Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/BQWPqt9jncSZokM-5sUWyJUDhDc.roa
File:                     BQWPqt9jncSZokM-5sUWyJUDhDc.roa (raw, json)
Hash identifier:          KQ/z7QeZYgLQQn1vELQ2I/HM4J8R9zakq3V1GCY6W9o=
Subject key identifier:   05:05:8F:AA:DF:63:9D:C4:99:A2:43:3E:E6:C5:16:C8:95:03:84:37
Certificate issuer:       /CN=91f5fcedbdb84dd52fc6770d7ccfd3fc6684fa41
Certificate serial:       018CF50A957F107A4F18CD8EEC4D7505FEB2
Authority key identifier: 91:F5:FC:ED:BD:B8:4D:D5:2F:C6:77:0D:7C:CF:D3:FC:66:84:FA:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kfX87b24TdUvxncNfM_T_GaE-kE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/BQWPqt9jncSZokM-5sUWyJUDhDc.roa
Signing time:             Wed 10 Jan 2024 20:22:40 +0000
ROA not before:           Wed 10 Jan 2024 20:22:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        45.82.62.0/24 maxlen: 24
                          45.82.63.0/24 maxlen: 24
                          45.82.60.0/24 maxlen: 24
                          45.82.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/kfX87b24TdUvxncNfM_T_GaE-kE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/kfX87b24TdUvxncNfM_T_GaE-kE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kfX87b24TdUvxncNfM_T_GaE-kE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f5:0a:95:7f:10:7a:4f:18:cd:8e:ec:4d:75:05:fe:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91f5fcedbdb84dd52fc6770d7ccfd3fc6684fa41
        Validity
            Not Before: Jan 10 20:22:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05058faadf639dc499a2433ee6c516c895038437
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:91:2c:b2:bf:4d:74:92:9a:af:3b:72:e6:1f:
                    34:78:9e:eb:d2:de:ce:95:de:2a:e1:5d:f8:64:08:
                    16:88:c9:c3:83:d9:39:08:30:4a:72:24:82:69:08:
                    18:6d:38:54:c5:60:88:df:5a:21:5f:9c:d2:46:c8:
                    2e:33:28:57:6d:48:2f:4f:75:3c:0d:80:d3:41:46:
                    0b:49:4e:b0:e3:c8:37:26:84:8e:1f:af:f9:41:f8:
                    f1:65:95:12:8e:ad:31:66:79:7b:4b:95:0e:3d:0f:
                    c2:c2:a3:61:78:24:61:c1:fd:7b:ea:6c:46:a8:94:
                    22:a1:ee:62:d8:78:a2:09:7b:d0:8e:96:05:16:a4:
                    37:9d:45:b4:ea:03:12:26:dc:71:23:e3:91:54:10:
                    39:95:c1:16:e3:bc:a5:85:64:73:ca:f3:57:cd:ad:
                    3a:b3:48:99:40:dc:00:5e:49:96:5e:c3:28:28:db:
                    a1:62:74:b9:cb:58:e3:1e:00:33:49:55:6f:2d:b0:
                    ad:c0:6e:17:8b:8d:a8:d2:94:ed:2d:ba:cb:3c:11:
                    c6:d9:b6:d4:d4:6f:5e:e5:7b:b0:93:8d:16:56:1b:
                    19:fb:c7:a2:52:29:6e:ab:8d:53:b0:dd:2c:50:1b:
                    b6:15:54:7c:99:cc:44:b9:a9:00:0a:08:c3:b0:ec:
                    c3:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:05:8F:AA:DF:63:9D:C4:99:A2:43:3E:E6:C5:16:C8:95:03:84:37
            X509v3 Authority Key Identifier:
                keyid:91:F5:FC:ED:BD:B8:4D:D5:2F:C6:77:0D:7C:CF:D3:FC:66:84:FA:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kfX87b24TdUvxncNfM_T_GaE-kE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/BQWPqt9jncSZokM-5sUWyJUDhDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/kfX87b24TdUvxncNfM_T_GaE-kE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ad:40:35:34:44:96:47:bb:8c:cb:a8:99:bf:54:cc:31:fe:d7:
         10:2f:29:0c:e4:da:df:9c:9f:55:52:58:63:2b:ec:83:6b:9b:
         31:80:9b:cf:2e:c0:1a:89:fb:fc:4f:38:1f:86:b2:8a:c6:81:
         ea:1c:bd:45:a4:f7:7a:8d:5d:ec:6e:79:45:8e:d7:01:e8:9d:
         e0:82:d1:20:a3:0d:19:6a:43:0e:62:4e:df:67:ae:dc:4c:fa:
         c5:67:3a:ab:79:54:ce:33:5b:03:e2:68:1f:04:99:b3:a7:7e:
         91:5b:08:de:48:05:48:c6:e5:33:a8:1a:20:82:e4:81:d7:35:
         cf:31:a6:67:5c:1f:b5:64:74:67:f6:cd:42:94:22:42:d3:03:
         d5:74:ce:2b:c9:ec:f4:34:b1:b3:31:f0:46:03:1c:00:93:f9:
         bb:0f:a7:ad:d8:91:cd:2d:0d:1a:c3:96:a9:8f:40:39:97:a7:
         f1:cc:ff:dd:f7:4e:35:52:63:56:54:dd:d9:42:87:4f:59:88:
         8b:b5:36:36:d8:af:78:c2:30:21:63:80:e5:0f:b5:3f:17:19:
         79:75:01:90:6f:fc:15:37:d9:fa:5b:b1:5f:cb:50:7c:da:49:
         96:ed:16:53:6c:68:bd:64:f3:a6:2f:6d:f6:5a:31:b7:b9:7d:
         70:b1:83:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYz1CpV/EHpPGM2O7E11Bf6yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZjVmY2VkYmRiODRkZDUyZmM2NzcwZDdjY2ZkM2ZjNjY4
NGZhNDEwHhcNMjQwMTEwMjAyMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTA1OGZhYWRmNjM5ZGM0OTlhMjQzM2VlNmM1MTZjODk1MDM4NDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpEssr9NdJKarzty5h80eJ7r0t7O
ld4q4V34ZAgWiMnDg9k5CDBKciSCaQgYbThUxWCI31ohX5zSRsguMyhXbUgvT3U8
DYDTQUYLSU6w48g3JoSOH6/5QfjxZZUSjq0xZnl7S5UOPQ/CwqNheCRhwf176mxG
qJQioe5i2HiiCXvQjpYFFqQ3nUW06gMSJtxxI+ORVBA5lcEW47ylhWRzyvNXza06
s0iZQNwAXkmWXsMoKNuhYnS5y1jjHgAzSVVvLbCtwG4Xi42o0pTtLbrLPBHG2bbU
1G9e5Xuwk40WVhsZ+8eiUiluq41TsN0sUBu2FVR8mcxEuakACgjDsOzD1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUFj6rfY53EmaJDPubFFsiVA4Q3MB8GA1UdIwQY
MBaAFJH1/O29uE3VL8Z3DXzP0/xmhPpBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2ZYODdiMjRUZFV2eG5jTmZNX1RfR2FFLWtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC85YTA5ODEtMGFkOC00OGE1LWJmZWMt
OGNjOTgzMzYxMWU2LzEvQlFXUHF0OWpuY1Nab2tNLTVzVVd5SlVEaERjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC85YTA5ODEtMGFkOC00OGE1LWJmZWMtOGNjOTgzMzYxMWU2
LzEva2ZYODdiMjRUZFV2eG5jTmZNX1RfR2FFLWtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVI8MA0G
CSqGSIb3DQEBCwUAA4IBAQCtQDU0RJZHu4zLqJm/VMwx/tcQLykM5NrfnJ9VUlhj
K+yDa5sxgJvPLsAaifv8TzgfhrKKxoHqHL1FpPd6jV3sbnlFjtcB6J3ggtEgow0Z
akMOYk7fZ67cTPrFZzqreVTOM1sD4mgfBJmzp36RWwjeSAVIxuUzqBogguSB1zXP
MaZnXB+1ZHRn9s1ClCJC0wPVdM4ryez0NLGzMfBGAxwAk/m7D6et2JHNLQ0aw5ap
j0A5l6fxzP/d9041UmNWVN3ZQodPWYiLtTY22K94wjAhY4DlD7U/Fxl5dQGQb/wV
N9n6W7Ffy1B82kmW7RZTbGi9ZPOmL232WjG3uX1wsYMl
-----END CERTIFICATE-----