Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/oCn4wpr5As_rj6i8SdJkg85R0Hc.roa
File:                     oCn4wpr5As_rj6i8SdJkg85R0Hc.roa (raw, json)
Hash identifier:          7S82NkRvXrpT2+oGArNGUxQHnJWcUMj49moLiAKQQWA=
Subject key identifier:   A0:29:F8:C2:9A:F9:02:CF:EB:8F:A8:BC:49:D2:64:83:CE:51:D0:77
Certificate issuer:       /CN=be40b3c2be7835d7b37b5826102f8746a5199d49
Certificate serial:       0196636F72A54B9C3E585DC17A62CDECE561
Authority key identifier: BE:40:B3:C2:BE:78:35:D7:B3:7B:58:26:10:2F:87:46:A5:19:9D:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vkCzwr54Ndeze1gmEC-HRqUZnUk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/oCn4wpr5As_rj6i8SdJkg85R0Hc.roa
Signing time:             Wed 23 Apr 2025 16:16:10 +0000
ROA not before:           Wed 23 Apr 2025 16:16:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        185.87.78.0/23 maxlen: 24
                          185.87.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/vkCzwr54Ndeze1gmEC-HRqUZnUk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/vkCzwr54Ndeze1gmEC-HRqUZnUk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vkCzwr54Ndeze1gmEC-HRqUZnUk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:63:6f:72:a5:4b:9c:3e:58:5d:c1:7a:62:cd:ec:e5:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be40b3c2be7835d7b37b5826102f8746a5199d49
        Validity
            Not Before: Apr 23 16:16:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a029f8c29af902cfeb8fa8bc49d26483ce51d077
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:1f:40:43:34:d2:ca:35:a1:89:2d:12:05:b1:
                    da:ac:e3:cf:50:8e:89:1c:5a:dc:c7:7e:fa:45:bf:
                    e6:0e:ae:6b:6e:77:a5:da:a3:8f:df:fc:be:bf:05:
                    60:3a:50:21:b3:3f:21:57:ac:22:a7:e0:63:19:06:
                    b7:d4:a1:14:73:f9:85:bf:eb:06:3c:53:fa:3b:b5:
                    dd:4b:8c:ab:29:ba:c4:78:2f:a7:e9:49:5d:67:de:
                    5f:3b:18:89:84:4b:b3:51:f2:d6:5e:b3:81:df:71:
                    be:02:af:a5:9b:ce:ad:7b:b5:ea:28:4b:c9:b1:21:
                    a9:f7:ce:03:1a:f5:22:26:a2:ac:70:05:2f:10:17:
                    64:a0:32:7c:03:34:b6:2c:f6:57:f3:c3:7e:54:de:
                    2d:d2:20:a6:3e:2a:92:0e:5b:c3:a7:39:6d:87:1f:
                    23:cf:dd:45:55:89:8c:7e:11:f7:8d:f9:d9:2e:90:
                    98:97:61:14:51:b8:b3:ca:89:f2:ce:b1:02:82:21:
                    72:3a:de:91:9e:ad:0e:a5:cc:6c:63:22:ae:4e:08:
                    9b:86:65:e0:04:a0:7e:b6:6d:6e:54:44:b4:9d:c4:
                    80:3f:aa:de:de:ed:7f:b4:02:ae:e0:d1:86:57:3a:
                    58:e6:2b:d0:50:ef:a7:68:03:67:64:49:f9:a8:c1:
                    ba:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:29:F8:C2:9A:F9:02:CF:EB:8F:A8:BC:49:D2:64:83:CE:51:D0:77
            X509v3 Authority Key Identifier:
                keyid:BE:40:B3:C2:BE:78:35:D7:B3:7B:58:26:10:2F:87:46:A5:19:9D:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vkCzwr54Ndeze1gmEC-HRqUZnUk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/oCn4wpr5As_rj6i8SdJkg85R0Hc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/c71636-edd8-4d11-85e8-b834faf6aced/1/vkCzwr54Ndeze1gmEC-HRqUZnUk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:3b:78:86:d3:c8:56:e3:20:75:6b:90:18:b2:dd:7a:f2:6e:
         85:63:a2:d3:a7:68:cc:3c:ec:ab:ec:39:08:61:04:39:e7:9d:
         a5:99:45:26:55:a7:d0:2f:da:90:37:a1:95:f4:8a:38:b3:3e:
         02:06:40:09:7a:e3:f0:85:46:cb:8f:13:02:2a:6b:ea:f4:cf:
         79:34:a1:8c:e2:7c:a3:30:c5:37:eb:6c:23:a2:e1:7d:43:4c:
         b6:16:57:46:be:c3:f2:64:8b:20:2e:1f:62:57:04:8b:f2:60:
         0c:34:cb:f6:a4:f1:2f:27:b2:18:b2:42:39:ec:a9:2e:f0:8b:
         00:10:b7:3f:07:7b:48:9b:a2:05:40:db:7a:08:4f:11:92:17:
         ef:47:88:c3:49:bb:fc:8c:89:ae:91:aa:d6:cd:5e:e8:74:8a:
         83:41:26:64:05:2c:77:96:aa:91:a8:97:77:c3:b1:b4:f7:b0:
         cd:5b:84:b4:ea:8b:cf:b5:4d:b4:fc:c1:93:a1:c4:0f:e9:60:
         07:86:a3:e5:c2:88:63:30:35:ef:66:11:5b:97:b8:30:39:37:
         d4:d5:e5:f9:53:ac:db:f3:29:71:48:e7:49:13:7d:6e:93:05:
         37:e6:8e:cc:26:20:4f:5b:bc:c8:2a:36:c2:b6:de:ea:2e:31:
         53:8d:72:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZjb3KlS5w+WF3BemLN7OVhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNDBiM2MyYmU3ODM1ZDdiMzdiNTgyNjEwMmY4NzQ2YTUx
OTlkNDkwHhcNMjUwNDIzMTYxNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDI5ZjhjMjlhZjkwMmNmZWI4ZmE4YmM0OWQyNjQ4M2NlNTFkMDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwR9AQzTSyjWhiS0SBbHarOPPUI6J
HFrcx376Rb/mDq5rbnel2qOP3/y+vwVgOlAhsz8hV6wip+BjGQa31KEUc/mFv+sG
PFP6O7XdS4yrKbrEeC+n6UldZ95fOxiJhEuzUfLWXrOB33G+Aq+lm86te7XqKEvJ
sSGp984DGvUiJqKscAUvEBdkoDJ8AzS2LPZX88N+VN4t0iCmPiqSDlvDpzlthx8j
z91FVYmMfhH3jfnZLpCYl2EUUbizyonyzrECgiFyOt6Rnq0OpcxsYyKuTgibhmXg
BKB+tm1uVES0ncSAP6re3u1/tAKu4NGGVzpY5ivQUO+naANnZEn5qMG6eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKAp+MKa+QLP64+ovEnSZIPOUdB3MB8GA1UdIwQY
MBaAFL5As8K+eDXXs3tYJhAvh0alGZ1JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmtDendyNTROZGV6ZTFnbUVDLUhScVVablVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9jNzE2MzYtZWRkOC00ZDExLTg1ZTgt
YjgzNGZhZjZhY2VkLzEvb0NuNHdwcjVBc19yajZpOFNkSmtnODVSMEhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9jNzE2MzYtZWRkOC00ZDExLTg1ZTgtYjgzNGZhZjZhY2Vk
LzEvdmtDendyNTROZGV6ZTFnbUVDLUhScVVablVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuVdOMA0G
CSqGSIb3DQEBCwUAA4IBAQACO3iG08hW4yB1a5AYst168m6FY6LTp2jMPOyr7DkI
YQQ5552lmUUmVafQL9qQN6GV9Io4sz4CBkAJeuPwhUbLjxMCKmvq9M95NKGM4nyj
MMU362wjouF9Q0y2FldGvsPyZIsgLh9iVwSL8mAMNMv2pPEvJ7IYskI57Kku8IsA
ELc/B3tIm6IFQNt6CE8RkhfvR4jDSbv8jImukarWzV7odIqDQSZkBSx3lqqRqJd3
w7G097DNW4S06ovPtU20/MGTocQP6WAHhqPlwohjMDXvZhFbl7gwOTfU1eX5U6zb
8ylxSOdJE31ukwU35o7MJiBPW7zIKjbCtt7qLjFTjXK5
-----END CERTIFICATE-----