Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/767bd0-b0ef-4114-a58e-ff86bf881648/1/Bqi8uincl6kJFowUn36Yu63f5C0.roa
File:                     Bqi8uincl6kJFowUn36Yu63f5C0.roa (raw, json)
Hash identifier:          cf174Fm1538hYR3tKGBXFky5PyU7ppsTBHrFBu9hnI8=
Subject key identifier:   06:A8:BC:BA:29:DC:97:A9:09:16:8C:14:9F:7E:98:BB:AD:DF:E4:2D
Certificate issuer:       /CN=839a9a1b7e11fde77e4e1f57ff11864cee21f165
Certificate serial:       018CC34890D500A09C34410AAB252080FD46
Authority key identifier: 83:9A:9A:1B:7E:11:FD:E7:7E:4E:1F:57:FF:11:86:4C:EE:21:F1:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g5qaG34R_ed-Th9X_xGGTO4h8WU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/767bd0-b0ef-4114-a58e-ff86bf881648/1/Bqi8uincl6kJFowUn36Yu63f5C0.roa
Signing time:             Mon 01 Jan 2024 04:29:21 +0000
ROA not before:           Mon 01 Jan 2024 04:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62168
IP address blocks:        141.105.118.0/24 maxlen: 24
                          2a01:8f80:100::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/767bd0-b0ef-4114-a58e-ff86bf881648/1/g5qaG34R_ed-Th9X_xGGTO4h8WU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/767bd0-b0ef-4114-a58e-ff86bf881648/1/g5qaG34R_ed-Th9X_xGGTO4h8WU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g5qaG34R_ed-Th9X_xGGTO4h8WU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 16:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:90:d5:00:a0:9c:34:41:0a:ab:25:20:80:fd:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=839a9a1b7e11fde77e4e1f57ff11864cee21f165
        Validity
            Not Before: Jan  1 04:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06a8bcba29dc97a909168c149f7e98bbaddfe42d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:04:61:c7:f6:ca:87:5a:bc:61:5f:fc:be:83:
                    b0:7e:aa:20:a1:17:7a:96:26:cd:84:99:16:01:39:
                    cd:e5:6b:d6:5c:cd:bd:4d:99:7d:77:c9:80:ed:8e:
                    5c:1a:d9:53:5e:33:00:2f:bf:13:12:37:03:72:d2:
                    33:e2:58:c2:4b:80:0e:d5:c8:8b:88:96:f3:ff:3f:
                    0b:dc:6c:11:92:55:13:e8:c5:b7:bb:7f:5a:53:43:
                    a5:2f:c5:83:d0:49:8d:25:d6:3d:ad:3f:7d:9a:2d:
                    c1:9d:ee:d7:bf:59:c9:ce:45:46:b5:ff:1f:ee:18:
                    56:3d:54:16:e9:ef:bb:92:97:d4:49:21:19:2b:08:
                    13:99:9e:f3:1b:82:60:7a:12:ff:af:c2:ec:97:61:
                    fd:c6:7a:66:98:ed:97:07:7c:7a:fe:b4:22:1b:fe:
                    c4:a5:b9:38:1a:a7:54:1b:37:2b:ff:5c:8f:17:90:
                    6a:c4:63:1f:8a:4a:7f:a5:04:be:45:75:fa:b5:43:
                    ee:c9:4e:fc:d7:75:ea:08:ee:b1:04:74:aa:de:17:
                    09:30:c3:56:78:3c:82:5b:86:f0:3d:86:09:ac:b6:
                    ff:74:ab:d8:16:3e:54:8f:31:b3:90:1e:20:a1:eb:
                    92:72:ba:18:0e:ea:3f:3b:b0:2a:d4:bf:f4:25:31:
                    94:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:A8:BC:BA:29:DC:97:A9:09:16:8C:14:9F:7E:98:BB:AD:DF:E4:2D
            X509v3 Authority Key Identifier:
                keyid:83:9A:9A:1B:7E:11:FD:E7:7E:4E:1F:57:FF:11:86:4C:EE:21:F1:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g5qaG34R_ed-Th9X_xGGTO4h8WU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/767bd0-b0ef-4114-a58e-ff86bf881648/1/Bqi8uincl6kJFowUn36Yu63f5C0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/767bd0-b0ef-4114-a58e-ff86bf881648/1/g5qaG34R_ed-Th9X_xGGTO4h8WU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.105.118.0/24
                IPv6:
                  2a01:8f80:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         2a:2f:36:86:ad:76:7e:6e:f4:3a:fc:80:a4:62:e5:c3:64:62:
         e4:10:7c:67:6f:12:11:35:ea:b4:59:fd:11:bc:83:41:66:97:
         71:be:0f:8a:1f:8a:2c:11:21:57:42:9e:e4:3b:81:63:0b:1b:
         78:30:ee:12:ab:89:19:50:5c:c1:d8:07:1d:e4:1c:72:29:35:
         75:32:2e:94:cc:61:14:5d:c4:cd:7c:61:3d:3b:d8:b1:90:73:
         da:72:ca:f7:df:6f:5d:22:65:5d:f2:22:4b:bd:d7:35:6d:0c:
         85:de:97:68:ef:6f:35:28:9d:86:32:e1:11:6e:93:e8:bf:25:
         7b:b5:ae:ac:e8:6b:b3:cb:6a:65:7a:13:ed:09:17:c9:72:ce:
         8d:70:76:c9:b7:eb:4d:3c:71:1b:10:84:01:68:65:65:3a:bf:
         ec:48:2c:c2:39:94:95:6e:f1:9e:9a:b8:8f:96:81:65:3a:ec:
         9c:8b:dc:8c:7f:e8:f6:35:3c:55:2e:79:a8:c1:cc:39:5e:f8:
         72:d8:39:92:76:ad:50:be:19:e0:63:a3:ed:4b:ff:c8:34:ee:
         ed:67:ba:10:84:88:ea:19:c8:1e:31:38:e3:35:ac:3a:05:f8:
         e3:7a:b8:37:86:fd:7f:11:10:36:9a:1f:cd:6c:55:c9:b4:38:
         99:17:1e:f8
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzDSJDVAKCcNEEKqyUggP1GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzOWE5YTFiN2UxMWZkZTc3ZTRlMWY1N2ZmMTE4NjRjZWUy
MWYxNjUwHhcNMjQwMTAxMDQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmE4YmNiYTI5ZGM5N2E5MDkxNjhjMTQ5ZjdlOThiYmFkZGZlNDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgRhx/bKh1q8YV/8voOwfqogoRd6
libNhJkWATnN5WvWXM29TZl9d8mA7Y5cGtlTXjMAL78TEjcDctIz4ljCS4AO1ciL
iJbz/z8L3GwRklUT6MW3u39aU0OlL8WD0EmNJdY9rT99mi3Bne7Xv1nJzkVGtf8f
7hhWPVQW6e+7kpfUSSEZKwgTmZ7zG4JgehL/r8Lsl2H9xnpmmO2XB3x6/rQiG/7E
pbk4GqdUGzcr/1yPF5BqxGMfikp/pQS+RXX6tUPuyU7813XqCO6xBHSq3hcJMMNW
eDyCW4bwPYYJrLb/dKvYFj5UjzGzkB4goeuScroYDuo/O7Aq1L/0JTGUrQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFAaovLop3JepCRaMFJ9+mLut3+QtMB8GA1UdIwQY
MBaAFIOamht+Ef3nfk4fV/8RhkzuIfFlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzVxYUczNFJfZWQtVGg5WF94R0dUTzRoOFdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83NjdiZDAtYjBlZi00MTE0LWE1OGUt
ZmY4NmJmODgxNjQ4LzEvQnFpOHVpbmNsNmtKRm93VW4zNll1NjNmNUMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83NjdiZDAtYjBlZi00MTE0LWE1OGUtZmY4NmJmODgxNjQ4
LzEvZzVxYUczNFJfZWQtVGg5WF94R0dUTzRoOFdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAjWl2MA4E
AgACMAgDBgAqAY+AATANBgkqhkiG9w0BAQsFAAOCAQEAKi82hq12fm70OvyApGLl
w2Ri5BB8Z28SETXqtFn9EbyDQWaXcb4Pih+KLBEhV0Ke5DuBYwsbeDDuEquJGVBc
wdgHHeQccik1dTIulMxhFF3EzXxhPTvYsZBz2nLK999vXSJlXfIiS73XNW0Mhd6X
aO9vNSidhjLhEW6T6L8le7WurOhrs8tqZXoT7QkXyXLOjXB2ybfrTTxxGxCEAWhl
ZTq/7EgswjmUlW7xnpq4j5aBZTrsnIvcjH/o9jU8VS55qMHMOV74ctg5knatUL4Z
4GOj7Uv/yDTu7We6EISI6hnIHjE44zWsOgX443q4N4b9fxEQNpofzWxVybQ4mRce
+A==
-----END CERTIFICATE-----