Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/Brko5nMKSPwBgCgkjjg5igCr-DI.roa
File:                     Brko5nMKSPwBgCgkjjg5igCr-DI.roa (raw, json)
Hash identifier:          3fOnCI08ItaZVpBsarkgTQcdgGi7HK10nR8m2pkLLWI=
Subject key identifier:   06:B9:28:E6:73:0A:48:FC:01:80:28:24:8E:38:39:8A:00:AB:F8:32
Certificate issuer:       /CN=b8ed3ebcd2155f9a178a103adab48fda8b2275a5
Certificate serial:       0197B53CFE22F3209EFE242CBB745A6B7CD1
Authority key identifier: B8:ED:3E:BC:D2:15:5F:9A:17:8A:10:3A:DA:B4:8F:DA:8B:22:75:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uO0-vNIVX5oXihA62rSP2osidaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/Brko5nMKSPwBgCgkjjg5igCr-DI.roa
Signing time:             Sat 28 Jun 2025 06:32:42 +0000
ROA not before:           Sat 28 Jun 2025 06:32:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203473
IP address blocks:        91.215.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/uO0-vNIVX5oXihA62rSP2osidaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/uO0-vNIVX5oXihA62rSP2osidaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uO0-vNIVX5oXihA62rSP2osidaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Jul 2025 00:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b5:3c:fe:22:f3:20:9e:fe:24:2c:bb:74:5a:6b:7c:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8ed3ebcd2155f9a178a103adab48fda8b2275a5
        Validity
            Not Before: Jun 28 06:32:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06b928e6730a48fc018028248e38398a00abf832
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:14:6a:67:ec:97:5a:04:aa:0a:6a:06:a9:00:
                    07:3e:52:cb:d4:75:3c:5b:fa:8f:99:6e:b7:1b:69:
                    a4:de:63:66:fc:18:26:1d:25:05:15:2b:a8:6d:7f:
                    f8:c0:f4:97:d4:4b:5f:6a:e6:f8:2e:c3:b2:a8:1a:
                    00:a7:46:30:bb:a3:c2:e0:7a:37:23:53:87:94:75:
                    de:12:64:fb:c6:b0:86:e9:ee:d9:a0:df:df:b6:5d:
                    69:87:42:91:ff:b8:e6:13:2c:53:78:09:b1:58:c3:
                    bc:6b:0d:ae:d7:2d:c5:21:70:bf:42:12:fa:17:f8:
                    2e:e2:72:e7:c4:9f:d0:4b:15:6c:61:8d:b6:26:10:
                    24:40:cf:a5:20:37:dd:d0:4e:59:dc:70:9c:57:89:
                    40:11:19:ee:5f:8c:2c:24:5c:01:6a:df:e7:21:41:
                    01:32:0f:f5:14:64:fa:cd:28:0a:0b:3e:02:25:72:
                    bd:c8:b2:fe:77:30:c8:11:60:07:ae:3d:d0:31:28:
                    d0:8f:1b:b7:1c:b0:c8:6c:2c:44:d6:15:94:1b:19:
                    cc:ca:c4:6b:69:0a:9f:33:aa:9f:5e:a3:06:21:bc:
                    5e:ba:88:51:21:93:cf:1e:b1:44:5a:69:c2:91:21:
                    a7:45:c5:09:81:89:da:f4:d5:02:09:22:ab:ed:16:
                    3c:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:B9:28:E6:73:0A:48:FC:01:80:28:24:8E:38:39:8A:00:AB:F8:32
            X509v3 Authority Key Identifier:
                keyid:B8:ED:3E:BC:D2:15:5F:9A:17:8A:10:3A:DA:B4:8F:DA:8B:22:75:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uO0-vNIVX5oXihA62rSP2osidaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/Brko5nMKSPwBgCgkjjg5igCr-DI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/uO0-vNIVX5oXihA62rSP2osidaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.215.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:0e:8d:42:73:c3:55:1c:54:2d:14:b6:04:c8:50:48:ed:01:
         38:b9:a1:46:27:09:0e:e2:21:14:89:db:2a:ac:f0:d9:30:71:
         51:34:2e:2a:9a:0a:21:d1:1b:ea:68:35:02:11:06:ff:06:27:
         a8:8a:b7:26:e2:9b:3f:4e:14:34:99:b2:55:65:c9:79:d6:20:
         f4:86:bd:54:0b:4e:56:3e:9a:06:a7:77:3b:ef:a8:23:08:73:
         63:52:99:52:31:c3:ff:27:78:24:e0:d4:14:6c:64:af:ba:02:
         af:fd:2b:9e:93:76:c7:34:f9:2f:78:88:d5:cb:4b:de:4f:22:
         4f:e8:ef:74:18:81:eb:ff:25:77:1b:e8:e8:7b:ba:42:ce:7d:
         a6:18:e2:70:ec:cc:05:72:27:31:c1:4b:ee:b3:05:3a:fe:82:
         bc:8c:43:33:da:ec:b0:ab:ef:d3:82:28:30:f1:7b:99:41:00:
         4a:2c:6e:b4:51:92:50:88:aa:3a:ab:8f:f6:3f:31:6f:ff:bd:
         2a:9b:a1:64:71:47:81:40:b2:d0:07:a8:e6:7a:e4:93:74:80:
         12:e8:a8:9b:b1:52:2b:94:04:dd:7d:e9:45:b7:cf:ae:e7:dc:
         9c:dd:1a:bc:21:dc:c4:fb:34:48:74:0e:4d:cd:40:f0:41:81:
         50:33:7f:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZe1PP4i8yCe/iQsu3Raa3zRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4ZWQzZWJjZDIxNTVmOWExNzhhMTAzYWRhYjQ4ZmRhOGIy
Mjc1YTUwHhcNMjUwNjI4MDYzMjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmI5MjhlNjczMGE0OGZjMDE4MDI4MjQ4ZTM4Mzk4YTAwYWJmODMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhRqZ+yXWgSqCmoGqQAHPlLL1HU8
W/qPmW63G2mk3mNm/BgmHSUFFSuobX/4wPSX1Etfaub4LsOyqBoAp0Ywu6PC4Ho3
I1OHlHXeEmT7xrCG6e7ZoN/ftl1ph0KR/7jmEyxTeAmxWMO8aw2u1y3FIXC/QhL6
F/gu4nLnxJ/QSxVsYY22JhAkQM+lIDfd0E5Z3HCcV4lAERnuX4wsJFwBat/nIUEB
Mg/1FGT6zSgKCz4CJXK9yLL+dzDIEWAHrj3QMSjQjxu3HLDIbCxE1hWUGxnMysRr
aQqfM6qfXqMGIbxeuohRIZPPHrFEWmnCkSGnRcUJgYna9NUCCSKr7RY8HQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAa5KOZzCkj8AYAoJI44OYoAq/gyMB8GA1UdIwQY
MBaAFLjtPrzSFV+aF4oQOtq0j9qLInWlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU8wLXZOSVZYNW9YaWhBNjJyU1Ayb3NpZGFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80MjFjNmQtNTM1Yy00YzEzLThkYTMt
ZGVhMTJkZDhjN2Y0LzEvQnJrbzVuTUtTUHdCZ0Nna2pqZzVpZ0NyLURJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80MjFjNmQtNTM1Yy00YzEzLThkYTMtZGVhMTJkZDhjN2Y0
LzEvdU8wLXZOSVZYNW9YaWhBNjJyU1Ayb3NpZGFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9fKMA0G
CSqGSIb3DQEBCwUAA4IBAQBNDo1Cc8NVHFQtFLYEyFBI7QE4uaFGJwkO4iEUidsq
rPDZMHFRNC4qmgoh0RvqaDUCEQb/Bieoircm4ps/ThQ0mbJVZcl51iD0hr1UC05W
PpoGp3c776gjCHNjUplSMcP/J3gk4NQUbGSvugKv/Suek3bHNPkveIjVy0veTyJP
6O90GIHr/yV3G+joe7pCzn2mGOJw7MwFcicxwUvuswU6/oK8jEMz2uywq+/Tgigw
8XuZQQBKLG60UZJQiKo6q4/2PzFv/70qm6FkcUeBQLLQB6jmeuSTdIAS6KibsVIr
lATdfelFt8+u59yc3Rq8IdzE+zRIdA5NzUDwQYFQM39M
-----END CERTIFICATE-----