Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/57548d-7096-45b0-8be8-00b7bf32ecf8/1/bsTFLCkDN5mVU4BnAWtbUYBPNOA.roa
File:                     bsTFLCkDN5mVU4BnAWtbUYBPNOA.roa (raw, json)
Hash identifier:          /O2x4GmNC+CkJV8DcYJtu9rh1U0XoeinqXCvAEMhjGQ=
Subject key identifier:   6E:C4:C5:2C:29:03:37:99:95:53:80:67:01:6B:5B:51:80:4F:34:E0
Certificate issuer:       /CN=ea9ff91c6b1c7a8ed02842b25c9b0d0638a90424
Certificate serial:       018CCE99DA2BC3B0380F907B4C1C4B97A19B
Authority key identifier: EA:9F:F9:1C:6B:1C:7A:8E:D0:28:42:B2:5C:9B:0D:06:38:A9:04:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6p_5HGsceo7QKEKyXJsNBjipBCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/57548d-7096-45b0-8be8-00b7bf32ecf8/1/bsTFLCkDN5mVU4BnAWtbUYBPNOA.roa
Signing time:             Wed 03 Jan 2024 09:13:58 +0000
ROA not before:           Wed 03 Jan 2024 09:13:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44934
IP address blocks:        83.138.62.0/24 maxlen: 24
                          2a05:5a42::/32 maxlen: 32
                          2a05:5a41::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/57548d-7096-45b0-8be8-00b7bf32ecf8/1/6p_5HGsceo7QKEKyXJsNBjipBCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/57548d-7096-45b0-8be8-00b7bf32ecf8/1/6p_5HGsceo7QKEKyXJsNBjipBCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6p_5HGsceo7QKEKyXJsNBjipBCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 18:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ce:99:da:2b:c3:b0:38:0f:90:7b:4c:1c:4b:97:a1:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea9ff91c6b1c7a8ed02842b25c9b0d0638a90424
        Validity
            Not Before: Jan  3 09:13:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ec4c52c2903379995538067016b5b51804f34e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:7b:74:44:9f:f2:1b:1c:3f:2a:83:f0:91:37:
                    d1:43:ec:36:e1:21:a7:93:14:04:0a:98:25:de:d2:
                    27:02:94:f1:02:1a:f7:83:b3:ed:3a:1a:2d:c4:c9:
                    54:c7:8c:10:c7:65:7c:c4:ce:fe:2e:3e:e4:ed:fa:
                    59:13:bd:cd:c1:68:d0:5e:70:7a:65:88:24:7a:9d:
                    67:2b:4f:05:83:2b:f8:1e:a3:b2:65:08:d1:d2:ee:
                    05:17:2e:61:e4:5a:82:20:26:e1:9a:dd:1c:85:3b:
                    8c:6a:61:b2:00:c2:05:40:ad:d9:c4:25:a7:29:a5:
                    c3:59:96:f5:6b:f8:a6:ec:13:6c:d0:17:e4:a9:e6:
                    20:b6:68:9d:3a:1c:26:62:cd:c9:ba:1e:dc:67:fb:
                    f9:bd:91:17:10:f9:20:93:05:58:3d:aa:f6:c4:53:
                    e9:19:91:50:d1:0d:31:dd:b9:b1:ea:a8:32:d9:65:
                    0c:ea:d1:26:76:f3:04:ca:c0:9a:5f:ad:07:85:44:
                    4c:cb:53:16:8f:e8:8a:89:22:9b:c3:f7:d2:65:fe:
                    a5:13:b5:da:f4:a1:01:cd:dc:5c:4d:40:fb:40:81:
                    82:cd:bc:c5:eb:ba:25:36:2a:b7:6a:f4:0b:b2:5b:
                    fb:67:aa:80:7e:14:dc:33:66:71:77:df:81:78:3a:
                    ed:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:C4:C5:2C:29:03:37:99:95:53:80:67:01:6B:5B:51:80:4F:34:E0
            X509v3 Authority Key Identifier:
                keyid:EA:9F:F9:1C:6B:1C:7A:8E:D0:28:42:B2:5C:9B:0D:06:38:A9:04:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6p_5HGsceo7QKEKyXJsNBjipBCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/57548d-7096-45b0-8be8-00b7bf32ecf8/1/bsTFLCkDN5mVU4BnAWtbUYBPNOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/57548d-7096-45b0-8be8-00b7bf32ecf8/1/6p_5HGsceo7QKEKyXJsNBjipBCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.138.62.0/24
                IPv6:
                  2a05:5a41::-2a05:5a42:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         76:db:54:28:e6:e4:57:1c:9b:a1:8c:db:f6:99:27:17:02:ac:
         3c:6e:6b:02:fe:d9:66:98:50:21:2d:df:12:dc:d1:49:9f:7b:
         6a:a5:9e:a3:65:30:c9:a1:52:e8:23:e7:89:48:49:78:1f:31:
         f7:a2:83:55:79:15:81:fc:6c:10:f8:36:0a:de:c9:9f:c7:f5:
         d6:72:57:0c:f4:35:8b:7f:fb:b5:ae:e0:02:65:75:24:05:bc:
         65:46:ee:4c:ae:b3:fb:57:87:f5:ba:8e:aa:e3:f5:94:33:b6:
         be:21:0b:cf:d1:1d:12:97:8e:53:75:e4:93:47:ec:74:9a:17:
         91:0d:79:f1:fc:3c:cb:15:44:ed:7c:47:fd:eb:00:f0:a2:2a:
         1a:3e:0b:55:d8:94:91:15:dc:68:28:b7:66:60:6a:85:c2:85:
         91:3b:7a:e3:b1:61:f3:4b:61:d5:aa:b6:ff:9d:d4:3e:6b:ee:
         1f:32:ab:28:29:05:99:6b:f8:b5:ea:04:ac:ad:09:13:e0:5a:
         50:1f:ef:15:df:62:48:de:10:be:4b:67:7e:98:2d:44:40:dc:
         1b:60:ce:1a:f0:b0:6b:76:16:99:98:52:63:5f:05:f3:26:f0:
         97:96:00:a8:60:4c:30:f6:77:c7:b5:72:f5:44:7e:8e:88:b0:
         4e:a2:38:b3
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzOmdorw7A4D5B7TBxLl6GbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhOWZmOTFjNmIxYzdhOGVkMDI4NDJiMjVjOWIwZDA2Mzhh
OTA0MjQwHhcNMjQwMTAzMDkxMzU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWM0YzUyYzI5MDMzNzk5OTU1MzgwNjcwMTZiNWI1MTgwNGYzNGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynt0RJ/yGxw/KoPwkTfRQ+w24SGn
kxQECpgl3tInApTxAhr3g7PtOhotxMlUx4wQx2V8xM7+Lj7k7fpZE73NwWjQXnB6
ZYgkep1nK08Fgyv4HqOyZQjR0u4FFy5h5FqCICbhmt0chTuMamGyAMIFQK3ZxCWn
KaXDWZb1a/im7BNs0BfkqeYgtmidOhwmYs3Juh7cZ/v5vZEXEPkgkwVYPar2xFPp
GZFQ0Q0x3bmx6qgy2WUM6tEmdvMEysCaX60HhURMy1MWj+iKiSKbw/fSZf6lE7Xa
9KEBzdxcTUD7QIGCzbzF67olNiq3avQLslv7Z6qAfhTcM2Zxd9+BeDrt4wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFG7ExSwpAzeZlVOAZwFrW1GATzTgMB8GA1UdIwQY
MBaAFOqf+RxrHHqO0ChCslybDQY4qQQkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnBfNUhHc2NlbzdRS0VLeVhKc05CamlwQkNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi81NzU0OGQtNzA5Ni00NWIwLThiZTgt
MDBiN2JmMzJlY2Y4LzEvYnNURkxDa0RONW1WVTRCbkFXdGJVWUJQTk9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi81NzU0OGQtNzA5Ni00NWIwLThiZTgtMDBiN2JmMzJlY2Y4
LzEvNnBfNUhHc2NlbzdRS0VLeVhKc05CamlwQkNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQAU4o+MBYE
AgACMBAwDgMFACoFWkEDBQAqBVpCMA0GCSqGSIb3DQEBCwUAA4IBAQB221Qo5uRX
HJuhjNv2mScXAqw8bmsC/tlmmFAhLd8S3NFJn3tqpZ6jZTDJoVLoI+eJSEl4HzH3
ooNVeRWB/GwQ+DYK3smfx/XWclcM9DWLf/u1ruACZXUkBbxlRu5MrrP7V4f1uo6q
4/WUM7a+IQvP0R0Sl45TdeSTR+x0mheRDXnx/DzLFUTtfEf96wDwoioaPgtV2JSR
FdxoKLdmYGqFwoWRO3rjsWHzS2HVqrb/ndQ+a+4fMqsoKQWZa/i16gSsrQkT4FpQ
H+8V32JI3hC+S2d+mC1EQNwbYM4a8LBrdhaZmFJjXwXzJvCXlgCoYEww9nfHtXL1
RH6OiLBOojiz
-----END CERTIFICATE-----