Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/ad4f52-9c28-4512-8c1a-0d597c7da9c8/1/26eRBtfHaWUq94c0EN14EglvEno.roa
File:                     26eRBtfHaWUq94c0EN14EglvEno.roa (raw, json)
Hash identifier:          rVQUyz2NEj2yBSOTyg+XToghqiDGJFkQfMW8NYYr5DE=
Subject key identifier:   DB:A7:91:06:D7:C7:69:65:2A:F7:87:34:10:DD:78:12:09:6F:12:7A
Certificate issuer:       /CN=bcb4e6294e7fe4673f7bc6f57f48138e958fcced
Certificate serial:       019427471D8DDF89F33281AD37E62388D30C
Authority key identifier: BC:B4:E6:29:4E:7F:E4:67:3F:7B:C6:F5:7F:48:13:8E:95:8F:CC:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vLTmKU5_5Gc_e8b1f0gTjpWPzO0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/ad4f52-9c28-4512-8c1a-0d597c7da9c8/1/26eRBtfHaWUq94c0EN14EglvEno.roa
Signing time:             Thu 02 Jan 2025 13:49:19 +0000
ROA not before:           Thu 02 Jan 2025 13:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42541
IP address blocks:        194.62.216.0/23 maxlen: 23
                          2a0c:fec0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/ad4f52-9c28-4512-8c1a-0d597c7da9c8/1/vLTmKU5_5Gc_e8b1f0gTjpWPzO0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/ad4f52-9c28-4512-8c1a-0d597c7da9c8/1/vLTmKU5_5Gc_e8b1f0gTjpWPzO0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vLTmKU5_5Gc_e8b1f0gTjpWPzO0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 01:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:1d:8d:df:89:f3:32:81:ad:37:e6:23:88:d3:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcb4e6294e7fe4673f7bc6f57f48138e958fcced
        Validity
            Not Before: Jan  2 13:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dba79106d7c769652af7873410dd7812096f127a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:42:9b:67:dc:13:39:d2:d7:29:0c:ec:3e:83:
                    0f:6a:6d:40:c6:c5:01:43:d1:79:b5:fd:29:40:aa:
                    57:2a:ae:20:a3:e8:e9:99:a4:97:10:f2:0a:21:09:
                    2f:05:14:db:35:64:cb:31:f1:10:74:b5:13:02:cc:
                    f5:b9:35:dc:b0:e9:7b:5a:21:95:82:1c:ec:c9:5f:
                    dc:7b:0e:9c:5e:d0:6e:02:82:7f:fc:18:b5:54:c5:
                    0c:67:5c:da:4e:2c:59:32:f2:e6:95:88:77:16:15:
                    81:0c:d0:55:7c:6a:92:02:9b:92:70:d4:f6:a5:17:
                    e1:10:a0:dd:74:91:07:3b:70:96:49:43:77:2f:3f:
                    9f:4f:6c:f7:36:8a:2e:b8:d8:69:0e:06:68:e5:6a:
                    b7:9f:36:b0:90:09:c6:a5:66:1e:8a:bd:5e:2a:3d:
                    60:1b:c4:25:aa:cd:ec:6f:42:2e:a4:14:f4:55:de:
                    02:79:01:aa:ba:c2:75:12:90:64:17:05:8e:d8:c7:
                    ef:7d:68:d0:3d:28:05:76:13:65:03:f1:a9:4a:75:
                    33:60:4c:b8:f3:84:ea:d1:99:21:14:5e:64:36:9e:
                    56:38:04:a4:24:ba:85:a3:a7:4a:b3:e2:4b:ce:d5:
                    e6:65:48:b7:21:50:68:c2:0e:16:bc:8e:b9:5b:aa:
                    e8:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:A7:91:06:D7:C7:69:65:2A:F7:87:34:10:DD:78:12:09:6F:12:7A
            X509v3 Authority Key Identifier:
                keyid:BC:B4:E6:29:4E:7F:E4:67:3F:7B:C6:F5:7F:48:13:8E:95:8F:CC:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vLTmKU5_5Gc_e8b1f0gTjpWPzO0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/ad4f52-9c28-4512-8c1a-0d597c7da9c8/1/26eRBtfHaWUq94c0EN14EglvEno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/ad4f52-9c28-4512-8c1a-0d597c7da9c8/1/vLTmKU5_5Gc_e8b1f0gTjpWPzO0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.216.0/23
                IPv6:
                  2a0c:fec0::/32

    Signature Algorithm: sha256WithRSAEncryption
         20:4c:89:e1:bd:43:02:6e:13:43:e6:eb:d5:33:0c:9c:90:13:
         e0:92:7f:40:2b:18:c6:78:b2:68:63:31:b5:72:82:f5:68:2a:
         34:f6:2e:fd:fb:31:d9:5b:6f:c7:07:91:84:16:9a:2a:0c:ca:
         6e:05:f3:b8:7a:58:c2:45:8b:8f:e6:5b:b0:ae:5d:0c:b1:ce:
         14:dd:35:92:0f:00:95:88:16:53:59:ff:11:44:5b:bc:29:f8:
         a0:4a:89:3d:06:e4:6a:94:2a:93:c8:16:58:f8:ef:8b:70:78:
         1b:97:f7:88:2f:6a:c1:96:6f:49:98:86:2e:8d:20:f1:b8:68:
         59:4e:41:9e:2e:e7:17:05:47:2b:f5:fb:d7:02:e5:b5:39:37:
         e2:51:e1:a6:93:de:51:cd:15:eb:91:2f:4b:85:2b:18:1e:e2:
         ef:da:a6:e8:dc:5e:80:fe:95:83:85:b7:e7:61:88:cd:a1:82:
         b1:a3:d3:48:d1:1a:50:d9:b7:88:ac:6e:87:3d:52:b5:86:b8:
         12:18:56:d1:86:91:b2:4e:cf:83:cc:cd:5e:c9:9c:2c:d1:3a:
         af:2a:d4:98:36:e5:9e:cc:78:08:26:51:80:54:fa:84:d2:95:
         a7:02:89:0e:fa:e3:3e:7d:19:01:fd:dd:87:cb:3b:1f:9a:9d:
         80:8d:e9:3d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnRx2N34nzMoGtN+YjiNMMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjYjRlNjI5NGU3ZmU0NjczZjdiYzZmNTdmNDgxMzhlOTU4
ZmNjZWQwHhcNMjUwMTAyMTM0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmE3OTEwNmQ3Yzc2OTY1MmFmNzg3MzQxMGRkNzgxMjA5NmYxMjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5UKbZ9wTOdLXKQzsPoMPam1AxsUB
Q9F5tf0pQKpXKq4go+jpmaSXEPIKIQkvBRTbNWTLMfEQdLUTAsz1uTXcsOl7WiGV
ghzsyV/cew6cXtBuAoJ//Bi1VMUMZ1zaTixZMvLmlYh3FhWBDNBVfGqSApuScNT2
pRfhEKDddJEHO3CWSUN3Lz+fT2z3NoouuNhpDgZo5Wq3nzawkAnGpWYeir1eKj1g
G8Qlqs3sb0IupBT0Vd4CeQGqusJ1EpBkFwWO2MfvfWjQPSgFdhNlA/GpSnUzYEy4
84Tq0ZkhFF5kNp5WOASkJLqFo6dKs+JLztXmZUi3IVBowg4WvI65W6roNQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNunkQbXx2llKveHNBDdeBIJbxJ6MB8GA1UdIwQY
MBaAFLy05ilOf+RnP3vG9X9IE46Vj8ztMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkxUbUtVNV81R2NfZThiMWYwZ1RqcFdQek8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9hZDRmNTItOWMyOC00NTEyLThjMWEt
MGQ1OTdjN2RhOWM4LzEvMjZlUkJ0ZkhhV1VxOTRjMEVOMTRFZ2x2RW5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9hZDRmNTItOWMyOC00NTEyLThjMWEtMGQ1OTdjN2RhOWM4
LzEvdkxUbUtVNV81R2NfZThiMWYwZ1RqcFdQek8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBwj7YMA0E
AgACMAcDBQAqDP7AMA0GCSqGSIb3DQEBCwUAA4IBAQAgTInhvUMCbhND5uvVMwyc
kBPgkn9AKxjGeLJoYzG1coL1aCo09i79+zHZW2/HB5GEFpoqDMpuBfO4eljCRYuP
5luwrl0Msc4U3TWSDwCViBZTWf8RRFu8KfigSok9BuRqlCqTyBZY+O+LcHgbl/eI
L2rBlm9JmIYujSDxuGhZTkGeLucXBUcr9fvXAuW1OTfiUeGmk95RzRXrkS9LhSsY
HuLv2qbo3F6A/pWDhbfnYYjNoYKxo9NI0RpQ2beIrG6HPVK1hrgSGFbRhpGyTs+D
zM1eyZws0TqvKtSYNuWezHgIJlGAVPqE0pWnAokO+uM+fRkB/d2Hyzsfmp2Ajek9
-----END CERTIFICATE-----