Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/42d821-74af-4ced-94ea-027b58e6fdc5/1/BStF7DRNz77sEmctNxkc13_ZZeQ.roa
File:                     BStF7DRNz77sEmctNxkc13_ZZeQ.roa (raw, json)
Hash identifier:          mQojCIKoz2TGocorJSatalZSku7HR8UxVL+jcsMTm+o=
Subject key identifier:   05:2B:45:EC:34:4D:CF:BE:EC:12:67:2D:37:19:1C:D7:7F:D9:65:E4
Certificate issuer:       /CN=bef2158a0f2a42617a821a0b4fcc9c9a93f4246d
Certificate serial:       018CC34935B6E784CE4072A62722E0010D52
Authority key identifier: BE:F2:15:8A:0F:2A:42:61:7A:82:1A:0B:4F:CC:9C:9A:93:F4:24:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vvIVig8qQmF6ghoLT8ycmpP0JG0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/42d821-74af-4ced-94ea-027b58e6fdc5/1/BStF7DRNz77sEmctNxkc13_ZZeQ.roa
Signing time:             Mon 01 Jan 2024 04:30:04 +0000
ROA not before:           Mon 01 Jan 2024 04:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49283
IP address blocks:        46.182.160.0/21 maxlen: 21
                          185.68.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/42d821-74af-4ced-94ea-027b58e6fdc5/1/vvIVig8qQmF6ghoLT8ycmpP0JG0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/42d821-74af-4ced-94ea-027b58e6fdc5/1/vvIVig8qQmF6ghoLT8ycmpP0JG0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vvIVig8qQmF6ghoLT8ycmpP0JG0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 13:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:35:b6:e7:84:ce:40:72:a6:27:22:e0:01:0d:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bef2158a0f2a42617a821a0b4fcc9c9a93f4246d
        Validity
            Not Before: Jan  1 04:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=052b45ec344dcfbeec12672d37191cd77fd965e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:98:b5:3d:44:c0:bf:2d:f5:d4:f5:e9:4b:81:
                    a0:5f:42:5f:ad:b4:7f:72:32:ef:be:e1:fe:06:97:
                    82:42:29:a3:44:ee:2c:41:1a:8f:0e:18:07:27:85:
                    14:23:92:d7:74:96:68:17:c0:70:96:1f:49:96:fb:
                    88:10:15:eb:f2:25:03:dd:bb:aa:a4:46:8d:c4:18:
                    bb:28:10:c2:0e:38:0b:a1:47:75:17:e3:16:06:56:
                    2a:a4:2c:f7:a5:ce:67:af:c2:8d:1d:84:c4:6c:ca:
                    99:e7:08:8c:89:3f:63:74:c5:53:89:f0:93:60:9a:
                    34:31:7f:12:28:52:23:75:30:d7:7b:d2:dd:77:9b:
                    70:71:9a:76:4e:09:8a:8d:68:11:87:af:90:33:09:
                    03:1c:1b:76:86:65:21:98:4e:eb:7c:22:c5:ec:1b:
                    8b:7f:f7:25:a8:e7:23:bc:c3:0a:e9:08:1e:ad:1d:
                    3a:9a:00:07:2d:36:8e:9d:a4:66:26:8f:5a:8c:f3:
                    64:85:9d:f8:6e:f2:b9:00:59:67:89:5f:8d:d6:18:
                    e0:bc:66:fe:27:fa:45:e7:c4:a5:3e:a8:53:c1:7b:
                    12:8f:43:78:09:b0:2c:3b:04:36:fb:41:42:68:cf:
                    8b:6c:0d:b3:5b:61:33:32:87:c1:ae:fd:99:79:d1:
                    9d:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:2B:45:EC:34:4D:CF:BE:EC:12:67:2D:37:19:1C:D7:7F:D9:65:E4
            X509v3 Authority Key Identifier:
                keyid:BE:F2:15:8A:0F:2A:42:61:7A:82:1A:0B:4F:CC:9C:9A:93:F4:24:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vvIVig8qQmF6ghoLT8ycmpP0JG0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/42d821-74af-4ced-94ea-027b58e6fdc5/1/BStF7DRNz77sEmctNxkc13_ZZeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/42d821-74af-4ced-94ea-027b58e6fdc5/1/vvIVig8qQmF6ghoLT8ycmpP0JG0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.182.160.0/21
                  185.68.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:f0:30:e6:10:10:f5:ae:ab:78:43:e1:08:a8:5a:d2:04:eb:
         39:12:dd:0f:e7:76:32:e7:a6:9f:7f:c2:6b:91:18:67:05:96:
         bb:cb:fb:e9:2e:5c:f3:6e:96:e6:36:97:18:a0:f1:c3:07:ee:
         5d:25:80:19:87:2e:a6:ed:ee:5c:76:db:3b:89:0c:32:7a:ef:
         6d:e1:ad:85:3c:8c:2b:72:7d:0b:35:84:09:fa:16:50:49:63:
         58:b7:5d:ce:de:a8:8f:8a:0e:6d:d5:d8:12:be:51:76:ab:b2:
         fc:de:44:d8:64:a4:5e:38:fb:03:0a:cb:d6:ac:34:7d:62:07:
         41:e5:77:a0:72:65:07:29:a9:8b:ff:92:42:a8:fa:c2:f6:fe:
         68:a4:98:94:cd:da:3b:72:0c:9a:e3:3f:eb:0d:51:52:63:a9:
         77:08:f7:3e:d0:61:ed:14:b7:2d:91:24:f0:1a:41:2e:9d:45:
         48:1c:43:1a:81:fc:0c:20:e7:d7:0d:ba:4e:28:e6:47:bb:45:
         f8:62:28:48:0b:df:ab:6e:46:71:76:30:c1:0b:3b:f0:9c:b1:
         d0:2a:8d:09:3a:c7:58:cb:39:0c:07:6f:6b:7d:2d:ea:2b:df:
         d0:8d:21:da:21:e4:c7:eb:39:22:83:92:25:28:68:f6:85:2e:
         09:2f:5f:d7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSTW254TOQHKmJyLgAQ1SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlZjIxNThhMGYyYTQyNjE3YTgyMWEwYjRmY2M5YzlhOTNm
NDI0NmQwHhcNMjQwMTAxMDQzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTJiNDVlYzM0NGRjZmJlZWMxMjY3MmQzNzE5MWNkNzdmZDk2NWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5i1PUTAvy311PXpS4GgX0JfrbR/
cjLvvuH+BpeCQimjRO4sQRqPDhgHJ4UUI5LXdJZoF8Bwlh9JlvuIEBXr8iUD3buq
pEaNxBi7KBDCDjgLoUd1F+MWBlYqpCz3pc5nr8KNHYTEbMqZ5wiMiT9jdMVTifCT
YJo0MX8SKFIjdTDXe9Ldd5twcZp2TgmKjWgRh6+QMwkDHBt2hmUhmE7rfCLF7BuL
f/clqOcjvMMK6QgerR06mgAHLTaOnaRmJo9ajPNkhZ34bvK5AFlniV+N1hjgvGb+
J/pF58SlPqhTwXsSj0N4CbAsOwQ2+0FCaM+LbA2zW2EzMofBrv2ZedGd5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAUrRew0Tc++7BJnLTcZHNd/2WXkMB8GA1UdIwQY
MBaAFL7yFYoPKkJheoIaC0/MnJqT9CRtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnZJVmlnOHFRbUY2Z2hvTFQ4eWNtcFAwSkcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS80MmQ4MjEtNzRhZi00Y2VkLTk0ZWEt
MDI3YjU4ZTZmZGM1LzEvQlN0RjdEUk56NzdzRW1jdE54a2MxM19aWmVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS80MmQ4MjEtNzRhZi00Y2VkLTk0ZWEtMDI3YjU4ZTZmZGM1
LzEvdnZJVmlnOHFRbUY2Z2hvTFQ4eWNtcFAwSkcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLragAwQA
uUQ4MA0GCSqGSIb3DQEBCwUAA4IBAQCD8DDmEBD1rqt4Q+EIqFrSBOs5Et0P53Yy
56aff8JrkRhnBZa7y/vpLlzzbpbmNpcYoPHDB+5dJYAZhy6m7e5cdts7iQwyeu9t
4a2FPIwrcn0LNYQJ+hZQSWNYt13O3qiPig5t1dgSvlF2q7L83kTYZKReOPsDCsvW
rDR9YgdB5XegcmUHKamL/5JCqPrC9v5opJiUzdo7cgya4z/rDVFSY6l3CPc+0GHt
FLctkSTwGkEunUVIHEMagfwMIOfXDbpOKOZHu0X4YihIC9+rbkZxdjDBCzvwnLHQ
Ko0JOsdYyzkMB29rfS3qK9/QjSHaIeTH6zkig5IlKGj2hS4JL1/X
-----END CERTIFICATE-----