Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/BQKCcac9UKOCD5MefolvK7NKEhc.roa
File:                     BQKCcac9UKOCD5MefolvK7NKEhc.roa (raw, json)
Hash identifier:          iqh9nXvFYgmQfiBd9DZ/s9POX53xra8haiAqpMvoj8o=
Subject key identifier:   05:02:82:71:A7:3D:50:A3:82:0F:93:1E:7E:89:6F:2B:B3:4A:12:17
Certificate issuer:       /CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Certificate serial:       018CC2DB12F45C59B295B6FEC1C7B9BADB16
Authority key identifier: 75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/BQKCcac9UKOCD5MefolvK7NKEhc.roa
Signing time:             Mon 01 Jan 2024 02:29:46 +0000
ROA not before:           Mon 01 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5394
IP address blocks:        194.20.96.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 07:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:12:f4:5c:59:b2:95:b6:fe:c1:c7:b9:ba:db:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7539b7a123417aa719325946aa89e0f30ab0ca09
        Validity
            Not Before: Jan  1 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05028271a73d50a3820f931e7e896f2bb34a1217
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e0:bd:cc:f9:d0:c3:45:65:2e:b8:f9:3a:56:
                    24:7c:30:87:d8:a0:4f:5a:59:66:35:de:cc:4c:6a:
                    e3:c7:28:4e:99:63:e0:f7:bb:fb:66:a1:d1:73:7a:
                    8b:2a:7e:83:37:2f:a9:8c:da:2e:fc:6c:f9:94:99:
                    ec:c1:75:5b:0f:84:b5:1d:71:06:5a:ea:ac:ad:66:
                    b3:74:66:6e:02:68:59:89:e7:27:21:e4:e1:e1:0e:
                    4a:c3:33:8d:82:7c:18:25:8f:27:7c:c0:a9:70:5b:
                    f1:f4:f7:e3:5b:69:52:a9:15:8d:b7:a7:93:09:fb:
                    1f:82:7d:8c:c9:3a:db:32:7f:b9:89:0f:d3:28:de:
                    ba:62:45:99:20:d5:20:08:d2:09:e1:65:50:07:d5:
                    51:26:c6:d5:7c:c6:3b:65:10:d9:c5:10:7f:4f:4e:
                    07:7a:9b:5a:9e:91:05:43:8a:a7:57:d2:59:9c:c1:
                    5e:7d:24:d9:19:f2:53:33:42:e4:17:aa:f4:8f:f3:
                    5f:54:62:21:25:2a:c6:aa:3b:d9:75:5a:dc:17:39:
                    5c:54:74:bc:d0:c5:fc:8f:ab:9b:ee:e3:69:e3:01:
                    33:aa:bd:63:59:df:a7:bd:a8:a1:95:b3:8f:13:9b:
                    14:83:1d:c7:24:61:2a:58:80:c1:63:d7:35:ea:9c:
                    ce:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:02:82:71:A7:3D:50:A3:82:0F:93:1E:7E:89:6F:2B:B3:4A:12:17
            X509v3 Authority Key Identifier:
                keyid:75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/BQKCcac9UKOCD5MefolvK7NKEhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.20.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         d5:48:25:d0:59:5c:89:7a:1c:98:3b:d2:19:28:5b:d8:0b:40:
         72:76:b5:70:ba:a5:21:0e:74:d6:01:41:fe:87:cf:8f:84:16:
         4f:17:43:81:68:f5:7c:43:81:62:49:48:6d:d9:ff:38:7a:24:
         a3:57:0a:2d:09:8f:4f:df:65:7b:07:e0:97:55:d4:3b:75:d9:
         06:5d:4d:56:e9:81:17:a4:3a:bc:ba:19:aa:c0:10:aa:53:a7:
         3b:f5:35:78:ac:1c:59:7e:9d:3b:7c:91:06:25:53:90:cc:20:
         10:4f:d2:74:f3:f4:23:4e:b3:d0:04:4b:b3:92:45:c7:5c:10:
         e6:ba:0c:1c:f1:c3:09:a6:c7:7b:7f:2f:6d:2f:55:92:b1:d9:
         39:97:17:b0:5b:a1:01:9c:6a:49:0b:04:2a:47:5d:ed:41:ec:
         4b:d8:dd:56:e0:88:e3:06:b2:7f:a9:8b:27:8a:6f:e2:69:5d:
         17:19:3c:86:b1:46:3c:a0:1d:55:50:32:24:21:f1:ba:bb:40:
         f2:3b:50:98:ab:df:46:83:b7:ce:e9:c8:2b:40:3d:9c:48:1d:
         59:4d:77:a6:0f:10:d5:10:af:84:62:cf:96:6f:af:57:2e:b0:
         b3:d8:22:d6:01:48:ad:1f:fc:84:9d:fc:d3:db:c2:36:b6:f9:
         5e:d9:fc:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xL0XFmylbb+wce5utsWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MzliN2ExMjM0MTdhYTcxOTMyNTk0NmFhODllMGYzMGFi
MGNhMDkwHhcNMjQwMTAxMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTAyODI3MWE3M2Q1MGEzODIwZjkzMWU3ZTg5NmYyYmIzNGExMjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOC9zPnQw0VlLrj5OlYkfDCH2KBP
WllmNd7MTGrjxyhOmWPg97v7ZqHRc3qLKn6DNy+pjNou/Gz5lJnswXVbD4S1HXEG
WuqsrWazdGZuAmhZiecnIeTh4Q5KwzONgnwYJY8nfMCpcFvx9PfjW2lSqRWNt6eT
Cfsfgn2MyTrbMn+5iQ/TKN66YkWZINUgCNIJ4WVQB9VRJsbVfMY7ZRDZxRB/T04H
eptanpEFQ4qnV9JZnMFefSTZGfJTM0LkF6r0j/NfVGIhJSrGqjvZdVrcFzlcVHS8
0MX8j6ub7uNp4wEzqr1jWd+nvaihlbOPE5sUgx3HJGEqWIDBY9c16pzO5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUCgnGnPVCjgg+THn6JbyuzShIXMB8GA1UdIwQY
MBaAFHU5t6EjQXqnGTJZRqqJ4PMKsMoJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjct
NWI1ZTMzY2U3MGFkLzEvQlFLQ2NhYzlVS09DRDVNZWZvbHZLN05LRWhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjctNWI1ZTMzY2U3MGFk
LzEvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwhRgMA0G
CSqGSIb3DQEBCwUAA4IBAQDVSCXQWVyJehyYO9IZKFvYC0BydrVwuqUhDnTWAUH+
h8+PhBZPF0OBaPV8Q4FiSUht2f84eiSjVwotCY9P32V7B+CXVdQ7ddkGXU1W6YEX
pDq8uhmqwBCqU6c79TV4rBxZfp07fJEGJVOQzCAQT9J08/QjTrPQBEuzkkXHXBDm
ugwc8cMJpsd7fy9tL1WSsdk5lxewW6EBnGpJCwQqR13tQexL2N1W4IjjBrJ/qYsn
im/iaV0XGTyGsUY8oB1VUDIkIfG6u0DyO1CYq99Gg7fO6cgrQD2cSB1ZTXemDxDV
EK+EYs+Wb69XLrCz2CLWAUitH/yEnfzT28I2tvle2fy1
-----END CERTIFICATE-----