Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/BvkVxfOV6xzbHt_E5krtrrG-iWE.roa
File:                     BvkVxfOV6xzbHt_E5krtrrG-iWE.roa (raw, json)
Hash identifier:          Kj00IUpZrE7GV0PQtGwK47Oekn7hpGeTTRiOBcMZctI=
Subject key identifier:   06:F9:15:C5:F3:95:EB:1C:DB:1E:DF:C4:E6:4A:ED:AE:B1:BE:89:61
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       018CC500BEE3AE9F09E1F2A0DF38475064CC
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/BvkVxfOV6xzbHt_E5krtrrG-iWE.roa
Signing time:             Mon 01 Jan 2024 12:30:09 +0000
ROA not before:           Mon 01 Jan 2024 12:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59580
IP address blocks:        85.93.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:be:e3:ae:9f:09:e1:f2:a0:df:38:47:50:64:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jan  1 12:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06f915c5f395eb1cdb1edfc4e64aedaeb1be8961
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:4e:6c:32:9b:40:c3:07:a3:0d:7d:45:c2:c3:
                    6b:f8:77:bc:88:e9:f2:6e:97:ea:0e:3b:31:e7:fd:
                    c1:a8:e1:db:7d:48:86:d1:5b:6a:73:e9:72:d1:24:
                    66:44:73:51:67:2c:09:48:9d:68:cd:49:05:aa:89:
                    5a:de:e2:3b:ee:2d:c3:60:31:ce:2e:de:82:a1:c9:
                    12:19:33:ea:af:5b:2c:37:f6:b3:9b:26:82:d8:35:
                    5b:b6:cc:24:28:74:e4:05:69:a9:12:a9:92:8e:47:
                    82:b6:97:b6:78:f8:a0:02:87:f4:0c:9d:19:8f:5e:
                    50:84:0e:a4:37:d4:ad:8c:73:c9:1f:9c:9f:51:a0:
                    aa:c3:9b:f5:82:6f:cb:1f:af:6f:96:10:30:69:e7:
                    1b:d8:10:ef:ec:6e:55:31:69:78:fa:a6:3a:d5:05:
                    83:df:ec:b3:19:56:aa:a1:d5:44:e8:2c:76:59:bd:
                    6d:a0:a3:36:a3:7a:8a:b6:8a:b5:2e:4a:96:8f:6b:
                    41:72:a7:ad:d9:68:71:1b:9d:69:1c:eb:3e:c7:fb:
                    65:ff:57:d5:cc:44:17:d2:0c:9c:92:fa:54:67:41:
                    39:42:88:8a:de:30:0c:05:b1:07:07:e6:26:3c:68:
                    93:7b:73:6f:c5:b6:7d:58:01:d8:b4:23:65:4b:03:
                    7e:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:F9:15:C5:F3:95:EB:1C:DB:1E:DF:C4:E6:4A:ED:AE:B1:BE:89:61
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/BvkVxfOV6xzbHt_E5krtrrG-iWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.93.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:de:7a:5c:db:33:ea:bf:ee:f8:a1:43:15:4d:dc:38:e6:e7:
         b9:d0:ff:b8:f5:b6:d1:1d:14:03:aa:9c:28:80:ac:c1:bd:52:
         d7:1b:c9:3d:82:34:5f:68:05:d3:d5:f9:e5:5c:60:a7:b8:48:
         e1:f6:cf:c5:f6:6e:c3:fe:06:f8:3a:e2:b1:7d:91:2a:73:64:
         d9:58:bd:e3:fe:c7:83:f1:09:ee:5f:34:62:9b:2a:02:36:b2:
         17:43:53:63:f7:75:a7:b4:db:dc:b4:b2:51:cc:7d:89:9f:27:
         cf:02:cd:29:69:2e:83:db:66:15:6e:32:06:49:59:27:47:34:
         90:2f:93:39:d0:39:d5:c6:17:1d:ef:5b:79:9b:76:d9:fd:d9:
         2f:6d:5c:fd:95:c1:b7:07:b3:60:be:69:fb:d4:08:1f:8d:43:
         1f:ba:67:50:17:f5:67:19:a7:3c:8c:4a:53:e7:ea:47:42:33:
         a5:03:2b:9b:e4:89:07:fc:5a:9d:42:ec:33:dd:50:5e:a0:b6:
         41:9e:d3:23:95:0b:ce:94:34:56:cc:91:8c:0a:cf:86:02:b7:
         1b:29:fe:a3:e5:df:32:54:d8:0e:92:b2:45:a4:77:45:23:75:
         21:2e:a7:84:12:1e:5b:19:19:6f:83:62:48:aa:9c:2a:7d:64:
         4a:6b:31:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAL7jrp8J4fKg3zhHUGTMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQwMTAxMTIzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmY5MTVjNWYzOTVlYjFjZGIxZWRmYzRlNjRhZWRhZWIxYmU4OTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAok5sMptAwwejDX1FwsNr+He8iOny
bpfqDjsx5/3BqOHbfUiG0Vtqc+ly0SRmRHNRZywJSJ1ozUkFqola3uI77i3DYDHO
Lt6CockSGTPqr1ssN/azmyaC2DVbtswkKHTkBWmpEqmSjkeCtpe2ePigAof0DJ0Z
j15QhA6kN9StjHPJH5yfUaCqw5v1gm/LH69vlhAwaecb2BDv7G5VMWl4+qY61QWD
3+yzGVaqodVE6Cx2Wb1toKM2o3qKtoq1LkqWj2tBcqet2WhxG51pHOs+x/tl/1fV
zEQX0gyckvpUZ0E5QoiK3jAMBbEHB+YmPGiTe3NvxbZ9WAHYtCNlSwN+TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAb5FcXzlesc2x7fxOZK7a6xvolhMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvQnZrVnhmT1Y2eHpiSHRfRTVrcnRyckctaVdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVV0CMA0G
CSqGSIb3DQEBCwUAA4IBAQA+3npc2zPqv+74oUMVTdw45ue50P+49bbRHRQDqpwo
gKzBvVLXG8k9gjRfaAXT1fnlXGCnuEjh9s/F9m7D/gb4OuKxfZEqc2TZWL3j/seD
8QnuXzRimyoCNrIXQ1Nj93WntNvctLJRzH2JnyfPAs0paS6D22YVbjIGSVknRzSQ
L5M50DnVxhcd71t5m3bZ/dkvbVz9lcG3B7Ngvmn71AgfjUMfumdQF/VnGac8jEpT
5+pHQjOlAyub5IkH/FqdQuwz3VBeoLZBntMjlQvOlDRWzJGMCs+GArcbKf6j5d8y
VNgOkrJFpHdFI3UhLqeEEh5bGRlvg2JIqpwqfWRKazGK
-----END CERTIFICATE-----