Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/69e109-0e02-4f3c-981f-548d47a46ad4/1/p50yN57F3LkXuY7-mhCsw823E8k.roa
File:                     p50yN57F3LkXuY7-mhCsw823E8k.roa (raw, json)
Hash identifier:          dyK2Pi+JnZP3NZuI9yP93De2BsaZ3Ntgr/tFvxnQ/R0=
Subject key identifier:   A7:9D:32:37:9E:C5:DC:B9:17:B9:8E:FE:9A:10:AC:C3:CD:B7:13:C9
Certificate issuer:       /CN=bbf8b06779a83065dbdc5808e1e7ffaf9c7d8da8
Certificate serial:       01971174C52A6BBB783259EDF888EC31AE5A
Authority key identifier: BB:F8:B0:67:79:A8:30:65:DB:DC:58:08:E1:E7:FF:AF:9C:7D:8D:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u_iwZ3moMGXb3FgI4ef_r5x9jag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/69e109-0e02-4f3c-981f-548d47a46ad4/1/p50yN57F3LkXuY7-mhCsw823E8k.roa
Signing time:             Tue 27 May 2025 11:15:54 +0000
ROA not before:           Tue 27 May 2025 11:15:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207541
IP address blocks:        185.166.252.0/24 maxlen: 24
                          2a0b:7940::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/69e109-0e02-4f3c-981f-548d47a46ad4/1/u_iwZ3moMGXb3FgI4ef_r5x9jag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/69e109-0e02-4f3c-981f-548d47a46ad4/1/u_iwZ3moMGXb3FgI4ef_r5x9jag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u_iwZ3moMGXb3FgI4ef_r5x9jag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:74:c5:2a:6b:bb:78:32:59:ed:f8:88:ec:31:ae:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbf8b06779a83065dbdc5808e1e7ffaf9c7d8da8
        Validity
            Not Before: May 27 11:15:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a79d32379ec5dcb917b98efe9a10acc3cdb713c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:9d:06:70:5a:ab:ca:85:b2:19:12:ee:ae:81:
                    b0:ea:11:29:f5:85:82:1b:a2:af:47:54:74:52:a3:
                    2e:c0:8c:0a:61:1a:61:c5:c7:ee:2d:34:a5:77:15:
                    ea:b6:e7:12:10:c8:c2:74:f0:bb:f6:de:7a:45:64:
                    9d:1a:af:b1:b3:da:18:17:ea:1e:fd:dc:30:e8:01:
                    3e:9f:5f:61:d2:5a:fd:e2:3b:1e:b4:41:c1:42:9d:
                    fd:ac:8d:0e:b3:88:ba:b9:fb:8d:bd:3b:78:48:4b:
                    de:7f:db:86:ef:1c:65:b8:26:29:8b:10:68:22:6a:
                    cb:ed:a1:dd:5b:2e:70:47:c8:09:e4:27:69:69:21:
                    65:76:2f:53:50:6c:a4:46:b1:bd:a4:69:51:90:a0:
                    d9:88:3f:41:63:73:af:e8:dc:64:d1:d7:eb:f3:71:
                    9f:b3:f3:ae:b4:7c:8b:a5:73:b6:32:65:ce:71:53:
                    ff:a0:fc:28:97:43:0c:3e:82:a7:15:00:db:2c:13:
                    10:16:f9:38:a5:03:fd:05:60:15:79:08:65:cc:f8:
                    c3:d6:5a:80:65:68:ce:3f:bd:1b:59:3c:0c:7e:91:
                    02:5c:3a:3e:d5:11:3f:48:7f:a4:02:4e:c8:df:2e:
                    70:de:0e:de:cb:09:21:b2:b0:b9:f1:71:34:85:93:
                    8c:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:9D:32:37:9E:C5:DC:B9:17:B9:8E:FE:9A:10:AC:C3:CD:B7:13:C9
            X509v3 Authority Key Identifier:
                keyid:BB:F8:B0:67:79:A8:30:65:DB:DC:58:08:E1:E7:FF:AF:9C:7D:8D:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u_iwZ3moMGXb3FgI4ef_r5x9jag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/69e109-0e02-4f3c-981f-548d47a46ad4/1/p50yN57F3LkXuY7-mhCsw823E8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/69e109-0e02-4f3c-981f-548d47a46ad4/1/u_iwZ3moMGXb3FgI4ef_r5x9jag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.252.0/24
                IPv6:
                  2a0b:7940::/29

    Signature Algorithm: sha256WithRSAEncryption
         3f:1a:d6:0d:90:60:1d:d8:d3:6f:c8:d2:b7:85:5b:97:78:6e:
         2e:05:4e:47:40:da:b6:85:02:5e:ff:44:df:84:39:c3:55:d9:
         10:1f:7a:8e:31:27:b7:47:03:09:c7:45:af:66:6d:9f:09:e8:
         51:79:b0:8c:3a:d6:c4:50:e9:2f:cf:ca:78:08:27:7a:1f:9b:
         30:ad:fc:77:9f:80:61:a9:1d:68:76:fc:26:d5:17:5b:68:82:
         33:8f:93:ee:e5:11:06:73:a1:90:fd:8a:7b:70:f1:b9:14:12:
         af:2e:03:e9:0e:23:7d:bc:87:7e:55:51:e8:6c:cd:ad:86:4c:
         16:b7:49:d2:e3:b5:d5:cd:7e:6d:98:7b:2c:36:7b:10:67:53:
         4a:6f:80:db:a7:02:5d:55:30:1a:90:8f:14:45:ad:61:86:32:
         5f:72:5f:ed:30:c2:b8:06:86:07:8c:00:cc:33:d3:cb:0f:55:
         d7:4d:2a:72:f3:a7:06:92:c4:aa:b0:e0:85:dd:4d:43:ca:b9:
         14:11:7c:69:39:37:3a:6b:20:9c:a4:5e:fb:22:9d:f4:de:86:
         9c:fd:a2:05:b0:0c:a6:a5:f3:4b:03:0c:ae:c1:9b:5c:e8:85:
         d3:20:2d:ce:01:fe:6e:53:c0:cf:2f:10:ae:be:a9:c7:a0:9f:
         12:1c:0f:51
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZcRdMUqa7t4Mlnt+IjsMa5aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZjhiMDY3NzlhODMwNjVkYmRjNTgwOGUxZTdmZmFmOWM3
ZDhkYTgwHhcNMjUwNTI3MTExNTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzlkMzIzNzllYzVkY2I5MTdiOThlZmU5YTEwYWNjM2NkYjcxM2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJ0GcFqryoWyGRLuroGw6hEp9YWC
G6KvR1R0UqMuwIwKYRphxcfuLTSldxXqtucSEMjCdPC79t56RWSdGq+xs9oYF+oe
/dww6AE+n19h0lr94jsetEHBQp39rI0Os4i6ufuNvTt4SEvef9uG7xxluCYpixBo
ImrL7aHdWy5wR8gJ5CdpaSFldi9TUGykRrG9pGlRkKDZiD9BY3Ov6Nxk0dfr83Gf
s/OutHyLpXO2MmXOcVP/oPwol0MMPoKnFQDbLBMQFvk4pQP9BWAVeQhlzPjD1lqA
ZWjOP70bWTwMfpECXDo+1RE/SH+kAk7I3y5w3g7eywkhsrC58XE0hZOMzwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKedMjeexdy5F7mO/poQrMPNtxPJMB8GA1UdIwQY
MBaAFLv4sGd5qDBl29xYCOHn/6+cfY2oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdV9pd1ozbW9NR1hiM0ZnSTRlZl9yNXg5amFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy82OWUxMDktMGUwMi00ZjNjLTk4MWYt
NTQ4ZDQ3YTQ2YWQ0LzEvcDUweU41N0YzTGtYdVk3LW1oQ3N3ODIzRThrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy82OWUxMDktMGUwMi00ZjNjLTk4MWYtNTQ4ZDQ3YTQ2YWQ0
LzEvdV9pd1ozbW9NR1hiM0ZnSTRlZl9yNXg5amFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuab8MA0E
AgACMAcDBQMqC3lAMA0GCSqGSIb3DQEBCwUAA4IBAQA/GtYNkGAd2NNvyNK3hVuX
eG4uBU5HQNq2hQJe/0TfhDnDVdkQH3qOMSe3RwMJx0WvZm2fCehRebCMOtbEUOkv
z8p4CCd6H5swrfx3n4BhqR1odvwm1RdbaIIzj5Pu5REGc6GQ/Yp7cPG5FBKvLgPp
DiN9vId+VVHobM2thkwWt0nS47XVzX5tmHssNnsQZ1NKb4DbpwJdVTAakI8URa1h
hjJfcl/tMMK4BoYHjADMM9PLD1XXTSpy86cGksSqsOCF3U1DyrkUEXxpOTc6ayCc
pF77Ip303oac/aIFsAympfNLAwyuwZtc6IXTIC3OAf5uU8DPLxCuvqnHoJ8SHA9R
-----END CERTIFICATE-----