Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/RLO_QBrXEToQ3xiXG2Zpoj0ltiw.roa
File:                     RLO_QBrXEToQ3xiXG2Zpoj0ltiw.roa (raw, json)
Hash identifier:          TYlK/tFvsBpkt3S97JXs+g8jRby9o0YmQzexa4YAU5E=
Subject key identifier:   44:B3:BF:40:1A:D7:11:3A:10:DF:18:97:1B:66:69:A2:3D:25:B6:2C
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019648F9772FDB6EB7B7A3B79434DA7B0697
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/RLO_QBrXEToQ3xiXG2Zpoj0ltiw.roa
Signing time:             Fri 18 Apr 2025 12:57:10 +0000
ROA not before:           Fri 18 Apr 2025 12:57:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        87.229.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 09:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:48:f9:77:2f:db:6e:b7:b7:a3:b7:94:34:da:7b:06:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Apr 18 12:57:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44b3bf401ad7113a10df18971b6669a23d25b62c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:44:db:5b:12:f2:b7:50:55:14:de:65:df:0f:
                    4a:d6:77:10:58:aa:4e:8e:2a:dd:1c:cc:6a:38:9c:
                    89:00:9f:c2:4e:5b:d3:ae:96:9c:24:2f:33:eb:30:
                    05:a0:1e:0b:63:72:6e:c8:b5:aa:d4:ee:c5:21:84:
                    2d:d8:6a:13:24:d8:82:25:22:ef:22:38:3b:4a:98:
                    62:c3:29:92:72:3e:c3:05:9f:a4:9f:a8:eb:5a:51:
                    bf:ea:37:12:dd:38:71:90:77:20:2b:56:62:28:18:
                    8e:04:84:40:3d:8e:6a:95:3d:5b:57:ed:4b:17:72:
                    62:a3:8f:9f:9d:c7:e4:6a:5a:4f:5f:66:c6:c3:c1:
                    e6:3f:ff:93:51:bb:f2:50:29:d4:57:09:5e:d7:1b:
                    c6:08:b1:16:cb:a6:08:de:d9:6c:9d:96:d5:31:20:
                    d3:35:e1:9c:2e:8d:9d:c3:76:88:7f:ce:f6:16:7b:
                    19:74:5e:ce:6f:b0:ca:18:54:1a:de:f3:cd:f5:c6:
                    98:27:bd:bf:5a:f1:36:1d:bd:ff:f3:dc:08:29:51:
                    6b:54:5b:c7:17:bd:a6:65:2a:15:ce:9a:3f:74:29:
                    a7:f3:a3:9c:d6:0e:c3:e2:b4:59:1a:8c:34:4e:79:
                    b9:1a:30:bc:f1:00:c1:c0:22:3e:9a:31:11:1f:d0:
                    7f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:B3:BF:40:1A:D7:11:3A:10:DF:18:97:1B:66:69:A2:3D:25:B6:2C
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/RLO_QBrXEToQ3xiXG2Zpoj0ltiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:35:87:06:3b:08:db:d9:d4:f9:ee:12:2f:f3:9e:e2:19:c6:
         50:0e:20:6f:b3:5c:11:27:c8:1e:97:70:bc:6a:82:5f:eb:3d:
         2b:44:28:a3:6f:9b:47:d4:5f:ac:5b:59:74:b7:c1:df:66:86:
         0b:81:f3:ae:59:3a:bc:8f:45:db:8c:19:d1:41:7f:37:90:78:
         7d:55:89:7b:76:3f:9c:35:87:b9:f9:f2:6c:aa:8b:fa:a6:c6:
         9b:fc:8c:1e:94:3f:0e:26:42:6e:4a:cf:de:36:a2:87:f3:1e:
         c2:84:fd:87:73:13:30:85:0e:19:34:91:a7:56:07:71:3c:95:
         79:1a:5f:3a:6a:42:5a:28:f8:5f:4a:c4:bc:b0:8c:67:7a:42:
         79:f0:aa:3d:b1:cf:07:d6:f2:3c:93:72:1c:db:06:b9:ea:00:
         23:22:3f:23:1e:40:bf:83:42:c0:3a:26:11:a6:ee:44:d7:ce:
         b4:e0:cd:5a:c1:d7:92:d7:a7:65:1b:48:0c:db:17:2f:ab:1a:
         4b:f4:89:b9:4f:cd:0e:36:a8:b5:aa:ec:28:a0:78:83:79:c0:
         c0:8e:90:6b:ee:7d:5e:32:60:97:dd:10:77:fa:62:77:ef:5e:
         ac:0f:b4:d2:7f:e0:0e:68:b0:fb:18:3a:d7:ec:27:27:0b:a8:
         a8:7e:62:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZI+Xcv2263t6O3lDTaewaXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwNDE4MTI1NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGIzYmY0MDFhZDcxMTNhMTBkZjE4OTcxYjY2NjlhMjNkMjViNjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUTbWxLyt1BVFN5l3w9K1ncQWKpO
jirdHMxqOJyJAJ/CTlvTrpacJC8z6zAFoB4LY3JuyLWq1O7FIYQt2GoTJNiCJSLv
Ijg7SphiwymScj7DBZ+kn6jrWlG/6jcS3ThxkHcgK1ZiKBiOBIRAPY5qlT1bV+1L
F3Jio4+fncfkalpPX2bGw8HmP/+TUbvyUCnUVwle1xvGCLEWy6YI3tlsnZbVMSDT
NeGcLo2dw3aIf872FnsZdF7Ob7DKGFQa3vPN9caYJ72/WvE2Hb3/89wIKVFrVFvH
F72mZSoVzpo/dCmn86Oc1g7D4rRZGow0Tnm5GjC88QDBwCI+mjERH9B/ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESzv0Aa1xE6EN8YlxtmaaI9JbYsMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvUkxPX1FCclhFVG9RM3hpWEcyWnBvajBsdGl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+UXMA0G
CSqGSIb3DQEBCwUAA4IBAQABNYcGOwjb2dT57hIv857iGcZQDiBvs1wRJ8gel3C8
aoJf6z0rRCijb5tH1F+sW1l0t8HfZoYLgfOuWTq8j0XbjBnRQX83kHh9VYl7dj+c
NYe5+fJsqov6psab/IwelD8OJkJuSs/eNqKH8x7ChP2HcxMwhQ4ZNJGnVgdxPJV5
Gl86akJaKPhfSsS8sIxnekJ58Ko9sc8H1vI8k3Ic2wa56gAjIj8jHkC/g0LAOiYR
pu5E18604M1awdeS16dlG0gM2xcvqxpL9Im5T80ONqi1quwooHiDecDAjpBr7n1e
MmCX3RB3+mJ3716sD7TSf+AOaLD7GDrX7CcnC6iofmLH
-----END CERTIFICATE-----