Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/66a237-9bc5-4abd-9b8b-c55476759d0c/1/boEHtK6TX4b8tA4ZE52KAM2BJmo.roa
File:                     boEHtK6TX4b8tA4ZE52KAM2BJmo.roa (raw, json)
Hash identifier:          +7NNF3zI76oRfEmOt6I7AY03Pn8U8YF2KqGhoMWLwNw=
Subject key identifier:   6E:81:07:B4:AE:93:5F:86:FC:B4:0E:19:13:9D:8A:00:CD:81:26:6A
Certificate issuer:       /CN=bc4f1e6b011f4d6331a127955a548fa5052580a5
Certificate serial:       019425FBF6D62B8E10B79699EF69B47B3F98
Authority key identifier: BC:4F:1E:6B:01:1F:4D:63:31:A1:27:95:5A:54:8F:A5:05:25:80:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vE8eawEfTWMxoSeVWlSPpQUlgKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/66a237-9bc5-4abd-9b8b-c55476759d0c/1/boEHtK6TX4b8tA4ZE52KAM2BJmo.roa
Signing time:             Thu 02 Jan 2025 07:47:37 +0000
ROA not before:           Thu 02 Jan 2025 07:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43754
IP address blocks:        185.128.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/66a237-9bc5-4abd-9b8b-c55476759d0c/1/vE8eawEfTWMxoSeVWlSPpQUlgKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/66a237-9bc5-4abd-9b8b-c55476759d0c/1/vE8eawEfTWMxoSeVWlSPpQUlgKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vE8eawEfTWMxoSeVWlSPpQUlgKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 19:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fb:f6:d6:2b:8e:10:b7:96:99:ef:69:b4:7b:3f:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc4f1e6b011f4d6331a127955a548fa5052580a5
        Validity
            Not Before: Jan  2 07:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e8107b4ae935f86fcb40e19139d8a00cd81266a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:a0:a5:a2:51:d3:93:cf:47:a1:44:34:a6:92:
                    1e:42:52:d5:0b:e1:a1:5e:60:16:2c:64:1c:6d:7d:
                    4d:a2:2c:fb:d4:80:46:c4:a1:a8:9c:cb:70:81:a8:
                    2c:71:90:49:23:96:a5:60:16:d0:b7:63:24:15:e1:
                    8a:e9:c7:40:93:f8:ce:f3:89:9b:90:9e:da:20:65:
                    46:a5:81:73:3a:6b:d4:15:56:32:fc:4b:26:38:5f:
                    72:e1:dd:f8:7a:da:ba:c6:c3:a0:2e:b9:4e:9f:a0:
                    c6:51:1a:9e:f0:bf:89:08:d3:aa:d7:72:bb:9d:27:
                    db:a3:f1:f6:14:ac:47:ca:df:fa:b2:05:2e:06:a9:
                    d5:e1:df:aa:a3:a4:7a:fa:59:fd:1f:52:b5:c1:93:
                    36:78:6f:c8:9d:37:ee:65:9a:c7:26:86:ab:d6:40:
                    e9:60:9f:9a:85:63:9c:6b:38:e4:39:31:f7:8c:1f:
                    37:b5:0c:46:70:0b:73:0c:aa:08:45:d9:91:f7:f1:
                    a7:7b:35:f5:06:0e:56:26:bf:45:52:c5:21:0f:20:
                    eb:8d:43:08:60:49:ba:f6:35:31:5a:8f:8c:72:65:
                    c9:9b:be:81:af:7c:25:e4:18:16:52:45:92:2f:28:
                    e3:d2:18:b4:39:ee:6f:b3:d8:73:8b:4b:99:88:6d:
                    e3:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:81:07:B4:AE:93:5F:86:FC:B4:0E:19:13:9D:8A:00:CD:81:26:6A
            X509v3 Authority Key Identifier:
                keyid:BC:4F:1E:6B:01:1F:4D:63:31:A1:27:95:5A:54:8F:A5:05:25:80:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vE8eawEfTWMxoSeVWlSPpQUlgKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/66a237-9bc5-4abd-9b8b-c55476759d0c/1/boEHtK6TX4b8tA4ZE52KAM2BJmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/66a237-9bc5-4abd-9b8b-c55476759d0c/1/vE8eawEfTWMxoSeVWlSPpQUlgKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:b8:40:29:aa:f9:6a:36:08:fc:7a:4f:0c:99:04:e3:35:cc:
         53:fd:71:f2:93:ba:d2:de:cf:00:9e:da:3f:02:27:de:3d:32:
         e7:b6:85:0b:e0:67:7f:0a:d8:c4:be:0f:db:98:7f:53:72:2a:
         56:91:1f:90:6b:ea:a4:14:86:8a:9f:c3:71:0b:75:f5:1f:d7:
         8d:bf:3c:ac:9a:7e:14:67:86:17:eb:9d:5e:67:6a:03:8e:04:
         47:2d:41:e4:05:c3:46:5c:c0:56:29:c0:10:28:c0:15:d4:c8:
         c4:a1:59:f2:22:20:0c:39:2d:d4:64:49:a5:66:b1:6a:ec:b2:
         4d:45:fb:d0:f6:73:a5:83:a7:6c:a7:a2:a3:3e:ee:68:f5:37:
         f7:82:15:a2:47:c5:08:5e:d0:a5:cb:15:09:7e:13:f9:b5:17:
         62:6f:96:d9:52:45:f6:e1:02:de:e0:ab:38:10:d7:6d:4f:54:
         8d:0a:66:f3:05:c9:8b:d1:80:e7:22:4e:28:28:03:f6:9e:57:
         58:61:16:97:20:d6:89:74:2f:f2:b8:55:89:9b:53:f4:29:35:
         a1:0d:a4:69:07:20:2b:ff:41:f7:3d:da:3f:0a:00:b4:c7:15:
         11:60:52:69:3b:29:05:86:fe:d8:35:95:0a:44:ac:fa:d2:be:
         1f:10:bb:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl+/bWK44Qt5aZ72m0ez+YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNGYxZTZiMDExZjRkNjMzMWExMjc5NTVhNTQ4ZmE1MDUy
NTgwYTUwHhcNMjUwMTAyMDc0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTgxMDdiNGFlOTM1Zjg2ZmNiNDBlMTkxMzlkOGEwMGNkODEyNjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qClolHTk89HoUQ0ppIeQlLVC+Gh
XmAWLGQcbX1Noiz71IBGxKGonMtwgagscZBJI5alYBbQt2MkFeGK6cdAk/jO84mb
kJ7aIGVGpYFzOmvUFVYy/EsmOF9y4d34etq6xsOgLrlOn6DGURqe8L+JCNOq13K7
nSfbo/H2FKxHyt/6sgUuBqnV4d+qo6R6+ln9H1K1wZM2eG/InTfuZZrHJoar1kDp
YJ+ahWOcazjkOTH3jB83tQxGcAtzDKoIRdmR9/GnezX1Bg5WJr9FUsUhDyDrjUMI
YEm69jUxWo+McmXJm76Br3wl5BgWUkWSLyjj0hi0Oe5vs9hzi0uZiG3jUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG6BB7Suk1+G/LQOGROdigDNgSZqMB8GA1UdIwQY
MBaAFLxPHmsBH01jMaEnlVpUj6UFJYClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkU4ZWF3RWZUV014b1NlVldsU1BwUVVsZ0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi82NmEyMzctOWJjNS00YWJkLTliOGIt
YzU1NDc2NzU5ZDBjLzEvYm9FSHRLNlRYNGI4dEE0WkU1MktBTTJCSm1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi82NmEyMzctOWJjNS00YWJkLTliOGItYzU1NDc2NzU5ZDBj
LzEvdkU4ZWF3RWZUV014b1NlVldsU1BwUVVsZ0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYCnMA0G
CSqGSIb3DQEBCwUAA4IBAQBKuEApqvlqNgj8ek8MmQTjNcxT/XHyk7rS3s8Anto/
AifePTLntoUL4Gd/CtjEvg/bmH9TcipWkR+Qa+qkFIaKn8NxC3X1H9eNvzysmn4U
Z4YX651eZ2oDjgRHLUHkBcNGXMBWKcAQKMAV1MjEoVnyIiAMOS3UZEmlZrFq7LJN
RfvQ9nOlg6dsp6KjPu5o9Tf3ghWiR8UIXtClyxUJfhP5tRdib5bZUkX24QLe4Ks4
ENdtT1SNCmbzBcmL0YDnIk4oKAP2nldYYRaXINaJdC/yuFWJm1P0KTWhDaRpByAr
/0H3Pdo/CgC0xxURYFJpOykFhv7YNZUKRKz60r4fELvZ
-----END CERTIFICATE-----