Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/6536f9-87dd-4edd-b01c-b23172eb81fb/1/BmwxDKMDOr9tjqJCJDcJJ4kkwqw.roa
File:                     BmwxDKMDOr9tjqJCJDcJJ4kkwqw.roa (raw, json)
Hash identifier:          0GxV+ap4FTQTyYN3aqW3GnP6/ahzgyqRMYxr69eGapI=
Subject key identifier:   06:6C:31:0C:A3:03:3A:BF:6D:8E:A2:42:24:37:09:27:89:24:C2:AC
Certificate issuer:       /CN=99201f609e7a893da86cf0ebbca4bbf47279d617
Certificate serial:       018F7751D9B415B4D97F90713F7D1C2DC4BD
Authority key identifier: 99:20:1F:60:9E:7A:89:3D:A8:6C:F0:EB:BC:A4:BB:F4:72:79:D6:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mSAfYJ56iT2obPDrvKS79HJ51hc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/6536f9-87dd-4edd-b01c-b23172eb81fb/1/BmwxDKMDOr9tjqJCJDcJJ4kkwqw.roa
Signing time:             Tue 14 May 2024 13:36:43 +0000
ROA not before:           Tue 14 May 2024 13:36:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     979
IP address blocks:        194.246.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/6536f9-87dd-4edd-b01c-b23172eb81fb/1/mSAfYJ56iT2obPDrvKS79HJ51hc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/6536f9-87dd-4edd-b01c-b23172eb81fb/1/mSAfYJ56iT2obPDrvKS79HJ51hc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mSAfYJ56iT2obPDrvKS79HJ51hc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 13:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:77:51:d9:b4:15:b4:d9:7f:90:71:3f:7d:1c:2d:c4:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99201f609e7a893da86cf0ebbca4bbf47279d617
        Validity
            Not Before: May 14 13:36:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=066c310ca3033abf6d8ea242243709278924c2ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:4b:34:6f:94:a8:17:6f:9f:fb:e4:a7:ac:1e:
                    68:87:f2:0d:8b:94:78:a6:b0:d8:eb:de:6f:5a:83:
                    6b:7c:57:ee:24:09:aa:08:fa:6f:48:23:69:61:95:
                    c7:63:a9:b1:30:2f:d4:7d:22:07:d9:ae:89:d6:5c:
                    2f:88:56:32:bc:13:f6:fd:e1:8a:88:c3:70:2e:5d:
                    37:ce:3a:c2:58:62:9f:64:ec:b3:cb:8f:5b:2f:88:
                    32:b0:55:0c:e2:fc:b5:ab:6b:37:3e:86:41:25:5f:
                    08:65:d0:50:78:43:6e:7e:74:69:24:9b:da:b6:27:
                    e5:c3:a9:ca:b5:e9:c1:7a:e8:a9:24:d0:7e:70:40:
                    70:b9:56:41:36:ec:31:00:58:fc:ce:af:53:8d:79:
                    cf:de:24:ce:0d:58:a4:39:0f:ed:65:35:38:31:ec:
                    01:02:00:53:39:34:60:9d:4d:e1:81:3b:3c:ba:73:
                    dc:bc:9a:26:20:ec:69:a9:aa:a7:57:ff:53:20:07:
                    76:0c:3f:ca:85:82:e9:04:99:90:53:74:1a:6c:5e:
                    9f:b9:b4:de:7a:c4:c6:d6:5a:42:1b:7a:e7:30:3a:
                    70:61:92:de:1a:7e:10:f1:d4:3c:7c:25:c3:b0:99:
                    9f:cf:07:48:5e:ba:69:c4:fe:30:dd:47:91:11:cb:
                    6f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:6C:31:0C:A3:03:3A:BF:6D:8E:A2:42:24:37:09:27:89:24:C2:AC
            X509v3 Authority Key Identifier:
                keyid:99:20:1F:60:9E:7A:89:3D:A8:6C:F0:EB:BC:A4:BB:F4:72:79:D6:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSAfYJ56iT2obPDrvKS79HJ51hc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/6536f9-87dd-4edd-b01c-b23172eb81fb/1/BmwxDKMDOr9tjqJCJDcJJ4kkwqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/6536f9-87dd-4edd-b01c-b23172eb81fb/1/mSAfYJ56iT2obPDrvKS79HJ51hc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.246.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:49:4f:2d:ff:a2:e5:11:28:7e:ed:8c:ea:b9:87:83:0a:88:
         b1:d5:64:17:d6:53:54:49:42:9f:55:89:f1:9d:ef:7a:36:c0:
         89:59:f5:41:7f:e9:d2:23:d7:1c:f5:12:54:07:06:13:7d:ed:
         4a:60:78:04:a1:fe:e0:47:3c:2c:25:c1:14:21:4a:3d:a1:5a:
         1f:ea:a3:4d:18:b4:7a:93:5d:21:da:3e:c0:bd:b1:c9:5a:a7:
         7a:62:b0:a4:98:37:88:94:30:3a:5e:b7:c5:7c:a8:ce:7a:de:
         81:e4:c6:62:00:21:0b:08:14:c8:d9:86:c9:db:b6:fc:ac:a1:
         67:49:e2:26:70:13:2a:76:9c:ac:f5:5d:71:b0:85:e5:7e:26:
         d4:3e:39:1a:9e:4f:fe:5c:d6:2d:91:71:ee:f6:5f:bc:40:8e:
         b2:3b:15:3d:a0:e2:90:17:cf:29:76:9e:f4:6d:14:3d:0d:d1:
         d0:ec:2a:b7:55:67:d2:1b:d6:5d:5a:62:47:f1:5f:54:b2:3e:
         26:a9:b6:20:39:1a:a1:36:3c:28:ec:22:87:47:31:6e:bf:fb:
         66:f4:e0:19:f2:6c:4f:65:3c:55:a6:42:a9:a6:da:1a:9a:90:
         63:36:a0:9c:37:00:5c:97:94:0e:31:a9:e9:c9:35:ff:e5:09:
         71:84:b2:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY93Udm0FbTZf5BxP30cLcS9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MjAxZjYwOWU3YTg5M2RhODZjZjBlYmJjYTRiYmY0NzI3
OWQ2MTcwHhcNMjQwNTE0MTMzNjQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjZjMzEwY2EzMDMzYWJmNmQ4ZWEyNDIyNDM3MDkyNzg5MjRjMmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUs0b5SoF2+f++SnrB5oh/INi5R4
prDY695vWoNrfFfuJAmqCPpvSCNpYZXHY6mxMC/UfSIH2a6J1lwviFYyvBP2/eGK
iMNwLl03zjrCWGKfZOyzy49bL4gysFUM4vy1q2s3PoZBJV8IZdBQeENufnRpJJva
tiflw6nKtenBeuipJNB+cEBwuVZBNuwxAFj8zq9TjXnP3iTODVikOQ/tZTU4MewB
AgBTOTRgnU3hgTs8unPcvJomIOxpqaqnV/9TIAd2DD/KhYLpBJmQU3QabF6fubTe
esTG1lpCG3rnMDpwYZLeGn4Q8dQ8fCXDsJmfzwdIXrppxP4w3UeREctvhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZsMQyjAzq/bY6iQiQ3CSeJJMKsMB8GA1UdIwQY
MBaAFJkgH2Ceeok9qGzw67yku/RyedYXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVNBZllKNTZpVDJvYlBEcnZLUzc5SEo1MWhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni82NTM2ZjktODdkZC00ZWRkLWIwMWMt
YjIzMTcyZWI4MWZiLzEvQm13eERLTURPcjl0anFKQ0pEY0pKNGtrd3F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni82NTM2ZjktODdkZC00ZWRkLWIwMWMtYjIzMTcyZWI4MWZi
LzEvbVNBZllKNTZpVDJvYlBEcnZLUzc5SEo1MWhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvYiMA0G
CSqGSIb3DQEBCwUAA4IBAQAESU8t/6LlESh+7YzquYeDCoix1WQX1lNUSUKfVYnx
ne96NsCJWfVBf+nSI9cc9RJUBwYTfe1KYHgEof7gRzwsJcEUIUo9oVof6qNNGLR6
k10h2j7AvbHJWqd6YrCkmDeIlDA6XrfFfKjOet6B5MZiACELCBTI2YbJ27b8rKFn
SeImcBMqdpys9V1xsIXlfibUPjkank/+XNYtkXHu9l+8QI6yOxU9oOKQF88pdp70
bRQ9DdHQ7Cq3VWfSG9ZdWmJH8V9Usj4mqbYgORqhNjwo7CKHRzFuv/tm9OAZ8mxP
ZTxVpkKpptoampBjNqCcNwBcl5QOManpyTX/5QlxhLLe
-----END CERTIFICATE-----