Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/62e5f2-25b3-4557-aa94-150354b00e55/1/B6FxjiJOC6_Birv76wylcyDexTM.roa
File:                     B6FxjiJOC6_Birv76wylcyDexTM.roa (raw, json)
Hash identifier:          eGhXe2MadeqSm3dFdd2yllOqHv5uGkbMvrl6C4hJsTU=
Subject key identifier:   07:A1:71:8E:22:4E:0B:AF:C1:8A:BB:FB:EB:0C:A5:73:20:DE:C5:33
Certificate issuer:       /CN=0563cb263df50d2d4d073c0f7db6cd2776302c9d
Certificate serial:       0197111010CC65D2CA4D8E9C411ACCD3DEF5
Authority key identifier: 05:63:CB:26:3D:F5:0D:2D:4D:07:3C:0F:7D:B6:CD:27:76:30:2C:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BWPLJj31DS1NBzwPfbbNJ3YwLJ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/62e5f2-25b3-4557-aa94-150354b00e55/1/B6FxjiJOC6_Birv76wylcyDexTM.roa
Signing time:             Tue 27 May 2025 09:25:54 +0000
ROA not before:           Tue 27 May 2025 09:25:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211590
IP address blocks:        185.177.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/62e5f2-25b3-4557-aa94-150354b00e55/1/BWPLJj31DS1NBzwPfbbNJ3YwLJ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/62e5f2-25b3-4557-aa94-150354b00e55/1/BWPLJj31DS1NBzwPfbbNJ3YwLJ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BWPLJj31DS1NBzwPfbbNJ3YwLJ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 02:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:10:10:cc:65:d2:ca:4d:8e:9c:41:1a:cc:d3:de:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0563cb263df50d2d4d073c0f7db6cd2776302c9d
        Validity
            Not Before: May 27 09:25:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07a1718e224e0bafc18abbfbeb0ca57320dec533
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:dd:aa:82:89:84:91:ef:7f:32:30:93:78:26:
                    1e:b2:7a:99:a7:a8:e6:8b:9c:d8:03:5a:fc:8a:73:
                    eb:50:44:86:25:fd:21:67:44:9f:3b:1d:08:1f:90:
                    47:3c:0c:38:f7:23:c2:78:67:2c:1b:18:ce:6e:26:
                    86:49:17:c8:b2:5e:bd:6f:d4:15:7e:ed:db:5a:69:
                    94:12:37:73:b7:21:c5:5c:95:62:eb:00:b4:a4:b5:
                    1e:15:8a:2b:9a:8f:96:4a:6a:9c:82:2b:7d:5c:30:
                    05:b9:74:6f:76:f1:84:ca:7e:64:d8:68:bb:9a:62:
                    b3:87:17:cb:16:b1:8d:71:f6:af:f3:78:5e:d4:8e:
                    b6:b0:55:6c:01:4b:32:94:ad:40:6f:07:49:72:6e:
                    64:00:aa:d7:83:f7:93:3e:70:a5:49:e1:af:c1:7c:
                    15:d2:29:6a:4f:67:b1:7c:51:cb:72:15:09:65:04:
                    76:91:80:bb:01:bd:de:54:c0:72:86:b4:3e:8c:eb:
                    06:42:1f:ec:42:77:f8:8d:d0:6e:77:ba:d8:87:d1:
                    d9:cd:34:c5:28:0b:a3:d2:3e:cf:0f:ae:7d:a1:c2:
                    19:d5:c1:50:d0:b4:dd:23:e9:ca:57:42:33:95:6e:
                    81:27:28:26:bf:3b:8b:c8:99:bc:38:ef:6e:e7:b2:
                    3a:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:A1:71:8E:22:4E:0B:AF:C1:8A:BB:FB:EB:0C:A5:73:20:DE:C5:33
            X509v3 Authority Key Identifier:
                keyid:05:63:CB:26:3D:F5:0D:2D:4D:07:3C:0F:7D:B6:CD:27:76:30:2C:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BWPLJj31DS1NBzwPfbbNJ3YwLJ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/62e5f2-25b3-4557-aa94-150354b00e55/1/B6FxjiJOC6_Birv76wylcyDexTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/62e5f2-25b3-4557-aa94-150354b00e55/1/BWPLJj31DS1NBzwPfbbNJ3YwLJ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:d9:86:c3:ca:45:54:bb:fb:30:bc:d8:74:75:e1:7b:d5:1c:
         e4:76:80:16:35:2a:2f:71:29:36:61:95:ca:50:35:14:54:af:
         bc:d2:0d:bc:ae:0f:8a:bf:52:8f:3d:51:35:37:fa:ca:ee:7d:
         4b:2a:a1:3e:4b:c3:45:56:f9:1b:b0:db:66:f6:44:7b:bb:66:
         6d:da:2d:42:5e:bf:0b:7d:11:d0:d4:35:20:3f:b3:9e:64:f5:
         a7:6e:54:73:ed:81:d8:9b:e4:ca:f1:53:1e:d9:e4:3e:e5:05:
         9b:4a:88:a9:4c:a0:26:2a:ec:cb:73:db:b0:a5:1c:06:ee:26:
         45:02:f3:f2:8d:f0:99:38:18:90:cd:f3:3b:89:27:96:77:3a:
         ca:cf:6d:34:ae:28:4c:22:e4:54:73:a2:b5:f0:21:96:62:32:
         08:d4:00:51:e5:d6:5d:db:99:41:76:ac:65:ca:f2:48:ba:66:
         f7:70:e0:d9:06:b9:f5:f1:73:e9:96:4d:55:30:d7:ff:29:a2:
         34:6c:77:3f:86:42:a3:34:11:0c:61:6b:88:9b:8c:f2:b2:6a:
         60:c4:c3:e3:e0:84:4f:02:78:e0:81:7b:17:0d:de:21:b3:23:
         dd:c8:82:3a:e1:86:91:df:04:6c:36:fe:90:22:87:fe:69:25:
         73:65:0d:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcREBDMZdLKTY6cQRrM0971MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NjNjYjI2M2RmNTBkMmQ0ZDA3M2MwZjdkYjZjZDI3NzYz
MDJjOWQwHhcNMjUwNTI3MDkyNTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2ExNzE4ZTIyNGUwYmFmYzE4YWJiZmJlYjBjYTU3MzIwZGVjNTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1N2qgomEke9/MjCTeCYesnqZp6jm
i5zYA1r8inPrUESGJf0hZ0SfOx0IH5BHPAw49yPCeGcsGxjObiaGSRfIsl69b9QV
fu3bWmmUEjdztyHFXJVi6wC0pLUeFYormo+WSmqcgit9XDAFuXRvdvGEyn5k2Gi7
mmKzhxfLFrGNcfav83he1I62sFVsAUsylK1AbwdJcm5kAKrXg/eTPnClSeGvwXwV
0ilqT2exfFHLchUJZQR2kYC7Ab3eVMByhrQ+jOsGQh/sQnf4jdBud7rYh9HZzTTF
KAuj0j7PD659ocIZ1cFQ0LTdI+nKV0IzlW6BJygmvzuLyJm8OO9u57I6bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAehcY4iTguvwYq7++sMpXMg3sUzMB8GA1UdIwQY
MBaAFAVjyyY99Q0tTQc8D322zSd2MCydMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQldQTEpqMzFEUzFOQnp3UGZiYk5KM1l3TEowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi82MmU1ZjItMjViMy00NTU3LWFhOTQt
MTUwMzU0YjAwZTU1LzEvQjZGeGppSk9DNl9CaXJ2NzZ3eWxjeURleFRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi82MmU1ZjItMjViMy00NTU3LWFhOTQtMTUwMzU0YjAwZTU1
LzEvQldQTEpqMzFEUzFOQnp3UGZiYk5KM1l3TEowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubFIMA0G
CSqGSIb3DQEBCwUAA4IBAQAK2YbDykVUu/swvNh0deF71RzkdoAWNSovcSk2YZXK
UDUUVK+80g28rg+Kv1KPPVE1N/rK7n1LKqE+S8NFVvkbsNtm9kR7u2Zt2i1CXr8L
fRHQ1DUgP7OeZPWnblRz7YHYm+TK8VMe2eQ+5QWbSoipTKAmKuzLc9uwpRwG7iZF
AvPyjfCZOBiQzfM7iSeWdzrKz200rihMIuRUc6K18CGWYjII1ABR5dZd25lBdqxl
yvJIumb3cODZBrn18XPplk1VMNf/KaI0bHc/hkKjNBEMYWuIm4zysmpgxMPj4IRP
AnjggXsXDd4hsyPdyII64YaR3wRsNv6QIof+aSVzZQ1x
-----END CERTIFICATE-----