Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/bVU5YLl9kcBUJXai2HremMv6T3c.roa
File:                     bVU5YLl9kcBUJXai2HremMv6T3c.roa (raw, json)
Hash identifier:          NcHRSuNxlYOgGwHgpZTDjPYormHQ915wjD/cD0h/Q0s=
Subject key identifier:   6D:55:39:60:B9:7D:91:C0:54:25:76:A2:D8:7A:DE:98:CB:FA:4F:77
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01965C9F9DB5A86077FF529C182EBE8CB242
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/bVU5YLl9kcBUJXai2HremMv6T3c.roa
Signing time:             Tue 22 Apr 2025 08:31:26 +0000
ROA not before:           Tue 22 Apr 2025 08:31:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135402
IP address blocks:        185.220.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5c:9f:9d:b5:a8:60:77:ff:52:9c:18:2e:be:8c:b2:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Apr 22 08:31:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d553960b97d91c0542576a2d87ade98cbfa4f77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:8e:2a:2b:9c:3f:35:54:6d:ca:ca:dc:21:fd:
                    e1:00:c2:72:cb:08:c1:b0:f3:de:d7:dd:e4:6c:4a:
                    94:e3:e6:54:05:15:d2:2a:f5:11:83:f0:37:a5:00:
                    00:96:26:d5:de:4d:5f:0f:c9:58:a9:4a:c7:e5:4d:
                    a2:ac:40:ba:14:00:06:18:8b:ad:8b:ed:75:5f:2b:
                    5e:49:07:cb:f0:f2:10:a4:2c:dd:9d:d4:c8:bf:31:
                    2d:e2:e7:04:06:46:1e:45:81:f3:49:0f:bf:85:9c:
                    e9:57:bd:71:b4:cc:55:4f:68:03:ec:dc:42:ba:1e:
                    fd:f4:33:b9:a1:b1:3b:f7:c8:10:f8:06:fc:16:9b:
                    d3:48:91:63:d4:96:6b:a5:0c:8d:f7:2b:f5:c8:51:
                    18:28:97:aa:73:ec:b2:57:78:a7:47:94:95:e7:3c:
                    16:72:0b:38:80:bd:47:a3:65:74:d3:3a:af:8c:1f:
                    fa:4e:6b:1d:1e:af:48:f4:88:b7:52:b0:1e:80:85:
                    d1:cd:cd:11:03:2d:9c:42:b8:e3:86:bf:5f:76:6f:
                    b2:69:0d:6e:d9:62:3b:07:aa:ff:fe:ad:ec:cb:19:
                    b9:f4:d6:bc:48:27:b6:e8:a9:bf:09:8b:00:9e:77:
                    da:ff:67:8b:a7:9e:21:b8:a3:63:27:f8:90:21:94:
                    b6:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:55:39:60:B9:7D:91:C0:54:25:76:A2:D8:7A:DE:98:CB:FA:4F:77
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/bVU5YLl9kcBUJXai2HremMv6T3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:42:77:05:06:8b:ec:49:07:bb:94:5c:b0:ac:ae:c1:6b:19:
         88:85:60:91:5d:ba:c2:8b:5d:d1:8d:04:f7:d6:e1:24:0b:f1:
         85:2e:ce:81:fd:ed:ec:59:e0:6b:91:a4:42:12:e1:6f:5f:77:
         6b:78:07:c4:9e:5e:c0:46:f6:1b:cd:af:14:a8:18:ca:19:e4:
         06:d1:ca:b6:b6:ed:18:01:f5:57:86:e4:03:7f:29:02:66:f5:
         56:ab:0d:0d:71:51:b7:b6:67:0c:20:8c:f9:85:d3:01:a2:22:
         44:0f:e1:51:53:5f:f5:23:6e:ab:fc:39:a3:11:3f:f0:7f:fd:
         ef:ab:44:a8:8f:40:9e:e7:71:38:92:12:1f:07:b6:c7:8a:65:
         68:af:6a:ba:74:1b:35:2c:05:9d:7e:e7:4d:e4:5f:6b:ef:d5:
         82:a2:8a:71:59:8e:e8:9b:20:d7:64:f4:4c:b6:d3:ce:42:d1:
         49:9b:14:ee:ed:8c:ea:50:78:1f:73:27:fe:65:07:a8:cc:6e:
         44:31:31:54:c3:fa:8d:7e:75:a8:7b:97:00:1b:e7:4d:ec:7c:
         89:13:40:89:28:58:4f:aa:05:e6:48:5e:35:59:c5:34:42:7d:
         6d:55:c9:cb:4a:08:b0:08:a7:f6:8c:36:2e:cc:b7:39:96:1e:
         82:18:b5:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZcn521qGB3/1KcGC6+jLJCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNDIyMDgzMTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDU1Mzk2MGI5N2Q5MWMwNTQyNTc2YTJkODdhZGU5OGNiZmE0Zjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj44qK5w/NVRtysrcIf3hAMJyywjB
sPPe193kbEqU4+ZUBRXSKvURg/A3pQAAlibV3k1fD8lYqUrH5U2irEC6FAAGGIut
i+11XyteSQfL8PIQpCzdndTIvzEt4ucEBkYeRYHzSQ+/hZzpV71xtMxVT2gD7NxC
uh799DO5obE798gQ+Ab8FpvTSJFj1JZrpQyN9yv1yFEYKJeqc+yyV3inR5SV5zwW
cgs4gL1Ho2V00zqvjB/6TmsdHq9I9Ii3UrAegIXRzc0RAy2cQrjjhr9fdm+yaQ1u
2WI7B6r//q3syxm59Na8SCe26Km/CYsAnnfa/2eLp54huKNjJ/iQIZS25QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG1VOWC5fZHAVCV2oth63pjL+k93MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvYlZVNVlMbDlrY0JVSlhhaTJIcmVtTXY2VDNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudz4MA0G
CSqGSIb3DQEBCwUAA4IBAQBfQncFBovsSQe7lFywrK7BaxmIhWCRXbrCi13RjQT3
1uEkC/GFLs6B/e3sWeBrkaRCEuFvX3dreAfEnl7ARvYbza8UqBjKGeQG0cq2tu0Y
AfVXhuQDfykCZvVWqw0NcVG3tmcMIIz5hdMBoiJED+FRU1/1I26r/DmjET/wf/3v
q0Soj0Ce53E4khIfB7bHimVor2q6dBs1LAWdfudN5F9r79WCoopxWY7omyDXZPRM
ttPOQtFJmxTu7YzqUHgfcyf+ZQeozG5EMTFUw/qNfnWoe5cAG+dN7HyJE0CJKFhP
qgXmSF41WcU0Qn1tVcnLSgiwCKf2jDYuzLc5lh6CGLU2
-----END CERTIFICATE-----