Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/BoWmTI__e-Glb1z0cBIjpyHXgQs.roa
File:                     BoWmTI__e-Glb1z0cBIjpyHXgQs.roa (raw, json)
Hash identifier:          pj64V0U6xFSD/nQa9fKFAm/iVJWbs/Grl5y5nYEfIQc=
Subject key identifier:   06:85:A6:4C:8F:FF:7B:E1:A5:6F:5C:F4:70:12:23:A7:21:D7:81:0B
Certificate issuer:       /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial:       0194266C1BFB6EA82BF9F4DEDDEB433CB0ED
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/BoWmTI__e-Glb1z0cBIjpyHXgQs.roa
Signing time:             Thu 02 Jan 2025 09:50:06 +0000
ROA not before:           Thu 02 Jan 2025 09:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43123
IP address blocks:        195.219.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 11:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:1b:fb:6e:a8:2b:f9:f4:de:dd:eb:43:3c:b0:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
        Validity
            Not Before: Jan  2 09:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0685a64c8fff7be1a56f5cf4701223a721d7810b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:75:81:db:16:44:b8:d3:be:1f:c6:b6:8a:23:
                    13:f5:d5:1a:03:29:d2:72:2a:11:ea:3b:79:e7:b1:
                    78:60:70:d6:0a:ff:c7:c1:e9:11:9e:46:e7:16:43:
                    46:17:c5:23:40:a3:96:79:6b:03:84:33:13:3a:af:
                    7f:3a:a0:20:91:de:d8:71:ec:de:d3:23:84:92:1c:
                    bb:73:bb:ef:21:ec:e8:20:fd:73:ee:14:cd:50:19:
                    47:a4:95:ec:8f:eb:c5:65:ba:83:59:3d:7d:ac:df:
                    84:04:21:b9:56:c7:f3:f4:16:e8:86:a9:c8:21:84:
                    36:d5:dc:0b:99:f0:71:a6:75:0f:26:fc:4e:d0:51:
                    ac:6a:a2:9b:21:a3:48:97:7b:b1:75:f5:36:a0:b1:
                    c0:20:fa:19:73:ec:4d:16:df:8c:a5:4c:1e:4b:4b:
                    07:7e:45:b3:09:07:60:2d:80:6b:13:5b:c0:7f:9c:
                    69:a6:ad:3f:f7:ec:df:5f:cb:3b:af:4d:a6:14:54:
                    af:00:31:fd:55:90:d0:8e:a6:58:0a:7f:67:7a:fb:
                    81:a9:e8:b8:b1:1c:e3:2e:7f:96:d4:49:fc:07:ba:
                    26:17:1a:b2:50:47:27:52:60:ea:41:ff:9d:f1:36:
                    1a:25:56:2f:8d:34:50:a1:6a:17:43:d2:c7:39:02:
                    f6:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:85:A6:4C:8F:FF:7B:E1:A5:6F:5C:F4:70:12:23:A7:21:D7:81:0B
            X509v3 Authority Key Identifier:
                keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/BoWmTI__e-Glb1z0cBIjpyHXgQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.219.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:e1:16:c0:68:aa:27:81:a9:e3:7b:b5:ce:a4:4b:7b:2c:19:
         52:f5:e1:ab:4d:c3:bd:f4:ff:83:01:f6:bd:ea:ca:a6:63:e8:
         c8:2e:5e:cc:c5:2a:70:34:ef:9e:6d:b4:e0:84:6b:56:b9:19:
         77:f3:dc:18:61:33:5b:cb:69:ee:21:a3:52:ef:33:3d:cb:3f:
         85:c3:a8:15:44:f0:e9:91:85:cd:e6:d4:1d:0b:d6:0d:b4:2b:
         11:16:33:89:f0:11:e6:fd:5a:c1:3a:02:cf:f6:5b:e9:f3:c7:
         5c:61:af:e0:11:19:5b:ca:a5:a7:8d:f8:5d:ef:9f:db:81:ae:
         12:8a:7d:57:d3:79:81:42:29:fd:c4:05:96:f0:cf:31:1b:f8:
         13:71:f7:8d:d5:c6:9f:da:41:9e:3b:56:6b:16:8d:ce:c1:16:
         96:17:6a:99:09:cc:2b:df:88:4e:76:97:6f:72:7a:be:6e:72:
         c5:ac:97:f4:45:f2:62:d3:d1:e6:6f:44:97:fa:a2:a8:dc:c2:
         70:8e:3c:b8:ab:95:ba:29:0b:b9:d1:3f:02:a8:82:1b:7b:9a:
         80:47:fc:b6:c6:3e:f9:62:85:c3:ca:bc:f2:18:3e:f1:26:23:
         08:6d:67:ed:c1:8e:44:dc:29:b4:96:39:79:86:08:5f:ba:f9:
         6a:c3:dd:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbBv7bqgr+fTe3etDPLDtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjUwMTAyMDk1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjg1YTY0YzhmZmY3YmUxYTU2ZjVjZjQ3MDEyMjNhNzIxZDc4MTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3WB2xZEuNO+H8a2iiMT9dUaAynS
cioR6jt557F4YHDWCv/HwekRnkbnFkNGF8UjQKOWeWsDhDMTOq9/OqAgkd7Yceze
0yOEkhy7c7vvIezoIP1z7hTNUBlHpJXsj+vFZbqDWT19rN+EBCG5Vsfz9BbohqnI
IYQ21dwLmfBxpnUPJvxO0FGsaqKbIaNIl3uxdfU2oLHAIPoZc+xNFt+MpUweS0sH
fkWzCQdgLYBrE1vAf5xppq0/9+zfX8s7r02mFFSvADH9VZDQjqZYCn9nevuBqei4
sRzjLn+W1En8B7omFxqyUEcnUmDqQf+d8TYaJVYvjTRQoWoXQ9LHOQL2sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAaFpkyP/3vhpW9c9HASI6ch14ELMB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvQm9XbVRJX19lLUdsYjF6MGNCSWpweUhYZ1FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9snMA0G
CSqGSIb3DQEBCwUAA4IBAQCz4RbAaKonganje7XOpEt7LBlS9eGrTcO99P+DAfa9
6sqmY+jILl7MxSpwNO+ebbTghGtWuRl389wYYTNby2nuIaNS7zM9yz+Fw6gVRPDp
kYXN5tQdC9YNtCsRFjOJ8BHm/VrBOgLP9lvp88dcYa/gERlbyqWnjfhd75/bga4S
in1X03mBQin9xAWW8M8xG/gTcfeN1caf2kGeO1ZrFo3OwRaWF2qZCcwr34hOdpdv
cnq+bnLFrJf0RfJi09Hmb0SX+qKo3MJwjjy4q5W6KQu50T8CqIIbe5qAR/y2xj75
YoXDyrzyGD7xJiMIbWftwY5E3Cm0ljl5hghfuvlqw90t
-----END CERTIFICATE-----