Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/oi9YFEbcvlN5alPq7ixyYhFrq48.roa
File:                     oi9YFEbcvlN5alPq7ixyYhFrq48.roa (raw, json)
Hash identifier:          ADhZ+05HO4hub6uw9RxwuVi7MstO4VKG0zRMmKQDcKA=
Subject key identifier:   A2:2F:58:14:46:DC:BE:53:79:6A:53:EA:EE:2C:72:62:11:6B:AB:8F
Certificate issuer:       /CN=54b24d895bf9c0a5fd000a45a347510b2a087fb8
Certificate serial:       019716558DBDDF4E6E3E5C82099455A52A9A
Authority key identifier: 54:B2:4D:89:5B:F9:C0:A5:FD:00:0A:45:A3:47:51:0B:2A:08:7F:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VLJNiVv5wKX9AApFo0dRCyoIf7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/oi9YFEbcvlN5alPq7ixyYhFrq48.roa
Signing time:             Wed 28 May 2025 09:59:55 +0000
ROA not before:           Wed 28 May 2025 09:59:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201023
IP address blocks:        147.78.231.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/VLJNiVv5wKX9AApFo0dRCyoIf7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/VLJNiVv5wKX9AApFo0dRCyoIf7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VLJNiVv5wKX9AApFo0dRCyoIf7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 22:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:16:55:8d:bd:df:4e:6e:3e:5c:82:09:94:55:a5:2a:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54b24d895bf9c0a5fd000a45a347510b2a087fb8
        Validity
            Not Before: May 28 09:59:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a22f581446dcbe53796a53eaee2c7262116bab8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b6:5c:bd:5b:dc:12:f5:32:b6:53:0b:36:43:
                    08:c3:16:1b:88:7a:7a:64:6c:a1:84:78:27:5c:e4:
                    4c:19:64:72:74:99:91:ed:2d:44:f7:b6:5b:15:98:
                    63:12:70:56:f8:04:ae:9d:0a:58:94:0b:e5:3f:50:
                    35:9c:4d:7e:9e:aa:6f:d8:2f:16:ed:09:1a:0e:4c:
                    6c:0b:d9:d0:18:03:1f:42:b6:83:94:d4:17:b9:55:
                    2a:5c:c8:2f:6e:4c:58:03:77:e6:39:fc:17:ad:aa:
                    2a:e8:5b:51:35:92:a2:57:1d:7f:29:10:ad:38:61:
                    7e:b4:7e:d4:95:ce:27:86:c1:f1:62:4b:8d:63:20:
                    4b:d6:b0:2a:5b:8c:38:bd:4f:14:6f:f7:9f:33:e0:
                    cb:5c:62:6e:6b:05:b2:63:c9:50:5f:e2:3e:75:27:
                    b9:80:50:4d:e5:81:c0:29:20:d5:7b:49:7a:aa:29:
                    e9:f0:37:55:38:8b:37:66:0c:b9:c5:0d:63:72:ef:
                    63:43:ef:af:25:5f:da:f2:a6:fa:76:a6:01:77:74:
                    36:25:c0:0c:db:57:46:d6:10:7d:19:27:d8:6f:e6:
                    85:f9:f0:af:f6:7a:1e:f1:ee:7f:7d:78:7f:95:ce:
                    ec:64:21:14:68:3a:6b:cd:01:e2:46:64:3c:69:ab:
                    c5:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:2F:58:14:46:DC:BE:53:79:6A:53:EA:EE:2C:72:62:11:6B:AB:8F
            X509v3 Authority Key Identifier:
                keyid:54:B2:4D:89:5B:F9:C0:A5:FD:00:0A:45:A3:47:51:0B:2A:08:7F:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VLJNiVv5wKX9AApFo0dRCyoIf7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/oi9YFEbcvlN5alPq7ixyYhFrq48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/VLJNiVv5wKX9AApFo0dRCyoIf7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:84:b0:3c:9d:5d:f2:a8:2e:4b:97:20:5d:ee:ae:6f:a5:53:
         91:55:88:62:b3:1c:c7:89:ed:04:7c:79:22:40:96:ea:a7:24:
         83:7b:9c:12:1d:dd:1d:07:bf:13:9d:d7:99:d0:36:2b:4c:e1:
         12:1c:b1:84:69:e2:ba:5b:e8:6e:85:ac:ed:cf:58:d6:a1:00:
         e3:60:68:2e:43:95:72:d7:c8:55:84:7d:5c:19:e4:98:8b:97:
         56:09:f0:20:92:8e:9a:a7:6c:34:13:dd:9f:ac:70:30:0f:e3:
         af:f1:bf:7a:4d:ca:3a:21:4e:56:bb:8c:a5:ce:2f:6f:32:e6:
         77:3e:51:3d:67:87:cf:b7:0d:ec:8f:95:60:2c:9c:b9:02:f4:
         aa:82:e3:52:67:76:a8:e6:44:73:99:32:8f:36:f2:c8:87:5d:
         46:a3:92:89:6f:5c:10:f2:80:07:f9:07:59:8e:9e:16:89:3b:
         5e:34:14:74:76:5a:ad:71:b1:42:e8:2d:06:2e:ea:a7:88:79:
         99:c3:cd:f0:9a:ab:e2:c6:9f:1c:93:76:93:d1:e8:76:97:50:
         53:36:32:ed:c0:20:46:20:40:2d:e7:5e:4c:2d:a6:32:ad:35:
         6c:50:0a:c4:d8:d0:e3:87:eb:f9:4d:06:3e:e1:bb:92:91:d5:
         86:62:72:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcWVY29305uPlyCCZRVpSqaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0YjI0ZDg5NWJmOWMwYTVmZDAwMGE0NWEzNDc1MTBiMmEw
ODdmYjgwHhcNMjUwNTI4MDk1OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjJmNTgxNDQ2ZGNiZTUzNzk2YTUzZWFlZTJjNzI2MjExNmJhYjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLZcvVvcEvUytlMLNkMIwxYbiHp6
ZGyhhHgnXORMGWRydJmR7S1E97ZbFZhjEnBW+ASunQpYlAvlP1A1nE1+nqpv2C8W
7QkaDkxsC9nQGAMfQraDlNQXuVUqXMgvbkxYA3fmOfwXraoq6FtRNZKiVx1/KRCt
OGF+tH7Ulc4nhsHxYkuNYyBL1rAqW4w4vU8Ub/efM+DLXGJuawWyY8lQX+I+dSe5
gFBN5YHAKSDVe0l6qinp8DdVOIs3Zgy5xQ1jcu9jQ++vJV/a8qb6dqYBd3Q2JcAM
21dG1hB9GSfYb+aF+fCv9noe8e5/fXh/lc7sZCEUaDprzQHiRmQ8aavFwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIvWBRG3L5TeWpT6u4scmIRa6uPMB8GA1UdIwQY
MBaAFFSyTYlb+cCl/QAKRaNHUQsqCH+4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkxKTmlWdjV3S1g5QUFwRm8wZFJDeW9JZjdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9kMjE2NzktMmFkMi00ZGY1LTgwYjAt
ZmNiOWJkMDViMWFiLzEvb2k5WUZFYmN2bE41YWxQcTdpeHlZaEZycTQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9kMjE2NzktMmFkMi00ZGY1LTgwYjAtZmNiOWJkMDViMWFi
LzEvVkxKTmlWdjV3S1g5QUFwRm8wZFJDeW9JZjdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk07nMA0G
CSqGSIb3DQEBCwUAA4IBAQAzhLA8nV3yqC5LlyBd7q5vpVORVYhisxzHie0EfHki
QJbqpySDe5wSHd0dB78TndeZ0DYrTOESHLGEaeK6W+huhaztz1jWoQDjYGguQ5Vy
18hVhH1cGeSYi5dWCfAgko6ap2w0E92frHAwD+Ov8b96Tco6IU5Wu4ylzi9vMuZ3
PlE9Z4fPtw3sj5VgLJy5AvSqguNSZ3ao5kRzmTKPNvLIh11Go5KJb1wQ8oAH+QdZ
jp4WiTteNBR0dlqtcbFC6C0GLuqniHmZw83wmqvixp8ck3aT0eh2l1BTNjLtwCBG
IEAt515MLaYyrTVsUArE2NDjh+v5TQY+4buSkdWGYnKN
-----END CERTIFICATE-----