Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/1c13d9-81d5-4cdb-a2e1-a5abb20d2462/1/BA5XRS-VBm8RVVbSCJW6HST0wD0.roa
File:                     BA5XRS-VBm8RVVbSCJW6HST0wD0.roa (raw, json)
Hash identifier:          b9K7NP8BwX8VNftSD4zDv00erFxrleUYzaeFhztZOO8=
Subject key identifier:   04:0E:57:45:2F:95:06:6F:11:55:56:D2:08:95:BA:1D:24:F4:C0:3D
Certificate issuer:       /CN=b1940f000996ebfd2dab71c469cc51ee881b3f5e
Certificate serial:       01942444F5A0A7A3EF1F8B1F288F1E780836
Authority key identifier: B1:94:0F:00:09:96:EB:FD:2D:AB:71:C4:69:CC:51:EE:88:1B:3F:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sZQPAAmW6_0tq3HEacxR7ogbP14.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/1c13d9-81d5-4cdb-a2e1-a5abb20d2462/1/BA5XRS-VBm8RVVbSCJW6HST0wD0.roa
Signing time:             Wed 01 Jan 2025 23:48:06 +0000
ROA not before:           Wed 01 Jan 2025 23:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        194.42.96.0/23 maxlen: 24
                          194.42.104.0/23 maxlen: 24
                          2a0f:340::/29 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/1c13d9-81d5-4cdb-a2e1-a5abb20d2462/1/sZQPAAmW6_0tq3HEacxR7ogbP14.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/1c13d9-81d5-4cdb-a2e1-a5abb20d2462/1/sZQPAAmW6_0tq3HEacxR7ogbP14.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sZQPAAmW6_0tq3HEacxR7ogbP14.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:f5:a0:a7:a3:ef:1f:8b:1f:28:8f:1e:78:08:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1940f000996ebfd2dab71c469cc51ee881b3f5e
        Validity
            Not Before: Jan  1 23:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=040e57452f95066f115556d20895ba1d24f4c03d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f0:c7:5f:d3:39:eb:ea:f9:c1:7c:c1:7b:f1:
                    0d:15:b7:df:17:f8:5b:66:18:d9:9a:ab:7d:b2:47:
                    73:75:b0:be:20:33:d1:86:68:0f:a5:65:35:8a:a2:
                    6f:f0:4b:48:8d:43:cc:85:3b:95:48:e8:53:5f:82:
                    d3:5b:99:b4:94:da:b7:93:b2:96:b1:62:be:cb:a5:
                    62:b2:26:3f:6d:06:fb:90:ad:22:7c:c9:5c:c6:62:
                    9d:29:c2:06:cf:08:15:5e:71:08:bc:bc:9c:b9:6b:
                    12:d1:a8:38:5e:50:53:bb:86:70:0f:31:bb:06:1f:
                    7a:4c:2f:5c:c6:31:a3:62:63:09:df:8b:a2:84:a9:
                    4a:97:87:40:20:28:2f:43:80:80:97:f6:8f:ff:33:
                    8d:f2:59:8c:b3:65:1a:bc:6f:3d:10:a3:7a:77:67:
                    c4:0c:f3:5e:e6:82:63:b8:cc:74:86:67:f3:f1:71:
                    3b:88:35:da:78:49:75:d7:7f:88:8d:e2:f3:af:2f:
                    9d:a4:ef:33:2b:bc:03:b7:70:c4:12:b1:a6:42:a3:
                    0e:6a:3f:7f:6b:ef:c0:9b:68:7e:b7:c3:fb:32:f7:
                    aa:c7:05:21:62:a7:08:fd:37:62:d1:73:ad:12:a4:
                    37:05:95:f4:d9:40:7a:37:a8:50:f9:0c:5c:aa:33:
                    2f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:0E:57:45:2F:95:06:6F:11:55:56:D2:08:95:BA:1D:24:F4:C0:3D
            X509v3 Authority Key Identifier:
                keyid:B1:94:0F:00:09:96:EB:FD:2D:AB:71:C4:69:CC:51:EE:88:1B:3F:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sZQPAAmW6_0tq3HEacxR7ogbP14.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/1c13d9-81d5-4cdb-a2e1-a5abb20d2462/1/BA5XRS-VBm8RVVbSCJW6HST0wD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/1c13d9-81d5-4cdb-a2e1-a5abb20d2462/1/sZQPAAmW6_0tq3HEacxR7ogbP14.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.42.96.0/23
                  194.42.104.0/23
                IPv6:
                  2a0f:340::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:a4:71:64:08:40:77:2a:4a:f6:39:f3:ed:05:5a:6e:a1:df:
         77:f7:12:78:f4:66:8c:0f:a2:e5:71:30:ee:22:7e:70:b5:54:
         65:e7:07:fc:4a:f5:40:4b:58:66:35:05:67:c5:0c:ab:df:4b:
         79:ae:5b:c5:00:dd:7f:23:39:9b:e2:99:c7:17:b8:b9:1e:83:
         c1:cf:42:e9:e3:19:73:6b:2a:55:1b:a1:07:60:41:6a:de:2d:
         6c:67:2e:51:b5:b8:6d:23:20:f2:ca:f2:df:ad:08:be:b3:65:
         69:f5:58:3a:f0:63:79:d7:10:52:37:88:f9:d2:9c:91:50:9a:
         ff:df:7d:be:69:9a:5b:03:d1:59:30:c5:9b:e4:24:1b:eb:fd:
         d1:96:31:e4:48:f4:1a:d6:01:bf:82:da:79:db:60:e4:a0:94:
         41:96:7f:a1:77:e0:5d:54:e4:7d:ad:ee:c8:3a:17:be:b5:81:
         b5:6b:c3:e8:76:b7:26:28:9c:0e:fb:87:b6:9b:b7:cb:87:c3:
         04:48:c4:4d:9b:10:d1:b3:56:4a:4c:7b:6b:8e:dd:15:e3:0b:
         8f:f2:a4:e0:13:91:9f:5b:50:08:4f:ee:5b:e2:16:8c:44:bb:
         77:c7:14:7b:4a:04:09:b0:15:42:73:39:76:75:d4:e2:26:6d:
         4e:ac:be:4f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQkRPWgp6PvH4sfKI8eeAg2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxOTQwZjAwMDk5NmViZmQyZGFiNzFjNDY5Y2M1MWVlODgx
YjNmNWUwHhcNMjUwMTAxMjM0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDBlNTc0NTJmOTUwNjZmMTE1NTU2ZDIwODk1YmExZDI0ZjRjMDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/DHX9M56+r5wXzBe/ENFbffF/hb
ZhjZmqt9skdzdbC+IDPRhmgPpWU1iqJv8EtIjUPMhTuVSOhTX4LTW5m0lNq3k7KW
sWK+y6VisiY/bQb7kK0ifMlcxmKdKcIGzwgVXnEIvLycuWsS0ag4XlBTu4ZwDzG7
Bh96TC9cxjGjYmMJ34uihKlKl4dAICgvQ4CAl/aP/zON8lmMs2UavG89EKN6d2fE
DPNe5oJjuMx0hmfz8XE7iDXaeEl113+IjeLzry+dpO8zK7wDt3DEErGmQqMOaj9/
a+/Am2h+t8P7MveqxwUhYqcI/Tdi0XOtEqQ3BZX02UB6N6hQ+QxcqjMv1QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAQOV0UvlQZvEVVW0giVuh0k9MA9MB8GA1UdIwQY
MBaAFLGUDwAJluv9LatxxGnMUe6IGz9eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1pRUEFBbVc2XzB0cTNIRWFjeFI3b2diUDE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8xYzEzZDktODFkNS00Y2RiLWEyZTEt
YTVhYmIyMGQyNDYyLzEvQkE1WFJTLVZCbThSVlZiU0NKVzZIU1Qwd0QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8xYzEzZDktODFkNS00Y2RiLWEyZTEtYTVhYmIyMGQyNDYy
LzEvc1pRUEFBbVc2XzB0cTNIRWFjeFI3b2diUDE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBwipgAwQB
wipoMA0EAgACMAcDBQMqDwNAMA0GCSqGSIb3DQEBCwUAA4IBAQBwpHFkCEB3Kkr2
OfPtBVpuod939xJ49GaMD6LlcTDuIn5wtVRl5wf8SvVAS1hmNQVnxQyr30t5rlvF
AN1/Izmb4pnHF7i5HoPBz0Lp4xlzaypVG6EHYEFq3i1sZy5RtbhtIyDyyvLfrQi+
s2Vp9Vg68GN51xBSN4j50pyRUJr/332+aZpbA9FZMMWb5CQb6/3RljHkSPQa1gG/
gtp522DkoJRBln+hd+BdVOR9re7IOhe+tYG1a8PodrcmKJwO+4e2m7fLh8MESMRN
mxDRs1ZKTHtrjt0V4wuP8qTgE5GfW1AIT+5b4haMRLt3xxR7SgQJsBVCczl2ddTi
Jm1OrL5P
-----END CERTIFICATE-----