Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/BgtL9HETbzAOTqdpuMP5BEZK8Uc.roa
File:                     BgtL9HETbzAOTqdpuMP5BEZK8Uc.roa (raw, json)
Hash identifier:          pfUfhCc4SY8UamSQsz7LFatr3RW05YhXGNbdlGph3/g=
Subject key identifier:   06:0B:4B:F4:71:13:6F:30:0E:4E:A7:69:B8:C3:F9:04:46:4A:F1:47
Certificate issuer:       /CN=e760126dce78bc16e66c2e6e7635848ac46846af
Certificate serial:       018CC7937CF95C6F8A600A9C29C8E1E2923A
Authority key identifier: E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/BgtL9HETbzAOTqdpuMP5BEZK8Uc.roa
Signing time:             Tue 02 Jan 2024 00:29:40 +0000
ROA not before:           Tue 02 Jan 2024 00:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        146.247.102.0/24 maxlen: 24
                          146.247.102.0/23 maxlen: 23
                          146.247.103.0/24 maxlen: 24
                          146.247.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:7c:f9:5c:6f:8a:60:0a:9c:29:c8:e1:e2:92:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e760126dce78bc16e66c2e6e7635848ac46846af
        Validity
            Not Before: Jan  2 00:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=060b4bf471136f300e4ea769b8c3f904464af147
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:09:cd:df:21:07:bf:33:80:74:8b:5d:62:75:
                    c3:26:bb:b4:c3:33:6a:e2:da:58:4e:17:5e:3a:ec:
                    97:7b:c3:5f:6d:57:85:58:e6:ba:80:ae:75:72:aa:
                    99:cf:6c:b3:1e:a6:c6:8b:1a:60:5b:de:57:98:c7:
                    bd:4f:ab:95:6f:23:d3:bb:a3:b6:58:4b:03:fe:8a:
                    7e:c6:cd:b9:30:fb:30:59:9c:b4:2d:55:65:4f:dd:
                    38:63:0f:f0:02:4e:89:42:e2:47:40:10:22:50:7f:
                    23:a2:6b:eb:97:a5:1a:43:d2:0a:3c:50:82:d4:70:
                    6d:a5:0f:3b:3b:e0:96:b9:dd:f2:32:63:40:a0:2d:
                    57:fd:a8:a8:79:18:92:2e:80:32:00:c0:39:cb:50:
                    d7:1a:3d:7a:27:f9:24:83:f9:fb:2c:de:81:22:ad:
                    27:8c:3a:7e:46:86:f2:d1:79:33:c5:97:2c:5a:6b:
                    5c:64:9d:49:58:0f:a7:bb:d9:60:f7:26:0c:db:20:
                    2a:1a:96:14:c0:66:cf:c6:0f:0a:38:a3:55:bb:dd:
                    48:61:4b:94:6c:b1:96:36:5c:40:5c:65:04:c8:9b:
                    b5:7e:94:99:2e:aa:a0:2b:21:68:ab:b9:b7:6e:e0:
                    b3:73:78:04:3f:64:2c:28:6b:36:ee:22:d1:11:51:
                    a5:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:0B:4B:F4:71:13:6F:30:0E:4E:A7:69:B8:C3:F9:04:46:4A:F1:47
            X509v3 Authority Key Identifier:
                keyid:E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/BgtL9HETbzAOTqdpuMP5BEZK8Uc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.247.102.0/23
                  146.247.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:57:57:3f:26:be:a3:24:97:4e:7c:40:61:43:aa:b8:63:0b:
         a7:d7:86:4b:42:63:0c:76:74:25:97:8a:00:10:f0:13:1c:d2:
         7f:d2:44:d5:79:5e:5e:3d:2e:90:9f:fb:c7:39:f4:d9:43:8f:
         cc:45:ae:73:8e:5e:37:49:12:a4:b6:9b:52:9f:19:56:6a:4e:
         69:8d:43:6f:87:28:5a:0d:51:ca:10:49:39:a9:5c:a7:7f:df:
         02:18:b7:6c:61:24:3d:22:e3:81:2d:74:a8:ea:5b:67:95:df:
         4e:b5:c6:ec:ee:1c:07:c3:81:f9:37:91:00:45:f6:b1:1d:5f:
         df:a7:c5:c5:c9:d1:04:34:97:f8:fb:8b:a8:a2:4d:33:9f:d4:
         d2:05:ae:89:c9:00:19:7c:04:97:ee:69:37:f7:9b:f8:cb:75:
         fb:a2:f7:99:af:6f:7e:91:2e:59:a1:cd:9b:6c:c8:16:f1:9a:
         ed:1a:f0:cb:e8:75:55:a7:f0:86:6b:b6:58:0f:09:81:48:35:
         6b:cc:21:0c:43:5f:1d:a6:b3:28:8b:46:7f:c2:b4:b4:70:2c:
         59:29:74:78:6f:4b:8d:57:26:7d:59:32:a3:c5:4c:2b:e2:38:
         20:b1:f9:6c:15:7f:0a:29:c2:7b:71:a4:fd:99:04:b4:8c:63:
         17:ba:93:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHk3z5XG+KYAqcKcjh4pI6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NjAxMjZkY2U3OGJjMTZlNjZjMmU2ZTc2MzU4NDhhYzQ2
ODQ2YWYwHhcNMjQwMTAyMDAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjBiNGJmNDcxMTM2ZjMwMGU0ZWE3NjliOGMzZjkwNDQ2NGFmMTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwnN3yEHvzOAdItdYnXDJru0wzNq
4tpYThdeOuyXe8NfbVeFWOa6gK51cqqZz2yzHqbGixpgW95XmMe9T6uVbyPTu6O2
WEsD/op+xs25MPswWZy0LVVlT904Yw/wAk6JQuJHQBAiUH8jomvrl6UaQ9IKPFCC
1HBtpQ87O+CWud3yMmNAoC1X/aioeRiSLoAyAMA5y1DXGj16J/kkg/n7LN6BIq0n
jDp+Roby0XkzxZcsWmtcZJ1JWA+nu9lg9yYM2yAqGpYUwGbPxg8KOKNVu91IYUuU
bLGWNlxAXGUEyJu1fpSZLqqgKyFoq7m3buCzc3gEP2QsKGs27iLREVGliQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAYLS/RxE28wDk6nabjD+QRGSvFHMB8GA1UdIwQY
MBaAFOdgEm3OeLwW5mwubnY1hIrEaEavMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3Yjgt
ZDI0ZjU2MmRlZGQyLzEvQmd0TDlIRVRiekFPVHFkcHVNUDVCRVpLOFVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3YjgtZDI0ZjU2MmRlZGQy
LzEvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBkvdmAwQA
kvd/MA0GCSqGSIb3DQEBCwUAA4IBAQCHV1c/Jr6jJJdOfEBhQ6q4Ywun14ZLQmMM
dnQll4oAEPATHNJ/0kTVeV5ePS6Qn/vHOfTZQ4/MRa5zjl43SRKktptSnxlWak5p
jUNvhyhaDVHKEEk5qVynf98CGLdsYSQ9IuOBLXSo6ltnld9Otcbs7hwHw4H5N5EA
RfaxHV/fp8XFydEENJf4+4uook0zn9TSBa6JyQAZfASX7mk395v4y3X7oveZr29+
kS5Zoc2bbMgW8ZrtGvDL6HVVp/CGa7ZYDwmBSDVrzCEMQ18dprMoi0Z/wrS0cCxZ
KXR4b0uNVyZ9WTKjxUwr4jggsflsFX8KKcJ7caT9mQS0jGMXupPB
-----END CERTIFICATE-----