Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/BhUouDec_qIuL9ykpJ14UlZA-QM.roa
File:                     BhUouDec_qIuL9ykpJ14UlZA-QM.roa (raw, json)
Hash identifier:          8yFW2hqVAr5xf6x8b1tEfXwA8rQJPiCbK72VY0EAl8E=
Subject key identifier:   06:15:28:B8:37:9C:FE:A2:2E:2F:DC:A4:A4:9D:78:52:56:40:F9:03
Certificate issuer:       /CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
Certificate serial:       0198090A076971C257DB5E89170569676296
Authority key identifier: 27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/BhUouDec_qIuL9ykpJ14UlZA-QM.roa
Signing time:             Mon 14 Jul 2025 13:05:08 +0000
ROA not before:           Mon 14 Jul 2025 13:05:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41801
IP address blocks:        91.102.160.0/23 maxlen: 23
                          91.102.160.0/24 maxlen: 24
                          91.102.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 02:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:0a:07:69:71:c2:57:db:5e:89:17:05:69:67:62:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
        Validity
            Not Before: Jul 14 13:05:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=061528b8379cfea22e2fdca4a49d78525640f903
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:d8:fd:16:1c:b3:60:24:b6:f8:17:dc:7a:69:
                    c6:77:9e:c3:7c:5d:70:b7:47:7e:e2:a2:21:d6:4e:
                    16:30:35:c9:d6:14:4c:91:b1:d3:6c:b0:c5:4b:ba:
                    be:24:c4:61:aa:ce:7b:a9:ea:51:15:21:28:e6:0e:
                    69:fb:b2:87:08:49:f2:29:c5:04:7e:06:7c:c4:87:
                    20:1a:04:6c:fd:04:1c:75:1c:04:28:e4:13:7b:d0:
                    6f:bb:e5:cd:ba:7a:3e:ed:bb:46:48:89:50:65:09:
                    2b:30:97:69:82:c5:9a:23:b3:be:5c:74:5a:cb:bd:
                    dc:bf:51:1a:17:aa:3a:29:7d:0d:8d:8c:08:33:55:
                    b1:98:39:f2:81:a0:c0:ef:86:d6:00:a8:7e:86:8f:
                    3c:82:22:9a:a0:84:34:c2:de:86:a0:e8:b5:f9:0c:
                    fe:7a:e9:31:d3:da:a8:eb:36:95:80:54:4e:e1:d0:
                    e5:c8:f9:a0:5f:75:9d:32:66:f0:aa:eb:c8:0e:cd:
                    e1:55:9c:3b:d2:01:e1:7c:bc:e6:03:85:c3:5a:b2:
                    11:ba:29:2b:5e:35:a9:59:70:09:66:2f:07:08:8a:
                    fd:2c:06:bc:4e:cc:ce:11:4e:a8:62:17:5b:e4:dc:
                    e3:cc:0b:b1:f1:60:f5:03:2e:75:ad:65:f3:84:7d:
                    3e:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:15:28:B8:37:9C:FE:A2:2E:2F:DC:A4:A4:9D:78:52:56:40:F9:03
            X509v3 Authority Key Identifier:
                keyid:27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/BhUouDec_qIuL9ykpJ14UlZA-QM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:04:ba:28:f3:83:d2:2e:f7:5c:d3:28:c9:1a:77:0f:2c:73:
         47:e1:97:cf:9f:48:85:28:21:d8:f0:34:bf:03:f2:7d:97:15:
         35:8b:cb:d8:9c:2c:ee:00:35:3b:61:aa:21:4f:2d:5e:bc:8c:
         37:76:29:e9:07:15:35:86:20:0f:b0:63:f1:17:69:2a:88:68:
         22:75:e6:ef:08:cb:8c:50:bc:17:60:88:43:02:d1:0f:f6:6b:
         90:07:6c:05:89:e6:78:60:c0:0d:7f:7e:78:da:76:db:c6:8c:
         a2:70:aa:71:a3:57:8f:30:93:ae:1d:2c:7e:e3:31:b5:4b:2c:
         4e:9a:b0:2c:d6:79:ed:b5:80:b9:4d:4d:e0:06:4a:0b:86:20:
         52:a0:af:19:1a:c1:70:88:2a:af:e2:d0:2e:ac:6a:e9:61:49:
         de:23:1e:6d:ef:78:75:0c:4f:2c:5d:2e:05:38:f1:66:4a:fe:
         b4:cd:d4:e9:21:70:1d:f3:fa:06:c8:d8:88:53:97:c6:a7:81:
         3c:30:e7:c6:ab:95:49:b8:cf:84:d5:b8:44:2c:e0:d8:3e:c1:
         3a:39:82:dc:c5:75:aa:2c:a5:84:fa:12:57:42:ec:f4:09:8d:
         62:29:ff:21:86:d8:4f:ad:a7:57:d9:0e:fc:ef:da:0d:d6:32:
         66:58:44:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJCgdpccJX216JFwVpZ2KWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzhiNDI3YzMxMzU5OGE5MmU4ZDhlYzYwZTI5NTBkYTM5
ZmMyYzkwHhcNMjUwNzE0MTMwNTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjE1MjhiODM3OWNmZWEyMmUyZmRjYTRhNDlkNzg1MjU2NDBmOTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9j9FhyzYCS2+BfcemnGd57DfF1w
t0d+4qIh1k4WMDXJ1hRMkbHTbLDFS7q+JMRhqs57qepRFSEo5g5p+7KHCEnyKcUE
fgZ8xIcgGgRs/QQcdRwEKOQTe9Bvu+XNuno+7btGSIlQZQkrMJdpgsWaI7O+XHRa
y73cv1EaF6o6KX0NjYwIM1WxmDnygaDA74bWAKh+ho88giKaoIQ0wt6GoOi1+Qz+
eukx09qo6zaVgFRO4dDlyPmgX3WdMmbwquvIDs3hVZw70gHhfLzmA4XDWrIRuikr
XjWpWXAJZi8HCIr9LAa8TszOEU6oYhdb5NzjzAux8WD1Ay51rWXzhH0+pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYVKLg3nP6iLi/cpKSdeFJWQPkDMB8GA1UdIwQY
MBaAFCfItCfDE1mKkujY7GDilQ2jn8LJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzct
MWM2ZWU0NGUxMWFkLzEvQmhVb3VEZWNfcUl1TDl5a3BKMTRVbFpBLVFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzctMWM2ZWU0NGUxMWFk
LzEvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW2agMA0G
CSqGSIb3DQEBCwUAA4IBAQCQBLoo84PSLvdc0yjJGncPLHNH4ZfPn0iFKCHY8DS/
A/J9lxU1i8vYnCzuADU7YaohTy1evIw3dinpBxU1hiAPsGPxF2kqiGgidebvCMuM
ULwXYIhDAtEP9muQB2wFieZ4YMANf3542nbbxoyicKpxo1ePMJOuHSx+4zG1SyxO
mrAs1nnttYC5TU3gBkoLhiBSoK8ZGsFwiCqv4tAurGrpYUneIx5t73h1DE8sXS4F
OPFmSv60zdTpIXAd8/oGyNiIU5fGp4E8MOfGq5VJuM+E1bhELODYPsE6OYLcxXWq
LKWE+hJXQuz0CY1iKf8hhthPradX2Q7879oN1jJmWEQy
-----END CERTIFICATE-----