Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/1972a2-3b6f-4316-ab7e-a0bcc912d735/1/pBdQvnX6dKY3XlqUYWMWUMcKsus.roa
File:                     pBdQvnX6dKY3XlqUYWMWUMcKsus.roa (raw, json)
Hash identifier:          7HSL2j8DzWASbakGMcnWSJulH/02edTERxWRK0JJXZU=
Subject key identifier:   A4:17:50:BE:75:FA:74:A6:37:5E:5A:94:61:63:16:50:C7:0A:B2:EB
Certificate issuer:       /CN=1bea3e99bbb0dda78084219a613492e5e6d9b45a
Certificate serial:       0196F342F7CFDFFE10C9249AD6C62B99AF20
Authority key identifier: 1B:EA:3E:99:BB:B0:DD:A7:80:84:21:9A:61:34:92:E5:E6:D9:B4:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G-o-mbuw3aeAhCGaYTSS5ebZtFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/1972a2-3b6f-4316-ab7e-a0bcc912d735/1/pBdQvnX6dKY3XlqUYWMWUMcKsus.roa
Signing time:             Wed 21 May 2025 14:32:54 +0000
ROA not before:           Wed 21 May 2025 14:32:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.60.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/1972a2-3b6f-4316-ab7e-a0bcc912d735/1/G-o-mbuw3aeAhCGaYTSS5ebZtFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/1972a2-3b6f-4316-ab7e-a0bcc912d735/1/G-o-mbuw3aeAhCGaYTSS5ebZtFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G-o-mbuw3aeAhCGaYTSS5ebZtFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 02:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f3:42:f7:cf:df:fe:10:c9:24:9a:d6:c6:2b:99:af:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bea3e99bbb0dda78084219a613492e5e6d9b45a
        Validity
            Not Before: May 21 14:32:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a41750be75fa74a6375e5a9461631650c70ab2eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:db:04:ae:33:8a:32:ac:5e:a3:31:9e:cd:0e:
                    7c:0d:3b:7d:84:d9:ab:9f:a8:74:55:76:61:13:ea:
                    f3:ec:b1:ab:bb:0e:0e:72:d5:97:75:24:3a:14:2e:
                    97:7d:5e:fd:e4:eb:df:25:b2:a8:7a:97:c9:08:4d:
                    ae:ed:04:68:c2:8a:30:b6:45:d1:91:6f:3f:ca:c4:
                    1a:3e:e7:15:b5:d7:23:9b:4d:7c:f0:12:4e:6b:92:
                    68:f7:6f:88:ba:ee:1d:d0:54:88:5d:6d:2a:88:35:
                    84:5f:c5:75:97:16:a3:3c:24:da:2c:22:ed:b8:33:
                    38:db:19:47:11:00:07:23:5f:a4:ef:fd:61:53:55:
                    4e:6d:0b:b4:23:71:13:07:7d:97:e5:e9:c8:95:38:
                    e0:a0:57:86:f0:a8:9f:4a:88:a3:71:ca:5a:9e:cb:
                    94:d6:e1:99:b5:ec:72:45:64:68:19:17:da:74:8a:
                    59:06:4f:fc:8e:c0:e9:d1:d0:d8:28:27:59:ff:d3:
                    3e:ae:72:3e:20:70:1f:c4:51:e3:8e:a3:a8:4f:82:
                    2b:d8:49:c3:a8:19:1e:28:38:c4:e9:34:b8:74:2b:
                    87:64:54:63:09:81:28:23:be:20:6f:3c:28:18:d7:
                    7a:fe:c6:62:53:d5:07:32:e3:94:d6:32:cb:17:0d:
                    5b:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:17:50:BE:75:FA:74:A6:37:5E:5A:94:61:63:16:50:C7:0A:B2:EB
            X509v3 Authority Key Identifier:
                keyid:1B:EA:3E:99:BB:B0:DD:A7:80:84:21:9A:61:34:92:E5:E6:D9:B4:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G-o-mbuw3aeAhCGaYTSS5ebZtFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/1972a2-3b6f-4316-ab7e-a0bcc912d735/1/pBdQvnX6dKY3XlqUYWMWUMcKsus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/1972a2-3b6f-4316-ab7e-a0bcc912d735/1/G-o-mbuw3aeAhCGaYTSS5ebZtFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:eb:14:78:2e:13:9a:31:5e:d5:7c:ca:d3:81:32:cf:07:cc:
         4b:98:d8:d4:c0:d9:2c:bc:ce:68:b1:6c:f9:1c:13:5b:1f:48:
         7f:1a:96:6b:dc:c8:e7:c2:83:66:d1:2b:55:d3:18:5d:e8:9d:
         9f:61:ba:e8:13:df:9f:6e:94:5c:29:dd:ae:17:3c:b4:44:39:
         7e:6d:94:67:ea:d8:c3:be:36:5e:12:43:17:df:cb:2c:27:75:
         f2:40:31:ef:41:96:43:89:4d:ba:49:43:62:8e:20:ef:ab:65:
         0f:95:1f:ef:9a:ff:1e:ad:d4:3d:f1:c6:d4:cd:0a:62:08:7b:
         59:97:3e:fe:cd:b0:3c:4e:4f:e8:38:1b:22:00:67:c9:4d:fa:
         f8:91:b4:6d:e9:65:2d:5b:62:f4:1c:b7:08:6d:6b:1e:33:c3:
         51:49:f5:b9:b5:d8:23:73:0a:a8:c2:aa:c2:66:c0:4d:78:b1:
         dc:bb:a0:53:24:ee:f3:14:79:54:df:f0:5b:0f:66:ae:43:d6:
         f6:71:d4:31:0f:2e:4c:18:73:d0:d5:79:b7:a3:a4:21:fc:58:
         ba:92:70:8f:e5:4a:9b:b2:5d:d8:6b:6f:7b:19:2a:13:fe:cd:
         1b:a6:bf:7a:af:83:53:22:5c:37:c6:6c:de:8f:38:95:15:78:
         02:2d:fe:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbzQvfP3/4QySSa1sYrma8gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZWEzZTk5YmJiMGRkYTc4MDg0MjE5YTYxMzQ5MmU1ZTZk
OWI0NWEwHhcNMjUwNTIxMTQzMjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDE3NTBiZTc1ZmE3NGE2Mzc1ZTVhOTQ2MTYzMTY1MGM3MGFiMmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNsErjOKMqxeozGezQ58DTt9hNmr
n6h0VXZhE+rz7LGruw4OctWXdSQ6FC6XfV795OvfJbKoepfJCE2u7QRowoowtkXR
kW8/ysQaPucVtdcjm0188BJOa5Jo92+Iuu4d0FSIXW0qiDWEX8V1lxajPCTaLCLt
uDM42xlHEQAHI1+k7/1hU1VObQu0I3ETB32X5enIlTjgoFeG8KifSoijccpansuU
1uGZtexyRWRoGRfadIpZBk/8jsDp0dDYKCdZ/9M+rnI+IHAfxFHjjqOoT4Ir2EnD
qBkeKDjE6TS4dCuHZFRjCYEoI74gbzwoGNd6/sZiU9UHMuOU1jLLFw1bGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQXUL51+nSmN15alGFjFlDHCrLrMB8GA1UdIwQY
MBaAFBvqPpm7sN2ngIQhmmE0kuXm2bRaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRy1vLW1idXczYWVBaENHYVlUU1M1ZWJadEZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8xOTcyYTItM2I2Zi00MzE2LWFiN2Ut
YTBiY2M5MTJkNzM1LzEvcEJkUXZuWDZkS1kzWGxxVVlXTVdVTWNLc3VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8xOTcyYTItM2I2Zi00MzE2LWFiN2UtYTBiY2M5MTJkNzM1
LzEvRy1vLW1idXczYWVBaENHYVlUU1M1ZWJadEZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTz4MA0G
CSqGSIb3DQEBCwUAA4IBAQBZ6xR4LhOaMV7VfMrTgTLPB8xLmNjUwNksvM5osWz5
HBNbH0h/GpZr3MjnwoNm0StV0xhd6J2fYbroE9+fbpRcKd2uFzy0RDl+bZRn6tjD
vjZeEkMX38ssJ3XyQDHvQZZDiU26SUNijiDvq2UPlR/vmv8erdQ98cbUzQpiCHtZ
lz7+zbA8Tk/oOBsiAGfJTfr4kbRt6WUtW2L0HLcIbWseM8NRSfW5tdgjcwqowqrC
ZsBNeLHcu6BTJO7zFHlU3/BbD2auQ9b2cdQxDy5MGHPQ1Xm3o6Qh/Fi6knCP5Uqb
sl3Ya297GSoT/s0bpr96r4NTIlw3xmzejziVFXgCLf5/
-----END CERTIFICATE-----