Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/EpDBPVNlNeVkVgjR_m5x1NyX39k.roa
File:                     EpDBPVNlNeVkVgjR_m5x1NyX39k.roa (raw, json)
Hash identifier:          xU4je7vw+hy54ZIE4xMAX4T+f8GKgqonphRIwXr+3Ro=
Subject key identifier:   12:90:C1:3D:53:65:35:E5:64:56:08:D1:FE:6E:71:D4:DC:97:DF:D9
Certificate issuer:       /CN=bd19d4535c7e62b921e859e6557b821f278e716a
Certificate serial:       0195ADEB8BD6CA3321F60742BF37E82C8DD8
Authority key identifier: BD:19:D4:53:5C:7E:62:B9:21:E8:59:E6:55:7B:82:1F:27:8E:71:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/EpDBPVNlNeVkVgjR_m5x1NyX39k.roa
Signing time:             Wed 19 Mar 2025 10:20:49 +0000
ROA not before:           Wed 19 Mar 2025 10:20:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137235
IP address blocks:        91.239.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ad:eb:8b:d6:ca:33:21:f6:07:42:bf:37:e8:2c:8d:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd19d4535c7e62b921e859e6557b821f278e716a
        Validity
            Not Before: Mar 19 10:20:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1290c13d536535e5645608d1fe6e71d4dc97dfd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:cd:7e:15:0a:82:8a:2d:ac:c3:21:74:a9:7d:
                    e4:96:86:05:85:f1:6d:83:bc:e8:60:18:e2:c9:a9:
                    68:62:9a:d0:f2:31:72:90:03:cf:11:2b:1f:0b:77:
                    5a:d6:eb:48:f4:9d:cb:9e:d4:b8:44:2f:cd:05:40:
                    82:b9:66:0b:c3:37:4e:83:72:a0:48:52:5f:27:96:
                    f1:eb:57:d8:f3:28:01:76:fa:24:cc:34:11:b2:45:
                    ed:5c:66:67:6c:b2:68:04:dd:f7:a5:84:1e:b4:2b:
                    6b:d8:7f:6a:d1:a8:94:e8:e0:20:31:18:f4:9b:a5:
                    78:44:dd:b5:db:eb:a0:f8:d5:84:b1:86:c4:bd:b3:
                    7f:d3:c4:88:61:e8:a6:ae:70:b7:4b:45:30:c9:1c:
                    ae:79:91:2a:89:3b:4e:27:bc:5f:b9:63:dc:98:e0:
                    58:54:7a:ac:47:1c:54:e0:97:64:df:48:df:94:c6:
                    de:4a:08:c0:38:2e:f5:52:d6:11:4d:6c:f1:89:42:
                    cc:13:89:8c:33:04:c4:ed:93:b2:d6:e7:d4:d4:99:
                    b3:04:4d:7f:ce:1a:ea:36:25:cf:81:de:8c:3f:4e:
                    92:3e:c4:e6:ae:8d:7b:ce:20:d5:12:5e:49:aa:b3:
                    8d:c4:a0:b1:b3:8f:36:e5:3f:79:6f:2c:41:09:80:
                    d7:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:90:C1:3D:53:65:35:E5:64:56:08:D1:FE:6E:71:D4:DC:97:DF:D9
            X509v3 Authority Key Identifier:
                keyid:BD:19:D4:53:5C:7E:62:B9:21:E8:59:E6:55:7B:82:1F:27:8E:71:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/EpDBPVNlNeVkVgjR_m5x1NyX39k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:ac:6d:10:12:ef:7d:61:cb:4c:6b:f9:48:23:a3:a8:89:7a:
         95:97:e4:51:0b:1e:76:58:3b:21:81:22:dc:e3:14:ca:6b:a1:
         4c:d3:1e:aa:01:a4:90:21:eb:21:3b:f3:d3:d2:59:2d:d9:0c:
         0c:90:5a:7c:90:27:41:ed:1e:3c:72:35:e0:ea:93:18:95:a3:
         6d:7c:39:4c:5c:23:05:1b:4c:72:83:94:c3:9b:77:87:78:86:
         fe:0a:a4:93:15:4a:e5:d4:dc:c4:83:8a:b9:2d:c7:91:fb:d7:
         fa:10:4f:9e:40:fe:9b:20:6b:13:19:b0:4d:14:1a:48:46:d8:
         2d:c1:44:4c:23:5c:6a:40:8d:69:3d:12:15:90:6c:19:0e:cb:
         17:c2:eb:dd:c7:c4:78:52:07:ea:0e:a3:32:8f:3c:5c:c4:d3:
         ce:96:44:1e:36:6e:5f:8f:0f:36:1b:e1:98:bb:a1:7f:f7:ee:
         57:36:8d:9b:d6:5e:ba:e1:c1:f4:ab:57:aa:f7:de:76:5d:77:
         75:2e:0e:a1:44:6d:81:dd:2c:50:1b:ce:5b:33:d8:14:cb:f8:
         4d:ae:d7:32:34:94:0e:d4:f0:8f:4e:14:2a:31:95:21:f8:68:
         44:32:04:3f:20:e5:7b:82:56:55:b9:1e:ff:52:89:65:33:de:
         e9:78:91:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWt64vWyjMh9gdCvzfoLI3YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMTlkNDUzNWM3ZTYyYjkyMWU4NTllNjU1N2I4MjFmMjc4
ZTcxNmEwHhcNMjUwMzE5MTAyMDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjkwYzEzZDUzNjUzNWU1NjQ1NjA4ZDFmZTZlNzFkNGRjOTdkZmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnM1+FQqCii2swyF0qX3kloYFhfFt
g7zoYBjiyaloYprQ8jFykAPPESsfC3da1utI9J3LntS4RC/NBUCCuWYLwzdOg3Kg
SFJfJ5bx61fY8ygBdvokzDQRskXtXGZnbLJoBN33pYQetCtr2H9q0aiU6OAgMRj0
m6V4RN212+ug+NWEsYbEvbN/08SIYeimrnC3S0UwyRyueZEqiTtOJ7xfuWPcmOBY
VHqsRxxU4Jdk30jflMbeSgjAOC71UtYRTWzxiULME4mMMwTE7ZOy1ufU1JmzBE1/
zhrqNiXPgd6MP06SPsTmro17ziDVEl5JqrONxKCxs4825T95byxBCYDXVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBKQwT1TZTXlZFYI0f5ucdTcl9/ZMB8GA1UdIwQY
MBaAFL0Z1FNcfmK5IehZ5lV7gh8njnFqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlJuVVUxeC1ZcmtoNkZubVZYdUNIeWVPY1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8yNTk5ZjktNmY3Ni00ZGI2LWJjYTct
YzEzMzFmNDlmYzA5LzEvRXBEQlBWTmxOZVZrVmdqUl9tNXgxTnlYMzlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8yNTk5ZjktNmY3Ni00ZGI2LWJjYTctYzEzMzFmNDlmYzA5
LzEvdlJuVVUxeC1ZcmtoNkZubVZYdUNIeWVPY1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+/TMA0G
CSqGSIb3DQEBCwUAA4IBAQBprG0QEu99YctMa/lII6OoiXqVl+RRCx52WDshgSLc
4xTKa6FM0x6qAaSQIeshO/PT0lkt2QwMkFp8kCdB7R48cjXg6pMYlaNtfDlMXCMF
G0xyg5TDm3eHeIb+CqSTFUrl1NzEg4q5LceR+9f6EE+eQP6bIGsTGbBNFBpIRtgt
wURMI1xqQI1pPRIVkGwZDssXwuvdx8R4UgfqDqMyjzxcxNPOlkQeNm5fjw82G+GY
u6F/9+5XNo2b1l664cH0q1eq9952XXd1Lg6hRG2B3SxQG85bM9gUy/hNrtcyNJQO
1PCPThQqMZUh+GhEMgQ/IOV7glZVuR7/UollM97peJEL
-----END CERTIFICATE-----