Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/0d919f-c0e6-4735-9802-99d5e07bae76/1/Bjh9SPST2edzJ4kgFSKv3CDmyaI.roa
File:                     Bjh9SPST2edzJ4kgFSKv3CDmyaI.roa (raw, json)
Hash identifier:          rQr4vkEITPVPabJCrwu8xh1OpDjVQhnU3hAc1X69Tlo=
Subject key identifier:   06:38:7D:48:F4:93:D9:E7:73:27:89:20:15:22:AF:DC:20:E6:C9:A2
Certificate issuer:       /CN=dc8cb4a11cabac204adfb8a5b587e32fee4a1b55
Certificate serial:       018CC2DAD749E6ABBF0F16F4F26A1B9E3A8E
Authority key identifier: DC:8C:B4:A1:1C:AB:AC:20:4A:DF:B8:A5:B5:87:E3:2F:EE:4A:1B:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Iy0oRyrrCBK37iltYfjL-5KG1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/0d919f-c0e6-4735-9802-99d5e07bae76/1/Bjh9SPST2edzJ4kgFSKv3CDmyaI.roa
Signing time:             Mon 01 Jan 2024 02:29:30 +0000
ROA not before:           Mon 01 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        185.244.64.0/24 maxlen: 24
                          185.244.66.0/24 maxlen: 24
                          185.244.65.0/24 maxlen: 24
                          185.244.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/0d919f-c0e6-4735-9802-99d5e07bae76/1/3Iy0oRyrrCBK37iltYfjL-5KG1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/0d919f-c0e6-4735-9802-99d5e07bae76/1/3Iy0oRyrrCBK37iltYfjL-5KG1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3Iy0oRyrrCBK37iltYfjL-5KG1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 04:37:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d7:49:e6:ab:bf:0f:16:f4:f2:6a:1b:9e:3a:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc8cb4a11cabac204adfb8a5b587e32fee4a1b55
        Validity
            Not Before: Jan  1 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06387d48f493d9e7732789201522afdc20e6c9a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:88:2f:33:dc:8a:2a:ce:fc:49:be:7a:a3:d6:
                    31:cf:32:93:4b:eb:22:6e:c0:25:6e:47:d0:27:b7:
                    53:18:d8:69:ed:b8:92:6b:bf:6f:1b:07:93:b0:49:
                    ce:b4:6f:ed:0c:11:16:50:5e:a9:fb:51:93:c3:84:
                    b3:a5:0f:4b:5b:b7:92:3e:28:85:0f:ae:3b:94:9b:
                    5a:d3:86:45:86:8b:c8:ed:d9:95:d1:20:a6:8c:a8:
                    f7:c7:55:27:ff:2e:32:e8:65:35:95:a3:76:e3:06:
                    f5:57:dc:e7:d2:86:cd:b9:2c:a1:fd:bc:56:f4:b8:
                    6f:1d:a9:89:0a:03:99:da:98:cd:31:98:c5:5b:9d:
                    d4:7a:cd:e1:d6:1b:09:ba:53:de:d8:ac:6f:39:51:
                    d5:44:b9:ed:e8:03:80:5d:f4:af:a4:06:fc:0b:d9:
                    9a:ed:eb:ea:48:8d:3e:44:e9:50:aa:d7:db:2a:e9:
                    41:ea:47:5f:7e:5a:bd:38:43:ab:0d:c9:6d:b8:46:
                    f2:bc:b9:ae:51:d3:f2:55:54:70:78:30:19:ee:5f:
                    7f:2a:c8:03:67:9e:3a:d7:bb:34:29:8e:c6:82:ef:
                    11:bc:ee:83:15:e5:41:c7:a0:a4:90:3a:dc:25:0b:
                    5f:23:94:65:1b:1b:f0:70:6b:da:50:5b:8a:11:69:
                    e0:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:38:7D:48:F4:93:D9:E7:73:27:89:20:15:22:AF:DC:20:E6:C9:A2
            X509v3 Authority Key Identifier:
                keyid:DC:8C:B4:A1:1C:AB:AC:20:4A:DF:B8:A5:B5:87:E3:2F:EE:4A:1B:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Iy0oRyrrCBK37iltYfjL-5KG1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/0d919f-c0e6-4735-9802-99d5e07bae76/1/Bjh9SPST2edzJ4kgFSKv3CDmyaI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/0d919f-c0e6-4735-9802-99d5e07bae76/1/3Iy0oRyrrCBK37iltYfjL-5KG1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:55:60:a5:ce:81:bf:3b:52:eb:ac:7b:7f:c2:cc:ef:c4:5c:
         09:9a:28:45:5a:a9:fd:4d:ac:c7:b1:ca:28:0d:84:4a:b5:a1:
         86:61:36:80:1b:6f:14:46:a2:06:fa:e7:17:84:99:56:06:81:
         86:4d:3e:0a:03:b2:e4:5d:1b:a8:6d:c1:01:d7:d7:92:8b:a3:
         8e:c8:a9:62:ba:c6:b8:23:ce:47:7d:22:3b:1b:6f:11:ed:fa:
         47:9a:fb:3b:ad:26:bb:b3:db:ac:cb:f1:cf:68:9a:fa:8a:93:
         70:a5:2c:7a:6d:6f:c3:4d:f5:fe:16:d4:1a:95:24:03:f5:10:
         10:40:39:07:64:88:90:e6:f6:97:ad:7d:8b:24:c1:1e:40:1a:
         67:27:29:66:51:1a:a9:43:61:44:2a:6f:94:4d:06:42:69:2b:
         a3:23:a3:0b:59:41:24:10:cf:2e:56:18:7a:b2:2d:6d:ac:79:
         d4:c9:d9:11:d7:e2:a3:c6:06:6e:2c:a0:8a:f1:c0:de:66:f4:
         24:69:4c:ce:90:9e:bf:6c:33:11:af:18:2f:de:fd:47:b2:ab:
         58:bd:99:02:b2:0f:c8:e7:fc:58:a2:02:64:b5:6d:d0:3a:b4:
         0a:22:5d:cc:8e:fe:ab:21:9e:e0:20:92:29:d8:a0:72:30:60:
         93:4f:8d:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tdJ5qu/Dxb08mobnjqOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjOGNiNGExMWNhYmFjMjA0YWRmYjhhNWI1ODdlMzJmZWU0
YTFiNTUwHhcNMjQwMTAxMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjM4N2Q0OGY0OTNkOWU3NzMyNzg5MjAxNTIyYWZkYzIwZTZjOWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYgvM9yKKs78Sb56o9YxzzKTS+si
bsAlbkfQJ7dTGNhp7biSa79vGweTsEnOtG/tDBEWUF6p+1GTw4SzpQ9LW7eSPiiF
D647lJta04ZFhovI7dmV0SCmjKj3x1Un/y4y6GU1laN24wb1V9zn0obNuSyh/bxW
9LhvHamJCgOZ2pjNMZjFW53Ues3h1hsJulPe2KxvOVHVRLnt6AOAXfSvpAb8C9ma
7evqSI0+ROlQqtfbKulB6kdfflq9OEOrDcltuEbyvLmuUdPyVVRweDAZ7l9/KsgD
Z54617s0KY7Ggu8RvO6DFeVBx6CkkDrcJQtfI5RlGxvwcGvaUFuKEWngCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAY4fUj0k9nncyeJIBUir9wg5smiMB8GA1UdIwQY
MBaAFNyMtKEcq6wgSt+4pbWH4y/uShtVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0l5MG9SeXJyQ0JLMzdpbHRZZmpMLTVLRzFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8wZDkxOWYtYzBlNi00NzM1LTk4MDIt
OTlkNWUwN2JhZTc2LzEvQmpoOVNQU1QyZWR6SjRrZ0ZTS3YzQ0RteWFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8wZDkxOWYtYzBlNi00NzM1LTk4MDItOTlkNWUwN2JhZTc2
LzEvM0l5MG9SeXJyQ0JLMzdpbHRZZmpMLTVLRzFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufRAMA0G
CSqGSIb3DQEBCwUAA4IBAQB1VWClzoG/O1LrrHt/wszvxFwJmihFWqn9TazHscoo
DYRKtaGGYTaAG28URqIG+ucXhJlWBoGGTT4KA7LkXRuobcEB19eSi6OOyKliusa4
I85HfSI7G28R7fpHmvs7rSa7s9usy/HPaJr6ipNwpSx6bW/DTfX+FtQalSQD9RAQ
QDkHZIiQ5vaXrX2LJMEeQBpnJylmURqpQ2FEKm+UTQZCaSujI6MLWUEkEM8uVhh6
si1trHnUydkR1+KjxgZuLKCK8cDeZvQkaUzOkJ6/bDMRrxgv3v1HsqtYvZkCsg/I
5/xYogJktW3QOrQKIl3Mjv6rIZ7gIJIp2KByMGCTT40d
-----END CERTIFICATE-----