Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/92831e-b0fd-4312-a46b-24a0d82cea9e/1/BwnHgQdnSW_44Zer0BPcUVfjgDQ.roa
File:                     BwnHgQdnSW_44Zer0BPcUVfjgDQ.roa (raw, json)
Hash identifier:          b79Q7WZT/53by0ulZoD5j5IcmVLwQi3rmkQDc+HVWZI=
Subject key identifier:   07:09:C7:81:07:67:49:6F:F8:E1:97:AB:D0:13:DC:51:57:E3:80:34
Certificate issuer:       /CN=cf9cc33182e44d897f4eacf14213467ef88711d4
Certificate serial:       01977862006B864DE8A916C002F0C6E8DF82
Authority key identifier: CF:9C:C3:31:82:E4:4D:89:7F:4E:AC:F1:42:13:46:7E:F8:87:11:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z5zDMYLkTYl_TqzxQhNGfviHEdQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/92831e-b0fd-4312-a46b-24a0d82cea9e/1/BwnHgQdnSW_44Zer0BPcUVfjgDQ.roa
Signing time:             Mon 16 Jun 2025 10:56:17 +0000
ROA not before:           Mon 16 Jun 2025 10:56:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34177
IP address blocks:        91.209.245.0/24 maxlen: 24
                          193.200.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/92831e-b0fd-4312-a46b-24a0d82cea9e/1/z5zDMYLkTYl_TqzxQhNGfviHEdQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/92831e-b0fd-4312-a46b-24a0d82cea9e/1/z5zDMYLkTYl_TqzxQhNGfviHEdQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z5zDMYLkTYl_TqzxQhNGfviHEdQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:78:62:00:6b:86:4d:e8:a9:16:c0:02:f0:c6:e8:df:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf9cc33182e44d897f4eacf14213467ef88711d4
        Validity
            Not Before: Jun 16 10:56:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0709c7810767496ff8e197abd013dc5157e38034
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b8:fb:33:ed:97:2a:8a:b9:98:87:10:b2:ce:
                    2a:7a:80:a3:17:b5:11:7c:70:c7:76:b1:7f:de:92:
                    ce:09:3d:c7:b9:c5:8d:a5:1b:de:84:ea:da:ad:65:
                    96:ff:d4:e3:85:37:d5:1e:e4:bc:d7:54:2d:a2:a7:
                    62:cc:86:94:ab:e2:11:51:87:ab:e6:48:e8:a2:e2:
                    5d:06:b1:5c:02:b1:23:17:57:c3:7a:e3:18:b7:d5:
                    a6:fa:6b:9e:01:fc:26:98:79:a9:5e:f6:cb:99:e1:
                    af:38:03:5c:c7:0f:2e:fe:82:e8:a4:6a:ec:3d:c7:
                    0f:22:0e:50:2e:ef:7e:e9:71:62:7b:de:1c:51:38:
                    e2:df:53:78:44:a5:ac:43:97:f5:a5:82:97:49:99:
                    79:22:9c:83:26:1f:6b:c7:c1:b1:2a:da:ce:1e:56:
                    0d:cf:fc:1a:c4:36:c6:f7:9f:00:0e:a8:38:9a:c5:
                    01:7b:2d:df:9e:e8:44:ca:a5:ed:34:8e:ee:ed:4f:
                    d8:1c:4c:3d:0f:20:6c:c1:54:66:00:ea:9b:3c:70:
                    88:60:65:7f:08:54:c7:36:ec:94:ca:c2:e5:1e:de:
                    c9:f5:ef:78:1e:c1:3c:bc:3a:75:b1:04:77:eb:aa:
                    60:9e:b0:f0:8f:b5:ca:ea:34:99:49:f8:31:43:25:
                    30:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:09:C7:81:07:67:49:6F:F8:E1:97:AB:D0:13:DC:51:57:E3:80:34
            X509v3 Authority Key Identifier:
                keyid:CF:9C:C3:31:82:E4:4D:89:7F:4E:AC:F1:42:13:46:7E:F8:87:11:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z5zDMYLkTYl_TqzxQhNGfviHEdQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/92831e-b0fd-4312-a46b-24a0d82cea9e/1/BwnHgQdnSW_44Zer0BPcUVfjgDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/92831e-b0fd-4312-a46b-24a0d82cea9e/1/z5zDMYLkTYl_TqzxQhNGfviHEdQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.245.0/24
                  193.200.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:af:86:ff:16:d2:7e:4e:ee:2f:b2:d7:98:15:2f:7c:c9:e3:
         32:62:68:96:b2:65:30:ef:27:f2:de:40:aa:9d:1b:4a:6a:82:
         9c:4c:11:a9:c4:0e:6c:ef:cb:1b:21:a7:4f:ec:7c:84:1d:a7:
         89:ba:c2:00:9c:f9:62:06:2f:2b:9c:c5:ec:7f:db:b8:27:e8:
         83:ae:bb:9f:7f:34:38:66:83:30:58:29:b0:e3:81:8d:e9:89:
         ff:8f:bb:2a:1f:94:c1:fa:7f:51:38:cd:dd:c1:34:59:8a:ad:
         fd:b5:82:a3:8c:9b:d5:cc:8b:9b:0f:12:dc:cc:34:8c:84:df:
         af:8e:7b:36:05:32:97:85:78:e0:15:19:c5:db:bb:bf:b4:44:
         be:ee:ef:c2:55:0b:05:19:5d:bc:7e:32:40:26:00:3e:17:bb:
         f6:5c:74:e1:63:31:f4:6a:cd:af:d2:09:1b:01:cd:2d:e1:5f:
         aa:25:a4:c3:ad:69:b7:2b:5b:cf:c4:e2:88:a2:0a:1d:0a:4c:
         ac:e6:66:38:2f:2b:11:a5:ce:be:70:41:d7:46:44:3d:bb:93:
         20:24:18:bd:dd:d5:4c:68:78:00:00:83:e9:41:08:50:ef:2a:
         04:08:d5:e6:4b:38:a0:21:e9:03:56:68:22:a1:fc:6b:a2:28:
         79:5f:7f:18
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZd4YgBrhk3oqRbAAvDG6N+CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmOWNjMzMxODJlNDRkODk3ZjRlYWNmMTQyMTM0NjdlZjg4
NzExZDQwHhcNMjUwNjE2MTA1NjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzA5Yzc4MTA3Njc0OTZmZjhlMTk3YWJkMDEzZGM1MTU3ZTM4MDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrj7M+2XKoq5mIcQss4qeoCjF7UR
fHDHdrF/3pLOCT3HucWNpRvehOrarWWW/9TjhTfVHuS811QtoqdizIaUq+IRUYer
5kjoouJdBrFcArEjF1fDeuMYt9Wm+mueAfwmmHmpXvbLmeGvOANcxw8u/oLopGrs
PccPIg5QLu9+6XFie94cUTji31N4RKWsQ5f1pYKXSZl5IpyDJh9rx8GxKtrOHlYN
z/waxDbG958ADqg4msUBey3fnuhEyqXtNI7u7U/YHEw9DyBswVRmAOqbPHCIYGV/
CFTHNuyUysLlHt7J9e94HsE8vDp1sQR366pgnrDwj7XK6jSZSfgxQyUwGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAcJx4EHZ0lv+OGXq9AT3FFX44A0MB8GA1UdIwQY
MBaAFM+cwzGC5E2Jf06s8UITRn74hxHUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejV6RE1ZTGtUWWxfVHF6eFFoTkdmdmlIRWRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC85MjgzMWUtYjBmZC00MzEyLWE0NmIt
MjRhMGQ4MmNlYTllLzEvQnduSGdRZG5TV180NFplcjBCUGNVVmZqZ0RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC85MjgzMWUtYjBmZC00MzEyLWE0NmItMjRhMGQ4MmNlYTll
LzEvejV6RE1ZTGtUWWxfVHF6eFFoTkdmdmlIRWRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9H1AwQA
wcirMA0GCSqGSIb3DQEBCwUAA4IBAQBmr4b/FtJ+Tu4vsteYFS98yeMyYmiWsmUw
7yfy3kCqnRtKaoKcTBGpxA5s78sbIadP7HyEHaeJusIAnPliBi8rnMXsf9u4J+iD
rruffzQ4ZoMwWCmw44GN6Yn/j7sqH5TB+n9ROM3dwTRZiq39tYKjjJvVzIubDxLc
zDSMhN+vjns2BTKXhXjgFRnF27u/tES+7u/CVQsFGV28fjJAJgA+F7v2XHThYzH0
as2v0gkbAc0t4V+qJaTDrWm3K1vPxOKIogodCkys5mY4LysRpc6+cEHXRkQ9u5Mg
JBi93dVMaHgAAIPpQQhQ7yoECNXmSzigIekDVmgiofxroih5X38Y
-----END CERTIFICATE-----