Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sCFbaEP4Wuv0Ym1Kv-GBWKgKaF0.roa
File:                     sCFbaEP4Wuv0Ym1Kv-GBWKgKaF0.roa (raw, json)
Hash identifier:          UXFRxD+z23cEMnev2sLRBkAbTtqoKpQ8NlqRK1iIA40=
Subject key identifier:   B0:21:5B:68:43:F8:5A:EB:F4:62:6D:4A:BF:E1:81:58:A8:0A:68:5D
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0196B65735218C890646FF44A0344FEB61CA
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sCFbaEP4Wuv0Ym1Kv-GBWKgKaF0.roa
Signing time:             Fri 09 May 2025 18:38:10 +0000
ROA not before:           Fri 09 May 2025 18:38:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208711
IP address blocks:        193.218.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b6:57:35:21:8c:89:06:46:ff:44:a0:34:4f:eb:61:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: May  9 18:38:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0215b6843f85aebf4626d4abfe18158a80a685d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b3:ee:6d:e7:cf:b7:a6:ae:c4:f9:e3:5b:0f:
                    e9:0f:2d:92:87:d2:70:df:a1:fb:21:96:3c:b6:38:
                    9e:77:3e:d7:19:b1:1f:b2:25:7c:b7:0b:bb:4d:7b:
                    43:d4:26:33:15:c9:e6:97:d8:a8:62:fc:4e:41:7e:
                    57:1d:86:ff:74:e1:fb:88:c6:3f:c7:06:3a:04:4a:
                    b5:58:cb:e7:57:c3:7a:ef:97:f7:c1:bf:34:68:fa:
                    18:9b:88:64:47:d7:39:e4:36:db:b1:57:ca:bc:a2:
                    b2:d0:9e:73:9e:32:4e:23:eb:db:20:c7:32:a5:b5:
                    9f:dc:33:b5:b1:cf:b8:5f:92:c2:d8:eb:78:cd:b7:
                    53:bb:b5:38:52:f9:ac:ab:e3:3e:40:66:bd:0e:3f:
                    59:20:5b:74:d5:c2:0e:0c:0c:23:14:f7:5e:ce:dc:
                    a3:e6:ff:2b:e5:be:68:49:d6:08:52:41:77:0a:80:
                    49:5f:d3:8d:e0:a8:74:b3:cc:36:6f:44:6f:3b:61:
                    18:fb:17:fc:d5:05:ce:8b:90:59:4b:e3:b8:81:14:
                    52:ac:bb:5a:3e:fb:a7:f8:37:31:87:72:88:e5:f0:
                    8d:e1:ca:38:d1:bb:b5:11:5a:2e:c6:1f:57:1b:d1:
                    dc:b8:d9:12:28:ef:c5:74:df:72:17:92:cc:7b:87:
                    b5:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:21:5B:68:43:F8:5A:EB:F4:62:6D:4A:BF:E1:81:58:A8:0A:68:5D
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sCFbaEP4Wuv0Ym1Kv-GBWKgKaF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.218.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:88:a5:00:fc:80:88:de:b3:26:0b:7f:fa:59:e1:e0:86:6b:
         20:82:79:80:45:1c:e9:f1:3d:ec:75:0b:4e:0d:ec:aa:fe:6e:
         cd:3b:70:be:83:b9:57:4b:19:1f:a5:a0:6f:8a:9b:59:ad:9d:
         87:e3:7c:cb:fe:7c:23:11:1e:75:50:53:a1:0c:d7:34:24:97:
         3e:7b:fe:49:d5:46:5f:17:48:99:78:aa:40:86:ff:7f:82:bb:
         d1:23:a1:f9:79:8d:3d:34:f8:35:1e:eb:13:91:11:3c:5a:76:
         de:13:27:37:52:a7:62:8e:3d:e7:7e:f0:c8:7a:2b:eb:f3:55:
         34:90:61:13:4e:53:ed:bd:db:32:51:dc:5f:5d:fe:a6:71:24:
         7d:65:5e:18:43:68:7a:a5:98:a8:6f:c3:e6:fc:ac:df:45:08:
         98:77:30:ec:4d:fe:74:49:f9:d7:8f:cb:12:ed:59:de:82:a6:
         aa:49:c4:fa:b2:69:1b:24:32:a0:16:c5:c7:c1:7c:d6:ff:3d:
         e2:1d:f2:af:1e:1e:63:5d:5d:33:1e:e0:b2:75:39:ec:ff:14:
         03:35:17:db:6c:11:86:4d:b9:fb:ed:9f:13:61:07:fe:cf:70:
         a6:61:8d:e0:78:d4:84:f5:55:0a:9e:c6:f1:ca:9a:1d:fa:24:
         59:d7:5e:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZa2VzUhjIkGRv9EoDRP62HKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwNTA5MTgzODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDIxNWI2ODQzZjg1YWViZjQ2MjZkNGFiZmUxODE1OGE4MGE2ODVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7PubefPt6auxPnjWw/pDy2Sh9Jw
36H7IZY8tjiedz7XGbEfsiV8twu7TXtD1CYzFcnml9ioYvxOQX5XHYb/dOH7iMY/
xwY6BEq1WMvnV8N675f3wb80aPoYm4hkR9c55DbbsVfKvKKy0J5znjJOI+vbIMcy
pbWf3DO1sc+4X5LC2Ot4zbdTu7U4Uvmsq+M+QGa9Dj9ZIFt01cIODAwjFPdeztyj
5v8r5b5oSdYIUkF3CoBJX9ON4Kh0s8w2b0RvO2EY+xf81QXOi5BZS+O4gRRSrLta
Pvun+Dcxh3KI5fCN4co40bu1EVouxh9XG9HcuNkSKO/FdN9yF5LMe4e1XwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLAhW2hD+Frr9GJtSr/hgVioCmhdMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvc0NGYmFFUDRXdXYwWW0xS3YtR0JXS2dLYUYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwdoiMA0G
CSqGSIb3DQEBCwUAA4IBAQCDiKUA/ICI3rMmC3/6WeHghmsggnmARRzp8T3sdQtO
Deyq/m7NO3C+g7lXSxkfpaBviptZrZ2H43zL/nwjER51UFOhDNc0JJc+e/5J1UZf
F0iZeKpAhv9/grvRI6H5eY09NPg1HusTkRE8WnbeEyc3Uqdijj3nfvDIeivr81U0
kGETTlPtvdsyUdxfXf6mcSR9ZV4YQ2h6pZiob8Pm/KzfRQiYdzDsTf50SfnXj8sS
7VnegqaqScT6smkbJDKgFsXHwXzW/z3iHfKvHh5jXV0zHuCydTns/xQDNRfbbBGG
Tbn77Z8TYQf+z3CmYY3geNSE9VUKnsbxypod+iRZ117Q
-----END CERTIFICATE-----