Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/jOTXaOGJoE6NDCvCKKBezqpIGGk.roa
File:                     jOTXaOGJoE6NDCvCKKBezqpIGGk.roa (raw, json)
Hash identifier:          qYO092gSKFsXYhjhZOcwgA3qVjBaIAjkoDnU0SJsxRg=
Subject key identifier:   8C:E4:D7:68:E1:89:A0:4E:8D:0C:2B:C2:28:A0:5E:CE:AA:48:18:69
Certificate issuer:       /CN=e8bd26dce48161c7fbf9ff67b907f1e605c25a66
Certificate serial:       0196CDC7917F91123483CF2C33D8D4032ED7
Authority key identifier: E8:BD:26:DC:E4:81:61:C7:FB:F9:FF:67:B9:07:F1:E6:05:C2:5A:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6L0m3OSBYcf7-f9nuQfx5gXCWmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/jOTXaOGJoE6NDCvCKKBezqpIGGk.roa
Signing time:             Wed 14 May 2025 07:52:10 +0000
ROA not before:           Wed 14 May 2025 07:52:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35133
IP address blocks:        217.18.95.0/24 maxlen: 24
                          2a07:5500::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/6L0m3OSBYcf7-f9nuQfx5gXCWmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/6L0m3OSBYcf7-f9nuQfx5gXCWmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6L0m3OSBYcf7-f9nuQfx5gXCWmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cd:c7:91:7f:91:12:34:83:cf:2c:33:d8:d4:03:2e:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8bd26dce48161c7fbf9ff67b907f1e605c25a66
        Validity
            Not Before: May 14 07:52:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ce4d768e189a04e8d0c2bc228a05eceaa481869
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:bc:97:4d:2c:d5:a7:f1:17:68:ac:52:86:30:
                    a9:bb:cd:70:1d:d4:68:f5:fb:d6:53:8e:58:27:71:
                    b8:06:d8:b0:f1:d9:00:df:1a:c7:fd:8a:78:44:b7:
                    da:e1:b3:36:df:37:9f:b2:08:c4:fc:42:ad:3c:29:
                    86:0c:d6:c5:3a:4d:66:fe:70:2d:15:62:c1:b0:70:
                    52:d6:4b:b4:ce:08:8f:c3:5a:4e:68:b4:67:05:b5:
                    19:ef:e0:6e:5c:6c:48:b5:7d:3b:6e:70:e1:44:23:
                    f9:8f:3f:4b:5b:0f:52:c1:19:49:9e:ad:c5:87:71:
                    df:4f:ee:d7:91:78:d4:fe:61:ee:23:c7:05:2e:32:
                    a7:75:67:5f:d6:ba:2d:e7:19:cf:1f:b7:c1:86:86:
                    12:11:2c:a4:1e:8a:72:8d:b3:9c:a7:64:60:9e:49:
                    70:5e:40:f4:a9:5c:e0:ee:74:44:e5:0e:3b:ea:dd:
                    3b:25:0b:81:b2:1c:bb:a5:39:50:bd:8a:8b:ac:c1:
                    78:eb:55:dd:06:54:0a:39:5d:ba:b0:5c:eb:e0:90:
                    c1:13:c4:b7:9b:a6:7c:fb:a7:67:9f:f7:c4:a5:ca:
                    a2:50:69:c0:52:ef:42:c7:f2:36:e5:a9:38:b1:66:
                    9d:22:59:44:8d:52:a6:96:a2:23:d1:d3:0d:c7:11:
                    18:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:E4:D7:68:E1:89:A0:4E:8D:0C:2B:C2:28:A0:5E:CE:AA:48:18:69
            X509v3 Authority Key Identifier:
                keyid:E8:BD:26:DC:E4:81:61:C7:FB:F9:FF:67:B9:07:F1:E6:05:C2:5A:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6L0m3OSBYcf7-f9nuQfx5gXCWmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/jOTXaOGJoE6NDCvCKKBezqpIGGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/6L0m3OSBYcf7-f9nuQfx5gXCWmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.95.0/24
                IPv6:
                  2a07:5500::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:20:f7:53:a1:d8:61:23:dd:27:d9:b5:b4:23:8c:7f:f6:8a:
         a6:03:4c:7c:61:24:7c:f3:08:0c:b0:4b:42:69:20:a1:45:36:
         de:e5:9f:64:6b:13:25:72:33:45:cc:a3:0e:b6:3c:18:55:7a:
         e9:41:99:6f:66:4f:27:dd:93:4d:83:32:24:89:c3:08:b4:93:
         f7:ac:09:fb:c7:d3:26:05:3b:55:8b:dc:62:e8:e8:0f:2e:70:
         04:b6:d6:ca:f8:3b:ef:3a:d8:a7:06:e6:dc:57:9f:df:25:c0:
         82:70:ed:cc:bf:9a:88:95:3f:04:16:41:3f:3f:47:05:fa:46:
         6d:48:7b:ee:58:cb:23:c3:f4:9b:ca:38:af:43:69:65:a3:c5:
         e7:bd:ca:99:c5:e8:62:46:fe:8e:0b:4c:30:ae:39:37:03:98:
         bd:c7:92:82:5c:66:a8:6d:1d:38:09:d2:dd:49:ae:d6:87:6f:
         d3:f4:e1:31:db:6e:3a:64:13:78:71:3b:f5:cf:de:6a:05:1a:
         71:c5:51:47:28:3f:7c:6c:bb:b7:f9:f4:96:8a:52:38:a1:0e:
         94:34:51:9d:ee:16:db:0a:32:9b:07:d9:3b:cc:23:ea:9b:b3:
         80:f5:7f:81:31:98:b4:5b:0b:ef:c0:38:c9:90:f5:46:7a:ed:
         4b:8e:cf:4b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZbNx5F/kRI0g88sM9jUAy7XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YmQyNmRjZTQ4MTYxYzdmYmY5ZmY2N2I5MDdmMWU2MDVj
MjVhNjYwHhcNMjUwNTE0MDc1MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2U0ZDc2OGUxODlhMDRlOGQwYzJiYzIyOGEwNWVjZWFhNDgxODY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLyXTSzVp/EXaKxShjCpu81wHdRo
9fvWU45YJ3G4Btiw8dkA3xrH/Yp4RLfa4bM23zefsgjE/EKtPCmGDNbFOk1m/nAt
FWLBsHBS1ku0zgiPw1pOaLRnBbUZ7+BuXGxItX07bnDhRCP5jz9LWw9SwRlJnq3F
h3HfT+7XkXjU/mHuI8cFLjKndWdf1rot5xnPH7fBhoYSESykHopyjbOcp2Rgnklw
XkD0qVzg7nRE5Q476t07JQuBshy7pTlQvYqLrMF461XdBlQKOV26sFzr4JDBE8S3
m6Z8+6dnn/fEpcqiUGnAUu9Cx/I25ak4sWadIllEjVKmlqIj0dMNxxEYDwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIzk12jhiaBOjQwrwiigXs6qSBhpMB8GA1UdIwQY
MBaAFOi9JtzkgWHH+/n/Z7kH8eYFwlpmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkwwbTNPU0JZY2Y3LWY5bnVRZng1Z1hDV21ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iZDljYTgtMTc5Yi00MzIyLWEwOTQt
NTBkZDNhNTgxNTRiLzEvak9UWGFPR0pvRTZOREN2Q0tLQmV6cXBJR0drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iZDljYTgtMTc5Yi00MzIyLWEwOTQtNTBkZDNhNTgxNTRi
LzEvNkwwbTNPU0JZY2Y3LWY5bnVRZng1Z1hDV21ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA2RJfMA0E
AgACMAcDBQMqB1UAMA0GCSqGSIb3DQEBCwUAA4IBAQCMIPdTodhhI90n2bW0I4x/
9oqmA0x8YSR88wgMsEtCaSChRTbe5Z9kaxMlcjNFzKMOtjwYVXrpQZlvZk8n3ZNN
gzIkicMItJP3rAn7x9MmBTtVi9xi6OgPLnAEttbK+DvvOtinBubcV5/fJcCCcO3M
v5qIlT8EFkE/P0cF+kZtSHvuWMsjw/SbyjivQ2llo8XnvcqZxehiRv6OC0wwrjk3
A5i9x5KCXGaobR04CdLdSa7Wh2/T9OEx2246ZBN4cTv1z95qBRpxxVFHKD98bLu3
+fSWilI4oQ6UNFGd7hbbCjKbB9k7zCPqm7OA9X+BMZi0WwvvwDjJkPVGeu1Ljs9L
-----END CERTIFICATE-----