Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/BvQ6QSI38j_V2y7Gd-AmITbeVSU.roa
File:                     BvQ6QSI38j_V2y7Gd-AmITbeVSU.roa (raw, json)
Hash identifier:          0tBlUZYGYb/p4ZhaHAJKVA1/vmOMN8U9qsyFRwnFzPk=
Subject key identifier:   06:F4:3A:41:22:37:F2:3F:D5:DB:2E:C6:77:E0:26:21:36:DE:55:25
Certificate issuer:       /CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
Certificate serial:       018EBD275DD79FE858268B93C21E4FBDBDF5
Authority key identifier: B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/BvQ6QSI38j_V2y7Gd-AmITbeVSU.roa
Signing time:             Mon 08 Apr 2024 10:00:57 +0000
ROA not before:           Mon 08 Apr 2024 10:00:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215540
IP address blocks:        185.193.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:27:5d:d7:9f:e8:58:26:8b:93:c2:1e:4f:bd:bd:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
        Validity
            Not Before: Apr  8 10:00:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06f43a412237f23fd5db2ec677e0262136de5525
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e6:5d:ea:14:19:9c:d8:22:ca:05:8b:89:dc:
                    ee:e6:d8:3e:3f:c6:86:be:2a:4c:30:31:cc:82:40:
                    0b:08:75:2c:96:db:05:fd:75:f4:e1:81:d7:3a:0a:
                    85:fd:bc:b8:4c:e1:1e:4a:e4:64:c5:c2:c7:ed:de:
                    1f:a2:0d:37:44:87:2a:54:60:43:84:ee:90:b1:b9:
                    30:e1:fd:41:e9:5d:bb:f8:ef:4b:76:c6:79:d5:aa:
                    1a:9d:99:fd:35:35:8f:ab:8c:52:70:fb:9a:3e:42:
                    2d:e2:c8:13:0d:ba:a5:14:d0:3e:ad:ae:75:0b:fd:
                    9e:b9:d0:71:3c:ab:67:53:88:a8:fc:fb:c9:d0:a0:
                    8b:9f:46:f6:c4:d7:86:07:bf:38:f1:0b:83:d0:4b:
                    80:aa:d1:0c:30:c6:32:b6:73:b4:06:81:a3:dd:9f:
                    9f:5e:0c:8d:19:c0:0d:91:5c:82:73:6a:5b:b6:6e:
                    e7:61:17:bd:33:95:1f:44:8e:2d:a1:da:4c:a8:b5:
                    f8:c9:3b:2b:f2:76:ed:59:2c:30:ba:f2:cb:7f:36:
                    20:67:a4:2f:b4:5a:de:91:5e:d3:92:28:55:1e:35:
                    44:9b:d1:b6:d6:a5:d9:5f:f3:ba:75:21:79:30:97:
                    12:30:04:b2:bf:fa:cb:ec:d9:f2:50:12:44:51:c2:
                    f6:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:F4:3A:41:22:37:F2:3F:D5:DB:2E:C6:77:E0:26:21:36:DE:55:25
            X509v3 Authority Key Identifier:
                keyid:B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/BvQ6QSI38j_V2y7Gd-AmITbeVSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:57:50:b7:1f:5f:0c:3f:01:93:1d:c3:d6:1c:9b:23:6a:a0:
         4e:a4:0c:5c:26:25:17:e9:19:43:ac:e5:da:c5:c0:d7:f9:16:
         50:69:17:81:a8:7c:10:e1:7f:8a:e5:5f:fa:2f:26:68:90:d3:
         78:1c:42:e5:e4:90:01:d5:66:c8:46:33:6e:fe:f8:51:1b:5b:
         a3:a5:bc:f9:82:52:58:97:70:c9:3b:2e:79:33:fc:99:e0:9f:
         43:17:34:1a:1c:6e:fd:6c:58:d9:ff:7a:64:69:99:a3:ba:6d:
         91:03:2a:0c:10:77:84:66:19:c6:f9:d7:8a:5a:96:22:a3:f1:
         7f:40:e0:b7:6b:bc:e3:1c:b1:25:76:fb:6b:64:a8:5a:d7:c0:
         34:de:c6:82:23:6d:de:a8:cc:5b:06:54:2b:45:8f:3f:3f:59:
         b0:5b:ce:f4:a9:fb:8a:ec:83:19:d4:bb:5e:ab:df:9d:b7:3d:
         d1:23:9a:4c:2c:ef:96:8d:65:0e:9e:71:ed:b9:25:89:11:47:
         df:dd:fb:c0:db:32:73:d6:40:2f:1d:ac:87:c0:83:1a:2d:b4:
         55:d2:f6:43:e9:50:83:7e:74:29:6e:b3:6e:e6:38:33:79:29:
         e7:8b:4d:aa:3f:6c:7c:3e:e2:52:11:ef:84:2c:e8:81:76:45:
         9b:92:95:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY69J13Xn+hYJouTwh5Pvb31MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYWYxMmY1Y2E3NWM5MjJhNGFhNWRhY2I0OWMwNGE5MzIz
N2Y0ZWQwHhcNMjQwNDA4MTAwMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmY0M2E0MTIyMzdmMjNmZDVkYjJlYzY3N2UwMjYyMTM2ZGU1NTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOZd6hQZnNgiygWLidzu5tg+P8aG
vipMMDHMgkALCHUsltsF/XX04YHXOgqF/by4TOEeSuRkxcLH7d4fog03RIcqVGBD
hO6Qsbkw4f1B6V27+O9LdsZ51aoanZn9NTWPq4xScPuaPkIt4sgTDbqlFNA+ra51
C/2eudBxPKtnU4io/PvJ0KCLn0b2xNeGB7848QuD0EuAqtEMMMYytnO0BoGj3Z+f
XgyNGcANkVyCc2pbtm7nYRe9M5UfRI4todpMqLX4yTsr8nbtWSwwuvLLfzYgZ6Qv
tFrekV7TkihVHjVEm9G21qXZX/O6dSF5MJcSMASyv/rL7NnyUBJEUcL2hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAb0OkEiN/I/1dsuxnfgJiE23lUlMB8GA1UdIwQY
MBaAFLGvEvXKdckipKpdrLScBKkyN/TtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUt
NTc2MGVmYmNjNjU0LzEvQnZRNlFTSTM4al9WMnk3R2QtQW1JVGJlVlNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUtNTc2MGVmYmNjNjU0
LzEvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucFZMA0G
CSqGSIb3DQEBCwUAA4IBAQCGV1C3H18MPwGTHcPWHJsjaqBOpAxcJiUX6RlDrOXa
xcDX+RZQaReBqHwQ4X+K5V/6LyZokNN4HELl5JAB1WbIRjNu/vhRG1ujpbz5glJY
l3DJOy55M/yZ4J9DFzQaHG79bFjZ/3pkaZmjum2RAyoMEHeEZhnG+deKWpYio/F/
QOC3a7zjHLEldvtrZKha18A03saCI23eqMxbBlQrRY8/P1mwW870qfuK7IMZ1Lte
q9+dtz3RI5pMLO+WjWUOnnHtuSWJEUff3fvA2zJz1kAvHayHwIMaLbRV0vZD6VCD
fnQpbrNu5jgzeSnni02qP2x8PuJSEe+ELOiBdkWbkpVj
-----END CERTIFICATE-----