Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/v351lIoVaMSGQF0c-sQ65md8TJQ.roa
File:                     v351lIoVaMSGQF0c-sQ65md8TJQ.roa (raw, json)
Hash identifier:          F/cWSoFhmfjfb95usP6akobuaKcG3KFvdVP5rEztjic=
Subject key identifier:   BF:7E:75:94:8A:15:68:C4:86:40:5D:1C:FA:C4:3A:E6:67:7C:4C:94
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0196F8C977514ECD2D78ABC5189D3CED9F9E
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/v351lIoVaMSGQF0c-sQ65md8TJQ.roa
Signing time:             Thu 22 May 2025 16:17:54 +0000
ROA not before:           Thu 22 May 2025 16:17:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29119
IP address blocks:        185.227.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f8:c9:77:51:4e:cd:2d:78:ab:c5:18:9d:3c:ed:9f:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: May 22 16:17:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf7e75948a1568c486405d1cfac43ae6677c4c94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:29:fd:42:f0:7d:58:10:8d:9f:3d:36:d8:31:
                    13:0b:f1:43:dd:c4:11:85:a5:bb:04:21:aa:d7:7f:
                    19:b3:d2:43:53:91:bc:32:d8:12:91:f4:60:59:fa:
                    6a:62:f8:38:f7:a5:fc:a9:e9:4b:af:ab:49:10:93:
                    e2:4b:ec:cc:b0:44:e6:0f:85:0b:d6:4d:00:a0:b5:
                    84:50:a5:0c:6b:55:a7:fa:c3:c5:5f:5d:01:3b:47:
                    78:95:f8:c6:38:74:c4:7a:57:5e:f6:e6:92:4d:dc:
                    de:1d:8d:e6:4d:58:bd:d8:2f:cc:84:84:f3:6d:ed:
                    25:07:74:37:78:2d:f1:cc:f7:6b:fe:bd:ed:46:b0:
                    d3:fc:95:02:02:95:28:72:fb:bd:80:30:45:43:ff:
                    b0:cc:d2:8f:ee:c0:a8:12:c0:c0:e9:a9:8e:ea:3d:
                    39:b5:02:aa:0d:ac:b0:c5:ac:73:2d:03:b8:53:4f:
                    db:38:53:1e:0b:8b:4e:1b:1f:7c:ff:ae:18:df:92:
                    66:01:18:fe:49:e0:50:ee:02:1d:78:e3:71:65:0d:
                    df:36:52:32:ff:41:2d:e8:ef:47:8a:02:f8:68:db:
                    f5:58:84:56:4a:e4:e2:dc:f6:0d:0c:5f:a0:99:77:
                    b3:86:38:d4:1b:da:21:86:21:20:f8:dd:ee:bd:a8:
                    f3:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:7E:75:94:8A:15:68:C4:86:40:5D:1C:FA:C4:3A:E6:67:7C:4C:94
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/v351lIoVaMSGQF0c-sQ65md8TJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:28:e9:45:72:a7:62:0f:1f:a1:11:fd:1b:2d:e9:e1:3e:be:
         12:c6:d2:45:b1:cb:3d:4f:18:a7:34:e7:7b:60:9f:da:1f:6c:
         3e:de:bc:32:59:0e:db:ee:43:11:6a:6d:73:7c:c0:0b:1a:f4:
         f2:8b:49:7d:ab:fc:01:24:93:b2:15:88:04:f0:46:8f:93:ab:
         f6:93:59:6d:23:c6:69:52:28:bc:e7:b6:aa:fe:41:c0:cd:81:
         52:52:3e:83:68:e2:3f:24:9b:ef:cf:54:1f:30:31:26:13:1c:
         5c:52:f6:d3:43:04:5e:3c:00:ff:76:08:b6:89:a2:32:dd:e4:
         f0:d2:21:aa:48:03:3a:1b:fe:ac:54:2c:8d:3d:fb:45:9e:56:
         74:5b:9c:f5:79:5d:b7:0e:57:b5:06:b8:d4:5d:8c:68:81:5e:
         08:55:df:2b:dd:99:c6:0e:d1:09:67:30:9f:96:ac:41:e9:f6:
         04:75:0b:d0:e9:e6:cb:a8:3e:91:9c:10:04:d3:4b:3c:20:b9:
         0c:cc:5d:27:86:b6:75:fb:28:b1:6e:7f:b6:99:df:81:29:f3:
         0c:cd:b6:b6:66:e3:92:57:c9:3a:6b:19:5e:bf:c1:37:35:ef:
         6c:ba:74:b3:74:c1:e5:04:b6:7e:14:78:30:47:6d:9a:39:da:
         fe:ca:92:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb4yXdRTs0teKvFGJ087Z+eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwNTIyMTYxNzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjdlNzU5NDhhMTU2OGM0ODY0MDVkMWNmYWM0M2FlNjY3N2M0Yzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCn9QvB9WBCNnz022DETC/FD3cQR
haW7BCGq138Zs9JDU5G8MtgSkfRgWfpqYvg496X8qelLr6tJEJPiS+zMsETmD4UL
1k0AoLWEUKUMa1Wn+sPFX10BO0d4lfjGOHTEelde9uaSTdzeHY3mTVi92C/MhITz
be0lB3Q3eC3xzPdr/r3tRrDT/JUCApUocvu9gDBFQ/+wzNKP7sCoEsDA6amO6j05
tQKqDaywxaxzLQO4U0/bOFMeC4tOGx98/64Y35JmARj+SeBQ7gIdeONxZQ3fNlIy
/0Et6O9HigL4aNv1WIRWSuTi3PYNDF+gmXezhjjUG9ohhiEg+N3uvajz6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9+dZSKFWjEhkBdHPrEOuZnfEyUMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvdjM1MWxJb1ZhTVNHUUYwYy1zUTY1bWQ4VEpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueNmMA0G
CSqGSIb3DQEBCwUAA4IBAQBoKOlFcqdiDx+hEf0bLenhPr4SxtJFscs9TxinNOd7
YJ/aH2w+3rwyWQ7b7kMRam1zfMALGvTyi0l9q/wBJJOyFYgE8EaPk6v2k1ltI8Zp
Uii857aq/kHAzYFSUj6DaOI/JJvvz1QfMDEmExxcUvbTQwRePAD/dgi2iaIy3eTw
0iGqSAM6G/6sVCyNPftFnlZ0W5z1eV23Dle1BrjUXYxogV4IVd8r3ZnGDtEJZzCf
lqxB6fYEdQvQ6ebLqD6RnBAE00s8ILkMzF0nhrZ1+yixbn+2md+BKfMMzba2ZuOS
V8k6axlev8E3Ne9sunSzdMHlBLZ+FHgwR22aOdr+ypKX
-----END CERTIFICATE-----