Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/Bhr4PqPMJ7XfTqfqoICcEl0Qvnc.roa
File:                     Bhr4PqPMJ7XfTqfqoICcEl0Qvnc.roa (raw, json)
Hash identifier:          W9DQtZJNWD86BWVc5tfH1lOVvZkbiyClGGDUK1kbjG0=
Subject key identifier:   06:1A:F8:3E:A3:CC:27:B5:DF:4E:A7:EA:A0:80:9C:12:5D:10:BE:77
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       0196DD201A7FE41AB0771BB96C1437D77F95
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/Bhr4PqPMJ7XfTqfqoICcEl0Qvnc.roa
Signing time:             Sat 17 May 2025 07:23:10 +0000
ROA not before:           Sat 17 May 2025 07:23:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214432
IP address blocks:        87.229.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 01:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:dd:20:1a:7f:e4:1a:b0:77:1b:b9:6c:14:37:d7:7f:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: May 17 07:23:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=061af83ea3cc27b5df4ea7eaa0809c125d10be77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:57:47:36:12:d5:c0:b0:3f:90:20:f0:d5:86:
                    82:cc:e3:17:61:2b:2d:ce:d9:06:d5:6f:c6:7f:cd:
                    ca:f7:82:f6:74:c7:b3:36:f1:d5:f8:cc:20:8e:3e:
                    a3:15:25:74:55:ee:4f:cd:c1:d4:25:25:29:20:af:
                    27:63:9d:96:fe:64:8b:6e:d8:7e:65:89:e0:e7:2c:
                    bf:6d:7f:1c:49:13:6d:4c:40:4d:1a:c3:3a:41:58:
                    67:43:74:25:b3:a8:69:59:bc:1a:7c:18:24:7b:9d:
                    8a:7d:19:26:94:3e:b4:73:40:da:5b:23:e9:eb:a7:
                    90:b5:bc:97:98:bc:14:94:82:fa:43:d3:03:20:c9:
                    9c:56:af:32:68:63:25:0a:80:13:23:0d:8b:ac:6c:
                    db:40:34:67:97:fc:0a:92:0e:73:2b:fc:0c:03:39:
                    6d:11:df:b5:a3:58:2b:9c:63:89:4d:36:17:13:a0:
                    cd:9c:4a:c4:d6:a2:76:f8:cd:5d:39:45:ab:72:49:
                    e1:c9:c4:8b:f3:ee:a9:3e:16:93:09:84:f6:86:46:
                    55:e1:10:af:3c:bb:30:a4:73:27:29:60:ec:e8:a7:
                    2f:c6:97:10:1d:6d:05:12:9f:c5:1c:a3:7a:52:33:
                    0d:28:3e:79:51:f1:6e:ca:30:1c:0f:2e:b8:2a:0f:
                    8a:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:1A:F8:3E:A3:CC:27:B5:DF:4E:A7:EA:A0:80:9C:12:5D:10:BE:77
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/Bhr4PqPMJ7XfTqfqoICcEl0Qvnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:24:24:51:c3:5a:3a:b4:2e:92:a0:6f:66:ad:19:95:53:eb:
         3f:bd:c7:c8:cf:2d:9e:af:35:8e:8f:15:a5:64:d0:2a:8f:bd:
         28:29:5e:db:67:78:f4:03:42:f6:01:44:a1:27:fa:ab:0c:e1:
         41:6d:16:12:cc:8a:af:b5:74:d5:7b:82:f2:49:e0:ea:63:f4:
         04:9c:7b:f2:fb:c9:7a:49:64:c5:c4:77:c9:cf:6e:e0:3e:8f:
         22:ec:a2:3b:f3:ec:95:43:ba:f2:bf:ec:83:6c:c1:18:3e:fe:
         32:41:92:98:58:ee:e3:a7:97:1c:fe:a0:18:24:1a:1a:7b:2a:
         1f:88:6e:b0:3c:04:d6:2f:e2:60:9f:fb:72:00:c2:49:eb:fd:
         88:80:dc:9b:a3:c2:26:0e:78:20:15:15:79:5f:2d:3a:19:3e:
         fa:45:48:ba:95:f7:75:70:b3:d7:3f:7e:ff:78:50:c6:e5:94:
         3d:60:a7:62:f3:66:2a:27:01:30:ed:25:e3:e2:3a:ce:82:a2:
         e0:e7:28:17:a3:b8:cb:c3:2f:95:01:f0:54:9f:f8:ce:32:39:
         ed:63:56:15:e1:9d:c6:84:a9:15:96:a8:e9:25:0b:5f:f3:28:
         05:49:a8:45:dc:60:00:81:df:1d:69:e3:9b:3d:f0:e9:97:28:
         65:54:ef:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbdIBp/5Bqwdxu5bBQ313+VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwNTE3MDcyMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjFhZjgzZWEzY2MyN2I1ZGY0ZWE3ZWFhMDgwOWMxMjVkMTBiZTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVdHNhLVwLA/kCDw1YaCzOMXYSst
ztkG1W/Gf83K94L2dMezNvHV+Mwgjj6jFSV0Ve5PzcHUJSUpIK8nY52W/mSLbth+
ZYng5yy/bX8cSRNtTEBNGsM6QVhnQ3Qls6hpWbwafBgke52KfRkmlD60c0DaWyPp
66eQtbyXmLwUlIL6Q9MDIMmcVq8yaGMlCoATIw2LrGzbQDRnl/wKkg5zK/wMAzlt
Ed+1o1grnGOJTTYXE6DNnErE1qJ2+M1dOUWrcknhycSL8+6pPhaTCYT2hkZV4RCv
PLswpHMnKWDs6KcvxpcQHW0FEp/FHKN6UjMNKD55UfFuyjAcDy64Kg+KVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYa+D6jzCe1306n6qCAnBJdEL53MB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvQmhyNFBxUE1KN1hmVHFmcW9JQ2NFbDBRdm5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+ULMA0G
CSqGSIb3DQEBCwUAA4IBAQBVJCRRw1o6tC6SoG9mrRmVU+s/vcfIzy2erzWOjxWl
ZNAqj70oKV7bZ3j0A0L2AUShJ/qrDOFBbRYSzIqvtXTVe4LySeDqY/QEnHvy+8l6
SWTFxHfJz27gPo8i7KI78+yVQ7ryv+yDbMEYPv4yQZKYWO7jp5cc/qAYJBoaeyof
iG6wPATWL+Jgn/tyAMJJ6/2IgNybo8ImDnggFRV5Xy06GT76RUi6lfd1cLPXP37/
eFDG5ZQ9YKdi82YqJwEw7SXj4jrOgqLg5ygXo7jLwy+VAfBUn/jOMjntY1YV4Z3G
hKkVlqjpJQtf8ygFSahF3GAAgd8daeObPfDplyhlVO8j
-----END CERTIFICATE-----