Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/BoY6ecLnomqtJE4tcZbTfC43iHk.roa
File:                     BoY6ecLnomqtJE4tcZbTfC43iHk.roa (raw, json)
Hash identifier:          b0GbBUb3VdKpAY4o2+rPThr/XGWjBAtFIKp5H8A28AU=
Subject key identifier:   06:86:3A:79:C2:E7:A2:6A:AD:24:4E:2D:71:96:D3:7C:2E:37:88:79
Certificate issuer:       /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial:       019427484D31366CB7DABF7999235B90573C
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/BoY6ecLnomqtJE4tcZbTfC43iHk.roa
Signing time:             Thu 02 Jan 2025 13:50:37 +0000
ROA not before:           Thu 02 Jan 2025 13:50:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206804
IP address blocks:        85.203.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 05:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:4d:31:36:6c:b7:da:bf:79:99:23:5b:90:57:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
        Validity
            Not Before: Jan  2 13:50:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06863a79c2e7a26aad244e2d7196d37c2e378879
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:9f:68:75:1a:ff:61:2f:07:bd:86:13:38:f3:
                    d7:06:05:91:b4:9a:c6:23:b4:f9:6c:c7:dc:f9:ef:
                    12:55:1d:97:ea:40:ed:c8:a3:1b:31:9b:ea:4a:aa:
                    7b:b2:f2:1a:7e:46:7e:14:30:ff:93:94:bc:92:6d:
                    c1:40:f6:28:e4:0c:5a:f7:ea:8a:bf:19:0b:f9:f8:
                    b1:8c:3c:10:db:b5:c7:70:b6:33:ff:73:ee:26:f9:
                    5a:22:82:b4:2a:3b:32:61:ab:a7:7d:27:aa:62:09:
                    78:60:f0:1c:b3:dc:a1:cf:ed:61:5f:e8:9d:12:a9:
                    80:01:5b:a1:5c:7a:09:8f:fc:c7:ba:25:d6:33:6f:
                    99:a7:e7:87:79:48:c0:74:fc:c7:77:51:1d:07:d8:
                    77:8f:2e:32:61:21:ce:d7:a0:02:04:7e:05:62:41:
                    01:44:c9:07:93:85:ef:4f:8b:7f:83:f1:0a:db:93:
                    91:e7:cd:0d:c4:f2:09:a4:c9:dd:b2:0e:b8:6e:61:
                    3c:6a:48:33:80:fd:ca:e0:12:75:2c:6c:d7:20:0f:
                    4e:12:1d:33:d2:88:df:3c:b7:a8:ed:32:5c:a7:a6:
                    f9:c8:7d:01:73:f4:44:47:10:78:7a:5b:04:53:28:
                    87:be:52:22:eb:7d:d9:66:47:46:60:72:5a:1e:c4:
                    76:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:86:3A:79:C2:E7:A2:6A:AD:24:4E:2D:71:96:D3:7C:2E:37:88:79
            X509v3 Authority Key Identifier:
                keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/BoY6ecLnomqtJE4tcZbTfC43iHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:d3:bc:9e:b8:fa:71:6d:f5:07:b8:53:e0:20:db:e7:30:4c:
         4d:27:1b:03:d6:cb:18:d4:22:69:0d:74:ec:e3:6a:a7:d5:5e:
         8a:47:a1:64:ac:c7:4e:ae:01:bd:f5:f3:63:71:ca:e1:04:b2:
         98:e6:51:1b:a8:10:6b:f1:6c:84:04:30:52:05:62:73:c7:20:
         13:51:a9:c2:da:2e:7c:3f:68:d7:b3:01:c4:4b:2e:f4:da:4b:
         d4:7a:dc:8c:1c:8d:55:a4:87:45:53:7d:b1:c0:ce:c5:1f:7b:
         f3:8a:28:6f:16:f8:55:12:3f:46:27:79:a1:36:df:c6:e6:20:
         91:03:c3:4a:07:dd:b0:04:5c:7b:36:29:66:67:3e:2c:fd:f2:
         86:d1:b4:53:f8:5f:c5:34:68:bc:a9:b6:7e:ed:82:3b:53:09:
         30:c6:96:8a:b9:05:6e:bb:9f:36:a6:8b:81:db:52:96:48:fb:
         e0:fa:16:df:bb:c0:81:08:40:b3:0c:12:28:76:ee:7c:56:73:
         09:40:65:06:2c:7f:37:51:a7:94:b3:30:91:42:b8:22:25:7e:
         13:65:1a:d4:7b:06:4f:1c:69:32:95:9f:b4:f7:bf:ac:6f:cb:
         b3:bf:a6:84:59:62:b4:58:50:05:ae:e1:8d:30:7b:97:b2:17:
         bd:66:5f:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSE0xNmy32r95mSNbkFc8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjUwMTAyMTM1MDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjg2M2E3OWMyZTdhMjZhYWQyNDRlMmQ3MTk2ZDM3YzJlMzc4ODc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn59odRr/YS8HvYYTOPPXBgWRtJrG
I7T5bMfc+e8SVR2X6kDtyKMbMZvqSqp7svIafkZ+FDD/k5S8km3BQPYo5Axa9+qK
vxkL+fixjDwQ27XHcLYz/3PuJvlaIoK0KjsyYaunfSeqYgl4YPAcs9yhz+1hX+id
EqmAAVuhXHoJj/zHuiXWM2+Zp+eHeUjAdPzHd1EdB9h3jy4yYSHO16ACBH4FYkEB
RMkHk4XvT4t/g/EK25OR580NxPIJpMndsg64bmE8akgzgP3K4BJ1LGzXIA9OEh0z
0ojfPLeo7TJcp6b5yH0Bc/RERxB4elsEUyiHvlIi633ZZkdGYHJaHsR2EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAaGOnnC56JqrSROLXGW03wuN4h5MB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEvQm9ZNmVjTG5vbXF0SkU0dGNaYlRmQzQzaUhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcsnMA0G
CSqGSIb3DQEBCwUAA4IBAQCY07yeuPpxbfUHuFPgINvnMExNJxsD1ssY1CJpDXTs
42qn1V6KR6FkrMdOrgG99fNjccrhBLKY5lEbqBBr8WyEBDBSBWJzxyATUanC2i58
P2jXswHESy702kvUetyMHI1VpIdFU32xwM7FH3vziihvFvhVEj9GJ3mhNt/G5iCR
A8NKB92wBFx7NilmZz4s/fKG0bRT+F/FNGi8qbZ+7YI7UwkwxpaKuQVuu582pouB
21KWSPvg+hbfu8CBCECzDBIodu58VnMJQGUGLH83UaeUszCRQrgiJX4TZRrUewZP
HGkylZ+097+sb8uzv6aEWWK0WFAFruGNMHuXshe9Zl9R
-----END CERTIFICATE-----