Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/1186e4-0c14-4b80-9981-e875103faf12/1/BqZIe6gQs5PVIE84eQo2_DOFBSU.roa
File:                     BqZIe6gQs5PVIE84eQo2_DOFBSU.roa (raw, json)
Hash identifier:          U/7+ugA60UPkZBbdU298MJ3Zk+Vay3cife8TG24P130=
Subject key identifier:   06:A6:48:7B:A8:10:B3:93:D5:20:4F:38:79:0A:36:FC:33:85:05:25
Certificate issuer:       /CN=9cc5c35d98686f3d8a3874171b143287f5e3e733
Certificate serial:       01942C0E77C2D1F8CED1A73848F87B13C322
Authority key identifier: 9C:C5:C3:5D:98:68:6F:3D:8A:38:74:17:1B:14:32:87:F5:E3:E7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nMXDXZhobz2KOHQXGxQyh_Xj5zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/1186e4-0c14-4b80-9981-e875103faf12/1/BqZIe6gQs5PVIE84eQo2_DOFBSU.roa
Signing time:             Fri 03 Jan 2025 12:05:33 +0000
ROA not before:           Fri 03 Jan 2025 12:05:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49556
IP address blocks:        195.78.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/1186e4-0c14-4b80-9981-e875103faf12/1/nMXDXZhobz2KOHQXGxQyh_Xj5zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/1186e4-0c14-4b80-9981-e875103faf12/1/nMXDXZhobz2KOHQXGxQyh_Xj5zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nMXDXZhobz2KOHQXGxQyh_Xj5zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:2c:0e:77:c2:d1:f8:ce:d1:a7:38:48:f8:7b:13:c3:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cc5c35d98686f3d8a3874171b143287f5e3e733
        Validity
            Not Before: Jan  3 12:05:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06a6487ba810b393d5204f38790a36fc33850525
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3e:8e:e6:a0:12:9f:1c:02:2a:7b:1c:75:06:
                    1e:28:9d:19:dc:43:7c:e3:e7:27:a3:38:ec:e7:d8:
                    f9:60:64:51:fd:c0:73:5d:a0:d0:05:65:97:9b:ae:
                    16:9e:be:25:9e:ca:60:f4:07:78:24:ad:f1:1b:67:
                    03:fd:80:bd:f7:9b:48:52:3a:cf:83:56:48:09:8e:
                    8b:50:a3:5a:12:00:4f:14:c0:39:56:6f:2b:69:80:
                    73:bc:3e:8c:d2:8d:85:ae:2c:58:8b:d3:d0:f9:66:
                    64:07:65:0c:bc:f2:cd:5f:c2:15:55:ac:9c:00:ec:
                    38:c2:ac:eb:36:c6:3c:f1:4b:05:b7:02:ab:67:98:
                    0d:fd:97:dd:18:35:6d:a3:aa:b1:4d:2c:3b:29:a0:
                    4d:41:c4:f5:d4:ac:15:ec:dd:84:64:f7:6b:ba:9a:
                    74:a3:17:67:1a:7d:1d:9f:42:7c:b8:43:63:26:04:
                    ea:b7:f9:d4:4e:e3:33:74:03:5f:1c:2f:7f:70:d1:
                    bf:95:5a:d6:40:83:3d:3d:07:55:b4:f6:46:9d:88:
                    a5:f0:b1:91:6d:e1:f6:f9:a2:c8:ea:b8:56:7d:8c:
                    3a:05:a7:02:17:27:61:61:e3:ab:5c:5e:d7:0b:f1:
                    3b:51:bc:13:b8:60:af:3a:b9:a1:16:34:36:85:63:
                    d9:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:A6:48:7B:A8:10:B3:93:D5:20:4F:38:79:0A:36:FC:33:85:05:25
            X509v3 Authority Key Identifier:
                keyid:9C:C5:C3:5D:98:68:6F:3D:8A:38:74:17:1B:14:32:87:F5:E3:E7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nMXDXZhobz2KOHQXGxQyh_Xj5zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/1186e4-0c14-4b80-9981-e875103faf12/1/BqZIe6gQs5PVIE84eQo2_DOFBSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/1186e4-0c14-4b80-9981-e875103faf12/1/nMXDXZhobz2KOHQXGxQyh_Xj5zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.78.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:5b:6d:4e:78:bf:33:5f:0d:ec:88:36:5e:10:a2:9d:98:06:
         ce:01:8b:08:46:4d:fb:59:41:49:b1:60:f1:de:7c:eb:fe:f9:
         03:c2:c1:b7:e3:83:79:53:69:9d:0c:3c:aa:09:6d:a3:93:6b:
         4a:e1:4c:9b:d5:f3:47:b1:23:3f:0b:af:88:48:ac:49:3f:a9:
         38:8e:c8:92:bf:c3:a1:53:33:4c:76:c1:de:21:c5:7e:fa:24:
         8d:8a:79:d8:81:d4:8e:92:05:c8:f9:26:97:ff:a1:a6:6f:b4:
         32:b5:3b:96:6b:8e:e2:9e:bc:95:1b:1f:4a:29:9b:33:69:a2:
         30:ab:b9:56:a8:48:53:2e:3f:60:a4:e7:bd:ff:4f:0b:f8:e9:
         36:42:23:28:40:10:db:7d:ec:d9:e6:ed:84:18:82:6e:6c:7e:
         a0:ce:b9:72:f3:5c:60:a1:a6:f6:fc:32:1e:67:00:51:6d:17:
         19:f7:2a:02:3f:de:95:b0:92:14:a0:f3:13:7d:87:13:47:ae:
         f9:e1:05:b2:74:7e:0e:c4:e2:ee:ca:09:e6:bf:03:8d:06:fe:
         17:94:39:9c:ac:2f:99:fe:d3:ee:69:30:34:ac:70:76:f7:b5:
         6d:4f:63:89:38:b9:13:68:a0:4a:58:b1:13:dc:c7:8f:b5:8b:
         ab:ac:88:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQsDnfC0fjO0ac4SPh7E8MiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYzVjMzVkOTg2ODZmM2Q4YTM4NzQxNzFiMTQzMjg3ZjVl
M2U3MzMwHhcNMjUwMTAzMTIwNTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmE2NDg3YmE4MTBiMzkzZDUyMDRmMzg3OTBhMzZmYzMzODUwNTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvT6O5qASnxwCKnscdQYeKJ0Z3EN8
4+cnozjs59j5YGRR/cBzXaDQBWWXm64Wnr4lnspg9Ad4JK3xG2cD/YC995tIUjrP
g1ZICY6LUKNaEgBPFMA5Vm8raYBzvD6M0o2FrixYi9PQ+WZkB2UMvPLNX8IVVayc
AOw4wqzrNsY88UsFtwKrZ5gN/ZfdGDVto6qxTSw7KaBNQcT11KwV7N2EZPdrupp0
oxdnGn0dn0J8uENjJgTqt/nUTuMzdANfHC9/cNG/lVrWQIM9PQdVtPZGnYil8LGR
beH2+aLI6rhWfYw6BacCFydhYeOrXF7XC/E7UbwTuGCvOrmhFjQ2hWPZlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAamSHuoELOT1SBPOHkKNvwzhQUlMB8GA1UdIwQY
MBaAFJzFw12YaG89ijh0FxsUMof14+czMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbk1YRFhaaG9iejJLT0hRWEd4UXloX1hqNXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8xMTg2ZTQtMGMxNC00YjgwLTk5ODEt
ZTg3NTEwM2ZhZjEyLzEvQnFaSWU2Z1FzNVBWSUU4NGVRbzJfRE9GQlNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8xMTg2ZTQtMGMxNC00YjgwLTk5ODEtZTg3NTEwM2ZhZjEy
LzEvbk1YRFhaaG9iejJLT0hRWEd4UXloX1hqNXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw05zMA0G
CSqGSIb3DQEBCwUAA4IBAQCAW21OeL8zXw3siDZeEKKdmAbOAYsIRk37WUFJsWDx
3nzr/vkDwsG344N5U2mdDDyqCW2jk2tK4Uyb1fNHsSM/C6+ISKxJP6k4jsiSv8Oh
UzNMdsHeIcV++iSNinnYgdSOkgXI+SaX/6Gmb7QytTuWa47inryVGx9KKZszaaIw
q7lWqEhTLj9gpOe9/08L+Ok2QiMoQBDbfezZ5u2EGIJubH6gzrly81xgoab2/DIe
ZwBRbRcZ9yoCP96VsJIUoPMTfYcTR6754QWydH4OxOLuygnmvwONBv4XlDmcrC+Z
/tPuaTA0rHB297VtT2OJOLkTaKBKWLET3MePtYurrIjb
-----END CERTIFICATE-----