Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/vBCHQIvxYnn49XpOGJSE4wjSlGw.roa
File:                     vBCHQIvxYnn49XpOGJSE4wjSlGw.roa (raw, json)
Hash identifier:          7CO1i5aTkd/bHcAyF+TmsIBuS1Bs7EA5n3iwLviSKeY=
Subject key identifier:   BC:10:87:40:8B:F1:62:79:F8:F5:7A:4E:18:94:84:E3:08:D2:94:6C
Certificate issuer:       /CN=af734108705a95796e8577125dd300c751dfd9a8
Certificate serial:       0196661C43BC317D6A34556E63CCC36FC4A1
Authority key identifier: AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/vBCHQIvxYnn49XpOGJSE4wjSlGw.roa
Signing time:             Thu 24 Apr 2025 04:44:10 +0000
ROA not before:           Thu 24 Apr 2025 04:44:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210064
IP address blocks:        185.221.239.0/24 maxlen: 24
                          195.234.191.0/24 maxlen: 24
                          195.238.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:66:1c:43:bc:31:7d:6a:34:55:6e:63:cc:c3:6f:c4:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af734108705a95796e8577125dd300c751dfd9a8
        Validity
            Not Before: Apr 24 04:44:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc1087408bf16279f8f57a4e189484e308d2946c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:0f:fb:bd:01:d7:54:83:11:62:b5:dc:0e:cd:
                    ee:6f:41:69:02:62:75:76:b8:ee:9e:dd:af:34:a0:
                    14:9c:d4:32:41:c4:88:4d:95:37:92:b6:a5:ff:eb:
                    ae:64:05:a1:e2:d3:4b:a9:66:aa:32:1a:1f:a6:bd:
                    64:fa:17:ed:99:81:4f:0a:b0:b6:75:f0:c8:a2:a2:
                    0b:55:f8:8f:8e:a5:03:81:b5:2d:d6:5d:20:70:dd:
                    65:58:1b:1c:fa:3d:f7:0c:b4:01:5d:2b:18:cf:14:
                    0c:cb:ce:2a:75:d9:20:ef:c8:06:af:8b:6a:4d:c5:
                    98:ce:7d:70:b7:b5:37:6e:68:4d:f7:aa:fa:99:e3:
                    59:9d:71:81:6f:52:87:fe:3f:1d:13:67:a8:37:bc:
                    1d:3d:92:e4:7f:3b:69:0d:e9:47:9a:5e:65:1e:f9:
                    31:55:d6:20:bc:e0:57:78:ff:df:41:3e:30:9e:48:
                    68:6f:b6:a9:b7:23:65:2f:52:fc:1c:61:61:9e:5a:
                    67:7f:92:c5:28:0b:1f:82:e5:30:89:81:e1:80:8d:
                    0d:b2:59:3b:b5:7a:aa:2b:91:c9:e5:67:73:3d:b0:
                    07:30:ae:10:90:70:db:68:cf:16:8f:ea:f7:79:c9:
                    11:49:7d:c3:8f:2a:3d:fc:d8:b9:61:c3:ae:8d:0d:
                    60:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:10:87:40:8B:F1:62:79:F8:F5:7A:4E:18:94:84:E3:08:D2:94:6C
            X509v3 Authority Key Identifier:
                keyid:AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/vBCHQIvxYnn49XpOGJSE4wjSlGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.239.0/24
                  195.234.191.0/24
                  195.238.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:ee:bf:12:1b:58:9c:ab:4f:77:38:ee:4e:18:4b:da:9c:d7:
         79:fa:d9:66:c6:92:ba:50:e0:7b:b3:d2:46:17:a2:c6:1e:e9:
         41:04:52:19:ff:77:1d:9b:0b:21:87:f9:7e:c7:ae:d6:cb:10:
         e2:10:b5:fb:3d:dd:5f:ab:f8:c5:96:3f:56:2c:35:07:82:92:
         9b:69:8c:42:f3:ad:ab:78:c2:47:92:ea:ab:d6:80:3b:32:66:
         0f:37:9e:ea:c9:ac:21:e3:98:91:1c:d0:65:6e:e5:0a:da:4e:
         05:6e:72:2c:7a:64:28:6d:33:30:a3:22:c1:10:e9:3e:da:19:
         52:bf:2a:4d:f8:5b:57:16:6d:dc:13:be:c6:d8:3c:76:e0:19:
         b8:76:60:c5:b2:fa:b4:01:82:24:17:f9:c8:eb:f1:4b:42:81:
         64:e5:1d:16:20:d9:14:e8:51:6c:2a:bf:08:bb:92:c9:5d:83:
         de:dc:38:eb:28:e9:e0:7e:22:cc:b8:54:dd:16:94:d3:0b:5b:
         af:d1:1a:20:e8:97:a0:83:55:7b:b9:5b:ac:66:41:a3:a9:e0:
         72:02:71:9b:59:e0:3f:96:94:95:15:9c:00:8d:9d:f4:73:08:
         47:2b:ea:cd:e8:dc:da:c2:f7:a8:e1:a9:69:00:05:83:b8:c2:
         88:55:b0:c9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZZmHEO8MX1qNFVuY8zDb8ShMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNzM0MTA4NzA1YTk1Nzk2ZTg1NzcxMjVkZDMwMGM3NTFk
ZmQ5YTgwHhcNMjUwNDI0MDQ0NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzEwODc0MDhiZjE2Mjc5ZjhmNTdhNGUxODk0ODRlMzA4ZDI5NDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1w/7vQHXVIMRYrXcDs3ub0FpAmJ1
drjunt2vNKAUnNQyQcSITZU3kral/+uuZAWh4tNLqWaqMhofpr1k+hftmYFPCrC2
dfDIoqILVfiPjqUDgbUt1l0gcN1lWBsc+j33DLQBXSsYzxQMy84qddkg78gGr4tq
TcWYzn1wt7U3bmhN96r6meNZnXGBb1KH/j8dE2eoN7wdPZLkfztpDelHml5lHvkx
VdYgvOBXeP/fQT4wnkhob7aptyNlL1L8HGFhnlpnf5LFKAsfguUwiYHhgI0Nslk7
tXqqK5HJ5WdzPbAHMK4QkHDbaM8Wj+r3eckRSX3Djyo9/Ni5YcOujQ1g0wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLwQh0CL8WJ5+PV6ThiUhOMI0pRsMB8GA1UdIwQY
MBaAFK9zQQhwWpV5boV3El3TAMdR39moMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUt
MThkMWE0MDZhYWVkLzEvdkJDSFFJdnhZbm40OVhwT0dKU0U0d2pTbEd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUtMThkMWE0MDZhYWVk
LzEvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAud3vAwQA
w+q/AwQAw+7wMA0GCSqGSIb3DQEBCwUAA4IBAQCw7r8SG1icq093OO5OGEvanNd5
+tlmxpK6UOB7s9JGF6LGHulBBFIZ/3cdmwshh/l+x67WyxDiELX7Pd1fq/jFlj9W
LDUHgpKbaYxC862reMJHkuqr1oA7MmYPN57qyawh45iRHNBlbuUK2k4FbnIsemQo
bTMwoyLBEOk+2hlSvypN+FtXFm3cE77G2Dx24Bm4dmDFsvq0AYIkF/nI6/FLQoFk
5R0WINkU6FFsKr8Iu5LJXYPe3DjrKOngfiLMuFTdFpTTC1uv0Rog6Jegg1V7uVus
ZkGjqeByAnGbWeA/lpSVFZwAjZ30cwhHK+rN6Nzawveo4alpAAWDuMKIVbDJ
-----END CERTIFICATE-----