Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/BpOZHth79iEq6Unl5Ftxw3vK380.roa
File:                     BpOZHth79iEq6Unl5Ftxw3vK380.roa (raw, json)
Hash identifier:          xaw+A9uYoXkOEdfV2IBPtSv3FaUYVZWVD5udCKEOS9U=
Subject key identifier:   06:93:99:1E:D8:7B:F6:21:2A:E9:49:E5:E4:5B:71:C3:7B:CA:DF:CD
Certificate issuer:       /CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
Certificate serial:       0197077E1CA80918552459A1952F1EA220E6
Authority key identifier: 2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/BpOZHth79iEq6Unl5Ftxw3vK380.roa
Signing time:             Sun 25 May 2025 12:49:54 +0000
ROA not before:           Sun 25 May 2025 12:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42216
IP address blocks:        107.150.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 22:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:07:7e:1c:a8:09:18:55:24:59:a1:95:2f:1e:a2:20:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
        Validity
            Not Before: May 25 12:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0693991ed87bf6212ae949e5e45b71c37bcadfcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:cb:ad:df:56:3c:71:34:cc:73:2b:5e:c9:14:
                    84:d3:a7:66:df:5e:4d:8b:b5:a8:ab:9f:b3:c5:3d:
                    05:c5:52:11:80:fa:64:81:ff:82:87:1e:52:54:3f:
                    45:eb:d1:86:2e:ad:b0:30:50:99:34:51:97:af:00:
                    83:f1:ac:e3:5b:32:96:fd:46:f1:0e:48:cf:a4:4d:
                    9b:0d:64:09:1d:31:f2:d3:59:0e:d2:f2:33:16:b3:
                    be:f2:9e:79:97:c7:33:26:17:96:94:f8:81:d5:0b:
                    19:58:d9:82:7f:f0:2b:cb:c8:36:9f:0e:3d:64:47:
                    d5:ed:27:99:2e:0c:c1:9e:55:5c:14:eb:2d:b9:c3:
                    c5:04:7a:92:cf:e7:0d:ef:e8:d7:e7:59:0e:88:87:
                    2b:20:e2:71:20:80:9e:eb:12:2a:13:e4:09:f4:32:
                    99:b5:31:6f:45:9a:e1:ca:f4:8a:00:db:bd:c2:0f:
                    72:e0:9a:3c:ef:9b:43:28:d7:5f:42:20:84:b9:39:
                    a9:e6:15:8b:e1:5e:8f:9b:a2:19:df:80:28:9e:53:
                    47:e9:50:c2:53:e7:18:71:e1:39:55:f3:0b:7e:e5:
                    b7:c1:f2:d3:3b:2c:a9:0e:07:1f:18:dd:30:29:9f:
                    42:73:55:20:47:23:c5:3f:b8:0d:c2:60:ef:e7:ad:
                    76:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:93:99:1E:D8:7B:F6:21:2A:E9:49:E5:E4:5B:71:C3:7B:CA:DF:CD
            X509v3 Authority Key Identifier:
                keyid:2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/BpOZHth79iEq6Unl5Ftxw3vK380.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.150.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:2f:2d:90:c6:b2:f4:b3:f2:9a:d9:32:9b:41:ed:3f:52:2a:
         9d:b0:0b:27:66:3a:02:ee:96:28:b8:74:e6:8a:d8:0a:1b:24:
         1b:d1:f8:5f:30:3b:94:bb:f5:5f:8f:c0:5a:79:ba:18:db:c1:
         3c:52:52:67:84:6f:f6:04:a7:03:c1:2f:10:0a:7e:65:f0:fe:
         02:d8:2b:cb:61:7f:cb:20:d6:d9:2c:fb:2a:25:4d:19:76:45:
         fa:1a:80:18:7f:44:bd:d0:7d:f0:97:55:a2:36:a1:16:21:96:
         9c:07:88:17:d1:40:ea:70:75:73:74:9d:8e:51:23:ba:e9:3d:
         df:7a:0d:b3:dd:ef:29:e3:17:72:6e:af:65:fa:75:a4:ba:39:
         c6:26:65:89:c6:62:10:b1:f2:bf:c3:5c:f0:9a:59:73:1f:6e:
         c6:a0:33:f3:48:e6:66:4d:22:2a:05:cd:c3:32:b0:ca:6b:97:
         b1:47:2f:99:92:7f:d8:75:7d:4f:f0:0a:74:c6:de:b6:1c:05:
         13:cd:91:5f:7b:17:ec:d1:66:82:e2:8b:24:1e:b4:4b:2b:6e:
         90:1b:4a:99:29:b8:06:46:02:3a:54:ae:29:f0:98:1b:93:fc:
         d5:f7:2c:3e:0f:bb:03:d0:36:d5:4d:e2:93:ae:55:3d:bb:a8:
         47:d2:c8:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcHfhyoCRhVJFmhlS8eoiDmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMzY4YjBhZWM2YzdmZDQ4ZDBkOTZiNDA3N2EyM2Y5MDZh
ODZhNDgwHhcNMjUwNTI1MTI0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjkzOTkxZWQ4N2JmNjIxMmFlOTQ5ZTVlNDViNzFjMzdiY2FkZmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcut31Y8cTTMcyteyRSE06dm315N
i7Woq5+zxT0FxVIRgPpkgf+Chx5SVD9F69GGLq2wMFCZNFGXrwCD8azjWzKW/Ubx
DkjPpE2bDWQJHTHy01kO0vIzFrO+8p55l8czJheWlPiB1QsZWNmCf/Ary8g2nw49
ZEfV7SeZLgzBnlVcFOstucPFBHqSz+cN7+jX51kOiIcrIOJxIICe6xIqE+QJ9DKZ
tTFvRZrhyvSKANu9wg9y4Jo875tDKNdfQiCEuTmp5hWL4V6Pm6IZ34AonlNH6VDC
U+cYceE5VfMLfuW3wfLTOyypDgcfGN0wKZ9Cc1UgRyPFP7gNwmDv5612WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAaTmR7Ye/YhKulJ5eRbccN7yt/NMB8GA1UdIwQY
MBaAFC42iwrsbH/UjQ2WtAd6I/kGqGpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQt
MTQyN2RkMTZlZmE0LzEvQnBPWkh0aDc5aUVxNlVubDVGdHh3M3ZLMzgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQtMTQyN2RkMTZlZmE0
LzEvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAa5arMA0G
CSqGSIb3DQEBCwUAA4IBAQBiLy2QxrL0s/Ka2TKbQe0/UiqdsAsnZjoC7pYouHTm
itgKGyQb0fhfMDuUu/Vfj8BaeboY28E8UlJnhG/2BKcDwS8QCn5l8P4C2CvLYX/L
INbZLPsqJU0ZdkX6GoAYf0S90H3wl1WiNqEWIZacB4gX0UDqcHVzdJ2OUSO66T3f
eg2z3e8p4xdybq9l+nWkujnGJmWJxmIQsfK/w1zwmllzH27GoDPzSOZmTSIqBc3D
MrDKa5exRy+Zkn/YdX1P8Ap0xt62HAUTzZFfexfs0WaC4oskHrRLK26QG0qZKbgG
RgI6VK4p8Jgbk/zV9yw+D7sD0DbVTeKTrlU9u6hH0sgj
-----END CERTIFICATE-----