Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/3cc34d-0f32-4a5d-984b-32eff95b39dc/1/BQv_IGPQJKhYXrsFgBoQ-CjtqVI.roa
File:                     BQv_IGPQJKhYXrsFgBoQ-CjtqVI.roa (raw, json)
Hash identifier:          u5vOtjpYPE3IV7KgCuWSMK8fEs/UsUP9OuE8iAIwYOo=
Subject key identifier:   05:0B:FF:20:63:D0:24:A8:58:5E:BB:05:80:1A:10:F8:28:ED:A9:52
Certificate issuer:       /CN=d4d65ca34a968b0d8561ab8776dbb02ddb7c7833
Certificate serial:       018CF9352C40784E249578FC51EDFDE1D077
Authority key identifier: D4:D6:5C:A3:4A:96:8B:0D:85:61:AB:87:76:DB:B0:2D:DB:7C:78:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1NZco0qWiw2FYauHdtuwLdt8eDM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/3cc34d-0f32-4a5d-984b-32eff95b39dc/1/BQv_IGPQJKhYXrsFgBoQ-CjtqVI.roa
Signing time:             Thu 11 Jan 2024 15:47:40 +0000
ROA not before:           Thu 11 Jan 2024 15:47:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215790
IP address blocks:        185.238.40.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/3cc34d-0f32-4a5d-984b-32eff95b39dc/1/1NZco0qWiw2FYauHdtuwLdt8eDM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/3cc34d-0f32-4a5d-984b-32eff95b39dc/1/1NZco0qWiw2FYauHdtuwLdt8eDM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1NZco0qWiw2FYauHdtuwLdt8eDM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f9:35:2c:40:78:4e:24:95:78:fc:51:ed:fd:e1:d0:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4d65ca34a968b0d8561ab8776dbb02ddb7c7833
        Validity
            Not Before: Jan 11 15:47:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=050bff2063d024a8585ebb05801a10f828eda952
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:04:cc:16:5c:10:45:6e:78:6b:ba:e7:38:b4:
                    c9:af:9b:c7:90:c9:fe:ad:d2:95:20:d8:6c:7e:e1:
                    52:bb:bd:f2:46:19:e7:40:d3:52:eb:b8:87:7b:04:
                    a6:2f:8a:4d:94:3b:be:50:91:ae:c6:b0:9c:db:5a:
                    72:77:73:21:c9:a0:b8:9f:c8:66:c7:21:8d:52:b4:
                    46:bd:1e:61:98:55:9d:a1:d9:6a:dc:d5:56:4c:7e:
                    d9:f4:cf:c2:08:1e:29:6f:f2:de:ef:95:fb:86:e9:
                    76:d6:9f:84:e4:29:cc:15:00:cd:88:b3:cf:d2:4b:
                    68:e2:28:2c:5c:60:34:d9:e6:5d:12:23:9d:10:59:
                    20:74:5b:bc:33:09:74:3c:ab:33:0e:b3:cd:c4:53:
                    c3:60:fb:5a:78:56:f4:4e:e2:5d:01:12:62:2f:18:
                    8d:43:5e:1b:49:5f:66:d9:61:dc:ee:99:0a:8f:43:
                    df:84:1e:49:df:9f:27:3a:ba:b8:7d:0d:fb:93:f5:
                    7a:5d:24:d9:89:4e:f6:18:1f:e5:0d:da:64:cf:35:
                    68:04:ef:22:56:23:44:88:28:96:88:80:c9:dc:34:
                    3b:2c:86:da:71:d4:dc:07:47:e4:50:fe:c7:01:cc:
                    5d:11:6e:8e:37:37:99:50:fb:a2:60:37:ef:71:8b:
                    7e:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:0B:FF:20:63:D0:24:A8:58:5E:BB:05:80:1A:10:F8:28:ED:A9:52
            X509v3 Authority Key Identifier:
                keyid:D4:D6:5C:A3:4A:96:8B:0D:85:61:AB:87:76:DB:B0:2D:DB:7C:78:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1NZco0qWiw2FYauHdtuwLdt8eDM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/3cc34d-0f32-4a5d-984b-32eff95b39dc/1/BQv_IGPQJKhYXrsFgBoQ-CjtqVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/3cc34d-0f32-4a5d-984b-32eff95b39dc/1/1NZco0qWiw2FYauHdtuwLdt8eDM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:a7:50:8e:6e:75:ed:63:3b:8f:72:9e:69:57:8e:64:78:08:
         50:32:28:97:10:d8:82:01:40:f2:a4:8b:31:19:9e:3e:3b:bb:
         0b:28:1e:8c:f3:f3:70:a9:96:95:b5:03:d2:6c:34:37:37:e7:
         16:a8:3a:d4:57:bc:b1:a9:c1:9d:53:32:a2:0a:fa:b9:61:ad:
         a5:e0:64:c3:7f:a7:0e:d7:a7:6c:7f:2e:27:fd:18:c1:da:b2:
         2e:47:74:42:38:4f:c6:6f:e1:08:4d:df:23:25:ba:9d:a9:7a:
         13:4b:c2:f4:19:d6:54:34:c4:da:89:3b:f4:0b:0d:18:b8:57:
         6b:8a:51:29:5f:43:87:03:53:0a:92:6f:1f:3d:b6:31:0e:13:
         f9:a1:85:4d:33:d8:94:e0:28:fa:12:bc:1e:b1:f1:18:2a:61:
         cd:7d:42:eb:1a:6d:f7:08:41:64:ac:2a:2c:ce:5a:42:63:66:
         77:e4:09:59:6e:46:fb:14:df:a7:14:c1:f9:dd:f4:46:14:b8:
         a9:74:c6:f2:07:c5:3d:e2:84:8e:05:f5:83:96:c5:38:5e:ce:
         c8:8e:43:c3:7c:3a:36:43:0a:39:50:e4:58:7a:fe:75:3f:65:
         0f:60:26:db:8d:b7:09:41:69:31:42:dd:4e:e8:c0:bf:82:ac:
         00:3c:bd:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYz5NSxAeE4klXj8Ue394dB3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ZDY1Y2EzNGE5NjhiMGQ4NTYxYWI4Nzc2ZGJiMDJkZGI3
Yzc4MzMwHhcNMjQwMTExMTU0NzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTBiZmYyMDYzZDAyNGE4NTg1ZWJiMDU4MDFhMTBmODI4ZWRhOTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwTMFlwQRW54a7rnOLTJr5vHkMn+
rdKVINhsfuFSu73yRhnnQNNS67iHewSmL4pNlDu+UJGuxrCc21pyd3MhyaC4n8hm
xyGNUrRGvR5hmFWdodlq3NVWTH7Z9M/CCB4pb/Le75X7hul21p+E5CnMFQDNiLPP
0kto4igsXGA02eZdEiOdEFkgdFu8Mwl0PKszDrPNxFPDYPtaeFb0TuJdARJiLxiN
Q14bSV9m2WHc7pkKj0PfhB5J358nOrq4fQ37k/V6XSTZiU72GB/lDdpkzzVoBO8i
ViNEiCiWiIDJ3DQ7LIbacdTcB0fkUP7HAcxdEW6ONzeZUPuiYDfvcYt+6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUL/yBj0CSoWF67BYAaEPgo7alSMB8GA1UdIwQY
MBaAFNTWXKNKlosNhWGrh3bbsC3bfHgzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU5aY28wcVdpdzJGWWF1SGR0dXdMZHQ4ZURNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8zY2MzNGQtMGYzMi00YTVkLTk4NGIt
MzJlZmY5NWIzOWRjLzEvQlF2X0lHUFFKS2hZWHJzRmdCb1EtQ2p0cVZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8zY2MzNGQtMGYzMi00YTVkLTk4NGItMzJlZmY5NWIzOWRj
LzEvMU5aY28wcVdpdzJGWWF1SGR0dXdMZHQ4ZURNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue4oMA0G
CSqGSIb3DQEBCwUAA4IBAQBdp1CObnXtYzuPcp5pV45keAhQMiiXENiCAUDypIsx
GZ4+O7sLKB6M8/NwqZaVtQPSbDQ3N+cWqDrUV7yxqcGdUzKiCvq5Ya2l4GTDf6cO
16dsfy4n/RjB2rIuR3RCOE/Gb+EITd8jJbqdqXoTS8L0GdZUNMTaiTv0Cw0YuFdr
ilEpX0OHA1MKkm8fPbYxDhP5oYVNM9iU4Cj6ErwesfEYKmHNfULrGm33CEFkrCos
zlpCY2Z35AlZbkb7FN+nFMH53fRGFLipdMbyB8U94oSOBfWDlsU4Xs7IjkPDfDo2
Qwo5UORYev51P2UPYCbbjbcJQWkxQt1O6MC/gqwAPL12
-----END CERTIFICATE-----