Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/BCBgNqu47uxxNNiHpeHJ8N3bbPk.roa
File:                     BCBgNqu47uxxNNiHpeHJ8N3bbPk.roa (raw, json)
Hash identifier:          YwTUOz8aV/A2kQXL80C7PIKK4Uk0yf33ChXiFW3offA=
Subject key identifier:   04:20:60:36:AB:B8:EE:EC:71:34:D8:87:A5:E1:C9:F0:DD:DB:6C:F9
Certificate issuer:       /CN=0d2087b0f6716d23c8d23eb3d0392b6bf642ad4b
Certificate serial:       0194274867DABC5C38EE64B4A820A00C6833
Authority key identifier: 0D:20:87:B0:F6:71:6D:23:C8:D2:3E:B3:D0:39:2B:6B:F6:42:AD:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/BCBgNqu47uxxNNiHpeHJ8N3bbPk.roa
Signing time:             Thu 02 Jan 2025 13:50:44 +0000
ROA not before:           Thu 02 Jan 2025 13:50:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34841
IP address blocks:        46.55.208.0/21 maxlen: 24
                          46.55.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:67:da:bc:5c:38:ee:64:b4:a8:20:a0:0c:68:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2087b0f6716d23c8d23eb3d0392b6bf642ad4b
        Validity
            Not Before: Jan  2 13:50:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=04206036abb8eeec7134d887a5e1c9f0dddb6cf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:ac:63:5a:99:4a:4c:ff:ac:2a:24:07:88:d4:
                    96:db:b0:71:fa:78:ea:2a:0c:d5:80:92:09:32:14:
                    cf:34:cd:25:57:5a:af:aa:a2:d0:0a:3b:ee:db:95:
                    0a:52:62:f2:b9:a8:91:d1:50:21:ae:17:b3:04:67:
                    6d:fd:e4:e7:b8:d7:36:36:50:57:37:35:2d:df:e6:
                    b7:b5:58:92:a5:ed:c9:fb:4f:2f:64:57:86:3c:52:
                    ec:82:40:d9:64:b2:90:4c:97:b9:bc:35:61:d4:2b:
                    33:c5:4a:c3:1f:f2:cd:48:0b:b2:8d:15:59:8e:53:
                    8b:a0:0c:ca:82:fd:de:6a:29:ec:f4:e2:84:ff:53:
                    63:1f:fb:84:c2:01:d8:ce:3e:15:ce:2f:3a:39:55:
                    f1:eb:76:de:eb:7e:ce:d9:66:d1:44:e1:f6:65:2b:
                    d2:4a:c9:3d:79:a7:f9:1a:25:b8:5c:dc:d6:2d:06:
                    40:09:05:1a:78:e2:df:cb:42:e6:9d:32:b8:95:b4:
                    0a:dc:8e:be:5b:be:65:5d:96:1c:c9:b5:ad:b0:e6:
                    bc:69:9d:a5:d8:4c:c9:e5:6b:8a:16:d1:6a:bc:e0:
                    b4:6f:00:bd:4b:df:9f:35:e6:86:ff:cd:34:21:86:
                    cc:ed:59:ba:06:c8:ec:1e:9e:49:54:2f:c9:e9:b2:
                    ba:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:20:60:36:AB:B8:EE:EC:71:34:D8:87:A5:E1:C9:F0:DD:DB:6C:F9
            X509v3 Authority Key Identifier:
                keyid:0D:20:87:B0:F6:71:6D:23:C8:D2:3E:B3:D0:39:2B:6B:F6:42:AD:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/BCBgNqu47uxxNNiHpeHJ8N3bbPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.55.208.0/21
                  46.55.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:15:0a:f8:61:fe:0f:81:17:bb:1b:37:a8:7c:d5:b7:a4:5e:
         83:93:fb:dc:f7:d9:5f:fa:a8:01:92:49:c6:a5:a6:35:8f:3f:
         82:2d:10:88:00:d2:c0:5c:c2:83:d2:7d:a6:b9:db:2e:ef:16:
         90:b8:9b:62:33:b9:97:e2:ed:f5:a1:b8:79:3a:35:c7:f2:fc:
         0f:0c:85:d2:b6:15:57:68:a0:4d:7d:b6:19:f8:ae:0a:cb:fd:
         ca:31:58:bb:d7:0f:be:e8:7b:fb:e2:53:65:ae:35:47:22:58:
         e9:03:d7:f5:62:a8:2b:f7:a2:b1:3d:91:b8:6d:3f:17:6c:ee:
         e7:c6:a3:81:a0:40:0d:ba:a6:ee:59:04:2b:86:5b:79:63:22:
         ee:25:dd:30:74:4b:be:6c:28:e7:0c:de:00:24:0e:c1:19:e5:
         9d:40:48:bb:93:89:1c:cd:43:80:57:4c:c6:1b:fb:98:c2:7e:
         67:bd:c1:54:45:a0:98:a7:92:0c:a9:3d:5a:94:2c:92:6d:5d:
         c5:d0:40:0c:e3:d6:d8:70:5f:c6:31:af:e7:7c:54:ed:8b:88:
         31:8c:eb:6d:90:87:65:b0:44:5d:0a:6e:24:20:d6:a3:fe:08:
         59:50:e3:5e:34:bc:42:c9:8b:ef:dc:82:4c:9e:52:80:7d:ae:
         12:43:2c:d9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnSGfavFw47mS0qCCgDGgzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjA4N2IwZjY3MTZkMjNjOGQyM2ViM2QwMzkyYjZiZjY0
MmFkNGIwHhcNMjUwMTAyMTM1MDQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDIwNjAzNmFiYjhlZWVjNzEzNGQ4ODdhNWUxYzlmMGRkZGI2Y2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6xjWplKTP+sKiQHiNSW27Bx+njq
KgzVgJIJMhTPNM0lV1qvqqLQCjvu25UKUmLyuaiR0VAhrhezBGdt/eTnuNc2NlBX
NzUt3+a3tViSpe3J+08vZFeGPFLsgkDZZLKQTJe5vDVh1CszxUrDH/LNSAuyjRVZ
jlOLoAzKgv3eains9OKE/1NjH/uEwgHYzj4Vzi86OVXx63be637O2WbRROH2ZSvS
Ssk9eaf5GiW4XNzWLQZACQUaeOLfy0LmnTK4lbQK3I6+W75lXZYcybWtsOa8aZ2l
2EzJ5WuKFtFqvOC0bwC9S9+fNeaG/800IYbM7Vm6BsjsHp5JVC/J6bK6dwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAQgYDaruO7scTTYh6XhyfDd22z5MB8GA1UdIwQY
MBaAFA0gh7D2cW0jyNI+s9A5K2v2Qq1LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNDSHNQWnhiU1BJMGo2ejBEa3JhX1pDclVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9mY2I3MjktYzI4OC00ZTE1LTkzODQt
YTIwZDJkNzUxZWI1LzEvQkNCZ05xdTQ3dXh4Tk5pSHBlSEo4TjNiYlBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9mY2I3MjktYzI4OC00ZTE1LTkzODQtYTIwZDJkNzUxZWI1
LzEvRFNDSHNQWnhiU1BJMGo2ejBEa3JhX1pDclVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLjfQAwQA
LjfwMA0GCSqGSIb3DQEBCwUAA4IBAQByFQr4Yf4PgRe7GzeofNW3pF6Dk/vc99lf
+qgBkknGpaY1jz+CLRCIANLAXMKD0n2mudsu7xaQuJtiM7mX4u31obh5OjXH8vwP
DIXSthVXaKBNfbYZ+K4Ky/3KMVi71w++6Hv74lNlrjVHIljpA9f1Yqgr96KxPZG4
bT8XbO7nxqOBoEANuqbuWQQrhlt5YyLuJd0wdEu+bCjnDN4AJA7BGeWdQEi7k4kc
zUOAV0zGG/uYwn5nvcFURaCYp5IMqT1alCySbV3F0EAM49bYcF/GMa/nfFTti4gx
jOttkIdlsERdCm4kINaj/ghZUONeNLxCyYvv3IJMnlKAfa4SQyzZ
-----END CERTIFICATE-----