Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/BY6vuao8dzcdWvFAFv0TrK8gbcs.roa
File:                     BY6vuao8dzcdWvFAFv0TrK8gbcs.roa (raw, json)
Hash identifier:          ZDN7wXgq4/TF65FlyVO+h6CqqGxfq850Jit0suO59Nc=
Subject key identifier:   05:8E:AF:B9:AA:3C:77:37:1D:5A:F1:40:16:FD:13:AC:AF:20:6D:CB
Certificate issuer:       /CN=00e4f6a77368b7cecfe67220b436576b1e008aec
Certificate serial:       0197E68730C48D3B0EC371F0801A7E452562
Authority key identifier: 00:E4:F6:A7:73:68:B7:CE:CF:E6:72:20:B4:36:57:6B:1E:00:8A:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/BY6vuao8dzcdWvFAFv0TrK8gbcs.roa
Signing time:             Mon 07 Jul 2025 20:15:08 +0000
ROA not before:           Mon 07 Jul 2025 20:15:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59245
IP address blocks:        78.111.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 11:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e6:87:30:c4:8d:3b:0e:c3:71:f0:80:1a:7e:45:25:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00e4f6a77368b7cecfe67220b436576b1e008aec
        Validity
            Not Before: Jul  7 20:15:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=058eafb9aa3c77371d5af14016fd13acaf206dcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c2:8c:41:f8:15:5b:4a:2b:d9:ff:fd:83:0f:
                    de:8d:92:7a:c1:25:b5:1f:bf:4e:9c:63:99:1b:38:
                    65:4c:d0:c5:22:5b:56:83:34:ed:31:3c:22:a1:4b:
                    58:7a:bb:12:0d:e5:48:5d:3d:f5:4c:ec:1a:d9:f9:
                    1c:d7:d2:b6:d9:3b:b6:5d:7e:0f:cf:e6:a1:b2:44:
                    0c:17:04:0a:ae:f6:aa:0c:b6:cd:3d:38:0d:15:66:
                    34:d2:0a:eb:d3:91:01:69:75:10:50:98:0b:95:c5:
                    0e:bb:bc:d6:08:b7:45:a5:a4:64:41:a9:4f:38:db:
                    89:b3:21:d1:67:6d:20:fa:46:1d:00:cb:12:27:fc:
                    f0:51:4a:9f:8e:6a:1e:85:42:14:5c:3b:bc:b5:c2:
                    a3:b8:fd:64:12:0a:72:77:1c:17:1b:81:b7:ac:63:
                    0c:53:cb:e8:32:ba:39:9b:d9:5c:ff:43:14:ec:95:
                    ad:c6:6c:3a:7e:72:d6:30:02:ad:e8:b7:a5:d1:e5:
                    92:d8:65:9f:11:d2:e9:80:a9:04:32:9a:a0:b8:d7:
                    d7:ef:55:22:ac:57:f4:2f:df:31:00:e3:2d:09:35:
                    ed:f6:b1:09:ac:bd:8d:0b:33:4f:99:3b:33:fb:81:
                    51:5a:7a:34:7e:fe:37:42:f6:12:2b:5d:12:fa:bc:
                    28:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:8E:AF:B9:AA:3C:77:37:1D:5A:F1:40:16:FD:13:AC:AF:20:6D:CB
            X509v3 Authority Key Identifier:
                keyid:00:E4:F6:A7:73:68:B7:CE:CF:E6:72:20:B4:36:57:6B:1E:00:8A:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/BY6vuao8dzcdWvFAFv0TrK8gbcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.111.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:c2:40:4a:e4:7d:08:60:76:ce:1d:35:18:65:71:75:a2:96:
         77:62:09:84:0b:71:7c:13:b2:0b:31:8a:28:f6:d7:5e:d0:3c:
         b5:ec:0c:3c:73:57:08:05:21:fc:16:c2:7b:63:80:67:00:6e:
         35:ae:0c:f8:1f:40:b1:e0:3d:51:0b:6b:07:2f:7c:1b:7e:d6:
         af:29:99:69:98:f6:f9:bd:74:19:8a:9d:20:86:5c:9e:b7:f3:
         61:61:2c:e6:73:84:a7:33:24:c4:cc:4e:e0:7e:65:03:3e:b7:
         f9:b3:36:8f:19:6a:90:46:a8:be:90:ff:ec:dd:79:cb:e2:04:
         c6:d1:b6:8a:bb:3c:02:86:dc:db:7a:cd:5a:54:12:2f:80:e8:
         32:95:5f:71:06:6c:bc:fe:29:c1:ed:45:69:ab:fe:f0:03:98:
         ba:b8:e9:9b:52:aa:46:28:c4:41:22:c5:81:53:c9:e5:71:ef:
         54:31:61:bb:5b:cc:95:9e:df:e9:30:12:d3:ce:4e:26:36:d7:
         36:04:14:eb:6b:3c:82:0a:2b:86:8f:88:1d:1b:a9:91:0c:cc:
         87:02:46:2e:c8:90:c8:8a:dd:e3:f4:79:99:0d:31:98:97:4e:
         08:ed:f6:97:b7:d1:72:46:a7:c4:e5:60:09:56:93:f4:fe:9e:
         a8:ef:df:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfmhzDEjTsOw3HwgBp+RSViMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZTRmNmE3NzM2OGI3Y2VjZmU2NzIyMGI0MzY1NzZiMWUw
MDhhZWMwHhcNMjUwNzA3MjAxNTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNThlYWZiOWFhM2M3NzM3MWQ1YWYxNDAxNmZkMTNhY2FmMjA2ZGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMKMQfgVW0or2f/9gw/ejZJ6wSW1
H79OnGOZGzhlTNDFIltWgzTtMTwioUtYersSDeVIXT31TOwa2fkc19K22Tu2XX4P
z+ahskQMFwQKrvaqDLbNPTgNFWY00grr05EBaXUQUJgLlcUOu7zWCLdFpaRkQalP
ONuJsyHRZ20g+kYdAMsSJ/zwUUqfjmoehUIUXDu8tcKjuP1kEgpydxwXG4G3rGMM
U8voMro5m9lc/0MU7JWtxmw6fnLWMAKt6Lel0eWS2GWfEdLpgKkEMpqguNfX71Ui
rFf0L98xAOMtCTXt9rEJrL2NCzNPmTsz+4FRWno0fv43QvYSK10S+rwo9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAWOr7mqPHc3HVrxQBb9E6yvIG3LMB8GA1UdIwQY
MBaAFADk9qdzaLfOz+ZyILQ2V2seAIrsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQU9UMnAzTm90ODdQNW5JZ3REWlhheDRBaXV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS82NTJkYTktYWZjNC00ZTIwLTgyZmMt
YjA3ZDg0MTZhZTRhLzEvQlk2dnVhbzhkemNkV3ZGQUZ2MFRySzhnYmNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS82NTJkYTktYWZjNC00ZTIwLTgyZmMtYjA3ZDg0MTZhZTRh
LzEvQU9UMnAzTm90ODdQNW5JZ3REWlhheDRBaXV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATm9lMA0G
CSqGSIb3DQEBCwUAA4IBAQAGwkBK5H0IYHbOHTUYZXF1opZ3YgmEC3F8E7ILMYoo
9tde0Dy17Aw8c1cIBSH8FsJ7Y4BnAG41rgz4H0Cx4D1RC2sHL3wbftavKZlpmPb5
vXQZip0ghlyet/NhYSzmc4SnMyTEzE7gfmUDPrf5szaPGWqQRqi+kP/s3XnL4gTG
0baKuzwChtzbes1aVBIvgOgylV9xBmy8/inB7UVpq/7wA5i6uOmbUqpGKMRBIsWB
U8nlce9UMWG7W8yVnt/pMBLTzk4mNtc2BBTrazyCCiuGj4gdG6mRDMyHAkYuyJDI
it3j9HmZDTGYl04I7faXt9FyRqfE5WAJVpP0/p6o798M
-----END CERTIFICATE-----