Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/02X52inJU55417N4jjnfki5LhzM.roa
File:                     02X52inJU55417N4jjnfki5LhzM.roa (raw, json)
Hash identifier:          wLoS+rlsDtDtHreqm9+8Q45fOA2cLn9k6hJotbmxTjk=
Subject key identifier:   D3:65:F9:DA:29:C9:53:9E:78:D7:B3:78:8E:39:DF:92:2E:4B:87:33
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019537DF1BB0E76D6AE32F0990F0100A7C5C
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/02X52inJU55417N4jjnfki5LhzM.roa
Signing time:             Mon 24 Feb 2025 12:12:03 +0000
ROA not before:           Mon 24 Feb 2025 12:12:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214025
IP address blocks:        87.229.22.0/24 maxlen: 24
                          87.229.79.0/24 maxlen: 24
                          87.229.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:37:df:1b:b0:e7:6d:6a:e3:2f:09:90:f0:10:0a:7c:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Feb 24 12:12:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d365f9da29c9539e78d7b3788e39df922e4b8733
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c3:a1:87:21:b2:c0:8e:4f:b5:92:1e:fa:ec:
                    bd:e4:70:a0:42:dd:6e:4e:9d:ff:12:bd:0b:71:bb:
                    39:0a:e9:0f:2a:ec:49:84:34:b0:3f:01:f6:74:8d:
                    5f:8e:97:3d:0b:fe:eb:36:ed:f3:bd:bf:65:19:dd:
                    e5:af:03:93:46:25:8f:0c:a7:0a:3a:b2:8b:6e:c4:
                    05:d2:33:e8:9d:f7:5b:8b:67:e8:ea:a4:f6:63:67:
                    01:fa:85:9a:b8:27:7d:8f:4a:61:cc:8e:c6:af:ee:
                    ca:63:bc:32:e3:a4:f5:3b:be:e8:39:f3:ac:7f:15:
                    df:3e:0d:5c:de:7e:94:51:ab:d5:18:1d:96:37:18:
                    8e:3f:8e:0b:07:d8:cf:9f:fc:f3:c5:0b:59:83:24:
                    37:57:61:57:43:70:26:8a:73:ab:d1:6a:92:e3:2d:
                    e1:31:fe:a1:ed:f8:d5:3c:ae:0c:50:70:41:02:a0:
                    3b:8e:b7:f9:f6:4f:6a:fb:1f:67:5b:23:1f:f3:84:
                    7a:a5:d1:c5:86:ef:64:4c:cc:f8:de:68:5c:24:0b:
                    c2:7a:cb:a9:83:e9:01:db:c3:a1:88:53:d9:7d:e3:
                    93:1d:36:6e:4f:48:57:ad:52:a2:73:66:2e:88:2c:
                    0c:3e:c8:1e:5a:4b:32:b5:cc:8c:13:82:2e:15:62:
                    46:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:65:F9:DA:29:C9:53:9E:78:D7:B3:78:8E:39:DF:92:2E:4B:87:33
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/02X52inJU55417N4jjnfki5LhzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.22.0/24
                  87.229.79.0/24
                  87.229.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:13:0a:a2:39:a7:ae:f9:61:5b:27:56:26:9e:21:83:21:97:
         e7:38:7b:4f:5f:bf:ca:40:27:8d:60:e4:2f:49:f5:03:45:18:
         91:8f:33:8a:b7:88:22:67:bc:ae:12:ca:5d:2c:ac:29:22:15:
         1a:aa:1d:a6:dd:f5:27:e0:c8:1b:aa:ea:50:fa:5a:a6:30:6e:
         8d:f7:d4:49:c4:9a:9f:a0:5b:e0:31:9d:5c:0d:e6:73:b0:55:
         a7:cd:96:b1:72:f0:d3:1c:1f:ba:99:97:8c:67:8e:b6:5d:2d:
         29:66:79:fe:e7:81:53:1c:f9:8c:b1:26:2d:99:a4:75:92:dc:
         cf:a5:73:87:7d:3d:cc:b1:38:80:90:ca:6d:d0:66:b9:c3:48:
         6f:9b:34:ca:7f:1c:0c:e0:fc:2c:eb:99:bb:cf:d8:0f:1b:1e:
         07:52:93:84:6b:b7:94:aa:6a:e5:6a:2f:ed:0d:0e:38:be:14:
         4c:09:de:84:99:d0:3d:53:3a:b1:1f:ef:db:0b:36:f2:e6:c4:
         a3:68:0c:44:25:28:08:8a:4d:b9:50:52:6a:6b:ba:2b:b7:35:
         7f:98:a4:27:81:43:16:c6:dc:05:98:e6:a1:65:94:1c:35:be:
         70:fa:78:2d:a8:1c:34:a3:bb:89:c3:91:7d:f7:e3:a9:13:3c:
         13:2c:5e:9f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZU33xuw521q4y8JkPAQCnxcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwMjI0MTIxMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzY1ZjlkYTI5Yzk1MzllNzhkN2IzNzg4ZTM5ZGY5MjJlNGI4NzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8OhhyGywI5PtZIe+uy95HCgQt1u
Tp3/Er0Lcbs5CukPKuxJhDSwPwH2dI1fjpc9C/7rNu3zvb9lGd3lrwOTRiWPDKcK
OrKLbsQF0jPonfdbi2fo6qT2Y2cB+oWauCd9j0phzI7Gr+7KY7wy46T1O77oOfOs
fxXfPg1c3n6UUavVGB2WNxiOP44LB9jPn/zzxQtZgyQ3V2FXQ3AminOr0WqS4y3h
Mf6h7fjVPK4MUHBBAqA7jrf59k9q+x9nWyMf84R6pdHFhu9kTMz43mhcJAvCesup
g+kB28OhiFPZfeOTHTZuT0hXrVKic2YuiCwMPsgeWksytcyME4IuFWJGgwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNNl+dopyVOeeNezeI4535IuS4czMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvMDJYNTJpbkpVNTU0MTdONGpqbmZraTVMaHpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAV+UWAwQA
V+VPAwQAV+V8MA0GCSqGSIb3DQEBCwUAA4IBAQB3EwqiOaeu+WFbJ1YmniGDIZfn
OHtPX7/KQCeNYOQvSfUDRRiRjzOKt4giZ7yuEspdLKwpIhUaqh2m3fUn4MgbqupQ
+lqmMG6N99RJxJqfoFvgMZ1cDeZzsFWnzZaxcvDTHB+6mZeMZ462XS0pZnn+54FT
HPmMsSYtmaR1ktzPpXOHfT3MsTiAkMpt0Ga5w0hvmzTKfxwM4Pws65m7z9gPGx4H
UpOEa7eUqmrlai/tDQ44vhRMCd6EmdA9UzqxH+/bCzby5sSjaAxEJSgIik25UFJq
a7ortzV/mKQngUMWxtwFmOahZZQcNb5w+ngtqBw0o7uJw5F99+OpEzwTLF6f
-----END CERTIFICATE-----