Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/FLQOSktOr1hKjG4R6lRrGTwu4Y4.roa
File:                     FLQOSktOr1hKjG4R6lRrGTwu4Y4.roa (raw, json)
Hash identifier:          HCxQYiPGo2KxnCSlrWXoWcHI4W9ZFCE3iBJWeLRX1o8=
Subject key identifier:   14:B4:0E:4A:4B:4E:AF:58:4A:8C:6E:11:EA:54:6B:19:3C:2E:E1:8E
Certificate issuer:       /CN=92bf6464ce6e19a4dcf8a32b27a2f1cbe1551055
Certificate serial:       0196DE500DF86A74784D56AD0BBDB26F9770
Authority key identifier: 92:BF:64:64:CE:6E:19:A4:DC:F8:A3:2B:27:A2:F1:CB:E1:55:10:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/FLQOSktOr1hKjG4R6lRrGTwu4Y4.roa
Signing time:             Sat 17 May 2025 12:55:10 +0000
ROA not before:           Sat 17 May 2025 12:55:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212077
IP address blocks:        87.236.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:de:50:0d:f8:6a:74:78:4d:56:ad:0b:bd:b2:6f:97:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92bf6464ce6e19a4dcf8a32b27a2f1cbe1551055
        Validity
            Not Before: May 17 12:55:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14b40e4a4b4eaf584a8c6e11ea546b193c2ee18e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:6d:a8:ed:95:4b:98:15:7a:6a:ca:ce:fb:3c:
                    ff:48:e2:9d:7f:57:3c:5f:7e:0b:06:f1:9e:7a:e6:
                    ef:91:0c:92:c1:a5:c5:b0:58:35:5a:bd:42:d8:84:
                    35:0b:13:d1:60:55:8a:44:77:fe:d8:76:52:9a:79:
                    34:ae:93:4e:7d:37:d8:c4:7b:44:60:16:f3:16:c8:
                    b5:14:b1:2f:38:72:1c:54:05:c4:3b:eb:e6:21:8c:
                    ff:0b:a3:3c:9c:f0:d9:5b:cd:fa:8d:d1:07:4d:bf:
                    58:bb:10:7f:c3:85:8c:17:41:c0:1e:01:e0:1d:a7:
                    f2:17:66:ca:3d:1f:df:69:77:19:f9:21:4b:59:f2:
                    db:d1:32:04:df:da:41:2a:c9:7c:3f:b6:26:58:16:
                    95:56:69:bd:d8:68:94:41:ce:ca:87:5a:7c:0c:b6:
                    5a:aa:b5:54:de:b0:70:0c:1e:8a:22:04:57:a6:bc:
                    7f:f9:ca:69:66:23:ca:10:88:bc:6d:79:f0:22:2c:
                    49:2e:b4:21:c7:23:eb:62:75:74:d9:70:7b:f3:16:
                    c6:5b:e7:7f:7d:60:36:ba:a7:66:80:b3:de:16:06:
                    33:f3:94:ca:71:89:27:a9:20:bc:d8:d9:dc:c6:ef:
                    f3:10:83:f7:4f:f4:d3:9d:fc:6e:4f:ce:54:46:df:
                    5e:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:B4:0E:4A:4B:4E:AF:58:4A:8C:6E:11:EA:54:6B:19:3C:2E:E1:8E
            X509v3 Authority Key Identifier:
                keyid:92:BF:64:64:CE:6E:19:A4:DC:F8:A3:2B:27:A2:F1:CB:E1:55:10:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/FLQOSktOr1hKjG4R6lRrGTwu4Y4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/f1d697-bc8e-4f14-8b37-b53e30e1412a/1/kr9kZM5uGaTc-KMrJ6Lxy-FVEFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:da:6a:90:2c:57:e4:5d:5d:80:ea:05:9f:39:02:9a:e2:f9:
         e3:1a:05:ab:7f:b0:43:96:5a:be:7d:ae:92:b6:87:01:b0:cf:
         35:f8:6c:9a:a4:eb:1e:53:28:e5:ca:21:d7:23:b9:9c:fb:2f:
         2c:cc:d7:fa:a9:30:d4:73:aa:da:1d:31:0b:e1:d8:49:0e:7c:
         9a:ae:5a:13:ba:ba:79:35:12:41:aa:76:ee:6f:e3:9b:04:49:
         58:6b:48:10:43:bf:fc:86:ec:d7:31:11:94:66:b7:86:af:12:
         7a:a3:5e:bd:dd:f1:3c:77:61:82:b7:7d:82:3e:c1:2f:d7:26:
         fd:4e:7f:44:72:7d:60:b0:b2:b4:77:06:1c:13:1b:f3:d0:25:
         6b:53:1b:8a:0b:6f:2d:45:ab:4d:ce:2d:67:0b:38:7b:db:73:
         44:6c:92:91:8f:e8:20:a9:6a:3f:83:f9:6d:b8:7a:61:c4:7e:
         48:62:69:59:5b:db:59:9d:bb:8e:59:5c:d0:d4:04:18:d5:84:
         e7:e5:07:57:e7:0e:85:1c:8f:03:51:4c:ce:6b:35:29:c0:da:
         0b:98:74:5a:96:0d:44:83:73:49:22:e7:dd:21:3a:df:d0:0d:
         8b:40:fd:f0:56:a3:c3:f4:a9:d5:ee:bb:cd:98:95:5a:35:31:
         0d:fd:dc:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbeUA34anR4TVatC72yb5dwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyYmY2NDY0Y2U2ZTE5YTRkY2Y4YTMyYjI3YTJmMWNiZTE1
NTEwNTUwHhcNMjUwNTE3MTI1NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGI0MGU0YTRiNGVhZjU4NGE4YzZlMTFlYTU0NmIxOTNjMmVlMThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm22o7ZVLmBV6asrO+zz/SOKdf1c8
X34LBvGeeubvkQySwaXFsFg1Wr1C2IQ1CxPRYFWKRHf+2HZSmnk0rpNOfTfYxHtE
YBbzFsi1FLEvOHIcVAXEO+vmIYz/C6M8nPDZW836jdEHTb9YuxB/w4WMF0HAHgHg
HafyF2bKPR/faXcZ+SFLWfLb0TIE39pBKsl8P7YmWBaVVmm92GiUQc7Kh1p8DLZa
qrVU3rBwDB6KIgRXprx/+cppZiPKEIi8bXnwIixJLrQhxyPrYnV02XB78xbGW+d/
fWA2uqdmgLPeFgYz85TKcYknqSC82Nncxu/zEIP3T/TTnfxuT85URt9eLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBS0DkpLTq9YSoxuEepUaxk8LuGOMB8GA1UdIwQY
MBaAFJK/ZGTObhmk3PijKyei8cvhVRBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3I5a1pNNXVHYVRjLUtNcko2THh5LUZWRUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9mMWQ2OTctYmM4ZS00ZjE0LThiMzct
YjUzZTMwZTE0MTJhLzEvRkxRT1NrdE9yMWhLakc0UjZsUnJHVHd1NFk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9mMWQ2OTctYmM4ZS00ZjE0LThiMzctYjUzZTMwZTE0MTJh
LzEva3I5a1pNNXVHYVRjLUtNcko2THh5LUZWRUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+zUMA0G
CSqGSIb3DQEBCwUAA4IBAQAc2mqQLFfkXV2A6gWfOQKa4vnjGgWrf7BDllq+fa6S
tocBsM81+GyapOseUyjlyiHXI7mc+y8szNf6qTDUc6raHTEL4dhJDnyarloTurp5
NRJBqnbub+ObBElYa0gQQ7/8huzXMRGUZreGrxJ6o1693fE8d2GCt32CPsEv1yb9
Tn9Ecn1gsLK0dwYcExvz0CVrUxuKC28tRatNzi1nCzh723NEbJKRj+ggqWo/g/lt
uHphxH5IYmlZW9tZnbuOWVzQ1AQY1YTn5QdX5w6FHI8DUUzOazUpwNoLmHRalg1E
g3NJIufdITrf0A2LQP3wVqPD9KnV7rvNmJVaNTEN/dwS
-----END CERTIFICATE-----