Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/BCkd2wOiyZuYHD-GuWVlv9LzhxE.roa
File:                     BCkd2wOiyZuYHD-GuWVlv9LzhxE.roa (raw, json)
Hash identifier:          wXo7x0TDu1WZwM20SbRog45Swn8QJtDNi8CTD7dgi1E=
Subject key identifier:   04:29:1D:DB:03:A2:C9:9B:98:1C:3F:86:B9:65:65:BF:D2:F3:87:11
Certificate issuer:       /CN=9d5de490ff874e9689cecf726cbb4e2f51f6c731
Certificate serial:       018CC6B8FE2B66B0E507BAD72A6B1963898B
Authority key identifier: 9D:5D:E4:90:FF:87:4E:96:89:CE:CF:72:6C:BB:4E:2F:51:F6:C7:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/BCkd2wOiyZuYHD-GuWVlv9LzhxE.roa
Signing time:             Mon 01 Jan 2024 20:31:01 +0000
ROA not before:           Mon 01 Jan 2024 20:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21026
IP address blocks:        193.188.250.0/24 maxlen: 25
                          194.8.96.0/19 maxlen: 25
                          194.145.64.0/19 maxlen: 25

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 07:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:fe:2b:66:b0:e5:07:ba:d7:2a:6b:19:63:89:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d5de490ff874e9689cecf726cbb4e2f51f6c731
        Validity
            Not Before: Jan  1 20:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04291ddb03a2c99b981c3f86b96565bfd2f38711
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:74:e7:7c:68:05:ac:56:48:9a:53:ef:d6:70:
                    cf:b6:46:e7:0d:11:5e:73:e3:c8:75:38:c9:e5:f3:
                    73:a9:40:b6:8d:58:6b:c0:f8:d8:25:07:36:19:b1:
                    22:b9:ce:4a:1a:d4:59:d8:0b:33:f6:8d:e0:76:b1:
                    70:7c:0b:ba:80:e0:01:c1:46:aa:e1:37:2b:7c:ef:
                    79:5e:31:15:b7:ee:7b:da:54:47:51:9b:b9:08:b6:
                    70:57:9d:52:16:a2:62:5f:0a:f6:5b:cb:68:e2:bb:
                    70:b6:4b:ff:14:7b:6d:80:72:b1:a2:1b:5b:a4:c3:
                    01:91:cb:a2:1b:ac:a7:ae:38:5c:28:b1:b9:75:1a:
                    12:3f:5b:af:04:0d:d0:21:e2:4f:3f:78:2d:e6:7c:
                    03:2d:53:3d:26:58:df:35:53:51:36:a0:a2:24:d1:
                    5a:bf:9a:6b:8b:6a:df:31:38:ef:76:80:fd:03:c3:
                    ca:81:c9:54:15:6b:07:9d:68:e0:5b:77:2d:5f:bd:
                    45:0d:39:b9:f2:01:ed:5b:5c:2e:aa:84:82:91:55:
                    c0:0c:59:2f:d1:50:c0:f8:b2:45:e4:a0:2f:15:96:
                    02:2b:1b:0c:33:0d:94:c1:31:a2:1c:d1:ce:4c:9b:
                    9f:3d:18:d8:51:84:d9:04:06:ea:1d:4a:e9:7b:31:
                    6b:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:29:1D:DB:03:A2:C9:9B:98:1C:3F:86:B9:65:65:BF:D2:F3:87:11
            X509v3 Authority Key Identifier:
                keyid:9D:5D:E4:90:FF:87:4E:96:89:CE:CF:72:6C:BB:4E:2F:51:F6:C7:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/BCkd2wOiyZuYHD-GuWVlv9LzhxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.188.250.0/24
                  194.8.96.0/19
                  194.145.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         97:3a:4c:19:e2:c4:eb:ea:4c:31:ae:22:78:e6:ed:63:87:44:
         a5:80:6a:36:d7:75:26:06:b7:8d:91:95:60:b1:36:9b:b7:8c:
         ed:45:79:72:3f:91:b9:c6:53:7d:ca:24:ee:cd:b2:20:85:7f:
         09:73:94:13:3f:ff:2a:ac:90:47:15:1c:74:90:cd:0b:a5:d9:
         1b:cf:72:0f:4d:83:00:6b:58:08:eb:55:f2:e8:2b:bc:20:ef:
         80:3c:f4:3e:af:7e:a1:a9:62:13:04:d3:24:4e:df:a5:0f:0e:
         5e:00:af:f6:5f:00:16:ac:36:1e:47:f0:46:32:e2:e7:fe:ca:
         e4:71:6d:28:73:ef:51:a0:2a:2b:12:f1:f5:0a:3a:6a:f4:93:
         96:5c:a7:d1:53:c0:b8:b4:26:33:d8:64:d8:2d:eb:1b:df:75:
         eb:41:5d:8e:c2:e7:8b:36:16:4e:a5:ee:4a:97:1d:da:84:fa:
         55:47:4b:b6:4f:45:9d:ec:1c:2f:bc:e1:43:c3:5d:99:fc:86:
         40:2c:ce:8a:35:be:32:2c:f8:d4:13:dd:e7:67:c2:99:59:52:
         fe:dc:18:c3:ea:62:2d:48:07:dd:05:b4:93:c0:8c:d1:0f:1b:
         0c:56:14:a6:42:2d:af:8c:eb:fb:df:ff:ca:05:02:55:6a:d3:
         7d:04:a6:ee
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzGuP4rZrDlB7rXKmsZY4mLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNWRlNDkwZmY4NzRlOTY4OWNlY2Y3MjZjYmI0ZTJmNTFm
NmM3MzEwHhcNMjQwMTAxMjAzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDI5MWRkYjAzYTJjOTliOTgxYzNmODZiOTY1NjViZmQyZjM4NzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3TnfGgFrFZImlPv1nDPtkbnDRFe
c+PIdTjJ5fNzqUC2jVhrwPjYJQc2GbEiuc5KGtRZ2Asz9o3gdrFwfAu6gOABwUaq
4TcrfO95XjEVt+572lRHUZu5CLZwV51SFqJiXwr2W8to4rtwtkv/FHttgHKxohtb
pMMBkcuiG6ynrjhcKLG5dRoSP1uvBA3QIeJPP3gt5nwDLVM9JljfNVNRNqCiJNFa
v5pri2rfMTjvdoD9A8PKgclUFWsHnWjgW3ctX71FDTm58gHtW1wuqoSCkVXADFkv
0VDA+LJF5KAvFZYCKxsMMw2UwTGiHNHOTJufPRjYUYTZBAbqHUrpezFrNQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAQpHdsDosmbmBw/hrllZb/S84cRMB8GA1UdIwQY
MBaAFJ1d5JD/h06Wic7Pcmy7Ti9R9scxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblYza2tQLUhUcGFKenM5eWJMdE9MMUgyeHpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC83NDViZGItMTA0Yi00OWM3LTk5ZDUt
Y2VjMzNiYTFiZGY1LzEvQkNrZDJ3T2l5WnVZSEQtR3VXVmx2OUx6aHhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC83NDViZGItMTA0Yi00OWM3LTk5ZDUtY2VjMzNiYTFiZGY1
LzEvblYza2tQLUhUcGFKenM5eWJMdE9MMUgyeHpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwbz6AwQF
wghgAwQFwpFAMA0GCSqGSIb3DQEBCwUAA4IBAQCXOkwZ4sTr6kwxriJ45u1jh0Sl
gGo213UmBreNkZVgsTabt4ztRXlyP5G5xlN9yiTuzbIghX8Jc5QTP/8qrJBHFRx0
kM0Lpdkbz3IPTYMAa1gI61Xy6Cu8IO+APPQ+r36hqWITBNMkTt+lDw5eAK/2XwAW
rDYeR/BGMuLn/srkcW0oc+9RoCorEvH1Cjpq9JOWXKfRU8C4tCYz2GTYLesb33Xr
QV2OwueLNhZOpe5Klx3ahPpVR0u2T0Wd7BwvvOFDw12Z/IZALM6KNb4yLPjUE93n
Z8KZWVL+3BjD6mItSAfdBbSTwIzRDxsMVhSmQi2vjOv73//KBQJVatN9BKbu
-----END CERTIFICATE-----