Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/BdLsoA_xWhGIoq9m__7cf7tBS6I.roa
File:                     BdLsoA_xWhGIoq9m__7cf7tBS6I.roa (raw, json)
Hash identifier:          ORF5aTBn06GlNDeoJY+Mh+HqAhzJW0v2xoYnUjpSYLQ=
Subject key identifier:   05:D2:EC:A0:0F:F1:5A:11:88:A2:AF:66:FF:FE:DC:7F:BB:41:4B:A2
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       018CC649CB43FDE1F344A098AEF3D1AEA9F3
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/BdLsoA_xWhGIoq9m__7cf7tBS6I.roa
Signing time:             Mon 01 Jan 2024 18:29:34 +0000
ROA not before:           Mon 01 Jan 2024 18:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200017
IP address blocks:        81.22.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:cb:43:fd:e1:f3:44:a0:98:ae:f3:d1:ae:a9:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan  1 18:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05d2eca00ff15a1188a2af66fffedc7fbb414ba2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:5b:d0:b6:4f:35:cd:3a:9b:10:3d:c7:e3:0c:
                    15:91:d0:ae:f5:5f:ff:6c:1c:ed:11:ed:a7:46:1d:
                    d7:eb:41:bf:92:bc:4e:ec:3c:66:5d:4b:27:81:97:
                    50:84:58:b8:83:f5:77:6f:61:aa:4a:60:3b:b9:cd:
                    b2:6c:52:7d:a3:24:a5:4a:90:07:52:04:ed:98:5b:
                    fd:d7:3c:cb:c8:9a:41:57:37:12:6a:33:81:c4:e0:
                    2b:fa:b1:0e:5f:9e:de:2e:c8:1c:67:ad:73:49:98:
                    db:d5:dc:1c:dd:ff:75:a2:9c:06:c5:e1:ba:b8:ba:
                    7b:bb:79:ff:e9:bf:37:07:61:23:14:19:c7:1d:3f:
                    5c:ad:95:cd:e2:a3:09:38:9f:be:b5:50:16:c3:6e:
                    07:8b:81:93:d8:29:f0:a1:fa:8e:d4:66:c9:21:a3:
                    16:7b:a9:b6:89:1d:e4:2d:c2:47:a6:f2:8a:6b:a5:
                    a3:d8:1a:69:d1:82:21:0a:94:b7:d5:05:2f:ee:ff:
                    75:3c:0c:f6:3b:4d:44:41:6d:98:c8:bf:b4:88:af:
                    16:7c:d9:bb:b7:8f:27:4c:04:33:2b:34:b7:43:3c:
                    9d:ca:de:d6:5b:ad:28:e4:89:aa:60:87:9f:df:48:
                    99:db:10:81:25:b8:d5:a9:7a:3a:66:c1:3c:b7:58:
                    8c:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:D2:EC:A0:0F:F1:5A:11:88:A2:AF:66:FF:FE:DC:7F:BB:41:4B:A2
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/BdLsoA_xWhGIoq9m__7cf7tBS6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:15:f5:fc:2c:4d:f2:d5:d6:25:cd:85:33:b7:59:a5:26:bb:
         2a:b0:0a:98:6c:6f:99:8c:89:17:60:80:01:76:3d:2b:80:c2:
         3e:4a:25:35:9d:9a:3d:41:10:43:fa:93:60:69:59:03:06:13:
         0e:37:e3:c1:12:fc:7d:0d:6b:d0:97:89:da:f3:dd:0d:86:ea:
         6d:2d:dc:f7:4a:22:27:d0:48:57:95:a3:b6:16:07:6f:1b:fe:
         99:94:ea:03:5d:e3:fd:75:4b:4c:dd:a3:36:68:0e:dd:2a:4b:
         dd:b7:a3:b2:79:f4:18:15:e0:a0:69:f8:5e:79:aa:70:03:63:
         bc:d9:a4:e3:1f:75:11:9a:8f:68:ed:da:f4:10:16:39:bf:77:
         31:49:6f:01:03:3f:55:20:11:d0:46:81:e2:16:26:dc:a7:f9:
         10:f8:48:38:3a:22:b9:e0:78:5b:05:8a:1d:40:6e:2c:68:5d:
         16:82:34:8d:fc:0c:0e:95:de:c7:16:10:98:19:ac:27:3c:a4:
         98:ca:5c:5b:03:e3:03:b7:45:fe:63:b2:dd:52:b9:bd:ec:91:
         59:2e:0c:16:ba:bb:4d:4d:8e:4e:7b:e0:ba:f8:d1:be:15:6f:
         66:a1:cf:73:f2:97:f0:e2:cc:a4:86:ce:25:fb:68:f6:5e:ea:
         a5:cb:15:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSctD/eHzRKCYrvPRrqnzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjQwMTAxMTgyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWQyZWNhMDBmZjE1YTExODhhMmFmNjZmZmZlZGM3ZmJiNDE0YmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFvQtk81zTqbED3H4wwVkdCu9V//
bBztEe2nRh3X60G/krxO7DxmXUsngZdQhFi4g/V3b2GqSmA7uc2ybFJ9oySlSpAH
UgTtmFv91zzLyJpBVzcSajOBxOAr+rEOX57eLsgcZ61zSZjb1dwc3f91opwGxeG6
uLp7u3n/6b83B2EjFBnHHT9crZXN4qMJOJ++tVAWw24Hi4GT2CnwofqO1GbJIaMW
e6m2iR3kLcJHpvKKa6Wj2Bpp0YIhCpS31QUv7v91PAz2O01EQW2YyL+0iK8WfNm7
t48nTAQzKzS3Qzydyt7WW60o5ImqYIef30iZ2xCBJbjVqXo6ZsE8t1iM2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAXS7KAP8VoRiKKvZv/+3H+7QUuiMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvQmRMc29BX3hXaEdJb3E5bV9fN2NmN3RCUzZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURaFMA0G
CSqGSIb3DQEBCwUAA4IBAQAtFfX8LE3y1dYlzYUzt1mlJrsqsAqYbG+ZjIkXYIAB
dj0rgMI+SiU1nZo9QRBD+pNgaVkDBhMON+PBEvx9DWvQl4na890NhuptLdz3SiIn
0EhXlaO2FgdvG/6ZlOoDXeP9dUtM3aM2aA7dKkvdt6OyefQYFeCgafheeapwA2O8
2aTjH3URmo9o7dr0EBY5v3cxSW8BAz9VIBHQRoHiFibcp/kQ+Eg4OiK54HhbBYod
QG4saF0WgjSN/AwOld7HFhCYGawnPKSYylxbA+MDt0X+Y7LdUrm97JFZLgwWurtN
TY5Oe+C6+NG+FW9moc9z8pfw4sykhs4l+2j2XuqlyxWo
-----END CERTIFICATE-----