Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Bdn1DcMJLsTBh2Q12ScTlfextfA.roa
File:                     Bdn1DcMJLsTBh2Q12ScTlfextfA.roa (raw, json)
Hash identifier:          5aLKJErELEuvOisnhFo7YC5MNb/X65d9eCU26oCY0QQ=
Subject key identifier:   05:D9:F5:0D:C3:09:2E:C4:C1:87:64:35:D9:27:13:95:F7:B1:B5:F0
Certificate issuer:       /CN=59dd542781851c0bce5a3ea5cc387650ffc8277e
Certificate serial:       019420D65B305A21E40BEAE049A014416F9C
Authority key identifier: 59:DD:54:27:81:85:1C:0B:CE:5A:3E:A5:CC:38:76:50:FF:C8:27:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Bdn1DcMJLsTBh2Q12ScTlfextfA.roa
Signing time:             Wed 01 Jan 2025 07:48:26 +0000
ROA not before:           Wed 01 Jan 2025 07:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201388
IP address blocks:        84.47.154.0/24 maxlen: 24
                          84.47.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:5b:30:5a:21:e4:0b:ea:e0:49:a0:14:41:6f:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59dd542781851c0bce5a3ea5cc387650ffc8277e
        Validity
            Not Before: Jan  1 07:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05d9f50dc3092ec4c1876435d9271395f7b1b5f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:9f:6e:7f:14:da:4b:b0:07:09:4b:b8:6f:62:
                    61:62:63:6f:e0:6d:a5:65:15:52:5e:98:11:4d:c2:
                    2e:a5:88:ae:47:b1:96:89:04:0e:04:21:8f:57:84:
                    6a:03:69:72:65:af:2d:0a:a3:29:e0:fe:41:c5:9a:
                    bc:69:c7:b6:39:94:f7:5d:54:d8:4a:c9:80:87:0b:
                    62:15:c8:52:ba:37:d3:05:71:a5:ed:b5:fb:23:41:
                    07:72:e8:1a:8c:af:28:ae:30:ec:8d:b7:85:3d:73:
                    a0:72:d0:b8:19:2c:15:48:dd:7e:77:a4:0f:ab:48:
                    a2:0f:44:26:15:bc:f2:3f:94:5e:86:44:dc:4f:60:
                    67:95:82:d2:ae:d3:67:4e:2d:06:ac:dc:ee:b8:1a:
                    4a:cb:8d:2c:62:45:90:ad:14:17:72:78:42:13:45:
                    48:1a:cf:ee:76:52:1e:33:0e:fb:23:65:6c:11:52:
                    87:50:4a:46:02:91:26:13:9a:00:e0:9d:ef:34:f5:
                    49:72:c2:a4:b4:28:68:db:2a:c0:fc:16:ac:2f:89:
                    bd:b7:03:19:58:44:0c:51:9f:b2:2e:90:52:3b:71:
                    87:48:a5:11:a3:af:39:43:12:3d:03:98:59:44:22:
                    f9:8a:a8:85:b6:49:93:53:b9:6d:91:46:b4:7c:73:
                    ff:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:D9:F5:0D:C3:09:2E:C4:C1:87:64:35:D9:27:13:95:F7:B1:B5:F0
            X509v3 Authority Key Identifier:
                keyid:59:DD:54:27:81:85:1C:0B:CE:5A:3E:A5:CC:38:76:50:FF:C8:27:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Bdn1DcMJLsTBh2Q12ScTlfextfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.47.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:15:d0:7e:c2:eb:5a:04:d1:4b:07:e4:11:b3:0d:d0:19:c6:
         c2:47:e6:b1:6a:81:ba:a0:5b:a2:cf:71:6d:16:8c:9e:75:20:
         df:af:ff:de:60:e5:ae:a2:22:8a:8f:e0:ea:84:5e:51:5c:cb:
         fa:d3:11:4b:33:e0:e6:a8:bd:30:ab:07:3b:c7:95:e8:85:8d:
         04:52:09:0b:e3:a1:9b:8d:7d:89:fc:11:33:d5:59:be:b7:66:
         be:ba:77:e0:d0:ab:a0:9f:ae:b1:41:02:30:b6:5c:a9:94:29:
         05:76:b5:2a:27:8f:66:95:b6:3e:d2:7b:75:dd:aa:e4:bc:1a:
         28:60:f8:51:f5:2e:52:60:81:b3:44:d7:f9:4b:1b:90:83:e0:
         80:15:95:91:3d:28:43:0e:47:e4:43:af:cc:cc:b2:a6:48:0d:
         d5:9b:bd:91:c3:1c:8c:39:5b:76:0e:28:3c:67:b3:e5:c9:eb:
         de:35:38:90:0b:cb:1c:58:1c:30:35:17:3b:65:08:5f:2d:4b:
         86:0c:10:40:cc:a9:6b:08:94:b5:99:bb:66:af:ed:5c:97:89:
         d4:05:b7:55:07:ce:e9:36:8e:b3:e5:46:fa:06:48:49:a6:4d:
         c1:68:1a:02:42:c3:20:5b:77:61:55:f1:13:8b:06:67:d5:af:
         b1:e0:b3:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1lswWiHkC+rgSaAUQW+cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5ZGQ1NDI3ODE4NTFjMGJjZTVhM2VhNWNjMzg3NjUwZmZj
ODI3N2UwHhcNMjUwMTAxMDc0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWQ5ZjUwZGMzMDkyZWM0YzE4NzY0MzVkOTI3MTM5NWY3YjFiNWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6J9ufxTaS7AHCUu4b2JhYmNv4G2l
ZRVSXpgRTcIupYiuR7GWiQQOBCGPV4RqA2lyZa8tCqMp4P5BxZq8ace2OZT3XVTY
SsmAhwtiFchSujfTBXGl7bX7I0EHcugajK8orjDsjbeFPXOgctC4GSwVSN1+d6QP
q0iiD0QmFbzyP5RehkTcT2BnlYLSrtNnTi0GrNzuuBpKy40sYkWQrRQXcnhCE0VI
Gs/udlIeMw77I2VsEVKHUEpGApEmE5oA4J3vNPVJcsKktCho2yrA/BasL4m9twMZ
WEQMUZ+yLpBSO3GHSKURo685QxI9A5hZRCL5iqiFtkmTU7ltkUa0fHP/8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAXZ9Q3DCS7EwYdkNdknE5X3sbXwMB8GA1UdIwQY
MBaAFFndVCeBhRwLzlo+pcw4dlD/yCd+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2QxVUo0R0ZIQXZPV2o2bHpEaDJVUF9JSjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi83OWM0YmEtMzhlMi00ZjVhLTk1OWYt
NDdlMDkzNzk4OWE4LzEvQmRuMURjTUpMc1RCaDJRMTJTY1RsZmV4dGZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi83OWM0YmEtMzhlMi00ZjVhLTk1OWYtNDdlMDkzNzk4OWE4
LzEvV2QxVUo0R0ZIQXZPV2o2bHpEaDJVUF9JSjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVC+aMA0G
CSqGSIb3DQEBCwUAA4IBAQAjFdB+wutaBNFLB+QRsw3QGcbCR+axaoG6oFuiz3Ft
FoyedSDfr//eYOWuoiKKj+DqhF5RXMv60xFLM+DmqL0wqwc7x5XohY0EUgkL46Gb
jX2J/BEz1Vm+t2a+unfg0Kugn66xQQIwtlyplCkFdrUqJ49mlbY+0nt13arkvBoo
YPhR9S5SYIGzRNf5SxuQg+CAFZWRPShDDkfkQ6/MzLKmSA3Vm72RwxyMOVt2Dig8
Z7PlyeveNTiQC8scWBwwNRc7ZQhfLUuGDBBAzKlrCJS1mbtmr+1cl4nUBbdVB87p
No6z5Ub6BkhJpk3BaBoCQsMgW3dhVfETiwZn1a+x4LNn
-----END CERTIFICATE-----