Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/blptCtJln9odT-Zd9-yg_1kpfAM.roa
File:                     blptCtJln9odT-Zd9-yg_1kpfAM.roa (raw, json)
Hash identifier:          jTOEd7Yoo5SD4hM2M0pRKqn/WaRYdVO39YkKNQ4ET5I=
Subject key identifier:   6E:5A:6D:0A:D2:65:9F:DA:1D:4F:E6:5D:F7:EC:A0:FF:59:29:7C:03
Certificate issuer:       /CN=05bfdbb6a4b1663369da407db97b021f73284a28
Certificate serial:       019427B6022E079656F039CC900A32ACAC66
Authority key identifier: 05:BF:DB:B6:A4:B1:66:33:69:DA:40:7D:B9:7B:02:1F:73:28:4A:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bb_btqSxZjNp2kB9uXsCH3MoSig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/blptCtJln9odT-Zd9-yg_1kpfAM.roa
Signing time:             Thu 02 Jan 2025 15:50:26 +0000
ROA not before:           Thu 02 Jan 2025 15:50:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215000
IP address blocks:        78.110.171.0/24 maxlen: 24
                          78.157.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/Bb_btqSxZjNp2kB9uXsCH3MoSig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/Bb_btqSxZjNp2kB9uXsCH3MoSig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Bb_btqSxZjNp2kB9uXsCH3MoSig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:02:2e:07:96:56:f0:39:cc:90:0a:32:ac:ac:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05bfdbb6a4b1663369da407db97b021f73284a28
        Validity
            Not Before: Jan  2 15:50:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e5a6d0ad2659fda1d4fe65df7eca0ff59297c03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:33:76:1a:ec:58:29:5c:d5:5c:52:a6:5b:af:
                    12:d3:a3:93:d0:f0:09:78:7f:d5:1d:6a:0a:3a:da:
                    54:44:bf:69:fc:3f:2a:c5:c2:16:8a:d5:24:42:47:
                    bf:e1:5d:e6:ae:3e:b4:6f:5c:da:ef:66:4f:61:f3:
                    2d:9d:92:19:19:83:5a:68:ab:32:77:28:b6:ae:1c:
                    12:d9:b2:c1:15:4d:7f:56:40:b3:2a:09:1a:e2:80:
                    bd:7d:53:01:24:8a:4e:e0:da:31:e8:d5:bb:a2:fe:
                    a6:0e:e4:3b:c6:4b:93:a1:18:f4:a1:01:a2:74:e4:
                    fa:7a:30:d7:34:f5:c9:dd:28:39:6b:ff:77:d3:5a:
                    42:5e:38:10:a8:bb:f6:73:ab:8d:87:55:aa:7e:5a:
                    d6:56:fe:46:66:a2:72:12:33:c3:e9:6d:e7:ec:ae:
                    4b:10:bf:af:17:1f:cc:a3:c7:a1:04:79:b9:c5:6c:
                    ad:4e:bb:5f:bb:1f:ea:f3:8a:3f:e5:76:37:e6:11:
                    44:c4:fe:db:f6:85:e8:16:77:a6:28:f9:39:1f:55:
                    c3:32:10:82:14:a0:d5:ea:50:b8:24:70:28:3e:8d:
                    93:56:ad:e0:b0:b4:ee:0c:36:c2:50:02:bc:19:67:
                    9d:6a:02:3d:c1:ca:5a:e4:71:9b:09:58:76:79:d3:
                    78:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:5A:6D:0A:D2:65:9F:DA:1D:4F:E6:5D:F7:EC:A0:FF:59:29:7C:03
            X509v3 Authority Key Identifier:
                keyid:05:BF:DB:B6:A4:B1:66:33:69:DA:40:7D:B9:7B:02:1F:73:28:4A:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bb_btqSxZjNp2kB9uXsCH3MoSig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/blptCtJln9odT-Zd9-yg_1kpfAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/Bb_btqSxZjNp2kB9uXsCH3MoSig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.110.171.0/24
                  78.157.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:13:6d:bd:3c:4a:ba:3a:37:4e:88:2b:c0:07:84:9e:a9:3c:
         43:0a:c9:fe:37:da:1a:25:b0:25:1f:c8:c2:f3:ab:b1:31:f4:
         8f:cd:c0:8c:52:f0:d7:f4:55:e3:24:c5:10:9e:64:e3:13:75:
         01:a9:38:8d:90:29:cf:15:17:07:98:0e:69:39:52:1e:5c:ff:
         5a:6f:3f:e5:2b:8d:e7:a8:ed:68:c0:dd:cd:6b:1e:23:d6:6b:
         82:2f:70:fe:fb:07:cb:17:a9:d4:68:d2:cd:4d:ca:30:9e:2f:
         a6:39:76:5b:12:1a:3a:46:66:18:7d:39:46:f7:9f:9a:36:a9:
         f2:45:7a:6e:66:18:0f:36:66:e4:47:5a:9a:44:d7:01:99:15:
         6f:a1:bb:77:cb:3e:d8:95:78:73:75:b1:77:f7:fe:49:63:a7:
         29:c3:c6:e1:f4:c8:92:77:5d:68:54:24:dd:6b:46:2a:96:5f:
         df:37:96:95:09:d2:a3:09:25:7c:b8:5d:3c:6f:e4:e6:9f:1e:
         95:f9:de:d6:bd:d9:7b:89:aa:91:51:a8:ae:ae:39:62:a9:46:
         eb:d2:86:73:44:99:9c:60:8a:7b:47:1f:8c:39:6b:c1:67:2c:
         3a:5c:75:52:e8:0f:c7:f8:7e:71:58:38:c0:55:ca:d6:1b:26:
         c8:c9:00:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntgIuB5ZW8DnMkAoyrKxmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YmZkYmI2YTRiMTY2MzM2OWRhNDA3ZGI5N2IwMjFmNzMy
ODRhMjgwHhcNMjUwMTAyMTU1MDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTVhNmQwYWQyNjU5ZmRhMWQ0ZmU2NWRmN2VjYTBmZjU5Mjk3YzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjN2GuxYKVzVXFKmW68S06OT0PAJ
eH/VHWoKOtpURL9p/D8qxcIWitUkQke/4V3mrj60b1za72ZPYfMtnZIZGYNaaKsy
dyi2rhwS2bLBFU1/VkCzKgka4oC9fVMBJIpO4Nox6NW7ov6mDuQ7xkuToRj0oQGi
dOT6ejDXNPXJ3Sg5a/9301pCXjgQqLv2c6uNh1WqflrWVv5GZqJyEjPD6W3n7K5L
EL+vFx/Mo8ehBHm5xWytTrtfux/q84o/5XY35hFExP7b9oXoFnemKPk5H1XDMhCC
FKDV6lC4JHAoPo2TVq3gsLTuDDbCUAK8GWedagI9wcpa5HGbCVh2edN45wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG5abQrSZZ/aHU/mXffsoP9ZKXwDMB8GA1UdIwQY
MBaAFAW/27aksWYzadpAfbl7Ah9zKEooMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJfYnRxU3haak5wMmtCOXVYc0NIM01vU2lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi80NjBjMDAtM2U5NS00Mjc0LWJjOWMt
MDYwZGFjZmViZTBmLzEvYmxwdEN0SmxuOW9kVC1aZDkteWdfMWtwZkFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi80NjBjMDAtM2U5NS00Mjc0LWJjOWMtMDYwZGFjZmViZTBm
LzEvQmJfYnRxU3haak5wMmtCOXVYc0NIM01vU2lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATm6rAwQA
Tp3NMA0GCSqGSIb3DQEBCwUAA4IBAQBjE229PEq6OjdOiCvAB4SeqTxDCsn+N9oa
JbAlH8jC86uxMfSPzcCMUvDX9FXjJMUQnmTjE3UBqTiNkCnPFRcHmA5pOVIeXP9a
bz/lK43nqO1owN3Nax4j1muCL3D++wfLF6nUaNLNTcowni+mOXZbEho6RmYYfTlG
95+aNqnyRXpuZhgPNmbkR1qaRNcBmRVvobt3yz7YlXhzdbF39/5JY6cpw8bh9MiS
d11oVCTda0Yqll/fN5aVCdKjCSV8uF08b+Tmnx6V+d7Wvdl7iaqRUaiurjliqUbr
0oZzRJmcYIp7Rx+MOWvBZyw6XHVS6A/H+H5xWDjAVcrWGybIyQBd
-----END CERTIFICATE-----