Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/4edc36-4d53-47cf-a6fc-b51154628fb3/1/BW_w5tNvIWO1-tVFP8df1MdaWTA.roa
File:                     BW_w5tNvIWO1-tVFP8df1MdaWTA.roa (raw, json)
Hash identifier:          rExjPSaaFahRIKD/ZiQ7dk1JIKInqDzh+Jo+aqkHWCA=
Subject key identifier:   05:6F:F0:E6:D3:6F:21:63:B5:FA:D5:45:3F:C7:5F:D4:C7:5A:59:30
Certificate issuer:       /CN=a9ac1f8595bad558240d74068000a1cf708ba1a5
Certificate serial:       019427B5111212E15E9B6409165D77E7EA5F
Authority key identifier: A9:AC:1F:85:95:BA:D5:58:24:0D:74:06:80:00:A1:CF:70:8B:A1:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qawfhZW61VgkDXQGgAChz3CLoaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/4edc36-4d53-47cf-a6fc-b51154628fb3/1/BW_w5tNvIWO1-tVFP8df1MdaWTA.roa
Signing time:             Thu 02 Jan 2025 15:49:25 +0000
ROA not before:           Thu 02 Jan 2025 15:49:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212181
IP address blocks:        193.47.149.0/24 maxlen: 24
                          2a10:1180::/31 maxlen: 31
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/4edc36-4d53-47cf-a6fc-b51154628fb3/1/qawfhZW61VgkDXQGgAChz3CLoaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/4edc36-4d53-47cf-a6fc-b51154628fb3/1/qawfhZW61VgkDXQGgAChz3CLoaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qawfhZW61VgkDXQGgAChz3CLoaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:11:12:12:e1:5e:9b:64:09:16:5d:77:e7:ea:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9ac1f8595bad558240d74068000a1cf708ba1a5
        Validity
            Not Before: Jan  2 15:49:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=056ff0e6d36f2163b5fad5453fc75fd4c75a5930
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c2:f7:6e:8b:4c:05:f8:fb:48:9f:52:d6:4c:
                    78:64:f4:ba:86:b8:ec:e9:57:a1:8d:37:15:e6:12:
                    86:4e:1e:1a:96:22:7e:f8:11:bc:dc:6f:cd:c5:b9:
                    e3:e8:32:3f:8a:95:48:87:60:08:0e:3c:46:29:ea:
                    bc:7b:94:95:e9:b4:90:2c:78:69:27:0d:ac:79:96:
                    83:12:e2:61:2c:fa:27:3b:e4:ba:5a:15:fe:66:af:
                    11:fa:da:bc:10:a9:f4:6a:2f:53:52:8d:56:3d:45:
                    29:0b:36:c2:cb:65:b2:44:bf:e6:d2:6e:fe:9e:63:
                    3e:a2:d9:8a:f1:97:50:64:fc:30:db:28:a2:55:81:
                    a7:73:28:82:94:66:ba:6b:0b:a3:d6:b6:2d:bb:d6:
                    6e:4b:a7:98:72:95:15:c1:80:67:50:17:bd:a8:52:
                    a5:8d:2e:5d:ce:75:d2:99:db:8d:93:03:6a:2a:1e:
                    e1:a6:db:2c:71:07:d4:77:21:85:1a:bc:a2:8b:79:
                    9b:1a:27:2d:e6:bb:e1:99:e0:27:18:d2:63:55:9a:
                    a3:a2:49:b0:81:3b:0c:8e:73:b7:00:39:ad:c2:86:
                    15:9f:0f:97:c7:0a:68:61:d5:e0:35:e2:6e:3f:c5:
                    7f:c0:8c:15:a0:73:6a:59:3c:7b:ba:d6:f0:29:eb:
                    43:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:6F:F0:E6:D3:6F:21:63:B5:FA:D5:45:3F:C7:5F:D4:C7:5A:59:30
            X509v3 Authority Key Identifier:
                keyid:A9:AC:1F:85:95:BA:D5:58:24:0D:74:06:80:00:A1:CF:70:8B:A1:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qawfhZW61VgkDXQGgAChz3CLoaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/4edc36-4d53-47cf-a6fc-b51154628fb3/1/BW_w5tNvIWO1-tVFP8df1MdaWTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/4edc36-4d53-47cf-a6fc-b51154628fb3/1/qawfhZW61VgkDXQGgAChz3CLoaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.47.149.0/24
                IPv6:
                  2a10:1180::/31

    Signature Algorithm: sha256WithRSAEncryption
         1a:e5:13:46:48:c6:de:ee:d8:41:a4:2e:c1:43:8f:17:62:55:
         40:34:27:b6:a9:66:62:24:c5:32:11:32:47:01:7b:45:7b:8e:
         ba:f6:5f:c5:10:cb:f8:b4:64:5d:f4:6a:ac:6b:29:c0:92:98:
         ef:95:7a:ee:d3:42:84:26:9a:0f:65:0b:82:71:73:58:db:fd:
         61:f5:b5:69:a9:de:ed:44:f2:47:85:c6:41:ce:37:6a:75:11:
         1c:43:bd:b8:0a:e7:4b:08:e3:03:b6:46:0f:f1:6d:46:bb:4d:
         50:d2:c3:8e:df:87:6b:ad:dd:61:ad:f5:2c:7e:32:82:21:63:
         56:b9:67:d9:e2:78:95:da:83:e7:a7:00:e6:8d:b5:38:c3:d2:
         15:b1:96:91:ee:13:37:ad:8f:1f:3a:c6:31:55:c8:b3:cb:94:
         73:80:01:96:fd:cc:5c:86:ef:87:d7:35:c9:08:3a:6d:4a:30:
         66:1c:a1:bc:f5:88:9f:6a:a2:49:c6:6a:11:ac:58:f2:a7:4c:
         e7:b6:ad:dd:a9:96:53:3d:7b:c8:cf:98:08:3c:05:49:98:8e:
         16:a0:2e:a6:3a:bb:32:3b:0d:9a:fb:b2:eb:00:59:10:24:04:
         72:09:40:50:a0:8c:10:85:5d:bf:7a:b9:33:37:ac:ad:e5:27:
         c0:95:2b:a0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntRESEuFem2QJFl135+pfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5YWMxZjg1OTViYWQ1NTgyNDBkNzQwNjgwMDBhMWNmNzA4
YmExYTUwHhcNMjUwMTAyMTU0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTZmZjBlNmQzNmYyMTYzYjVmYWQ1NDUzZmM3NWZkNGM3NWE1OTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8L3botMBfj7SJ9S1kx4ZPS6hrjs
6VehjTcV5hKGTh4aliJ++BG83G/Nxbnj6DI/ipVIh2AIDjxGKeq8e5SV6bSQLHhp
Jw2seZaDEuJhLPonO+S6WhX+Zq8R+tq8EKn0ai9TUo1WPUUpCzbCy2WyRL/m0m7+
nmM+otmK8ZdQZPww2yiiVYGncyiClGa6awuj1rYtu9ZuS6eYcpUVwYBnUBe9qFKl
jS5dznXSmduNkwNqKh7hptsscQfUdyGFGryii3mbGict5rvhmeAnGNJjVZqjokmw
gTsMjnO3ADmtwoYVnw+XxwpoYdXgNeJuP8V/wIwVoHNqWTx7utbwKetD6wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAVv8ObTbyFjtfrVRT/HX9THWlkwMB8GA1UdIwQY
MBaAFKmsH4WVutVYJA10BoAAoc9wi6GlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWF3ZmhaVzYxVmdrRFhRR2dBQ2h6M0NMb2FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni80ZWRjMzYtNGQ1My00N2NmLWE2ZmMt
YjUxMTU0NjI4ZmIzLzEvQldfdzV0TnZJV08xLXRWRlA4ZGYxTWRhV1RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni80ZWRjMzYtNGQ1My00N2NmLWE2ZmMtYjUxMTU0NjI4ZmIz
LzEvcWF3ZmhaVzYxVmdrRFhRR2dBQ2h6M0NMb2FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwS+VMA0E
AgACMAcDBQEqEBGAMA0GCSqGSIb3DQEBCwUAA4IBAQAa5RNGSMbe7thBpC7BQ48X
YlVANCe2qWZiJMUyETJHAXtFe4669l/FEMv4tGRd9GqsaynAkpjvlXru00KEJpoP
ZQuCcXNY2/1h9bVpqd7tRPJHhcZBzjdqdREcQ724CudLCOMDtkYP8W1Gu01Q0sOO
34drrd1hrfUsfjKCIWNWuWfZ4niV2oPnpwDmjbU4w9IVsZaR7hM3rY8fOsYxVciz
y5RzgAGW/cxchu+H1zXJCDptSjBmHKG89YifaqJJxmoRrFjyp0zntq3dqZZTPXvI
z5gIPAVJmI4WoC6mOrsyOw2a+7LrAFkQJARyCUBQoIwQhV2/erkzN6yt5SfAlSug
-----END CERTIFICATE-----