/24 maxlen: 24
                          213.145.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 12:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:4a:0b:cb:d5:0c:04:74:eb:87:bf:85:53:f4:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Jan  1 15:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6aa9a484995396ac4bf6a43fe1aec9baca488a8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:23:74:52:59:32:72:7e:5f:52:6d:af:fb:52:
                    12:14:cb:6f:90:30:7b:fb:81:b8:9b:87:cd:25:d6:
                    b5:11:62:c8:ea:b5:b1:14:5f:57:4a:ab:f7:14:4d:
                    a2:96:07:44:07:c4:8c:d8:f0:3f:72:df:4a:dd:a6:
                    05:56:02:04:12:2a:a0:3a:4e:a2:19:ef:9a:83:ae:
                    d5:41:e2:56:d6:ae:6c:eb:7d:fe:a5:03:9d:49:06:
                    b5:ae:c8:3c:15:7d:60:7c:12:9a:be:16:a2:f3:3b:
                    6f:8f:cb:70:fa:b3:ed:34:90:bf:51:00:66:58:de:
                    c1:46:9b:3d:0f:10:1c:66:6f:5a:05:0a:e0:35:3c:
                    57:78:eb:5d:e6:bb:07:7e:58:e5:c2:2d:b5:8d:12:
                    39:22:0f:da:e8:23:7a:a6:3a:15:08:28:6c:1b:ff:
                    14:31:42:09:53:d0:32:54:91:10:78:bd:fe:a7:97:
                    65:75:58:c3:dd:0f:e9:9f:1b:4d:4d:ef:52:9f:b7:
                    da:3f:ce:06:24:1d:c5:4e:62:fc:00:70:67:34:04:
                    f0:fe:54:77:81:3b:ba:f8:d3:56:70:f3:5b:f9:38:
                    46:75:2f:e3:8e:f7:81:ed:84:f3:b2:2d:db:c0:4a:
                    73:d1:27:61:42:88:02:4d:ae:27:6c:c7:51:d0:07:
                    e1:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:A9:A4:84:99:53:96:AC:4B:F6:A4:3F:E1:AE:C9:BA:CA:48:8A:8B
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/aqmkhJlTlqxL9qQ_4a7JuspIios.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.85.0-213.145.86.255

    Signature Algorithm: sha256WithRSAEncryption
         bf:28:79:0e:1e:50:f7:7e:23:26:2e:be:bf:ff:70:bd:79:07:
         05:fd:f8:36:e0:b4:3c:27:7c:7b:a9:fe:b5:f8:49:66:fc:4c:
         eb:bb:b4:9e:79:07:d6:8b:c2:27:11:d0:46:81:4d:ce:59:73:
         e8:19:4b:f0:d6:ee:4d:e1:8d:38:65:2f:09:81:88:d7:fc:e1:
         d0:44:0d:ca:ea:c9:7a:6f:9a:63:d7:92:31:cc:95:53:71:f7:
         f7:50:dd:6c:bc:b2:c6:73:a0:d1:fe:db:ff:f8:28:62:c8:00:
         07:03:db:e3:26:14:ae:37:cd:bd:e4:ab:2d:91:f5:70:61:59:
         df:88:5d:78:0e:4e:a2:45:8c:cf:5c:c8:cb:7d:91:b0:85:8c:
         35:1c:29:81:f2:c2:1b:e2:b9:f6:f4:2f:f1:39:19:53:fb:2a:
         85:2c:ba:29:17:c4:8d:08:2d:7b:68:4c:50:98:91:87:36:3d:
         5c:3d:28:ed:ef:dd:54:06:7d:1b:3f:0d:19:ba:b2:17:d7:bc:
         bb:a6:5c:85:c4:23:42:ec:ac:86:79:d1:03:2a:6a:64:de:e3:
         f7:51:86:5d:fc:74:4c:79:ca:62:42:32:ae:2b:b6:62:f5:77:
         96:98:57:ad:1c:f4:24:a3:4f:69:51:05:f5:f7:88:d5:43:24:
         52:a5:eb:e7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQijkoLy9UMBHTrh7+FU/RuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjUwMTAxMTU0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWE5YTQ4NDk5NTM5NmFjNGJmNmE0M2ZlMWFlYzliYWNhNDg4YThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiN0Ulkycn5fUm2v+1ISFMtvkDB7
+4G4m4fNJda1EWLI6rWxFF9XSqv3FE2ilgdEB8SM2PA/ct9K3aYFVgIEEiqgOk6i
Ge+ag67VQeJW1q5s633+pQOdSQa1rsg8FX1gfBKavhai8ztvj8tw+rPtNJC/UQBm
WN7BRps9DxAcZm9aBQrgNTxXeOtd5rsHfljlwi21jRI5Ig/a6CN6pjoVCChsG/8U
MUIJU9AyVJEQeL3+p5dldVjD3Q/pnxtNTe9Sn7faP84GJB3FTmL8AHBnNATw/lR3
gTu6+NNWcPNb+ThGdS/jjveB7YTzsi3bwEpz0SdhQogCTa4nbMdR0AfhZQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGqppISZU5asS/akP+GuybrKSIqLMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvYXFta2hKbFRscXhMOXFRXzRhN0p1c3BJaW9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADVkVUD
BADVkVYwDQYJKoZIhvcNAQELBQADggEBAL8oeQ4eUPd+IyYuvr//cL15BwX9+Dbg
tDwnfHup/rX4SWb8TOu7tJ55B9aLwicR0EaBTc5Zc+gZS/DW7k3hjThlLwmBiNf8
4dBEDcrqyXpvmmPXkjHMlVNx9/dQ3Wy8ssZzoNH+2//4KGLIAAcD2+MmFK43zb3k
qy2R9XBhWd+IXXgOTqJFjM9cyMt9kbCFjDUcKYHywhviufb0L/E5GVP7KoUsuikX
xI0ILXtoTFCYkYc2PVw9KO3v3VQGfRs/DRm6shfXvLumXIXEI0LsrIZ50QMqamTe
4/dRhl38dEx5ymJCMq4rtmL1d5aYV60c9CSjT2lRBfX3iNVDJFKl6+c=
-----END CERTIFICATE-----