Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/871268-bcc1-4722-b14b-dd02811903df/1/BN93epoiflbuobmxVOrnJQZcb5s.roa
File:                     BN93epoiflbuobmxVOrnJQZcb5s.roa (raw, json)
Hash identifier:          tPBXpEVrebg3/mFW8ov1/UOfYTfxAPNL3JWDyTkPOJk=
Subject key identifier:   04:DF:77:7A:9A:22:7E:56:EE:A1:B9:B1:54:EA:E7:25:06:5C:6F:9B
Certificate issuer:       /CN=cd73f238d96cf67a5efc0c37476fd306029af552
Certificate serial:       01967C10AF633BB8DD3D0E2F9688C36682E5
Authority key identifier: CD:73:F2:38:D9:6C:F6:7A:5E:FC:0C:37:47:6F:D3:06:02:9A:F5:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zXPyONls9npe_Aw3R2_TBgKa9VI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/871268-bcc1-4722-b14b-dd02811903df/1/BN93epoiflbuobmxVOrnJQZcb5s.roa
Signing time:             Mon 28 Apr 2025 11:03:10 +0000
ROA not before:           Mon 28 Apr 2025 11:03:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        185.91.113.0/24 maxlen: 24
                          185.91.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/871268-bcc1-4722-b14b-dd02811903df/1/zXPyONls9npe_Aw3R2_TBgKa9VI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/871268-bcc1-4722-b14b-dd02811903df/1/zXPyONls9npe_Aw3R2_TBgKa9VI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zXPyONls9npe_Aw3R2_TBgKa9VI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 23:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7c:10:af:63:3b:b8:dd:3d:0e:2f:96:88:c3:66:82:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd73f238d96cf67a5efc0c37476fd306029af552
        Validity
            Not Before: Apr 28 11:03:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=04df777a9a227e56eea1b9b154eae725065c6f9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:00:58:77:08:8b:40:45:75:ad:50:22:bc:e1:
                    b2:ee:17:95:c6:b6:06:ea:e8:0d:ba:2f:c1:5f:5e:
                    9c:4c:30:cb:43:2c:4e:b6:e5:2f:d8:46:5e:aa:c8:
                    b8:b8:e1:bc:27:3a:31:3b:43:a1:73:a3:70:63:70:
                    82:7e:8f:81:88:22:05:d0:a3:00:60:0f:ef:67:96:
                    c1:b4:f2:ed:80:fb:e6:1a:3d:58:bd:0e:fa:50:dd:
                    25:4b:6c:2f:8d:0a:f8:99:e7:6d:a7:9e:e6:0f:35:
                    d1:c4:9b:8c:fa:cd:56:24:b9:fb:9a:79:b2:14:93:
                    10:8f:47:63:51:07:58:5a:5b:0b:db:a1:5a:c1:55:
                    ae:52:fd:d5:b9:17:f2:05:21:37:a2:7b:17:c2:49:
                    08:02:af:76:9b:9a:28:f4:3e:63:e3:90:bc:92:c2:
                    f6:00:ae:58:6b:ad:d8:29:ba:66:9a:a6:ef:da:20:
                    4d:f4:8a:f0:bd:03:65:85:69:06:c5:89:cb:d6:e3:
                    0a:c4:ee:bb:38:ba:df:15:a7:4a:ec:cf:61:11:61:
                    14:85:de:d8:94:58:b1:fd:f2:04:d2:8a:0c:28:27:
                    13:a8:6b:5e:12:dd:38:13:26:f0:30:31:00:a7:6a:
                    9f:5f:76:63:ee:0e:45:6b:e5:30:70:bc:31:0f:f9:
                    dd:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:DF:77:7A:9A:22:7E:56:EE:A1:B9:B1:54:EA:E7:25:06:5C:6F:9B
            X509v3 Authority Key Identifier:
                keyid:CD:73:F2:38:D9:6C:F6:7A:5E:FC:0C:37:47:6F:D3:06:02:9A:F5:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zXPyONls9npe_Aw3R2_TBgKa9VI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/871268-bcc1-4722-b14b-dd02811903df/1/BN93epoiflbuobmxVOrnJQZcb5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/871268-bcc1-4722-b14b-dd02811903df/1/zXPyONls9npe_Aw3R2_TBgKa9VI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.113.0-185.91.114.255

    Signature Algorithm: sha256WithRSAEncryption
         85:17:af:fc:17:98:0a:5e:57:e4:1c:10:ca:e0:1c:5e:f6:ea:
         49:02:29:ac:63:ad:f3:f8:f5:d5:48:d6:58:44:2d:db:76:b3:
         ea:95:98:e0:8f:f0:80:2b:8e:84:a2:72:c6:a3:9e:6f:11:2b:
         bb:e2:53:2f:ce:81:4d:ba:fb:c0:37:92:26:60:cf:a7:96:8b:
         6e:79:fb:84:45:d6:1c:93:df:03:29:4b:17:c1:31:46:37:c3:
         2d:b1:10:b1:82:47:05:93:ad:2d:6d:b7:46:49:00:1e:22:d1:
         5c:45:21:fe:dc:1e:73:04:02:50:97:22:c5:c8:75:05:86:ee:
         22:30:f5:ce:43:43:b0:2a:a9:5c:11:f2:ea:4a:06:e0:28:ec:
         cf:1f:f3:90:1b:89:fb:f2:2d:19:5e:59:ba:fe:06:6f:f9:b0:
         7e:ab:49:74:c5:c0:52:ec:f2:2e:0c:7a:e6:b1:5f:2c:78:17:
         91:14:df:2e:bc:0b:4e:ef:f7:5d:ac:64:b3:a5:49:4d:1f:e9:
         5b:cd:3d:3d:eb:78:24:6d:8c:30:cc:a3:11:8b:6d:58:c7:47:
         e1:be:82:b1:fc:6f:08:ea:72:b6:c7:2f:f1:cd:79:01:97:ea:
         16:f4:3f:71:2a:bc:4b:c7:f0:f4:e5:49:00:a1:bb:b0:e7:12:
         06:97:82:c1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZZ8EK9jO7jdPQ4vlojDZoLlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNzNmMjM4ZDk2Y2Y2N2E1ZWZjMGMzNzQ3NmZkMzA2MDI5
YWY1NTIwHhcNMjUwNDI4MTEwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGRmNzc3YTlhMjI3ZTU2ZWVhMWI5YjE1NGVhZTcyNTA2NWM2ZjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1QBYdwiLQEV1rVAivOGy7heVxrYG
6ugNui/BX16cTDDLQyxOtuUv2EZeqsi4uOG8JzoxO0Ohc6NwY3CCfo+BiCIF0KMA
YA/vZ5bBtPLtgPvmGj1YvQ76UN0lS2wvjQr4medtp57mDzXRxJuM+s1WJLn7mnmy
FJMQj0djUQdYWlsL26FawVWuUv3VuRfyBSE3onsXwkkIAq92m5oo9D5j45C8ksL2
AK5Ya63YKbpmmqbv2iBN9IrwvQNlhWkGxYnL1uMKxO67OLrfFadK7M9hEWEUhd7Y
lFix/fIE0ooMKCcTqGteEt04EybwMDEAp2qfX3Zj7g5Fa+UwcLwxD/nd+wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFATfd3qaIn5W7qG5sVTq5yUGXG+bMB8GA1UdIwQY
MBaAFM1z8jjZbPZ6XvwMN0dv0wYCmvVSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelhQeU9ObHM5bnBlX0F3M1IyX1RCZ0thOVZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy84NzEyNjgtYmNjMS00NzIyLWIxNGIt
ZGQwMjgxMTkwM2RmLzEvQk45M2Vwb2lmbGJ1b2JteFZPcm5KUVpjYjVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy84NzEyNjgtYmNjMS00NzIyLWIxNGItZGQwMjgxMTkwM2Rm
LzEvelhQeU9ObHM5bnBlX0F3M1IyX1RCZ0thOVZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5W3ED
BAC5W3IwDQYJKoZIhvcNAQELBQADggEBAIUXr/wXmApeV+QcEMrgHF726kkCKaxj
rfP49dVI1lhELdt2s+qVmOCP8IArjoSicsajnm8RK7viUy/OgU26+8A3kiZgz6eW
i255+4RF1hyT3wMpSxfBMUY3wy2xELGCRwWTrS1tt0ZJAB4i0VxFIf7cHnMEAlCX
IsXIdQWG7iIw9c5DQ7AqqVwR8upKBuAo7M8f85AbifvyLRleWbr+Bm/5sH6rSXTF
wFLs8i4MeuaxXyx4F5EU3y68C07v912sZLOlSU0f6VvNPT3reCRtjDDMoxGLbVjH
R+G+grH8bwjqcrbHL/HNeQGX6hb0P3EqvEvH8PTlSQChu7DnEgaXgsE=
-----END CERTIFICATE-----