Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/1aafa0-0278-4dd6-8807-5726c2b5148d/1/_BLY-YxerobnA_qrMI2Q9jlTkoU.roa
File:                     _BLY-YxerobnA_qrMI2Q9jlTkoU.roa (raw, json)
Hash identifier:          c/Ln/nX8PmO956Bi25NyI9WSEaYWYUb/Z6rAZ+1zhzY=
Subject key identifier:   FC:12:D8:F9:8C:5E:AE:86:E7:03:FA:AB:30:8D:90:F6:39:53:92:85
Certificate issuer:       /CN=da296bd0031d6dada6c73073608f3d11e445ce44
Certificate serial:       0190128B6A83A5F019F175DD199B32E7BAFD
Authority key identifier: DA:29:6B:D0:03:1D:6D:AD:A6:C7:30:73:60:8F:3D:11:E4:45:CE:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ilr0AMdba2mxzBzYI89EeRFzkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/1aafa0-0278-4dd6-8807-5726c2b5148d/1/_BLY-YxerobnA_qrMI2Q9jlTkoU.roa
Signing time:             Thu 13 Jun 2024 17:00:45 +0000
ROA not before:           Thu 13 Jun 2024 17:00:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57536
IP address blocks:        91.232.190.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/1aafa0-0278-4dd6-8807-5726c2b5148d/1/2ilr0AMdba2mxzBzYI89EeRFzkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/1aafa0-0278-4dd6-8807-5726c2b5148d/1/2ilr0AMdba2mxzBzYI89EeRFzkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ilr0AMdba2mxzBzYI89EeRFzkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:12:8b:6a:83:a5:f0:19:f1:75:dd:19:9b:32:e7:ba:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da296bd0031d6dada6c73073608f3d11e445ce44
        Validity
            Not Before: Jun 13 17:00:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc12d8f98c5eae86e703faab308d90f639539285
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:df:d9:e1:3a:58:36:59:55:86:c9:88:6a:8a:
                    fc:d2:36:9c:0f:8a:5e:0e:b3:b9:ac:d4:37:7e:84:
                    66:0b:93:14:f7:9e:35:a0:dc:99:b5:72:bd:94:a6:
                    53:80:40:38:0b:88:ca:90:0b:88:ab:d6:67:86:a1:
                    0f:a1:b7:a1:c1:ed:c6:82:5c:30:c5:cf:ad:a7:ee:
                    42:47:a1:4c:37:94:61:4e:38:54:0a:ea:6d:30:1b:
                    a3:ef:3d:80:1b:9c:3f:fb:38:52:28:1c:e4:3b:7a:
                    a8:51:db:d7:1e:c0:4b:f0:30:41:99:60:b2:22:f0:
                    0b:0f:3d:a6:ab:be:02:4e:93:16:d7:07:43:d1:9e:
                    2c:25:0f:ef:b3:3e:59:e3:33:d8:de:01:75:ae:23:
                    dd:2e:d0:f1:30:39:01:26:2a:83:fc:2a:d7:aa:81:
                    26:e8:a7:84:44:79:c4:5c:22:25:39:70:b4:aa:df:
                    51:d1:46:7e:a6:8b:20:80:bd:af:d3:b4:ef:94:7c:
                    b0:cf:16:3f:56:02:74:9e:da:9a:53:d0:8f:d4:60:
                    5f:10:08:71:52:4b:3b:01:b5:a4:17:79:1d:21:c0:
                    0c:72:18:36:0f:0e:0a:3c:c1:1c:a8:bb:7d:fc:2d:
                    c4:4e:da:02:72:ee:7e:d2:81:e2:ba:eb:e7:62:48:
                    ef:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:12:D8:F9:8C:5E:AE:86:E7:03:FA:AB:30:8D:90:F6:39:53:92:85
            X509v3 Authority Key Identifier:
                keyid:DA:29:6B:D0:03:1D:6D:AD:A6:C7:30:73:60:8F:3D:11:E4:45:CE:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ilr0AMdba2mxzBzYI89EeRFzkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/1aafa0-0278-4dd6-8807-5726c2b5148d/1/_BLY-YxerobnA_qrMI2Q9jlTkoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/1aafa0-0278-4dd6-8807-5726c2b5148d/1/2ilr0AMdba2mxzBzYI89EeRFzkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:2d:a4:99:e8:cc:93:e1:cd:48:87:32:44:04:9d:89:e2:a3:
         a2:74:bc:ae:64:48:0d:28:af:c7:d4:32:b0:72:cf:f3:27:57:
         3c:6a:eb:5f:6f:e9:da:d2:b9:d5:89:e3:44:9d:8b:88:c8:5c:
         23:dc:19:aa:b6:09:7e:5d:04:a9:32:e2:86:02:9e:73:65:87:
         d8:c8:91:8e:07:4f:09:17:9d:8b:a2:05:05:63:df:db:bf:6b:
         b9:e1:60:0f:6f:66:bc:79:a8:00:b2:ec:72:39:f5:c7:cc:d1:
         e6:30:c4:e9:99:f3:a3:d3:09:bd:35:05:38:b9:24:ea:5d:9e:
         2c:60:dd:d2:6d:5a:4e:4d:b8:2d:da:9e:38:27:f9:f8:08:d1:
         32:db:be:af:38:d7:ed:1c:04:52:8b:de:a9:6a:e2:39:c6:87:
         b4:a7:a6:30:0d:ff:80:2b:83:74:ea:07:db:71:7d:d2:15:84:
         ef:44:f9:a7:3b:0d:f0:41:41:ef:de:60:00:8e:7e:16:f7:4c:
         2a:73:a2:23:ca:b1:09:e3:42:49:28:5e:a7:4d:e4:18:48:8c:
         44:22:92:47:c9:4b:a5:51:74:3a:b9:92:62:38:2a:d3:f8:41:
         8c:0e:4c:34:0a:b1:0c:d1:0d:31:8b:7c:4d:e9:57:50:19:2c:
         1c:43:2e:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZASi2qDpfAZ8XXdGZsy57r9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMjk2YmQwMDMxZDZkYWRhNmM3MzA3MzYwOGYzZDExZTQ0
NWNlNDQwHhcNMjQwNjEzMTcwMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzEyZDhmOThjNWVhZTg2ZTcwM2ZhYWIzMDhkOTBmNjM5NTM5Mjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvt/Z4TpYNllVhsmIaor80jacD4pe
DrO5rNQ3foRmC5MU9541oNyZtXK9lKZTgEA4C4jKkAuIq9ZnhqEPobehwe3Gglww
xc+tp+5CR6FMN5RhTjhUCuptMBuj7z2AG5w/+zhSKBzkO3qoUdvXHsBL8DBBmWCy
IvALDz2mq74CTpMW1wdD0Z4sJQ/vsz5Z4zPY3gF1riPdLtDxMDkBJiqD/CrXqoEm
6KeERHnEXCIlOXC0qt9R0UZ+posggL2v07TvlHywzxY/VgJ0ntqaU9CP1GBfEAhx
Uks7AbWkF3kdIcAMchg2Dw4KPMEcqLt9/C3ETtoCcu5+0oHiuuvnYkjvpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwS2PmMXq6G5wP6qzCNkPY5U5KFMB8GA1UdIwQY
MBaAFNopa9ADHW2tpscwc2CPPRHkRc5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmlscjBBTWRiYTJteHpCellJODlFZVJGemtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8xYWFmYTAtMDI3OC00ZGQ2LTg4MDct
NTcyNmMyYjUxNDhkLzEvX0JMWS1ZeGVyb2JuQV9xck1JMlE5amxUa29VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8xYWFmYTAtMDI3OC00ZGQ2LTg4MDctNTcyNmMyYjUxNDhk
LzEvMmlscjBBTWRiYTJteHpCellJODlFZVJGemtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+i+MA0G
CSqGSIb3DQEBCwUAA4IBAQAuLaSZ6MyT4c1IhzJEBJ2J4qOidLyuZEgNKK/H1DKw
cs/zJ1c8autfb+na0rnVieNEnYuIyFwj3Bmqtgl+XQSpMuKGAp5zZYfYyJGOB08J
F52LogUFY9/bv2u54WAPb2a8eagAsuxyOfXHzNHmMMTpmfOj0wm9NQU4uSTqXZ4s
YN3SbVpOTbgt2p44J/n4CNEy276vONftHARSi96pauI5xoe0p6YwDf+AK4N06gfb
cX3SFYTvRPmnOw3wQUHv3mAAjn4W90wqc6IjyrEJ40JJKF6nTeQYSIxEIpJHyUul
UXQ6uZJiOCrT+EGMDkw0CrEM0Q0xi3xN6VdQGSwcQy7I
-----END CERTIFICATE-----