Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/27fd5e-7d5e-4898-8689-595d42d5c254/1/vzFDjwhsHuCEXenA4Ry9zlS6KxI.roa
File:                     vzFDjwhsHuCEXenA4Ry9zlS6KxI.roa (raw, json)
Hash identifier:          nNA4bFfVyipriW6rYfX4ArBAMjERFDTms9Zlmp1WCCw=
Subject key identifier:   BF:31:43:8F:08:6C:1E:E0:84:5D:E9:C0:E1:1C:BD:CE:54:BA:2B:12
Certificate issuer:       /CN=2b5c05500c865e924bddeb1aee7b2eb8cba927c9
Certificate serial:       019653047EEED78178D4C8DC4ABF07863F65
Authority key identifier: 2B:5C:05:50:0C:86:5E:92:4B:DD:EB:1A:EE:7B:2E:B8:CB:A9:27:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K1wFUAyGXpJL3esa7nsuuMupJ8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/27fd5e-7d5e-4898-8689-595d42d5c254/1/vzFDjwhsHuCEXenA4Ry9zlS6KxI.roa
Signing time:             Sun 20 Apr 2025 11:45:25 +0000
ROA not before:           Sun 20 Apr 2025 11:45:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49556
IP address blocks:        195.26.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/27fd5e-7d5e-4898-8689-595d42d5c254/1/K1wFUAyGXpJL3esa7nsuuMupJ8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/27fd5e-7d5e-4898-8689-595d42d5c254/1/K1wFUAyGXpJL3esa7nsuuMupJ8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K1wFUAyGXpJL3esa7nsuuMupJ8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:53:04:7e:ee:d7:81:78:d4:c8:dc:4a:bf:07:86:3f:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b5c05500c865e924bddeb1aee7b2eb8cba927c9
        Validity
            Not Before: Apr 20 11:45:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf31438f086c1ee0845de9c0e11cbdce54ba2b12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:0f:6b:ae:66:69:4e:b7:d8:a3:d2:f7:8a:f4:
                    d7:fe:5e:49:0a:ac:6d:c7:1e:4f:69:6e:0e:bd:a2:
                    fd:18:80:02:1b:0f:03:13:3f:d1:08:f3:aa:d1:91:
                    96:1f:d9:f5:2c:db:aa:d7:00:ad:dd:f6:65:0e:ab:
                    ee:de:64:88:e0:9c:30:ca:a3:91:af:f6:75:41:37:
                    48:d2:6e:1c:3f:9b:61:8f:c0:bf:52:e6:bf:1c:30:
                    41:37:e1:4b:8e:be:12:79:86:4d:cf:e3:c4:6b:d2:
                    98:eb:34:e4:c9:75:0d:91:77:67:8d:b3:52:0e:cb:
                    f6:cf:b1:50:ce:d4:91:0e:f2:0b:0b:bb:33:4b:eb:
                    a1:57:e5:d3:15:8a:61:34:c0:74:97:89:78:d3:c4:
                    08:b5:e5:3f:d2:ef:fe:a6:23:8c:83:8d:f2:04:6a:
                    8c:8b:4c:c7:44:60:8a:d1:32:1a:11:ea:84:e2:d8:
                    38:57:a1:e3:33:23:8f:f5:f2:d9:42:64:4c:e8:b0:
                    a0:45:93:51:78:31:0d:80:55:18:71:01:0d:e4:64:
                    cb:11:6f:a6:93:6a:1c:20:e6:46:33:b3:aa:36:5c:
                    42:ac:c8:ff:b4:37:27:c1:0e:79:10:11:b9:22:ce:
                    77:3a:b6:d4:97:67:ab:7e:df:3d:c2:37:e8:60:9f:
                    1e:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:31:43:8F:08:6C:1E:E0:84:5D:E9:C0:E1:1C:BD:CE:54:BA:2B:12
            X509v3 Authority Key Identifier:
                keyid:2B:5C:05:50:0C:86:5E:92:4B:DD:EB:1A:EE:7B:2E:B8:CB:A9:27:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K1wFUAyGXpJL3esa7nsuuMupJ8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/27fd5e-7d5e-4898-8689-595d42d5c254/1/vzFDjwhsHuCEXenA4Ry9zlS6KxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/27fd5e-7d5e-4898-8689-595d42d5c254/1/K1wFUAyGXpJL3esa7nsuuMupJ8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.26.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:fe:6d:3b:a8:ef:a8:c9:bd:bd:a9:84:ca:68:df:a0:1e:3a:
         2b:f6:7c:ae:9e:f2:b7:0f:56:b1:98:fd:35:34:a4:38:df:10:
         4a:7a:3f:af:e9:1a:4d:e1:29:4f:50:8b:00:36:00:8e:58:da:
         8f:07:5c:f8:71:bf:b8:93:ca:d4:15:33:37:9f:53:ec:a2:9f:
         4d:e1:2d:b9:d0:03:91:93:22:60:ca:17:fc:b0:3f:7d:ba:c5:
         65:e2:7c:5b:51:ff:15:a3:cf:03:ed:ae:6a:c2:e2:29:39:bb:
         c1:22:73:de:cb:ea:35:b5:1c:a5:da:4c:0d:3f:0e:75:8e:63:
         71:c2:04:7f:6e:f3:33:8a:91:da:c5:11:06:0f:78:70:07:85:
         6e:ea:ff:ab:78:6c:c5:cc:62:fa:3b:e4:4c:df:c7:3c:d9:0d:
         fe:90:f1:c4:10:bd:42:42:1b:65:82:6a:9f:b2:bb:e1:b0:27:
         b2:c6:32:29:b3:ab:38:e2:55:29:5f:7d:6f:1b:e1:42:9b:0d:
         02:2f:fa:cd:56:f6:6c:14:ae:b0:b7:d3:c6:c9:ff:aa:f3:bb:
         ea:15:27:3a:a3:84:a2:e7:07:4c:44:05:ce:46:53:72:77:2a:
         b4:df:07:e9:8a:cc:f4:34:5e:ad:ae:b2:5b:ab:a0:30:af:44:
         1a:4d:6c:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZTBH7u14F41MjcSr8Hhj9lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNWMwNTUwMGM4NjVlOTI0YmRkZWIxYWVlN2IyZWI4Y2Jh
OTI3YzkwHhcNMjUwNDIwMTE0NTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjMxNDM4ZjA4NmMxZWUwODQ1ZGU5YzBlMTFjYmRjZTU0YmEyYjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8g9rrmZpTrfYo9L3ivTX/l5JCqxt
xx5PaW4OvaL9GIACGw8DEz/RCPOq0ZGWH9n1LNuq1wCt3fZlDqvu3mSI4JwwyqOR
r/Z1QTdI0m4cP5thj8C/Uua/HDBBN+FLjr4SeYZNz+PEa9KY6zTkyXUNkXdnjbNS
Dsv2z7FQztSRDvILC7szS+uhV+XTFYphNMB0l4l408QIteU/0u/+piOMg43yBGqM
i0zHRGCK0TIaEeqE4tg4V6HjMyOP9fLZQmRM6LCgRZNReDENgFUYcQEN5GTLEW+m
k2ocIOZGM7OqNlxCrMj/tDcnwQ55EBG5Is53OrbUl2erft89wjfoYJ8eEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL8xQ48IbB7ghF3pwOEcvc5UuisSMB8GA1UdIwQY
MBaAFCtcBVAMhl6SS93rGu57LrjLqSfJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzF3RlVBeUdYcEpMM2VzYTduc3V1TXVwSjhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy8yN2ZkNWUtN2Q1ZS00ODk4LTg2ODkt
NTk1ZDQyZDVjMjU0LzEvdnpGRGp3aHNIdUNFWGVuQTRSeTl6bFM2S3hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy8yN2ZkNWUtN2Q1ZS00ODk4LTg2ODktNTk1ZDQyZDVjMjU0
LzEvSzF3RlVBeUdYcEpMM2VzYTduc3V1TXVwSjhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxobMA0G
CSqGSIb3DQEBCwUAA4IBAQCi/m07qO+oyb29qYTKaN+gHjor9nyunvK3D1axmP01
NKQ43xBKej+v6RpN4SlPUIsANgCOWNqPB1z4cb+4k8rUFTM3n1Psop9N4S250AOR
kyJgyhf8sD99usVl4nxbUf8Vo88D7a5qwuIpObvBInPey+o1tRyl2kwNPw51jmNx
wgR/bvMzipHaxREGD3hwB4Vu6v+reGzFzGL6O+RM38c82Q3+kPHEEL1CQhtlgmqf
srvhsCeyxjIps6s44lUpX31vG+FCmw0CL/rNVvZsFK6wt9PGyf+q87vqFSc6o4Si
5wdMRAXORlNydyq03wfpisz0NF6trrJbq6Awr0QaTWxe
-----END CERTIFICATE-----