Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/1f63db-c963-44bc-a039-8aaa6a90ff95/1/bGmJuHKC9r9iVbyoDDsXdRaZNn4.roa
File:                     bGmJuHKC9r9iVbyoDDsXdRaZNn4.roa (raw, json)
Hash identifier:          cFv1Kx/hvA8sFFYnUpS91+Kz1exkjjuW0Zq9NwB3OSk=
Subject key identifier:   6C:69:89:B8:72:82:F6:BF:62:55:BC:A8:0C:3B:17:75:16:99:36:7E
Certificate issuer:       /CN=7d3045fc491d39f52e7145b1000b3b86c37ded45
Certificate serial:       01942445901C88B3365D7CCC09A5292E6C1C
Authority key identifier: 7D:30:45:FC:49:1D:39:F5:2E:71:45:B1:00:0B:3B:86:C3:7D:ED:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fTBF_EkdOfUucUWxAAs7hsN97UU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/1f63db-c963-44bc-a039-8aaa6a90ff95/1/bGmJuHKC9r9iVbyoDDsXdRaZNn4.roa
Signing time:             Wed 01 Jan 2025 23:48:46 +0000
ROA not before:           Wed 01 Jan 2025 23:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        91.236.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/1f63db-c963-44bc-a039-8aaa6a90ff95/1/fTBF_EkdOfUucUWxAAs7hsN97UU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/1f63db-c963-44bc-a039-8aaa6a90ff95/1/fTBF_EkdOfUucUWxAAs7hsN97UU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fTBF_EkdOfUucUWxAAs7hsN97UU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:90:1c:88:b3:36:5d:7c:cc:09:a5:29:2e:6c:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d3045fc491d39f52e7145b1000b3b86c37ded45
        Validity
            Not Before: Jan  1 23:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c6989b87282f6bf6255bca80c3b17751699367e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f3:8a:b3:a0:9b:12:d9:2a:c4:03:43:e0:ef:
                    00:33:d3:d6:bc:5f:11:f6:59:77:97:d8:b5:13:f4:
                    04:b9:2b:0b:2f:2e:70:90:4a:44:59:b0:ae:2f:f1:
                    41:23:b4:4c:92:6c:20:8b:9a:c4:14:63:06:61:ef:
                    97:60:aa:3b:0c:fd:e0:f2:65:48:18:5d:67:73:d8:
                    5e:f5:4b:13:fa:80:4f:8f:bb:cc:a3:36:fc:dd:db:
                    47:00:5b:c4:32:c3:1b:24:8d:f4:5f:d3:a6:87:9f:
                    ea:c0:0d:82:00:ec:52:64:9f:fb:22:9d:64:87:80:
                    87:c1:19:e0:79:2f:1e:db:36:24:49:0e:fa:3d:3f:
                    cd:26:91:d9:51:9c:f5:3b:c8:01:48:c4:da:d9:de:
                    8b:8c:10:f8:37:81:18:72:7e:25:fc:fc:f5:b0:9e:
                    7b:b5:c4:5f:7a:37:89:15:d0:02:ce:7f:b2:a3:f8:
                    d6:55:5c:56:5d:14:57:54:03:f4:c1:fb:e4:76:13:
                    60:1b:b1:bd:77:e4:06:37:17:ed:7c:2f:56:02:d5:
                    4e:39:45:41:52:67:9b:1b:1d:de:24:f8:7a:df:8b:
                    33:9e:91:4d:b0:38:c8:8c:f3:8f:59:43:7d:ab:07:
                    60:c6:d5:62:52:d6:4a:97:28:f6:3c:35:2d:0b:7d:
                    30:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:69:89:B8:72:82:F6:BF:62:55:BC:A8:0C:3B:17:75:16:99:36:7E
            X509v3 Authority Key Identifier:
                keyid:7D:30:45:FC:49:1D:39:F5:2E:71:45:B1:00:0B:3B:86:C3:7D:ED:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fTBF_EkdOfUucUWxAAs7hsN97UU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1f63db-c963-44bc-a039-8aaa6a90ff95/1/bGmJuHKC9r9iVbyoDDsXdRaZNn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1f63db-c963-44bc-a039-8aaa6a90ff95/1/fTBF_EkdOfUucUWxAAs7hsN97UU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:56:89:5f:e1:84:1b:b7:d6:1a:a0:94:a3:b1:e3:20:6e:a3:
         fb:14:86:1c:5c:70:c7:fb:18:58:6d:bd:bc:a7:0e:f4:15:c8:
         8c:c4:c7:39:55:b5:d8:ce:12:8d:71:06:6e:ec:7a:bd:1d:0e:
         c4:50:4b:f1:29:66:d6:e7:fe:2b:09:fa:d5:27:5d:1b:51:51:
         9a:24:d7:b5:81:76:ff:21:65:30:0e:6e:72:c5:2a:04:f8:86:
         a9:ff:f8:92:e8:32:16:eb:a7:7d:59:40:22:3b:c6:a0:74:6e:
         91:e0:49:6c:97:a3:de:f2:cc:ef:59:4b:be:4d:76:84:b7:d2:
         b1:9d:cc:61:ed:02:a6:22:9e:9c:79:60:4b:66:c9:08:20:52:
         f1:35:20:4c:7c:b2:08:d2:64:6a:10:22:e6:50:17:7c:be:4e:
         8b:94:cf:2a:61:14:ea:75:26:50:d2:86:ff:ca:f9:03:b9:f7:
         3a:37:dd:40:af:b1:be:7b:d5:ec:4f:ba:25:68:e2:ba:14:e4:
         40:a3:3e:50:cb:d7:40:49:21:9e:d3:ff:b5:f2:f6:44:98:68:
         02:23:bf:4c:0b:13:74:9d:d9:f4:a1:76:4e:3e:ba:0f:9f:6d:
         03:3f:32:30:6d:af:eb:d5:37:ec:0d:c3:d7:1a:77:4e:69:a2:
         d2:e6:7f:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRZAciLM2XXzMCaUpLmwcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMzA0NWZjNDkxZDM5ZjUyZTcxNDViMTAwMGIzYjg2YzM3
ZGVkNDUwHhcNMjUwMTAxMjM0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzY5ODliODcyODJmNmJmNjI1NWJjYTgwYzNiMTc3NTE2OTkzNjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPOKs6CbEtkqxAND4O8AM9PWvF8R
9ll3l9i1E/QEuSsLLy5wkEpEWbCuL/FBI7RMkmwgi5rEFGMGYe+XYKo7DP3g8mVI
GF1nc9he9UsT+oBPj7vMozb83dtHAFvEMsMbJI30X9Omh5/qwA2CAOxSZJ/7Ip1k
h4CHwRngeS8e2zYkSQ76PT/NJpHZUZz1O8gBSMTa2d6LjBD4N4EYcn4l/Pz1sJ57
tcRfejeJFdACzn+yo/jWVVxWXRRXVAP0wfvkdhNgG7G9d+QGNxftfC9WAtVOOUVB
UmebGx3eJPh634sznpFNsDjIjPOPWUN9qwdgxtViUtZKlyj2PDUtC30wuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGxpibhygva/YlW8qAw7F3UWmTZ+MB8GA1UdIwQY
MBaAFH0wRfxJHTn1LnFFsQALO4bDfe1FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlRCRl9Fa2RPZlV1Y1VXeEFBczdoc045N1VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xZjYzZGItYzk2My00NGJjLWEwMzkt
OGFhYTZhOTBmZjk1LzEvYkdtSnVIS0M5cjlpVmJ5b0REc1hkUmFaTm40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xZjYzZGItYzk2My00NGJjLWEwMzktOGFhYTZhOTBmZjk1
LzEvZlRCRl9Fa2RPZlV1Y1VXeEFBczdoc045N1VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+wSMA0G
CSqGSIb3DQEBCwUAA4IBAQAtVolf4YQbt9YaoJSjseMgbqP7FIYcXHDH+xhYbb28
pw70FciMxMc5VbXYzhKNcQZu7Hq9HQ7EUEvxKWbW5/4rCfrVJ10bUVGaJNe1gXb/
IWUwDm5yxSoE+Iap//iS6DIW66d9WUAiO8agdG6R4Elsl6Pe8szvWUu+TXaEt9Kx
ncxh7QKmIp6ceWBLZskIIFLxNSBMfLII0mRqECLmUBd8vk6LlM8qYRTqdSZQ0ob/
yvkDufc6N91Ar7G+e9XsT7olaOK6FORAoz5Qy9dASSGe0/+18vZEmGgCI79MCxN0
ndn0oXZOProPn20DPzIwba/r1TfsDcPXGndOaaLS5n+G
-----END CERTIFICATE-----