Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/b_BH8k9dkbRKJ0Ey58ItHR33E0o.roa
File:                     b_BH8k9dkbRKJ0Ey58ItHR33E0o.roa (raw, json)
Hash identifier:          fq+WuygPKpc2KtNCX59PHbTRL3jzzc5JcGmz5xkPFE4=
Subject key identifier:   6F:F0:47:F2:4F:5D:91:B4:4A:27:41:32:E7:C2:2D:1D:1D:F7:13:4A
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       01942747F69382B9D65A7D40CB9A09B2D2ED
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/b_BH8k9dkbRKJ0Ey58ItHR33E0o.roa
Signing time:             Thu 02 Jan 2025 13:50:15 +0000
ROA not before:           Thu 02 Jan 2025 13:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     393942
IP address blocks:        86.110.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:f6:93:82:b9:d6:5a:7d:40:cb:9a:09:b2:d2:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Jan  2 13:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ff047f24f5d91b44a274132e7c22d1d1df7134a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ac:0f:ff:51:38:66:f1:dd:4d:da:42:20:69:
                    a1:97:8b:ba:aa:18:11:a0:3c:ef:3a:25:64:de:3d:
                    53:cc:79:24:e6:ee:ac:58:19:49:3d:5f:bc:d6:f5:
                    8e:d6:aa:43:ef:77:cf:87:f8:a9:ef:86:7b:76:17:
                    4e:90:ab:e9:e6:17:cd:1e:19:5a:4b:6b:1c:61:38:
                    4f:42:fb:32:63:91:54:1c:4b:6b:a3:64:c6:3f:73:
                    34:68:6c:e1:cc:c1:f4:cb:8c:92:a2:38:15:14:ba:
                    5a:0a:fb:76:be:6b:86:63:5e:a3:d1:d0:d0:3c:85:
                    1c:bd:6f:8c:c5:e7:66:e8:9f:2d:a9:fa:d6:2f:28:
                    43:1f:6c:8e:22:2f:53:94:4e:78:c4:d8:9a:58:68:
                    8d:eb:1d:40:a9:b5:1c:6f:64:11:d4:78:b2:0e:dc:
                    b1:b5:d6:62:79:61:8f:bd:4c:57:3d:97:21:9b:27:
                    f1:f3:c4:c6:e2:92:a6:d1:3a:90:b6:55:4b:b0:55:
                    81:25:93:9f:91:40:f3:d7:82:f2:73:68:2c:c1:a7:
                    8e:ca:30:0d:dc:f0:05:7e:73:c9:0e:e4:ad:12:ef:
                    8c:29:e6:82:d9:8b:5a:95:3d:c8:60:fc:f9:ad:04:
                    cb:9b:55:24:1c:8d:50:45:08:2a:be:72:13:6d:4d:
                    52:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:F0:47:F2:4F:5D:91:B4:4A:27:41:32:E7:C2:2D:1D:1D:F7:13:4A
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/b_BH8k9dkbRKJ0Ey58ItHR33E0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:a1:49:e6:8e:97:50:a4:4a:a9:1c:b4:63:70:4b:93:5b:de:
         68:cd:a1:87:1b:1a:51:3e:45:30:2f:91:44:44:e8:bc:fc:04:
         f5:87:6e:0a:0d:62:fa:9e:fa:b7:48:73:95:0e:90:ad:a8:f0:
         29:55:e3:7d:36:70:47:22:51:21:ce:16:6f:16:f6:e5:72:75:
         6c:19:4e:9b:67:23:10:cb:06:e0:92:fe:bc:74:e9:37:93:95:
         7b:a0:15:7c:60:ec:37:6e:82:a5:94:7d:76:1e:59:e9:5a:91:
         c4:14:17:a6:78:d6:53:f5:2b:e0:12:f6:5a:f7:1f:ea:9b:44:
         b9:e8:80:92:f1:bd:f7:80:12:12:f9:bb:d0:e6:75:71:34:8b:
         ae:bc:ad:1d:7a:37:37:dd:31:f2:70:ff:d0:35:01:5c:c0:8a:
         4e:bd:a6:d4:18:1c:9c:db:26:b4:a5:09:d6:c5:b9:b6:2f:20:
         cd:a2:83:e1:85:2f:f2:3b:c6:33:f7:9e:cf:34:4e:1b:db:ca:
         05:d5:0d:3c:dc:9d:5c:01:2b:a6:6d:de:5b:ee:e1:c7:1d:f5:
         e9:c3:ea:ef:8a:c6:3a:05:81:03:60:fa:67:f3:3e:9c:ac:a2:
         83:57:5e:cc:f0:ed:a0:e1:05:fa:93:5b:0b:4a:60:46:07:93:
         0a:9c:91:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR/aTgrnWWn1Ay5oJstLtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjUwMTAyMTM1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmYwNDdmMjRmNWQ5MWI0NGEyNzQxMzJlN2MyMmQxZDFkZjcxMzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqwP/1E4ZvHdTdpCIGmhl4u6qhgR
oDzvOiVk3j1TzHkk5u6sWBlJPV+81vWO1qpD73fPh/ip74Z7dhdOkKvp5hfNHhla
S2scYThPQvsyY5FUHEtro2TGP3M0aGzhzMH0y4ySojgVFLpaCvt2vmuGY16j0dDQ
PIUcvW+Mxedm6J8tqfrWLyhDH2yOIi9TlE54xNiaWGiN6x1AqbUcb2QR1HiyDtyx
tdZieWGPvUxXPZchmyfx88TG4pKm0TqQtlVLsFWBJZOfkUDz14Lyc2gswaeOyjAN
3PAFfnPJDuStEu+MKeaC2YtalT3IYPz5rQTLm1UkHI1QRQgqvnITbU1SbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/wR/JPXZG0SidBMufCLR0d9xNKMB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvYl9CSDhrOWRrYlJLSjBFeTU4SXRIUjMzRTBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm4vMA0G
CSqGSIb3DQEBCwUAA4IBAQCQoUnmjpdQpEqpHLRjcEuTW95ozaGHGxpRPkUwL5FE
ROi8/AT1h24KDWL6nvq3SHOVDpCtqPApVeN9NnBHIlEhzhZvFvblcnVsGU6bZyMQ
ywbgkv68dOk3k5V7oBV8YOw3boKllH12HlnpWpHEFBemeNZT9SvgEvZa9x/qm0S5
6ICS8b33gBIS+bvQ5nVxNIuuvK0dejc33THycP/QNQFcwIpOvabUGByc2ya0pQnW
xbm2LyDNooPhhS/yO8Yz957PNE4b28oF1Q083J1cASumbd5b7uHHHfXpw+rvisY6
BYEDYPpn8z6crKKDV17M8O2g4QX6k1sLSmBGB5MKnJE6
-----END CERTIFICATE-----