Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/07ZXjsdxsFuEtdgHwbOq-R5G76E.roa
File:                     07ZXjsdxsFuEtdgHwbOq-R5G76E.roa (raw, json)
Hash identifier:          1M9pQCAfVRT7MQ/Zj4tT9AVlQVRcilmGlJyGKK/xyXM=
Subject key identifier:   D3:B6:57:8E:C7:71:B0:5B:84:B5:D8:07:C1:B3:AA:F9:1E:46:EF:A1
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       019634681A8C6F916B4A304F0FC8ABDCF3D3
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/07ZXjsdxsFuEtdgHwbOq-R5G76E.roa
Signing time:             Mon 14 Apr 2025 13:05:59 +0000
ROA not before:           Mon 14 Apr 2025 13:05:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54252
IP address blocks:        212.87.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:34:68:1a:8c:6f:91:6b:4a:30:4f:0f:c8:ab:dc:f3:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Apr 14 13:05:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3b6578ec771b05b84b5d807c1b3aaf91e46efa1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:0b:d1:23:f9:a5:ba:45:27:89:31:25:08:59:
                    35:45:1f:11:0e:a7:18:8a:4d:0c:44:39:d4:c2:e3:
                    e2:c7:5e:cb:40:d6:f3:8b:70:30:d0:2a:d9:62:d8:
                    8a:cd:54:a3:78:d0:2c:66:b3:86:bf:14:82:e9:89:
                    08:e2:65:58:07:05:91:8d:5d:83:54:24:78:8e:dd:
                    fa:39:86:ec:ab:8b:0f:b2:0e:5a:29:5a:3d:e3:6e:
                    cd:6f:49:51:5f:59:92:9e:db:ff:53:91:7e:2f:e4:
                    9e:fe:01:3d:af:6b:1d:d8:cb:fe:10:cb:ba:08:10:
                    3c:75:0e:9d:8a:77:57:2d:42:9b:11:b9:dd:89:83:
                    17:21:06:35:42:57:7c:b8:87:9a:b7:10:4a:9f:c3:
                    95:58:e7:5b:ca:01:3f:c1:2e:60:43:4e:ac:01:b7:
                    5a:b7:5e:f5:00:8c:c3:ac:04:65:70:0d:45:2b:ed:
                    3c:66:0f:d7:85:ab:fd:b1:a2:4b:a7:d9:ce:8b:c5:
                    f3:a8:e4:c9:6e:a6:fd:e9:f5:71:23:48:63:98:23:
                    e3:13:11:bc:4d:bc:b5:48:c1:c6:95:fb:7a:56:78:
                    d7:25:2f:54:30:a7:1a:b6:e2:44:1d:98:8f:f8:c4:
                    c9:fb:fc:9f:fb:06:66:1d:f8:ee:56:ea:24:15:83:
                    93:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:B6:57:8E:C7:71:B0:5B:84:B5:D8:07:C1:B3:AA:F9:1E:46:EF:A1
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/07ZXjsdxsFuEtdgHwbOq-R5G76E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.87.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:b4:5c:26:56:e0:db:98:94:fb:20:83:bf:63:60:e9:67:bf:
         32:e2:94:f4:af:53:1e:26:06:8a:0f:00:6c:3d:f5:de:f8:f1:
         34:87:eb:87:93:3f:ad:be:bb:d2:c5:3e:11:0a:ee:12:2e:4f:
         b5:22:20:65:08:20:38:6d:2b:f6:70:1b:ac:f1:1a:b6:1f:88:
         34:92:ed:a2:a6:bb:78:42:21:82:eb:bf:96:ee:e6:ce:9a:51:
         72:d6:29:a6:92:4d:48:9b:75:22:be:19:bc:9b:a5:f7:ae:98:
         67:a2:13:ff:a0:77:b4:c0:7a:17:4b:5d:02:1c:27:88:23:1f:
         ff:41:af:cb:db:f5:53:f1:43:08:18:c4:74:d4:21:06:a5:54:
         b2:0a:26:b9:d5:63:74:b2:02:95:ea:30:c6:10:d8:6b:8e:62:
         51:dc:42:6b:40:7a:53:c6:db:d7:d4:8d:2e:f1:6b:b2:cf:bd:
         cd:51:a1:d7:9b:b5:54:3d:80:fe:01:5f:62:a3:ee:48:39:37:
         54:1d:45:8e:c0:7a:a1:e9:44:47:be:05:8b:e7:2e:db:1b:6e:
         32:c8:e1:a3:c6:67:11:70:0c:c1:02:84:8f:96:21:cb:23:4d:
         ce:ff:61:40:81:c9:b5:c1:73:2c:ba:da:a3:a5:8d:79:eb:88:
         c0:29:db:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY0aBqMb5FrSjBPD8ir3PPTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjUwNDE0MTMwNTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2I2NTc4ZWM3NzFiMDViODRiNWQ4MDdjMWIzYWFmOTFlNDZlZmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQvRI/mlukUniTElCFk1RR8RDqcY
ik0MRDnUwuPix17LQNbzi3Aw0CrZYtiKzVSjeNAsZrOGvxSC6YkI4mVYBwWRjV2D
VCR4jt36OYbsq4sPsg5aKVo9427Nb0lRX1mSntv/U5F+L+Se/gE9r2sd2Mv+EMu6
CBA8dQ6dindXLUKbEbndiYMXIQY1Qld8uIeatxBKn8OVWOdbygE/wS5gQ06sAbda
t171AIzDrARlcA1FK+08Zg/Xhav9saJLp9nOi8XzqOTJbqb96fVxI0hjmCPjExG8
Tby1SMHGlft6VnjXJS9UMKcatuJEHZiP+MTJ+/yf+wZmHfjuVuokFYOTrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNO2V47HcbBbhLXYB8GzqvkeRu+hMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvMDdaWGpzZHhzRnVFdGRnSHdiT3EtUjVHNzZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FfLMA0G
CSqGSIb3DQEBCwUAA4IBAQB1tFwmVuDbmJT7IIO/Y2DpZ78y4pT0r1MeJgaKDwBs
PfXe+PE0h+uHkz+tvrvSxT4RCu4SLk+1IiBlCCA4bSv2cBus8Rq2H4g0ku2iprt4
QiGC67+W7ubOmlFy1immkk1Im3Uivhm8m6X3rphnohP/oHe0wHoXS10CHCeIIx//
Qa/L2/VT8UMIGMR01CEGpVSyCia51WN0sgKV6jDGENhrjmJR3EJrQHpTxtvX1I0u
8Wuyz73NUaHXm7VUPYD+AV9io+5IOTdUHUWOwHqh6URHvgWL5y7bG24yyOGjxmcR
cAzBAoSPliHLI03O/2FAgcm1wXMsutqjpY1564jAKdsv
-----END CERTIFICATE-----