Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/7jg5nYJzN202VeUtKc2WQp0u16Q.roa
File:                     7jg5nYJzN202VeUtKc2WQp0u16Q.roa (raw, json)
Hash identifier:          ZZbLbdoT31z/ALJflUEJX2CB+rUD6ZjDZf6ELXkjBWg=
Subject key identifier:   EE:38:39:9D:82:73:37:6D:36:55:E5:2D:29:CD:96:42:9D:2E:D7:A4
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       01973179D73F8D446AF6FB6EF52A9101B7D9
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/7jg5nYJzN202VeUtKc2WQp0u16Q.roa
Signing time:             Mon 02 Jun 2025 16:29:17 +0000
ROA not before:           Mon 02 Jun 2025 16:29:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        87.254.11.0/24 maxlen: 24
                          87.254.29.0/24 maxlen: 24
                          185.210.168.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:31:79:d7:3f:8d:44:6a:f6:fb:6e:f5:2a:91:01:b7:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Jun  2 16:29:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee38399d8273376d3655e52d29cd96429d2ed7a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:4a:90:ae:d7:97:5a:60:b8:06:7f:a4:29:a4:
                    6a:d8:1a:11:1a:9b:45:39:a6:f2:60:0d:e9:e9:d7:
                    69:05:34:d4:6e:6a:dd:48:f1:60:87:b8:e1:b1:28:
                    c1:d9:fb:72:87:75:cd:a2:8a:9a:55:4b:2a:37:29:
                    4d:5a:d8:7d:45:28:06:66:9a:4a:6b:62:1a:47:dc:
                    46:df:8a:db:e6:21:07:07:2d:db:e1:a7:ba:06:50:
                    22:3b:53:96:74:f6:a5:05:19:87:76:ba:6c:64:a8:
                    07:9d:ce:65:6a:79:8e:0e:66:2b:cd:4d:87:3a:cb:
                    b0:cd:40:0b:a1:bf:b8:0b:64:42:bf:49:5c:14:92:
                    15:43:9a:34:b3:74:b5:bb:49:c8:44:ab:f2:ae:cd:
                    24:02:7e:b2:0a:d5:f5:03:0e:80:05:95:fe:07:f2:
                    d9:7c:b8:e9:f5:56:c9:d5:2c:e1:6e:bb:bb:aa:7e:
                    b6:53:5d:07:35:ae:52:fb:57:10:02:d4:25:bf:23:
                    cc:29:8e:bc:4a:06:51:ee:27:dd:9d:8f:3f:e3:74:
                    c4:41:8e:05:62:4e:71:26:73:d6:ff:b0:6c:b9:3a:
                    98:e2:36:5f:bf:40:e5:4f:db:66:07:ba:b5:f2:7e:
                    70:9f:c8:01:b8:d5:d9:0f:e0:fb:8f:8a:a8:5d:a3:
                    de:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:38:39:9D:82:73:37:6D:36:55:E5:2D:29:CD:96:42:9D:2E:D7:A4
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/7jg5nYJzN202VeUtKc2WQp0u16Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.11.0/24
                  87.254.29.0/24
                  185.210.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:f1:c5:ab:4b:aa:ff:45:31:a1:a6:37:50:9a:68:3d:0c:3f:
         9b:87:63:44:f9:4a:87:f2:1f:8b:38:ee:13:4b:68:0c:3b:da:
         29:27:a4:a8:8f:96:5a:ff:f3:ba:c3:20:d5:23:83:0a:b8:dc:
         3a:52:d9:e8:92:c1:46:53:42:b8:a2:8d:6d:f8:35:e6:23:28:
         2f:7c:10:ea:11:16:f2:c0:02:f4:89:8a:7e:4a:0d:3f:54:45:
         2b:1a:f3:2f:e7:79:6f:40:cb:82:0e:64:45:ec:0d:9c:0a:7c:
         c3:ec:c3:b5:d8:ab:73:a4:3b:22:30:a1:1c:7c:7e:9b:17:8e:
         60:8b:2e:82:bf:25:8f:0a:88:17:76:9d:94:f0:36:be:b3:b6:
         28:c1:ee:e6:2a:c3:dd:df:ae:53:48:e0:4d:a6:4f:7c:b2:03:
         cd:35:3f:77:c4:17:ec:0c:89:7c:f3:b1:7a:f8:25:a1:4d:25:
         04:a2:e9:50:0b:a6:b7:fd:37:e9:94:31:66:cf:69:89:03:38:
         ae:d1:05:2e:f1:1b:c4:de:a9:4e:d4:cc:b9:37:77:60:95:db:
         9f:97:fd:56:41:65:9a:8f:50:de:67:a2:b6:46:ee:bf:1e:f8:
         32:07:c6:f1:b3:7d:26:9d:c1:42:2d:b9:bf:35:22:43:ba:df:
         a3:09:be:81
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZcxedc/jURq9vtu9SqRAbfZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjUwNjAyMTYyOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTM4Mzk5ZDgyNzMzNzZkMzY1NWU1MmQyOWNkOTY0MjlkMmVkN2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0qQrteXWmC4Bn+kKaRq2BoRGptF
OabyYA3p6ddpBTTUbmrdSPFgh7jhsSjB2ftyh3XNooqaVUsqNylNWth9RSgGZppK
a2IaR9xG34rb5iEHBy3b4ae6BlAiO1OWdPalBRmHdrpsZKgHnc5lanmODmYrzU2H
OsuwzUALob+4C2RCv0lcFJIVQ5o0s3S1u0nIRKvyrs0kAn6yCtX1Aw6ABZX+B/LZ
fLjp9VbJ1Szhbru7qn62U10HNa5S+1cQAtQlvyPMKY68SgZR7ifdnY8/43TEQY4F
Yk5xJnPW/7BsuTqY4jZfv0DlT9tmB7q18n5wn8gBuNXZD+D7j4qoXaPe5wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO44OZ2CczdtNlXlLSnNlkKdLtekMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvN2pnNW5ZSnpOMjAyVmVVdEtjMldRcDB1MTZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAV/4LAwQA
V/4dAwQBudKoMA0GCSqGSIb3DQEBCwUAA4IBAQAz8cWrS6r/RTGhpjdQmmg9DD+b
h2NE+UqH8h+LOO4TS2gMO9opJ6Soj5Za//O6wyDVI4MKuNw6UtnoksFGU0K4oo1t
+DXmIygvfBDqERbywAL0iYp+Sg0/VEUrGvMv53lvQMuCDmRF7A2cCnzD7MO12Ktz
pDsiMKEcfH6bF45giy6CvyWPCogXdp2U8Da+s7Yowe7mKsPd365TSOBNpk98sgPN
NT93xBfsDIl887F6+CWhTSUEoulQC6a3/TfplDFmz2mJAziu0QUu8RvE3qlO1My5
N3dgldufl/1WQWWaj1DeZ6K2Ru6/HvgyB8bxs30mncFCLbm/NSJDut+jCb6B
-----END CERTIFICATE-----