Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/k_BjJi8McJb45Xrh8uNzbUPxtg0.roa
File:                     k_BjJi8McJb45Xrh8uNzbUPxtg0.roa (raw, json)
Hash identifier:          hY7DZbue/9wFev67AxBVZaBkK73JW5DwLQ/4iSJWg8M=
Subject key identifier:   93:F0:63:26:2F:0C:70:96:F8:E5:7A:E1:F2:E3:73:6D:43:F1:B6:0D
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018FC44C8EB4148E8C9BA247DBC71CE18CFD
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/k_BjJi8McJb45Xrh8uNzbUPxtg0.roa
Signing time:             Wed 29 May 2024 12:21:42 +0000
ROA not before:           Wed 29 May 2024 12:21:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6663
IP address blocks:        46.102.108.0/24 maxlen: 24
                          94.176.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c4:4c:8e:b4:14:8e:8c:9b:a2:47:db:c7:1c:e1:8c:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: May 29 12:21:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93f063262f0c7096f8e57ae1f2e3736d43f1b60d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:60:7c:24:15:9e:f6:56:02:9f:f4:17:61:16:
                    74:1c:45:bf:f7:3b:47:d7:c5:8b:f1:dc:e8:de:42:
                    f8:d4:fe:15:78:72:63:9e:d3:8c:e9:95:2a:cb:98:
                    df:72:80:d1:7b:7b:1f:6b:11:e7:95:c3:f4:a6:05:
                    07:67:6a:4b:62:93:49:28:ed:f8:ab:32:4c:3a:c0:
                    f9:bd:d8:e5:fc:b4:96:34:ec:e3:7a:b2:86:ff:fc:
                    09:d2:01:e4:d2:1c:58:3d:09:ec:5b:fb:3d:df:57:
                    9a:8d:a1:9f:91:1b:c6:59:02:8b:83:2b:40:a6:96:
                    61:3b:a2:c2:16:35:2a:6b:6d:50:d6:97:85:59:f3:
                    af:34:af:13:84:6a:b4:30:b7:f6:12:6c:d0:e0:c1:
                    df:7e:1c:70:c1:9c:98:05:5e:9a:73:ce:13:b7:9a:
                    f5:b9:7f:1d:e7:8d:92:15:b1:0d:aa:02:d9:94:8a:
                    6f:cd:a7:4e:ed:9e:fc:c1:4d:ba:04:59:32:cf:e6:
                    e7:06:5e:ab:36:56:fb:68:d7:13:90:6a:55:80:ef:
                    fe:59:f6:26:13:ba:d6:99:91:b5:d7:a2:2e:a9:0f:
                    a7:e3:3a:de:eb:a5:dc:34:76:d1:ab:89:5b:43:d9:
                    0f:05:a6:a1:b1:29:18:bb:0d:27:a1:05:25:02:4e:
                    5e:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:F0:63:26:2F:0C:70:96:F8:E5:7A:E1:F2:E3:73:6D:43:F1:B6:0D
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/k_BjJi8McJb45Xrh8uNzbUPxtg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.108.0/24
                  94.176.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:1c:ba:b1:a4:12:9f:31:34:e8:1b:33:19:51:60:aa:d2:54:
         7d:ab:00:c2:84:39:d9:79:62:43:50:cc:c2:d4:ab:41:7e:7d:
         2d:d4:35:42:30:8f:3b:b8:17:c2:cf:80:b2:f4:f5:0a:00:fc:
         81:c8:b5:ce:50:4b:98:07:72:6f:48:fa:f0:f5:81:bd:46:6e:
         b2:1d:54:d1:1f:de:32:a2:40:6d:fc:ab:27:ed:e8:7a:4a:5f:
         8c:18:b4:3a:85:f4:7e:55:d5:50:09:2c:4c:3c:ca:66:0c:ae:
         66:ae:9d:d1:e6:c7:09:45:52:09:23:60:64:6c:b6:c1:bf:14:
         cb:df:34:5f:94:cd:e0:a4:97:0c:a8:6d:de:08:cf:73:36:e5:
         75:a3:5e:c4:86:91:e5:45:7e:b5:cf:5c:4e:61:26:cd:80:5b:
         f7:00:bd:3f:0a:77:ef:e5:82:f5:70:7f:d3:f3:ec:41:aa:88:
         26:62:30:a5:fb:5a:5e:98:9b:60:b2:e6:6c:ab:d4:2d:2d:34:
         fa:05:06:40:fb:03:6e:ce:aa:0c:21:7c:16:20:c7:68:35:14:
         ce:68:77:06:0e:76:5a:db:57:cb:d9:a5:7c:80:eb:f3:f8:d5:
         08:7e:3a:f9:eb:28:ea:05:83:5d:08:bd:dd:e5:89:b6:2f:19:
         0e:02:a4:39
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY/ETI60FI6Mm6JH28cc4Yz9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwNTI5MTIyMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2YwNjMyNjJmMGM3MDk2ZjhlNTdhZTFmMmUzNzM2ZDQzZjFiNjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWB8JBWe9lYCn/QXYRZ0HEW/9ztH
18WL8dzo3kL41P4VeHJjntOM6ZUqy5jfcoDRe3sfaxHnlcP0pgUHZ2pLYpNJKO34
qzJMOsD5vdjl/LSWNOzjerKG//wJ0gHk0hxYPQnsW/s931eajaGfkRvGWQKLgytA
ppZhO6LCFjUqa21Q1peFWfOvNK8ThGq0MLf2EmzQ4MHffhxwwZyYBV6ac84Tt5r1
uX8d542SFbENqgLZlIpvzadO7Z78wU26BFkyz+bnBl6rNlb7aNcTkGpVgO/+WfYm
E7rWmZG116IuqQ+n4zre66XcNHbRq4lbQ9kPBaahsSkYuw0noQUlAk5eqwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJPwYyYvDHCW+OV64fLjc21D8bYNMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2tfQmpKaThNY0piNDVYcmg4dU56YlVQeHRnMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAuZmwD
BABesAUwDQYJKoZIhvcNAQELBQADggEBAFQcurGkEp8xNOgbMxlRYKrSVH2rAMKE
Odl5YkNQzMLUq0F+fS3UNUIwjzu4F8LPgLL09QoA/IHItc5QS5gHcm9I+vD1gb1G
brIdVNEf3jKiQG38qyft6HpKX4wYtDqF9H5V1VAJLEw8ymYMrmaundHmxwlFUgkj
YGRstsG/FMvfNF+UzeCklwyobd4Iz3M25XWjXsSGkeVFfrXPXE5hJs2AW/cAvT8K
d+/lgvVwf9Pz7EGqiCZiMKX7Wl6Ym2Cy5myr1C0tNPoFBkD7A27OqgwhfBYgx2g1
FM5odwYOdlrbV8vZpXyA6/P41Qh+OvnrKOoFg10Ivd3libYvGQ4CpDk=
-----END CERTIFICATE-----