Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/ad570e-7e21-4671-a7bd-6795e6c87247/1/RJNuysFIW66Gw4c0piXvnXkEo9o.roa
File:                     RJNuysFIW66Gw4c0piXvnXkEo9o.roa (raw, json)
Hash identifier:          /TsRrqxKejX5cWBdLvn7sFDNt5iNj6A7iHaePoLLWJk=
Subject key identifier:   44:93:6E:CA:C1:48:5B:AE:86:C3:87:34:A6:25:EF:9D:79:04:A3:DA
Certificate issuer:       /CN=bd9a03521864fde571afadef01f32975983d1f62
Certificate serial:       019690EDE00F17AD30C79150B24BF8F04655
Authority key identifier: BD:9A:03:52:18:64:FD:E5:71:AF:AD:EF:01:F3:29:75:98:3D:1F:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vZoDUhhk_eVxr63vAfMpdZg9H2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/ad570e-7e21-4671-a7bd-6795e6c87247/1/RJNuysFIW66Gw4c0piXvnXkEo9o.roa
Signing time:             Fri 02 May 2025 12:17:10 +0000
ROA not before:           Fri 02 May 2025 12:17:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38915
IP address blocks:        178.21.216.0/21 maxlen: 21
                          2a00:1de0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/ad570e-7e21-4671-a7bd-6795e6c87247/1/vZoDUhhk_eVxr63vAfMpdZg9H2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/ad570e-7e21-4671-a7bd-6795e6c87247/1/vZoDUhhk_eVxr63vAfMpdZg9H2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vZoDUhhk_eVxr63vAfMpdZg9H2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 07:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:90:ed:e0:0f:17:ad:30:c7:91:50:b2:4b:f8:f0:46:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd9a03521864fde571afadef01f32975983d1f62
        Validity
            Not Before: May  2 12:17:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44936ecac1485bae86c38734a625ef9d7904a3da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:a9:f4:77:cd:e2:88:5f:ba:18:26:43:ea:71:
                    03:a0:2e:0d:36:c6:16:65:39:fe:ce:de:63:52:a9:
                    ba:63:33:f7:3c:df:42:06:93:32:0b:fd:45:89:3e:
                    74:66:ed:50:cd:25:cb:9d:06:40:a1:1d:64:f0:da:
                    b8:d0:ee:73:cf:5c:af:1d:cc:cf:55:b8:72:1c:7e:
                    8c:32:82:22:38:fd:3f:c5:be:29:1c:ac:27:3c:aa:
                    42:a7:4e:fe:d9:dd:45:94:64:7e:a1:bb:d5:b9:c1:
                    d8:ab:ea:2a:cb:87:d9:99:b2:88:26:73:e7:ba:65:
                    d6:08:32:f8:63:95:67:31:5a:4b:89:b6:ed:e7:4b:
                    26:f6:74:c5:2e:78:9b:5d:1a:88:c9:d7:c3:b7:71:
                    f9:02:e7:4d:1f:ff:0f:22:ec:7d:54:be:39:91:ce:
                    81:cf:a7:03:25:5f:88:d8:48:8e:c5:d5:d6:b3:6b:
                    7a:99:2a:3a:3a:21:2c:f4:e5:df:2c:0c:40:cc:df:
                    e3:af:7c:86:a7:ee:d2:92:b7:6e:d0:e4:d0:a0:dd:
                    a9:24:cb:b7:04:de:69:ba:6f:4f:9b:b6:a2:2b:bd:
                    17:60:70:a8:2e:8c:3d:1e:bb:b6:0b:74:45:0d:61:
                    4e:39:ef:25:33:71:3b:a3:c1:13:5e:0d:62:01:63:
                    5f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:93:6E:CA:C1:48:5B:AE:86:C3:87:34:A6:25:EF:9D:79:04:A3:DA
            X509v3 Authority Key Identifier:
                keyid:BD:9A:03:52:18:64:FD:E5:71:AF:AD:EF:01:F3:29:75:98:3D:1F:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vZoDUhhk_eVxr63vAfMpdZg9H2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/ad570e-7e21-4671-a7bd-6795e6c87247/1/RJNuysFIW66Gw4c0piXvnXkEo9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/ad570e-7e21-4671-a7bd-6795e6c87247/1/vZoDUhhk_eVxr63vAfMpdZg9H2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.21.216.0/21
                IPv6:
                  2a00:1de0::/32

    Signature Algorithm: sha256WithRSAEncryption
         00:44:df:14:1c:eb:8d:c5:de:8c:d5:70:45:9c:d1:0d:52:f5:
         29:b7:ef:b9:f2:ee:71:1d:16:ef:cb:ea:5b:bc:ea:eb:b9:93:
         06:97:60:64:d9:40:94:a4:9b:c0:52:13:bb:f1:54:be:6a:5f:
         53:f2:9f:1d:1c:4b:31:cc:60:31:b2:5c:43:a7:12:20:ef:25:
         51:10:55:bd:e2:30:82:b9:f6:99:65:ac:72:18:d0:71:ac:dd:
         36:fd:db:07:aa:88:4c:a7:23:29:5f:9f:1d:fc:39:54:3d:19:
         0c:4e:96:a9:20:29:08:d2:79:be:e7:f9:f8:8b:6d:ae:42:d7:
         91:88:bf:33:5a:98:32:d6:01:1e:b1:5d:60:4a:9c:df:33:21:
         1d:49:01:77:80:a5:d3:5d:53:9b:9b:5e:ef:00:bf:2a:39:9c:
         cb:1d:77:7b:4e:53:d5:48:15:64:f5:39:de:d6:d1:49:98:41:
         96:56:71:ad:88:be:7b:ed:55:24:95:84:33:3b:07:37:ec:4f:
         4e:08:4b:af:3d:9a:ad:5e:c3:ed:1b:a3:c5:7b:d1:7b:90:6b:
         f7:9e:1c:eb:91:69:aa:72:dd:cf:c0:5a:d5:25:af:e5:7e:4a:
         b6:f6:e9:a6:6a:3e:6e:e9:2b:21:37:d1:11:67:00:70:5f:49:
         4b:72:7c:2c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZaQ7eAPF60wx5FQskv48EZVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkOWEwMzUyMTg2NGZkZTU3MWFmYWRlZjAxZjMyOTc1OTgz
ZDFmNjIwHhcNMjUwNTAyMTIxNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDkzNmVjYWMxNDg1YmFlODZjMzg3MzRhNjI1ZWY5ZDc5MDRhM2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0an0d83iiF+6GCZD6nEDoC4NNsYW
ZTn+zt5jUqm6YzP3PN9CBpMyC/1FiT50Zu1QzSXLnQZAoR1k8Nq40O5zz1yvHczP
VbhyHH6MMoIiOP0/xb4pHKwnPKpCp07+2d1FlGR+obvVucHYq+oqy4fZmbKIJnPn
umXWCDL4Y5VnMVpLibbt50sm9nTFLnibXRqIydfDt3H5AudNH/8PIux9VL45kc6B
z6cDJV+I2EiOxdXWs2t6mSo6OiEs9OXfLAxAzN/jr3yGp+7Skrdu0OTQoN2pJMu3
BN5pum9Pm7aiK70XYHCoLow9Hru2C3RFDWFOOe8lM3E7o8ETXg1iAWNf7QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFESTbsrBSFuuhsOHNKYl7515BKPaMB8GA1UdIwQY
MBaAFL2aA1IYZP3lca+t7wHzKXWYPR9iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlpvRFVoaGtfZVZ4cjYzdkFmTXBkWmc5SDJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9hZDU3MGUtN2UyMS00NjcxLWE3YmQt
Njc5NWU2Yzg3MjQ3LzEvUkpOdXlzRklXNjZHdzRjMHBpWHZuWGtFbzlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9hZDU3MGUtN2UyMS00NjcxLWE3YmQtNjc5NWU2Yzg3MjQ3
LzEvdlpvRFVoaGtfZVZ4cjYzdkFmTXBkWmc5SDJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDshXYMA0E
AgACMAcDBQAqAB3gMA0GCSqGSIb3DQEBCwUAA4IBAQAARN8UHOuNxd6M1XBFnNEN
UvUpt++58u5xHRbvy+pbvOrruZMGl2Bk2UCUpJvAUhO78VS+al9T8p8dHEsxzGAx
slxDpxIg7yVREFW94jCCufaZZaxyGNBxrN02/dsHqohMpyMpX58d/DlUPRkMTpap
ICkI0nm+5/n4i22uQteRiL8zWpgy1gEesV1gSpzfMyEdSQF3gKXTXVObm17vAL8q
OZzLHXd7TlPVSBVk9Tne1tFJmEGWVnGtiL577VUklYQzOwc37E9OCEuvPZqtXsPt
G6PFe9F7kGv3nhzrkWmqct3PwFrVJa/lfkq29ummaj5u6SshN9ERZwBwX0lLcnws
-----END CERTIFICATE-----