Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/bhF7PjjT7VapTeLL5dGVYl5qIMA.roa
File:                     bhF7PjjT7VapTeLL5dGVYl5qIMA.roa (raw, json)
Hash identifier:          gloKxqLz2DG56NJW1etSSHBDDxDOYQstL1tESFn19HY=
Subject key identifier:   6E:11:7B:3E:38:D3:ED:56:A9:4D:E2:CB:E5:D1:95:62:5E:6A:20:C0
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CC3B7271A461390B21E01E90A6020C7D0
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/bhF7PjjT7VapTeLL5dGVYl5qIMA.roa
Signing time:             Mon 01 Jan 2024 06:30:09 +0000
ROA not before:           Mon 01 Jan 2024 06:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215
IP address blocks:        90.83.218.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:27:1a:46:13:90:b2:1e:01:e9:0a:60:20:c7:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 06:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e117b3e38d3ed56a94de2cbe5d195625e6a20c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:fe:f7:df:51:f2:2c:ea:b5:0d:ec:8a:4b:2c:
                    71:1c:d9:6f:44:8a:3f:70:67:7d:90:a5:2b:ac:62:
                    3c:39:e7:ab:96:96:d2:03:44:06:ce:48:9a:2f:2a:
                    d2:77:4b:42:f7:ee:e9:0a:19:b5:d4:3b:e6:7a:64:
                    e3:a0:d9:f9:c6:4f:9b:cd:87:55:36:63:35:cd:75:
                    ba:cb:03:35:79:05:c3:12:95:77:8f:81:c5:e9:07:
                    94:62:67:7f:6f:83:b6:35:7d:3c:de:b5:5e:7e:65:
                    e0:4b:ae:67:8e:43:d9:0a:81:96:1c:ee:96:85:f5:
                    51:cc:b0:35:73:cf:78:9e:1d:1d:13:ea:cb:a4:bc:
                    5b:7b:2e:a6:62:06:57:a4:1f:22:09:94:d8:c4:59:
                    dc:ec:a4:f0:b7:d2:ca:ec:a8:dc:3e:d7:ae:ea:ea:
                    c6:47:e9:f0:cc:77:54:05:27:44:0e:35:91:ba:10:
                    52:41:47:c4:87:2d:19:bf:04:f6:72:c4:90:f8:f2:
                    80:dd:81:24:6a:2d:69:2a:2a:27:8e:8a:68:02:91:
                    03:42:bd:13:b3:de:d1:22:9e:7b:3d:77:96:73:2d:
                    dd:59:e8:39:50:3a:a7:2a:30:ea:2e:1b:bb:76:31:
                    60:27:64:bb:e8:5e:58:1b:a9:d1:26:c8:81:3b:a0:
                    60:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:11:7B:3E:38:D3:ED:56:A9:4D:E2:CB:E5:D1:95:62:5E:6A:20:C0
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/bhF7PjjT7VapTeLL5dGVYl5qIMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  90.83.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:99:5d:89:8a:26:db:99:8f:b1:00:a9:d8:2b:a7:4e:b5:2d:
         c5:b1:eb:d3:eb:46:34:bd:83:35:3a:02:21:b4:86:28:fa:2d:
         12:bd:57:01:f2:e0:66:76:d6:60:03:e5:3e:e4:ff:6f:fd:7d:
         51:0d:9b:9b:d8:72:8a:ea:01:a5:cb:a0:72:d5:d2:18:32:50:
         bd:7c:8a:84:1e:fc:cf:15:fe:64:39:9f:b4:46:c9:6e:1a:72:
         11:08:db:13:fe:ca:f1:5c:cc:b8:53:4f:24:b7:c2:14:2a:b2:
         7e:04:dc:63:d7:c9:d1:12:39:a0:dc:52:d3:fd:75:85:22:d6:
         d8:43:82:87:40:86:fd:9a:00:15:85:39:6d:5f:28:71:99:98:
         5f:08:1d:ea:b6:2e:79:6a:84:4c:92:14:cf:51:89:a9:55:c1:
         14:b7:42:cc:1a:dd:5f:00:3b:ae:bf:59:df:01:49:3e:b3:e8:
         5c:6a:56:73:e1:d7:f2:ef:3b:5f:71:68:79:6a:12:34:2f:02:
         a8:5f:b0:68:c3:5f:b6:ae:03:05:ba:8f:6b:90:63:bb:5b:38:
         f6:e0:c3:58:3b:d6:a9:aa:1b:bd:98:2c:1f:67:1d:0c:0f:e8:
         59:96:ec:8e:60:7f:38:66:9a:16:e4:5b:40:a4:a0:a7:95:49:
         b1:70:04:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtycaRhOQsh4B6QpgIMfQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTAxMDYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTExN2IzZTM4ZDNlZDU2YTk0ZGUyY2JlNWQxOTU2MjVlNmEyMGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhf7331HyLOq1DeyKSyxxHNlvRIo/
cGd9kKUrrGI8OeerlpbSA0QGzkiaLyrSd0tC9+7pChm11DvmemTjoNn5xk+bzYdV
NmM1zXW6ywM1eQXDEpV3j4HF6QeUYmd/b4O2NX083rVefmXgS65njkPZCoGWHO6W
hfVRzLA1c894nh0dE+rLpLxbey6mYgZXpB8iCZTYxFnc7KTwt9LK7KjcPteu6urG
R+nwzHdUBSdEDjWRuhBSQUfEhy0ZvwT2csSQ+PKA3YEkai1pKionjopoApEDQr0T
s97RIp57PXeWcy3dWeg5UDqnKjDqLhu7djFgJ2S76F5YG6nRJsiBO6BglwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG4Rez440+1WqU3iy+XRlWJeaiDAMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvYmhGN1BqalQ3VmFwVGVMTDVkR1ZZbDVxSU1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWlPaMA0G
CSqGSIb3DQEBCwUAA4IBAQBsmV2JiibbmY+xAKnYK6dOtS3FsevT60Y0vYM1OgIh
tIYo+i0SvVcB8uBmdtZgA+U+5P9v/X1RDZub2HKK6gGly6By1dIYMlC9fIqEHvzP
Ff5kOZ+0RsluGnIRCNsT/srxXMy4U08kt8IUKrJ+BNxj18nREjmg3FLT/XWFItbY
Q4KHQIb9mgAVhTltXyhxmZhfCB3qti55aoRMkhTPUYmpVcEUt0LMGt1fADuuv1nf
AUk+s+hcalZz4dfy7ztfcWh5ahI0LwKoX7Bow1+2rgMFuo9rkGO7Wzj24MNYO9ap
qhu9mCwfZx0MD+hZluyOYH84ZpoW5FtApKCnlUmxcARD
-----END CERTIFICATE-----