Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/s0b5Fwdu-zyh8O2GAm7qQ0wY_w0.roa
File:                     s0b5Fwdu-zyh8O2GAm7qQ0wY_w0.roa (raw, json)
Hash identifier:          Eks6tlyajlng306QOp1CtkVeuU4kzzJoAMHFpAAbNDE=
Subject key identifier:   B3:46:F9:17:07:6E:FB:3C:A1:F0:ED:86:02:6E:EA:43:4C:18:FF:0D
Certificate issuer:       /CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
Certificate serial:       01977A37AB549D048EDCA0695DFF569E2B25
Authority key identifier: 51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/s0b5Fwdu-zyh8O2GAm7qQ0wY_w0.roa
Signing time:             Mon 16 Jun 2025 19:29:17 +0000
ROA not before:           Mon 16 Jun 2025 19:29:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215362
IP address blocks:        88.80.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 01:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7a:37:ab:54:9d:04:8e:dc:a0:69:5d:ff:56:9e:2b:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5124fba1e401c03e5ba1cd77ae9ee39cfd631bfb
        Validity
            Not Before: Jun 16 19:29:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b346f917076efb3ca1f0ed86026eea434c18ff0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:cf:0e:7d:ae:92:57:bb:9f:64:4a:aa:19:87:
                    73:70:d7:62:f4:1d:ed:91:93:7a:28:38:cd:0a:26:
                    3f:0a:78:a4:0f:d3:c9:38:3f:92:18:5e:34:89:e3:
                    e1:4a:7d:83:8b:27:87:e2:47:2a:f6:b3:cf:da:64:
                    64:80:ce:5e:3e:9c:37:32:1d:df:d6:98:63:4a:c4:
                    3c:1b:f1:80:10:3b:f1:cc:40:1a:90:cf:a6:7d:bf:
                    84:0a:2f:27:28:55:1c:36:d6:5b:68:70:fe:b6:5d:
                    d9:36:d5:0e:b2:a3:de:c1:67:85:9c:08:f9:41:ae:
                    72:88:c6:59:4e:a2:7c:51:c6:b1:c3:0c:91:2b:1d:
                    8c:37:7f:68:af:79:1f:fb:ae:2a:4f:28:47:8b:dd:
                    c1:c1:a6:a7:9a:a6:fe:5b:06:cc:bf:56:ef:2e:43:
                    3b:b3:77:87:b8:76:3b:67:72:59:96:e1:05:2e:06:
                    0a:5b:29:b8:7d:c0:1b:95:1c:fb:fb:dc:ea:cf:8b:
                    c4:db:22:d7:66:cd:19:14:54:37:c4:a6:e8:cc:fc:
                    27:39:a0:7b:76:97:81:42:88:2e:0a:0a:3b:ff:b0:
                    de:66:4c:60:af:3a:63:5b:1c:2a:e5:18:e6:b2:51:
                    3c:b2:4a:f0:5c:fa:72:32:7a:c1:dd:6c:48:10:ee:
                    db:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:46:F9:17:07:6E:FB:3C:A1:F0:ED:86:02:6E:EA:43:4C:18:FF:0D
            X509v3 Authority Key Identifier:
                keyid:51:24:FB:A1:E4:01:C0:3E:5B:A1:CD:77:AE:9E:E3:9C:FD:63:1B:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UST7oeQBwD5boc13rp7jnP1jG_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/s0b5Fwdu-zyh8O2GAm7qQ0wY_w0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b714ad-1f78-4a10-8e61-ab8f1f3387ee/1/UST7oeQBwD5boc13rp7jnP1jG_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.80.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:e1:29:22:b5:42:d2:e9:3c:0b:ba:bb:e3:f7:3f:f2:61:5e:
         53:f0:60:91:01:cd:6a:fe:2f:1f:0a:58:ae:e3:39:f4:95:27:
         cb:b3:27:c9:67:c1:9f:c7:93:1f:58:fc:ab:21:44:f0:2e:b3:
         fa:40:33:58:5f:dd:5c:36:e0:a2:11:f4:cb:68:9b:d6:a7:b5:
         94:9d:53:a5:73:09:ac:5b:73:52:f8:93:90:e0:17:23:3b:c4:
         bc:cb:c4:ff:b2:52:a4:82:3f:52:ba:1c:27:d7:24:b6:f5:f7:
         8e:09:c1:d3:19:78:4d:10:75:2c:65:0f:3f:e5:92:cf:6b:c9:
         50:b2:d4:f0:86:e1:bb:48:90:f0:43:69:d2:06:44:af:32:98:
         de:39:4b:2e:6a:95:83:ca:c4:dc:65:00:ce:03:59:db:ce:8a:
         25:b1:13:98:25:42:a9:ea:ad:b4:23:2e:7e:b9:66:48:ce:ed:
         8f:2e:d0:bd:85:30:60:9e:1b:5c:b1:66:2c:17:d7:59:ea:d0:
         54:06:26:e4:f9:f6:1d:63:f3:c7:50:6b:ba:4c:2a:e7:7c:16:
         2e:ae:6c:65:27:0c:8e:06:7c:35:48:bc:d7:73:72:67:cb:87:
         40:b1:59:dd:bc:3d:00:28:cb:6f:a3:5e:e2:d5:93:3a:2d:87:
         63:a2:d9:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd6N6tUnQSO3KBpXf9WnislMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjRmYmExZTQwMWMwM2U1YmExY2Q3N2FlOWVlMzljZmQ2
MzFiZmIwHhcNMjUwNjE2MTkyOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzQ2ZjkxNzA3NmVmYjNjYTFmMGVkODYwMjZlZWE0MzRjMThmZjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArs8Ofa6SV7ufZEqqGYdzcNdi9B3t
kZN6KDjNCiY/CnikD9PJOD+SGF40iePhSn2DiyeH4kcq9rPP2mRkgM5ePpw3Mh3f
1phjSsQ8G/GAEDvxzEAakM+mfb+ECi8nKFUcNtZbaHD+tl3ZNtUOsqPewWeFnAj5
Qa5yiMZZTqJ8UcaxwwyRKx2MN39or3kf+64qTyhHi93Bwaanmqb+WwbMv1bvLkM7
s3eHuHY7Z3JZluEFLgYKWym4fcAblRz7+9zqz4vE2yLXZs0ZFFQ3xKbozPwnOaB7
dpeBQoguCgo7/7DeZkxgrzpjWxwq5RjmslE8skrwXPpyMnrB3WxIEO7bPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLNG+RcHbvs8ofDthgJu6kNMGP8NMB8GA1UdIwQY
MBaAFFEk+6HkAcA+W6HNd66e45z9Yxv7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEt
YWI4ZjFmMzM4N2VlLzEvczBiNUZ3ZHUtenloOE8yR0FtN3FRMHdZX3cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzE0YWQtMWY3OC00YTEwLThlNjEtYWI4ZjFmMzM4N2Vl
LzEvVVNUN29lUUJ3RDVib2MxM3JwN2puUDFqR19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWFCHMA0G
CSqGSIb3DQEBCwUAA4IBAQCH4SkitULS6TwLurvj9z/yYV5T8GCRAc1q/i8fCliu
4zn0lSfLsyfJZ8Gfx5MfWPyrIUTwLrP6QDNYX91cNuCiEfTLaJvWp7WUnVOlcwms
W3NS+JOQ4BcjO8S8y8T/slKkgj9Suhwn1yS29feOCcHTGXhNEHUsZQ8/5ZLPa8lQ
stTwhuG7SJDwQ2nSBkSvMpjeOUsuapWDysTcZQDOA1nbzoolsROYJUKp6q20Iy5+
uWZIzu2PLtC9hTBgnhtcsWYsF9dZ6tBUBibk+fYdY/PHUGu6TCrnfBYurmxlJwyO
Bnw1SLzXc3Jny4dAsVndvD0AKMtvo17i1ZM6LYdjotk6
-----END CERTIFICATE-----