Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/BidivErepoioJfqkh8JqhsT6Y0E.roa
File:                     BidivErepoioJfqkh8JqhsT6Y0E.roa (raw, json)
Hash identifier:          gPDhk6nw0RaD24YbC59K5ViOofzgizOeouA5It+O86c=
Subject key identifier:   06:27:62:BC:4A:DE:A6:88:A8:25:FA:A4:87:C2:6A:86:C4:FA:63:41
Certificate issuer:       /CN=002647c801fb58fcfaac135bb48f5e61fea7e566
Certificate serial:       0196C2A589C00389CF44163E2976EF0B5B4E
Authority key identifier: 00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/BidivErepoioJfqkh8JqhsT6Y0E.roa
Signing time:             Mon 12 May 2025 03:59:10 +0000
ROA not before:           Mon 12 May 2025 03:59:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.129.240.0/23 maxlen: 24
                          45.129.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 08:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c2:a5:89:c0:03:89:cf:44:16:3e:29:76:ef:0b:5b:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=002647c801fb58fcfaac135bb48f5e61fea7e566
        Validity
            Not Before: May 12 03:59:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=062762bc4adea688a825faa487c26a86c4fa6341
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:1a:4e:7b:f3:9e:49:72:f7:f2:40:9d:0d:27:
                    3e:69:67:c2:da:cd:fb:b6:f5:8e:ff:aa:e6:d6:5b:
                    f1:f5:ef:e5:14:1a:94:dc:25:65:61:b0:86:95:bc:
                    f4:97:9a:6a:9f:8d:6a:58:f0:9e:cd:c0:3b:e9:f5:
                    73:3a:7a:49:06:67:85:d5:76:e2:bc:d5:d4:08:93:
                    e1:da:7a:16:37:15:63:1f:ff:84:76:f1:9f:ee:9e:
                    27:a6:f9:51:2f:41:31:a6:f3:97:64:53:54:cc:29:
                    48:91:26:7d:3a:49:f6:47:a3:73:b6:f3:90:59:91:
                    b0:ff:9a:c3:1a:8c:41:eb:43:65:87:19:30:97:29:
                    56:f0:de:11:88:ea:fb:ec:56:c7:6a:1c:80:5d:d4:
                    1a:a0:91:56:b1:bf:d1:c7:22:61:f4:38:54:e2:a4:
                    5d:df:f2:94:65:fc:74:b4:51:ed:c3:67:24:6e:33:
                    8f:59:aa:d5:fc:4f:4f:ed:45:0f:f7:45:37:a0:0a:
                    74:6b:f6:c7:69:2a:c2:43:c4:a4:b9:af:c6:b1:06:
                    a2:68:fa:da:53:2d:a0:7b:28:f5:f3:1b:a2:fd:00:
                    6e:d9:e4:a1:fc:36:05:0f:67:dc:65:95:d3:c5:00:
                    42:16:2f:0c:17:e3:5f:e5:f4:99:5b:c2:e8:77:b3:
                    40:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:27:62:BC:4A:DE:A6:88:A8:25:FA:A4:87:C2:6A:86:C4:FA:63:41
            X509v3 Authority Key Identifier:
                keyid:00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/BidivErepoioJfqkh8JqhsT6Y0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.240.0-45.129.242.255

    Signature Algorithm: sha256WithRSAEncryption
         0f:f3:6e:92:72:1e:e0:68:0d:e6:e6:e7:2f:3f:13:06:d6:be:
         6b:2e:e3:9a:d2:93:12:11:4a:74:1d:6a:04:9b:d3:7b:49:e7:
         55:51:ad:38:2f:2a:52:79:c4:d7:3a:28:d1:f4:44:3b:ed:42:
         0b:61:db:14:1b:3d:bc:83:d8:0f:29:3e:4e:76:60:19:65:c6:
         f3:44:9f:2c:3a:e3:3d:37:94:34:a9:16:0d:aa:e9:17:eb:a6:
         d7:84:b7:4a:0e:35:e4:1b:ea:dd:ef:cb:39:00:47:87:22:0e:
         d9:e2:a7:d3:e5:1e:b5:79:55:d7:14:e2:44:54:f8:88:15:32:
         95:4e:46:0f:29:df:e0:4c:94:65:cc:1c:f6:72:7c:b8:87:25:
         ed:6c:35:ee:52:16:ee:44:0c:6a:0b:b5:94:82:63:03:7b:f1:
         0e:02:7a:c6:5f:dd:5e:7f:73:e5:f3:35:4b:17:ec:29:69:4c:
         e5:21:0d:96:c2:04:20:8c:4a:15:75:e4:74:41:91:68:ca:30:
         ae:0a:5b:90:36:d1:52:ab:29:b5:c2:96:d7:57:24:46:15:9b:
         bb:f7:37:52:1f:61:44:5d:b2:11:38:71:91:05:8e:f9:82:0c:
         04:62:31:b0:4f:c6:be:94:06:f6:52:d9:de:44:24:b5:94:8d:
         3c:f8:a8:43
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZbCpYnAA4nPRBY+KXbvC1tOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMjY0N2M4MDFmYjU4ZmNmYWFjMTM1YmI0OGY1ZTYxZmVh
N2U1NjYwHhcNMjUwNTEyMDM1OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjI3NjJiYzRhZGVhNjg4YTgyNWZhYTQ4N2MyNmE4NmM0ZmE2MzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixpOe/OeSXL38kCdDSc+aWfC2s37
tvWO/6rm1lvx9e/lFBqU3CVlYbCGlbz0l5pqn41qWPCezcA76fVzOnpJBmeF1Xbi
vNXUCJPh2noWNxVjH/+EdvGf7p4npvlRL0ExpvOXZFNUzClIkSZ9Okn2R6NztvOQ
WZGw/5rDGoxB60NlhxkwlylW8N4RiOr77FbHahyAXdQaoJFWsb/RxyJh9DhU4qRd
3/KUZfx0tFHtw2ckbjOPWarV/E9P7UUP90U3oAp0a/bHaSrCQ8Skua/GsQaiaPra
Uy2geyj18xui/QBu2eSh/DYFD2fcZZXTxQBCFi8MF+Nf5fSZW8Lod7NAoQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAYnYrxK3qaIqCX6pIfCaobE+mNBMB8GA1UdIwQY
MBaAFAAmR8gB+1j8+qwTW7SPXmH+p+VmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODIt
OTRlZmJmNWNlY2Q0LzEvQmlkaXZFcmVwb2lvSmZxa2g4SnFoc1Q2WTBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODItOTRlZmJmNWNlY2Q0
LzEvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAQtgfAD
BAAtgfIwDQYJKoZIhvcNAQELBQADggEBAA/zbpJyHuBoDebm5y8/EwbWvmsu45rS
kxIRSnQdagSb03tJ51VRrTgvKlJ5xNc6KNH0RDvtQgth2xQbPbyD2A8pPk52YBll
xvNEnyw64z03lDSpFg2q6RfrpteEt0oONeQb6t3vyzkAR4ciDtnip9PlHrV5VdcU
4kRU+IgVMpVORg8p3+BMlGXMHPZyfLiHJe1sNe5SFu5EDGoLtZSCYwN78Q4CesZf
3V5/c+XzNUsX7ClpTOUhDZbCBCCMShV15HRBkWjKMK4KW5A20VKrKbXCltdXJEYV
m7v3N1IfYURdshE4cZEFjvmCDARiMbBPxr6UBvZS2d5EJLWUjTz4qEM=
-----END CERTIFICATE-----