Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/fd5a98-272f-4078-948d-6fa868921dfb/1/BJw2joVz3nbC0W6vPtVpsy9YBNw.roa
File:                     BJw2joVz3nbC0W6vPtVpsy9YBNw.roa (raw, json)
Hash identifier:          twhxJEynK75YRhiA/t0kHdREwc9XodmuvYaSf/2XpSY=
Subject key identifier:   04:9C:36:8E:85:73:DE:76:C2:D1:6E:AF:3E:D5:69:B3:2F:58:04:DC
Certificate issuer:       /CN=5c61ab4a6df9bb95cfde8af076668a595b341de1
Certificate serial:       0192D8BCFCA4AD4F60582CF91CB6A37E0178
Authority key identifier: 5C:61:AB:4A:6D:F9:BB:95:CF:DE:8A:F0:76:66:8A:59:5B:34:1D:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XGGrSm35u5XP3orwdmaKWVs0HeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/fd5a98-272f-4078-948d-6fa868921dfb/1/BJw2joVz3nbC0W6vPtVpsy9YBNw.roa
Signing time:             Tue 29 Oct 2024 14:45:16 +0000
ROA not before:           Tue 29 Oct 2024 14:45:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     559
IP address blocks:        160.85.0.0/16 maxlen: 16
                          193.5.54.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/fd5a98-272f-4078-948d-6fa868921dfb/1/XGGrSm35u5XP3orwdmaKWVs0HeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/fd5a98-272f-4078-948d-6fa868921dfb/1/XGGrSm35u5XP3orwdmaKWVs0HeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XGGrSm35u5XP3orwdmaKWVs0HeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d8:bc:fc:a4:ad:4f:60:58:2c:f9:1c:b6:a3:7e:01:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c61ab4a6df9bb95cfde8af076668a595b341de1
        Validity
            Not Before: Oct 29 14:45:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=049c368e8573de76c2d16eaf3ed569b32f5804dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0e:c8:9a:c3:8b:b4:87:3d:2b:e1:72:46:db:
                    eb:42:3f:31:7e:76:36:b2:15:53:eb:75:06:c2:b4:
                    db:fc:06:d7:3b:02:78:eb:e9:e0:ee:67:67:02:77:
                    82:5b:72:e6:8e:6b:2d:05:fa:81:e5:86:e1:30:51:
                    11:78:62:3f:33:1c:76:60:8e:65:f1:5d:fe:86:00:
                    39:e8:ac:4a:4c:d3:49:52:0c:f1:46:7b:b7:f4:f7:
                    b2:0d:6e:74:96:c3:0e:99:18:f4:1e:a0:f1:8a:10:
                    eb:cf:15:02:ba:ab:45:98:f5:42:ac:ff:89:2a:af:
                    62:84:95:52:a1:15:3c:89:69:de:c0:82:85:e3:8a:
                    f3:aa:24:15:c8:7c:25:74:bc:90:5a:eb:5a:b7:4b:
                    c1:17:33:69:c2:83:72:c8:b3:7b:5b:16:58:49:52:
                    9a:22:f7:32:72:5c:4c:2c:37:38:a4:3b:f2:e8:74:
                    6c:6e:5e:10:42:65:77:e5:57:b3:cf:36:fd:29:c6:
                    7d:40:c3:cb:9e:af:40:45:28:19:b0:19:1f:22:91:
                    09:8e:4b:bc:7f:5b:e7:96:57:a6:d0:60:ee:03:d6:
                    e0:e0:29:39:7f:42:74:a8:db:07:eb:49:a2:fe:31:
                    fc:23:ba:87:11:61:40:8f:a8:6e:1e:25:f9:51:25:
                    a7:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:9C:36:8E:85:73:DE:76:C2:D1:6E:AF:3E:D5:69:B3:2F:58:04:DC
            X509v3 Authority Key Identifier:
                keyid:5C:61:AB:4A:6D:F9:BB:95:CF:DE:8A:F0:76:66:8A:59:5B:34:1D:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XGGrSm35u5XP3orwdmaKWVs0HeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/fd5a98-272f-4078-948d-6fa868921dfb/1/BJw2joVz3nbC0W6vPtVpsy9YBNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/fd5a98-272f-4078-948d-6fa868921dfb/1/XGGrSm35u5XP3orwdmaKWVs0HeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.85.0.0/16
                  193.5.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:aa:4d:8b:47:f9:25:11:d1:28:25:49:e1:15:ab:47:b8:7a:
         54:42:23:89:b1:83:8e:4f:fe:33:84:e9:c7:43:48:00:e5:d4:
         ac:ba:b3:d8:2a:83:09:36:cb:e0:1d:2c:33:80:6b:57:c0:08:
         58:e1:0a:f5:6f:56:bf:2f:4e:26:ec:86:30:f6:0d:52:cf:b9:
         78:1c:84:a5:7b:60:b0:be:b3:c0:c4:b2:93:4a:0b:d8:98:fb:
         9f:df:aa:f3:ee:1b:e9:da:f1:56:00:ec:b8:3f:3d:d2:a9:73:
         f3:0a:60:eb:0c:57:08:c1:95:89:37:c8:65:c0:9e:97:bb:4f:
         f8:91:53:34:0f:93:cd:e8:2f:a5:08:1d:42:da:56:c9:0e:e3:
         ae:be:6f:f8:44:a0:cf:aa:86:75:9b:7d:90:24:b0:59:ca:6a:
         0e:e6:0b:bb:4c:45:08:57:49:48:e1:5c:cb:7c:53:9c:58:da:
         40:44:4d:4f:d7:f9:b7:86:33:e9:4f:84:02:4e:e7:44:2d:17:
         1b:3e:6d:db:47:28:f8:5b:64:7f:b3:08:bf:7e:a4:14:ef:d3:
         11:38:05:67:8d:9b:e0:1c:d7:4d:d8:3f:00:2a:f1:1b:33:47:
         02:23:64:e4:16:c2:a7:57:26:18:95:e9:66:b5:84:15:f5:7f:
         0b:3e:08:0b
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZLYvPykrU9gWCz5HLajfgF4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNjFhYjRhNmRmOWJiOTVjZmRlOGFmMDc2NjY4YTU5NWIz
NDFkZTEwHhcNMjQxMDI5MTQ0NTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDljMzY4ZTg1NzNkZTc2YzJkMTZlYWYzZWQ1NjliMzJmNTgwNGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAww7ImsOLtIc9K+FyRtvrQj8xfnY2
shVT63UGwrTb/AbXOwJ46+ng7mdnAneCW3LmjmstBfqB5YbhMFEReGI/Mxx2YI5l
8V3+hgA56KxKTNNJUgzxRnu39PeyDW50lsMOmRj0HqDxihDrzxUCuqtFmPVCrP+J
Kq9ihJVSoRU8iWnewIKF44rzqiQVyHwldLyQWutat0vBFzNpwoNyyLN7WxZYSVKa
IvcyclxMLDc4pDvy6HRsbl4QQmV35Vezzzb9KcZ9QMPLnq9ARSgZsBkfIpEJjku8
f1vnllem0GDuA9bg4Ck5f0J0qNsH60mi/jH8I7qHEWFAj6huHiX5USWnlwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFAScNo6Fc952wtFurz7VabMvWATcMB8GA1UdIwQY
MBaAFFxhq0pt+buVz96K8HZmillbNB3hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEdHclNtMzV1NVhQM29yd2RtYUtXVnMwSGVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9mZDVhOTgtMjcyZi00MDc4LTk0OGQt
NmZhODY4OTIxZGZiLzEvQkp3MmpvVnozbmJDMFc2dlB0VnBzeTlZQk53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9mZDVhOTgtMjcyZi00MDc4LTk0OGQtNmZhODY4OTIxZGZi
LzEvWEdHclNtMzV1NVhQM29yd2RtYUtXVnMwSGVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAoFUDBAHB
BTYwDQYJKoZIhvcNAQELBQADggEBAI6qTYtH+SUR0SglSeEVq0e4elRCI4mxg45P
/jOE6cdDSADl1Ky6s9gqgwk2y+AdLDOAa1fACFjhCvVvVr8vTibshjD2DVLPuXgc
hKV7YLC+s8DEspNKC9iY+5/fqvPuG+na8VYA7Lg/PdKpc/MKYOsMVwjBlYk3yGXA
npe7T/iRUzQPk83oL6UIHULaVskO466+b/hEoM+qhnWbfZAksFnKag7mC7tMRQhX
SUjhXMt8U5xY2kBETU/X+beGM+lPhAJO50QtFxs+bdtHKPhbZH+zCL9+pBTv0xE4
BWeNm+Ac103YPwAq8RszRwIjZOQWwqdXJhiV6Wa1hBX1fws+CAs=
-----END CERTIFICATE-----