Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/BDBRhWFBlK9vcfr0QKXqP994RGM.roa
File:                     BDBRhWFBlK9vcfr0QKXqP994RGM.roa (raw, json)
Hash identifier:          0Pybw8NS06uSqnwmcCLpDDhdeVKM+abA07WObm8VMqo=
Subject key identifier:   04:30:51:85:61:41:94:AF:6F:71:FA:F4:40:A5:EA:3F:DF:78:44:63
Certificate issuer:       /CN=659c356633388e9bd897d000a3f38bc1e546ef4a
Certificate serial:       018CC50134AD58CC8F5A6BE5B0450A2ED8D5
Authority key identifier: 65:9C:35:66:33:38:8E:9B:D8:97:D0:00:A3:F3:8B:C1:E5:46:EF:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZZw1ZjM4jpvYl9AAo_OLweVG70o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/BDBRhWFBlK9vcfr0QKXqP994RGM.roa
Signing time:             Mon 01 Jan 2024 12:30:39 +0000
ROA not before:           Mon 01 Jan 2024 12:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        193.38.176.0/24 maxlen: 24
                          193.38.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/ZZw1ZjM4jpvYl9AAo_OLweVG70o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/ZZw1ZjM4jpvYl9AAo_OLweVG70o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZZw1ZjM4jpvYl9AAo_OLweVG70o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:34:ad:58:cc:8f:5a:6b:e5:b0:45:0a:2e:d8:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=659c356633388e9bd897d000a3f38bc1e546ef4a
        Validity
            Not Before: Jan  1 12:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04305185614194af6f71faf440a5ea3fdf784463
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c9:81:52:58:9b:56:af:a8:98:61:ba:5e:d9:
                    76:ea:1a:97:d3:72:5b:b8:f1:e1:77:93:5e:d4:0b:
                    4d:e7:b8:06:e7:dd:af:41:11:eb:38:14:c2:a9:53:
                    5c:e2:21:90:a1:30:38:cf:e3:6a:2b:de:38:d6:90:
                    16:a5:8b:e2:04:b5:5a:2d:87:68:13:6f:6f:d4:1a:
                    81:d5:73:f0:80:b7:6b:d2:45:2e:8d:d5:5f:f5:98:
                    d9:ef:92:03:4a:72:47:d8:2f:12:df:d5:0a:cc:e3:
                    5f:6a:8a:56:5f:3f:e9:04:f2:45:7b:e7:66:e1:05:
                    40:2d:f4:ad:19:b1:cc:61:8c:9c:86:66:09:0b:b6:
                    47:95:d7:f2:0f:44:5a:08:3d:b3:b2:7b:04:11:2b:
                    58:c3:72:da:a9:90:d9:ac:da:e2:9e:ce:4b:53:53:
                    3c:06:a7:d9:b8:d4:72:32:39:a9:e5:f7:ca:70:57:
                    ba:6d:c3:5a:ce:a7:35:92:c7:12:73:bf:8b:ce:98:
                    47:c0:9a:51:ac:a2:26:61:6f:d8:bb:37:9f:cd:47:
                    78:ea:2f:5f:a5:17:4b:b9:cf:4c:67:a4:04:77:df:
                    fe:f4:db:19:24:27:3f:bb:d1:23:8e:2b:62:db:e3:
                    27:b9:c7:9a:e8:c6:e8:fc:a7:20:fa:c5:04:23:b5:
                    f0:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:30:51:85:61:41:94:AF:6F:71:FA:F4:40:A5:EA:3F:DF:78:44:63
            X509v3 Authority Key Identifier:
                keyid:65:9C:35:66:33:38:8E:9B:D8:97:D0:00:A3:F3:8B:C1:E5:46:EF:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZZw1ZjM4jpvYl9AAo_OLweVG70o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/BDBRhWFBlK9vcfr0QKXqP994RGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/ZZw1ZjM4jpvYl9AAo_OLweVG70o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.38.176.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:4f:50:34:78:ac:4f:51:74:bd:28:0f:43:28:63:d0:bf:77:
         f4:66:7c:57:f3:7d:2a:bf:c1:1b:22:a0:b6:54:5e:3b:e7:58:
         01:de:05:dd:10:88:8f:30:9b:86:75:f1:dd:e9:f8:b8:e8:0b:
         a7:2a:28:ae:7b:42:44:1b:60:e9:0e:be:32:c7:28:dc:e8:e1:
         9f:40:26:37:e7:58:8a:33:35:c5:96:a4:c7:2d:5c:94:cf:16:
         f3:e1:d1:db:bd:6c:74:18:c9:78:2a:59:03:9f:9c:46:0b:51:
         96:d4:d3:4e:29:87:68:22:a5:27:06:ca:e2:4f:4a:a7:31:e2:
         ff:39:45:13:ad:0f:f6:af:c9:d1:65:49:6e:73:09:55:22:49:
         cc:ac:10:5e:72:50:03:3e:d0:59:5d:0d:35:a4:24:15:11:98:
         8b:ea:b9:aa:57:b3:29:31:e6:e9:38:6f:b9:fe:e5:9a:9b:f2:
         74:60:59:e4:5d:9d:62:3e:d4:f1:aa:86:7b:8a:59:7b:5b:ac:
         ba:b3:cb:e5:8c:eb:ef:78:e2:b8:48:be:3d:89:f8:14:54:23:
         a3:74:f0:dc:21:d8:d3:9e:30:51:f6:1c:bc:89:f1:8b:3c:9d:
         ff:a7:22:19:f2:a7:23:8d:dd:70:62:c6:8c:b0:b4:36:3d:9e:
         ee:2c:00:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATStWMyPWmvlsEUKLtjVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1OWMzNTY2MzMzODhlOWJkODk3ZDAwMGEzZjM4YmMxZTU0
NmVmNGEwHhcNMjQwMTAxMTIzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDMwNTE4NTYxNDE5NGFmNmY3MWZhZjQ0MGE1ZWEzZmRmNzg0NDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsmBUlibVq+omGG6Xtl26hqX03Jb
uPHhd5Ne1AtN57gG592vQRHrOBTCqVNc4iGQoTA4z+NqK9441pAWpYviBLVaLYdo
E29v1BqB1XPwgLdr0kUujdVf9ZjZ75IDSnJH2C8S39UKzONfaopWXz/pBPJFe+dm
4QVALfStGbHMYYychmYJC7ZHldfyD0RaCD2zsnsEEStYw3LaqZDZrNrins5LU1M8
BqfZuNRyMjmp5ffKcFe6bcNazqc1kscSc7+LzphHwJpRrKImYW/YuzefzUd46i9f
pRdLuc9MZ6QEd9/+9NsZJCc/u9Ejjiti2+Mnucea6Mbo/Kcg+sUEI7XwjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQwUYVhQZSvb3H69ECl6j/feERjMB8GA1UdIwQY
MBaAFGWcNWYzOI6b2JfQAKPzi8HlRu9KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlp3MVpqTTRqcHZZbDlBQW9fT0x3ZVZHNzBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC83Yzc4NTEtNTg1Yi00OWYxLThiZTkt
M2M3ZTRmOTNlNDJiLzEvQkRCUmhXRkJsSzl2Y2ZyMFFLWHFQOTk0UkdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC83Yzc4NTEtNTg1Yi00OWYxLThiZTktM2M3ZTRmOTNlNDJi
LzEvWlp3MVpqTTRqcHZZbDlBQW9fT0x3ZVZHNzBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSawMA0G
CSqGSIb3DQEBCwUAA4IBAQBgT1A0eKxPUXS9KA9DKGPQv3f0ZnxX830qv8EbIqC2
VF4751gB3gXdEIiPMJuGdfHd6fi46AunKiiue0JEG2DpDr4yxyjc6OGfQCY351iK
MzXFlqTHLVyUzxbz4dHbvWx0GMl4KlkDn5xGC1GW1NNOKYdoIqUnBsriT0qnMeL/
OUUTrQ/2r8nRZUlucwlVIknMrBBeclADPtBZXQ01pCQVEZiL6rmqV7MpMebpOG+5
/uWam/J0YFnkXZ1iPtTxqoZ7ill7W6y6s8vljOvveOK4SL49ifgUVCOjdPDcIdjT
njBR9hy8ifGLPJ3/pyIZ8qcjjd1wYsaMsLQ2PZ7uLACW
-----END CERTIFICATE-----