Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/bBfij7COcdTaz-DnHyGrtWC4ET8.roa
File:                     bBfij7COcdTaz-DnHyGrtWC4ET8.roa (raw, json)
Hash identifier:          SxtaFbLu+enyY4LEwLb32FF12bBUTD4V3sUoQFy2hPk=
Subject key identifier:   6C:17:E2:8F:B0:8E:71:D4:DA:CF:E0:E7:1F:21:AB:B5:60:B8:11:3F
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       0196BE7F854137B24E56D76D11916CDA7A72
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/bBfij7COcdTaz-DnHyGrtWC4ET8.roa
Signing time:             Sun 11 May 2025 08:39:10 +0000
ROA not before:           Sun 11 May 2025 08:39:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35308
IP address blocks:        193.151.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:be:7f:85:41:37:b2:4e:56:d7:6d:11:91:6c:da:7a:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: May 11 08:39:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c17e28fb08e71d4dacfe0e71f21abb560b8113f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:c2:11:ae:48:16:64:5c:94:c6:ce:c9:15:10:
                    28:34:f7:e5:04:55:ef:3e:ea:6a:57:da:23:09:5b:
                    c7:67:07:6a:a1:fd:c1:9c:26:cd:06:26:14:03:9f:
                    b3:09:f8:5f:7e:24:c7:22:3e:ef:be:0f:16:9f:af:
                    f4:df:93:71:e6:58:b8:cd:77:05:af:c5:00:30:3f:
                    14:f4:68:7a:a2:88:20:6e:82:e2:77:7c:01:b8:8f:
                    1c:26:ef:ce:34:6f:12:16:e1:f6:fa:e3:33:f3:27:
                    a6:1a:c3:fb:62:26:0b:58:ad:7b:55:74:88:56:5c:
                    6f:c2:7c:96:d5:a0:63:f3:8d:95:17:41:a4:88:10:
                    7f:2b:10:d8:e6:bb:a3:7e:2c:9b:a0:c2:1a:4b:3c:
                    0e:e1:bf:5e:33:9d:38:33:fa:43:3f:0e:9a:4a:f4:
                    a9:51:c9:10:21:36:2d:25:82:2e:28:48:43:89:79:
                    38:bb:7b:24:67:2b:51:af:7d:83:ca:87:53:1d:cc:
                    f1:75:b5:b0:3d:73:ce:4a:1e:86:f6:27:f1:34:1a:
                    41:7b:3e:d0:29:20:47:06:73:fd:91:60:c9:92:03:
                    d1:61:3c:6b:bc:4d:93:25:23:38:3b:29:d3:f1:84:
                    11:23:50:8c:b0:5e:d9:f6:a7:03:64:7b:ae:0d:03:
                    86:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:17:E2:8F:B0:8E:71:D4:DA:CF:E0:E7:1F:21:AB:B5:60:B8:11:3F
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/bBfij7COcdTaz-DnHyGrtWC4ET8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:0c:f5:7b:48:db:a5:1e:32:02:c1:ce:06:d7:77:0a:8f:e5:
         b3:96:46:9b:3e:45:dd:4f:a0:63:a4:e3:fa:5f:1f:9a:66:b9:
         f5:0e:44:25:13:95:60:9a:68:98:4b:f2:3e:2f:b6:d5:80:ce:
         f4:4f:08:17:c2:93:3e:9f:2d:5d:0e:63:0b:de:23:72:f9:58:
         6a:97:04:5f:a2:65:06:b9:f4:26:43:d0:73:ce:1b:b1:ac:43:
         a8:2f:99:3c:f5:6f:2a:62:a3:bc:72:8a:1d:7b:62:ae:d1:c1:
         84:db:f5:f5:95:f2:e4:e5:a6:67:f8:9c:6b:4c:b8:61:5b:0f:
         9f:0a:19:de:a0:9e:2a:ed:96:b5:1c:f6:b2:1f:8a:7d:fd:b2:
         09:5a:6f:9f:33:59:ec:bf:38:0d:77:b8:f6:13:c0:82:37:2b:
         02:15:55:01:8f:ca:42:8b:69:ae:00:4d:73:95:2b:ec:d0:85:
         e0:27:77:7f:02:d7:cf:56:5b:78:44:af:c7:8e:83:88:fa:c3:
         42:79:77:13:7b:4a:55:c6:db:07:53:8a:c6:e3:10:a6:11:db:
         55:65:19:e1:2a:44:7f:eb:53:df:ca:69:d3:c9:ec:a6:3b:76:
         93:ea:e0:59:5b:af:43:d2:ec:83:31:d0:e3:20:8a:a1:44:11:
         ee:e8:11:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZa+f4VBN7JOVtdtEZFs2npyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjUwNTExMDgzOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzE3ZTI4ZmIwOGU3MWQ0ZGFjZmUwZTcxZjIxYWJiNTYwYjgxMTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1sIRrkgWZFyUxs7JFRAoNPflBFXv
PupqV9ojCVvHZwdqof3BnCbNBiYUA5+zCfhffiTHIj7vvg8Wn6/035Nx5li4zXcF
r8UAMD8U9Gh6ooggboLid3wBuI8cJu/ONG8SFuH2+uMz8yemGsP7YiYLWK17VXSI
VlxvwnyW1aBj842VF0GkiBB/KxDY5rujfiyboMIaSzwO4b9eM504M/pDPw6aSvSp
UckQITYtJYIuKEhDiXk4u3skZytRr32DyodTHczxdbWwPXPOSh6G9ifxNBpBez7Q
KSBHBnP9kWDJkgPRYTxrvE2TJSM4OynT8YQRI1CMsF7Z9qcDZHuuDQOGkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGwX4o+wjnHU2s/g5x8hq7VguBE/MB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvYkJmaWo3Q09jZFRhei1Ebkh5R3J0V0M0RVQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZenMA0G
CSqGSIb3DQEBCwUAA4IBAQBbDPV7SNulHjICwc4G13cKj+WzlkabPkXdT6BjpOP6
Xx+aZrn1DkQlE5VgmmiYS/I+L7bVgM70TwgXwpM+ny1dDmML3iNy+VhqlwRfomUG
ufQmQ9BzzhuxrEOoL5k89W8qYqO8coode2Ku0cGE2/X1lfLk5aZn+JxrTLhhWw+f
ChneoJ4q7Za1HPayH4p9/bIJWm+fM1nsvzgNd7j2E8CCNysCFVUBj8pCi2muAE1z
lSvs0IXgJ3d/AtfPVlt4RK/HjoOI+sNCeXcTe0pVxtsHU4rG4xCmEdtVZRnhKkR/
61PfymnTyeymO3aT6uBZW69D0uyDMdDjIIqhRBHu6BFR
-----END CERTIFICATE-----