Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/DCUhFzb2MklEo8ZkPVYr4GxtnA8.roa
File:                     DCUhFzb2MklEo8ZkPVYr4GxtnA8.roa (raw, json)
Hash identifier:          s+H+XdC1uH7Wqe83lxlwU1t1BUQewLSzbEYoJ2Fbqy0=
Subject key identifier:   0C:25:21:17:36:F6:32:49:44:A3:C6:64:3D:56:2B:E0:6C:6D:9C:0F
Certificate issuer:       /CN=bfc470e9b58e557ea8c1dbedaeb9c6a5fc455125
Certificate serial:       01963E1C178D385BD1A1F09B3E4B4464344A
Authority key identifier: BF:C4:70:E9:B5:8E:55:7E:A8:C1:DB:ED:AE:B9:C6:A5:FC:45:51:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v8Rw6bWOVX6owdvtrrnGpfxFUSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/DCUhFzb2MklEo8ZkPVYr4GxtnA8.roa
Signing time:             Wed 16 Apr 2025 10:19:10 +0000
ROA not before:           Wed 16 Apr 2025 10:19:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        185.236.16.0/22 maxlen: 24
                          185.236.16.0/23 maxlen: 23
                          185.236.18.0/23 maxlen: 23
                          185.236.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/v8Rw6bWOVX6owdvtrrnGpfxFUSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/v8Rw6bWOVX6owdvtrrnGpfxFUSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v8Rw6bWOVX6owdvtrrnGpfxFUSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 05:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3e:1c:17:8d:38:5b:d1:a1:f0:9b:3e:4b:44:64:34:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfc470e9b58e557ea8c1dbedaeb9c6a5fc455125
        Validity
            Not Before: Apr 16 10:19:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c25211736f6324944a3c6643d562be06c6d9c0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b3:5d:57:5e:f7:11:9b:0e:3f:86:da:ba:64:
                    c6:26:dc:17:ce:d0:73:2d:c8:28:ce:c9:46:54:a8:
                    c5:b4:a4:57:bc:03:0f:29:e6:0d:33:0e:03:d5:79:
                    b5:61:9a:da:2b:1e:a2:27:b7:0e:ad:67:e8:c8:5e:
                    5d:8e:f2:b0:ea:fe:f1:6d:69:26:09:49:14:1b:91:
                    6b:45:79:50:99:48:ab:22:fb:c1:ef:ce:1a:0a:ee:
                    84:af:5d:e6:da:0b:ba:90:2c:ac:e5:6c:bd:00:f7:
                    a3:23:1b:88:13:45:c5:30:71:57:86:de:7c:93:5e:
                    fc:b6:70:fa:da:70:07:8a:6f:c0:58:59:12:81:31:
                    f4:c9:27:a6:57:e0:f5:88:a7:95:ec:17:ec:29:89:
                    e8:61:fe:91:d8:80:0f:a8:61:94:a7:73:56:6a:a7:
                    11:31:ea:a1:22:3e:79:81:6f:13:eb:44:af:03:b2:
                    ad:08:c6:63:c7:d8:46:d3:99:0c:5d:73:1b:38:50:
                    e6:d0:d8:16:84:71:95:48:c0:da:22:c2:84:1b:eb:
                    fb:e3:d0:b6:77:9d:3d:f0:6e:97:f6:87:06:51:e0:
                    c9:e9:3d:47:6b:4e:35:bc:fa:b2:76:05:07:12:46:
                    6e:9a:10:50:26:19:9d:aa:e1:60:72:eb:31:32:79:
                    85:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:25:21:17:36:F6:32:49:44:A3:C6:64:3D:56:2B:E0:6C:6D:9C:0F
            X509v3 Authority Key Identifier:
                keyid:BF:C4:70:E9:B5:8E:55:7E:A8:C1:DB:ED:AE:B9:C6:A5:FC:45:51:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v8Rw6bWOVX6owdvtrrnGpfxFUSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/DCUhFzb2MklEo8ZkPVYr4GxtnA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/v8Rw6bWOVX6owdvtrrnGpfxFUSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:2d:1c:4d:9f:89:89:42:8d:ee:c6:95:77:f1:9e:a9:1b:bc:
         56:b8:6f:ee:c5:f1:6c:2b:a9:8b:1b:0e:95:78:04:f3:4b:c1:
         17:8b:e3:df:38:06:c3:6a:c9:9e:3a:5e:a2:f4:11:5d:6f:9a:
         55:eb:43:36:68:d9:00:8f:37:93:45:95:bd:fe:c3:85:f3:68:
         3b:20:7c:c3:b3:c1:ed:f4:1c:18:26:b8:bf:ba:ac:d1:06:80:
         75:ec:97:0d:59:27:1a:15:18:ac:71:37:44:e9:a8:16:db:5a:
         8f:6d:a8:d2:63:d1:5a:9b:9f:94:fc:b5:1c:f3:9a:d9:f3:f4:
         de:d7:63:28:9f:1b:7c:72:51:3e:d7:5c:ac:09:f9:e7:71:cc:
         fb:96:31:f6:ae:39:df:6e:9a:6c:08:55:cc:e7:b7:62:57:6f:
         7f:57:6c:5d:dd:2f:c8:c9:58:f5:4c:50:b3:ec:4a:90:28:ff:
         ed:93:29:3a:b8:ae:73:8b:bc:6a:a3:2c:46:da:10:f2:c6:52:
         ef:7e:55:73:1b:06:71:6e:ac:be:39:e2:ee:ac:24:0d:30:5b:
         5a:66:48:86:14:ea:4f:49:cf:af:b3:73:8a:e0:2f:bd:20:30:
         e9:83:72:04:04:87:2c:c3:e2:e5:3f:f9:db:b4:b2:2a:00:01:
         cc:d1:48:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY+HBeNOFvRofCbPktEZDRKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYzQ3MGU5YjU4ZTU1N2VhOGMxZGJlZGFlYjljNmE1ZmM0
NTUxMjUwHhcNMjUwNDE2MTAxOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzI1MjExNzM2ZjYzMjQ5NDRhM2M2NjQzZDU2MmJlMDZjNmQ5YzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybNdV173EZsOP4baumTGJtwXztBz
LcgozslGVKjFtKRXvAMPKeYNMw4D1Xm1YZraKx6iJ7cOrWfoyF5djvKw6v7xbWkm
CUkUG5FrRXlQmUirIvvB784aCu6Er13m2gu6kCys5Wy9APejIxuIE0XFMHFXht58
k178tnD62nAHim/AWFkSgTH0ySemV+D1iKeV7BfsKYnoYf6R2IAPqGGUp3NWaqcR
MeqhIj55gW8T60SvA7KtCMZjx9hG05kMXXMbOFDm0NgWhHGVSMDaIsKEG+v749C2
d5098G6X9ocGUeDJ6T1Ha041vPqydgUHEkZumhBQJhmdquFgcusxMnmFkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAwlIRc29jJJRKPGZD1WK+BsbZwPMB8GA1UdIwQY
MBaAFL/EcOm1jlV+qMHb7a65xqX8RVElMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjhSdzZiV09WWDZvd2R2dHJybkdwZnhGVVNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi8yN2IzOWItMDQ0OS00YzY0LWJhNzkt
YTJhYTY1NDBmODc1LzEvRENVaEZ6YjJNa2xFbzhaa1BWWXI0R3h0bkE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi8yN2IzOWItMDQ0OS00YzY0LWJhNzktYTJhYTY1NDBmODc1
LzEvdjhSdzZiV09WWDZvd2R2dHJybkdwZnhGVVNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuewQMA0G
CSqGSIb3DQEBCwUAA4IBAQALLRxNn4mJQo3uxpV38Z6pG7xWuG/uxfFsK6mLGw6V
eATzS8EXi+PfOAbDasmeOl6i9BFdb5pV60M2aNkAjzeTRZW9/sOF82g7IHzDs8Ht
9BwYJri/uqzRBoB17JcNWScaFRiscTdE6agW21qPbajSY9Fam5+U/LUc85rZ8/Te
12Monxt8clE+11ysCfnnccz7ljH2rjnfbppsCFXM57diV29/V2xd3S/IyVj1TFCz
7EqQKP/tkyk6uK5zi7xqoyxG2hDyxlLvflVzGwZxbqy+OeLurCQNMFtaZkiGFOpP
Sc+vs3OK4C+9IDDpg3IEBIcsw+LlP/nbtLIqAAHM0UgL
-----END CERTIFICATE-----