Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/b9ec2b-d26c-48a6-a588-6b2e68dde1e3/1/B30qKHB4pvW_uIxt5ksptRBP4PQ.roa
File:                     B30qKHB4pvW_uIxt5ksptRBP4PQ.roa (raw, json)
Hash identifier:          Y9HutrF2XOKiS4omLhBmOgiWSK360mai1Yz5rvj0XF4=
Subject key identifier:   07:7D:2A:28:70:78:A6:F5:BF:B8:8C:6D:E6:4B:29:B5:10:4F:E0:F4
Certificate issuer:       /CN=d09ef2093da15eec90efb837b950164669f6198b
Certificate serial:       01973EA8789160650266C452D141B3A10A99
Authority key identifier: D0:9E:F2:09:3D:A1:5E:EC:90:EF:B8:37:B9:50:16:46:69:F6:19:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0J7yCT2hXuyQ77g3uVAWRmn2GYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/b9ec2b-d26c-48a6-a588-6b2e68dde1e3/1/B30qKHB4pvW_uIxt5ksptRBP4PQ.roa
Signing time:             Thu 05 Jun 2025 05:55:17 +0000
ROA not before:           Thu 05 Jun 2025 05:55:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215641
IP address blocks:        185.217.62.0/24 maxlen: 24
                          2a10:d900::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/b9ec2b-d26c-48a6-a588-6b2e68dde1e3/1/0J7yCT2hXuyQ77g3uVAWRmn2GYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/b9ec2b-d26c-48a6-a588-6b2e68dde1e3/1/0J7yCT2hXuyQ77g3uVAWRmn2GYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0J7yCT2hXuyQ77g3uVAWRmn2GYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3e:a8:78:91:60:65:02:66:c4:52:d1:41:b3:a1:0a:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d09ef2093da15eec90efb837b950164669f6198b
        Validity
            Not Before: Jun  5 05:55:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=077d2a287078a6f5bfb88c6de64b29b5104fe0f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e4:e0:b1:de:5b:51:73:f8:52:88:43:f9:c2:
                    e8:72:c4:5e:16:dc:74:87:45:56:4d:1a:e5:f4:d3:
                    b1:a2:73:e3:a8:1f:7d:de:6a:20:06:19:16:4b:c2:
                    8a:b1:fc:51:f9:06:f4:4a:ae:c1:51:3a:d7:34:ac:
                    f3:07:34:1b:6e:7f:75:44:2d:03:a4:e0:4e:7f:c4:
                    9b:10:f9:c4:ef:5a:b1:be:12:fa:76:80:dd:57:2f:
                    e2:f3:ae:5e:be:4d:a1:9a:58:c7:1c:80:d9:9b:fe:
                    61:79:fc:3b:df:68:2c:83:95:35:a7:71:37:f7:b0:
                    f1:c7:f9:02:1f:52:20:48:55:75:59:da:1d:c5:67:
                    6f:a3:6a:aa:21:76:e4:36:57:39:fc:dc:9e:03:f0:
                    df:e7:ec:f1:fe:32:54:0a:05:d6:44:7e:7b:1d:ef:
                    d7:91:b8:8e:c3:2b:c2:3a:b5:92:f4:a7:9d:f6:a4:
                    32:b9:0b:cf:b2:38:6c:3b:ac:3c:c0:5f:3b:82:0f:
                    7e:9a:f5:c4:0f:6a:05:fe:05:b5:e8:40:3e:49:be:
                    cb:c2:52:d7:30:0d:f9:46:1c:1f:5e:f8:17:61:26:
                    2b:ae:88:24:6d:a2:96:94:74:42:99:58:77:b1:6a:
                    8b:4d:b1:fd:c5:5d:67:c6:75:e2:38:89:3a:2a:a6:
                    e1:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:7D:2A:28:70:78:A6:F5:BF:B8:8C:6D:E6:4B:29:B5:10:4F:E0:F4
            X509v3 Authority Key Identifier:
                keyid:D0:9E:F2:09:3D:A1:5E:EC:90:EF:B8:37:B9:50:16:46:69:F6:19:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0J7yCT2hXuyQ77g3uVAWRmn2GYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/b9ec2b-d26c-48a6-a588-6b2e68dde1e3/1/B30qKHB4pvW_uIxt5ksptRBP4PQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/b9ec2b-d26c-48a6-a588-6b2e68dde1e3/1/0J7yCT2hXuyQ77g3uVAWRmn2GYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.62.0/24
                IPv6:
                  2a10:d900::/32

    Signature Algorithm: sha256WithRSAEncryption
         8c:f7:eb:cd:f4:25:ff:dd:9f:97:e2:4f:90:6c:35:e2:fc:c0:
         81:22:66:65:58:4c:6e:4e:e9:bb:6b:5e:2f:c2:9f:9d:6e:7f:
         5e:8b:11:3a:82:e2:f8:61:e5:76:4b:35:4e:1a:23:9f:05:e5:
         eb:32:09:57:b0:0c:ee:32:93:11:0e:7e:52:fa:aa:65:68:f3:
         63:f4:3e:b9:ec:dc:d7:8d:d0:00:c1:e5:e9:b6:98:73:aa:cd:
         c9:e7:72:90:25:5a:45:37:32:f6:82:64:2a:18:c6:1d:10:d7:
         5b:3e:eb:ee:f8:e1:e6:2b:81:c6:f5:26:d1:68:d4:b2:df:89:
         d9:f0:a7:33:54:28:7e:4d:a8:5d:98:02:65:f8:38:4c:9e:77:
         e4:02:91:d0:8f:5c:bb:33:81:f2:87:1e:cf:c2:90:bf:8d:c2:
         94:5b:66:ee:78:3a:15:e6:71:45:c9:1f:80:b8:c0:5b:19:69:
         2b:79:02:76:ba:f8:72:4c:9e:0c:80:49:84:09:7e:2d:06:d4:
         3c:b6:7e:96:4f:bc:6c:ad:3f:85:a9:3e:73:f8:1f:54:22:2a:
         be:78:78:8e:6b:e9:23:d7:c1:cc:3b:0a:be:d3:14:13:f4:43:
         fe:4c:a0:fe:bf:1d:17:86:f5:45:cc:8b:0a:ef:00:36:8d:cc:
         a4:12:7b:d6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZc+qHiRYGUCZsRS0UGzoQqZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOWVmMjA5M2RhMTVlZWM5MGVmYjgzN2I5NTAxNjQ2Njlm
NjE5OGIwHhcNMjUwNjA1MDU1NTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzdkMmEyODcwNzhhNmY1YmZiODhjNmRlNjRiMjliNTEwNGZlMGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOTgsd5bUXP4UohD+cLocsReFtx0
h0VWTRrl9NOxonPjqB993mogBhkWS8KKsfxR+Qb0Sq7BUTrXNKzzBzQbbn91RC0D
pOBOf8SbEPnE71qxvhL6doDdVy/i865evk2hmljHHIDZm/5hefw732gsg5U1p3E3
97Dxx/kCH1IgSFV1WdodxWdvo2qqIXbkNlc5/NyeA/Df5+zx/jJUCgXWRH57He/X
kbiOwyvCOrWS9Ked9qQyuQvPsjhsO6w8wF87gg9+mvXED2oF/gW16EA+Sb7LwlLX
MA35RhwfXvgXYSYrrogkbaKWlHRCmVh3sWqLTbH9xV1nxnXiOIk6Kqbh5wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAd9KihweKb1v7iMbeZLKbUQT+D0MB8GA1UdIwQY
MBaAFNCe8gk9oV7skO+4N7lQFkZp9hmLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEo3eUNUMmhYdXlRNzdnM3VWQVdSbW4yR1lzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9iOWVjMmItZDI2Yy00OGE2LWE1ODgt
NmIyZTY4ZGRlMWUzLzEvQjMwcUtIQjRwdldfdUl4dDVrc3B0UkJQNFBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9iOWVjMmItZDI2Yy00OGE2LWE1ODgtNmIyZTY4ZGRlMWUz
LzEvMEo3eUNUMmhYdXlRNzdnM3VWQVdSbW4yR1lzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudk+MA0E
AgACMAcDBQAqENkAMA0GCSqGSIb3DQEBCwUAA4IBAQCM9+vN9CX/3Z+X4k+QbDXi
/MCBImZlWExuTum7a14vwp+dbn9eixE6guL4YeV2SzVOGiOfBeXrMglXsAzuMpMR
Dn5S+qplaPNj9D657NzXjdAAweXptphzqs3J53KQJVpFNzL2gmQqGMYdENdbPuvu
+OHmK4HG9SbRaNSy34nZ8KczVCh+TahdmAJl+DhMnnfkApHQj1y7M4Hyhx7PwpC/
jcKUW2bueDoV5nFFyR+AuMBbGWkreQJ2uvhyTJ4MgEmECX4tBtQ8tn6WT7xsrT+F
qT5z+B9UIiq+eHiOa+kj18HMOwq+0xQT9EP+TKD+vx0XhvVFzIsK7wA2jcykEnvW
-----END CERTIFICATE-----