Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/6e2db7-43a7-4899-ad49-4bec8f1b58ee/1/BWYpzo70mxEjR4c9XqRLTGXDP7c.roa
File:                     BWYpzo70mxEjR4c9XqRLTGXDP7c.roa (raw, json)
Hash identifier:          iIvUwrhpYm97lxoKew8pxm1T6w+rCRjLgnYBZjQ/LPs=
Subject key identifier:   05:66:29:CE:8E:F4:9B:11:23:47:87:3D:5E:A4:4B:4C:65:C3:3F:B7
Certificate issuer:       /CN=dba1240555d86c8dbde836edd164cd328fae63b5
Certificate serial:       019386CE800A0F8C679601950CD8075A3A02
Authority key identifier: DB:A1:24:05:55:D8:6C:8D:BD:E8:36:ED:D1:64:CD:32:8F:AE:63:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/26EkBVXYbI296Dbt0WTNMo-uY7U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/6e2db7-43a7-4899-ad49-4bec8f1b58ee/1/BWYpzo70mxEjR4c9XqRLTGXDP7c.roa
Signing time:             Mon 02 Dec 2024 09:58:20 +0000
ROA not before:           Mon 02 Dec 2024 09:58:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197543
IP address blocks:        195.184.84.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/6e2db7-43a7-4899-ad49-4bec8f1b58ee/1/26EkBVXYbI296Dbt0WTNMo-uY7U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/6e2db7-43a7-4899-ad49-4bec8f1b58ee/1/26EkBVXYbI296Dbt0WTNMo-uY7U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/26EkBVXYbI296Dbt0WTNMo-uY7U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:86:ce:80:0a:0f:8c:67:96:01:95:0c:d8:07:5a:3a:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dba1240555d86c8dbde836edd164cd328fae63b5
        Validity
            Not Before: Dec  2 09:58:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=056629ce8ef49b112347873d5ea44b4c65c33fb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e4:5a:1e:75:94:63:51:eb:79:29:9f:99:80:
                    13:8a:83:4f:6c:d5:71:b1:d0:f1:68:69:e3:40:10:
                    3b:23:ac:dd:89:c9:ac:bf:ae:9f:5d:f8:af:52:b4:
                    24:31:72:17:b0:bc:bc:fe:3a:d9:ad:a6:6a:49:53:
                    82:b2:12:ec:32:fd:88:2e:96:62:3d:a1:67:50:dd:
                    39:89:8c:e8:fe:cd:55:c5:e8:01:27:42:3a:9f:6a:
                    07:08:73:78:f7:4c:f1:b4:35:22:dd:53:48:b4:80:
                    79:58:26:02:3a:78:c4:fa:5a:25:1e:93:a0:97:68:
                    42:c7:ae:d3:b7:89:c6:86:81:b2:eb:94:ca:b5:b9:
                    9c:f1:94:28:5c:cb:66:a4:19:dc:a8:b4:58:c6:57:
                    f4:57:28:50:f7:08:2b:57:9f:ce:53:bc:95:27:7a:
                    c7:38:01:3b:53:07:a9:ff:1a:a2:65:09:84:16:93:
                    cb:5b:c0:5d:88:61:bc:88:05:77:26:39:df:8b:3b:
                    62:fa:49:ba:ec:d2:99:b4:aa:de:e0:f9:f1:84:56:
                    48:5c:ea:01:99:1b:c1:d2:14:77:67:91:f3:98:11:
                    14:ef:e1:7f:da:45:56:7c:97:43:bc:4f:98:18:71:
                    0a:b0:35:69:2f:e0:83:bd:85:22:76:7c:ad:c9:8a:
                    32:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:66:29:CE:8E:F4:9B:11:23:47:87:3D:5E:A4:4B:4C:65:C3:3F:B7
            X509v3 Authority Key Identifier:
                keyid:DB:A1:24:05:55:D8:6C:8D:BD:E8:36:ED:D1:64:CD:32:8F:AE:63:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/26EkBVXYbI296Dbt0WTNMo-uY7U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/6e2db7-43a7-4899-ad49-4bec8f1b58ee/1/BWYpzo70mxEjR4c9XqRLTGXDP7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/6e2db7-43a7-4899-ad49-4bec8f1b58ee/1/26EkBVXYbI296Dbt0WTNMo-uY7U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.184.84.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:ca:e6:0c:5c:ce:86:3d:d1:db:19:6c:e5:76:fa:5e:71:97:
         cc:f3:2e:9e:0a:48:b5:9d:2c:05:5b:15:67:83:ba:02:29:7f:
         82:07:04:2f:eb:f8:ec:a8:f8:36:0b:3c:dd:2a:a2:0a:2d:f6:
         06:30:73:60:73:2c:5a:bd:fe:76:51:80:b7:7f:86:cb:89:2f:
         83:61:83:8d:12:aa:ad:5e:14:36:c0:68:e0:d7:1a:f6:2e:a5:
         2c:30:dd:92:d9:70:dc:b8:5d:0b:0c:3f:a6:2a:a6:a4:95:c9:
         fb:7d:69:5d:5a:bc:46:86:c2:cc:28:92:9e:6a:39:8c:63:e0:
         31:37:85:90:d3:f7:4f:12:f2:35:3f:d2:2c:b6:c1:cf:e6:e8:
         fc:d6:cf:1d:1f:0d:db:de:88:f5:71:a4:ff:cd:bb:b0:03:0a:
         d0:36:49:12:c6:f3:b4:be:79:a8:e6:17:ec:cc:ae:de:82:d4:
         7c:d1:82:9a:5d:4d:85:bd:33:c9:bf:9b:57:85:64:31:86:b2:
         b2:2b:8c:fd:26:b5:35:ff:28:6f:b8:21:74:18:b8:9f:86:78:
         c5:fe:a2:57:65:11:3f:e4:72:3d:6d:35:7f:06:a1:5a:e1:93:
         5d:e8:12:22:15:78:b0:30:28:0c:47:73:01:e0:a3:7c:07:d8:
         89:0e:88:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZOGzoAKD4xnlgGVDNgHWjoCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYTEyNDA1NTVkODZjOGRiZGU4MzZlZGQxNjRjZDMyOGZh
ZTYzYjUwHhcNMjQxMjAyMDk1ODIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTY2MjljZThlZjQ5YjExMjM0Nzg3M2Q1ZWE0NGI0YzY1YzMzZmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeRaHnWUY1HreSmfmYATioNPbNVx
sdDxaGnjQBA7I6zdicmsv66fXfivUrQkMXIXsLy8/jrZraZqSVOCshLsMv2ILpZi
PaFnUN05iYzo/s1VxegBJ0I6n2oHCHN490zxtDUi3VNItIB5WCYCOnjE+lolHpOg
l2hCx67Tt4nGhoGy65TKtbmc8ZQoXMtmpBncqLRYxlf0VyhQ9wgrV5/OU7yVJ3rH
OAE7Uwep/xqiZQmEFpPLW8BdiGG8iAV3Jjnfizti+km67NKZtKre4PnxhFZIXOoB
mRvB0hR3Z5HzmBEU7+F/2kVWfJdDvE+YGHEKsDVpL+CDvYUidnytyYoynwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAVmKc6O9JsRI0eHPV6kS0xlwz+3MB8GA1UdIwQY
MBaAFNuhJAVV2GyNveg27dFkzTKPrmO1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjZFa0JWWFliSTI5NkRidDBXVE5Nby11WTdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS82ZTJkYjctNDNhNy00ODk5LWFkNDkt
NGJlYzhmMWI1OGVlLzEvQldZcHpvNzBteEVqUjRjOVhxUkxUR1hEUDdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS82ZTJkYjctNDNhNy00ODk5LWFkNDktNGJlYzhmMWI1OGVl
LzEvMjZFa0JWWFliSTI5NkRidDBXVE5Nby11WTdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7hUMA0G
CSqGSIb3DQEBCwUAA4IBAQA2yuYMXM6GPdHbGWzldvpecZfM8y6eCki1nSwFWxVn
g7oCKX+CBwQv6/jsqPg2CzzdKqIKLfYGMHNgcyxavf52UYC3f4bLiS+DYYONEqqt
XhQ2wGjg1xr2LqUsMN2S2XDcuF0LDD+mKqaklcn7fWldWrxGhsLMKJKeajmMY+Ax
N4WQ0/dPEvI1P9IstsHP5uj81s8dHw3b3oj1caT/zbuwAwrQNkkSxvO0vnmo5hfs
zK7egtR80YKaXU2FvTPJv5tXhWQxhrKyK4z9JrU1/yhvuCF0GLifhnjF/qJXZRE/
5HI9bTV/BqFa4ZNd6BIiFXiwMCgMR3MB4KN8B9iJDoiq
-----END CERTIFICATE-----