Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/c2a48a-3a89-46b5-ae62-abeed70fabd1/1/BjgxXw5dB_wuQ0ZRzXS45sCbI2M.roa
File:                     BjgxXw5dB_wuQ0ZRzXS45sCbI2M.roa (raw, json)
Hash identifier:          nSybFFrjmEruKoTvku3jHfun9w/b6/3srwb2Ve09tHs=
Subject key identifier:   06:38:31:5F:0E:5D:07:FC:2E:43:46:51:CD:74:B8:E6:C0:9B:23:63
Certificate issuer:       /CN=2fd971a27c6fc2c662f065dd8bfa8b8a132c1eae
Certificate serial:       018CC8DEE3F23B561E25B1005EEC28DEF029
Authority key identifier: 2F:D9:71:A2:7C:6F:C2:C6:62:F0:65:DD:8B:FA:8B:8A:13:2C:1E:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L9lxonxvwsZi8GXdi_qLihMsHq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/c2a48a-3a89-46b5-ae62-abeed70fabd1/1/BjgxXw5dB_wuQ0ZRzXS45sCbI2M.roa
Signing time:             Tue 02 Jan 2024 06:31:39 +0000
ROA not before:           Tue 02 Jan 2024 06:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44592
IP address blocks:        80.91.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/c2a48a-3a89-46b5-ae62-abeed70fabd1/1/L9lxonxvwsZi8GXdi_qLihMsHq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/c2a48a-3a89-46b5-ae62-abeed70fabd1/1/L9lxonxvwsZi8GXdi_qLihMsHq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L9lxonxvwsZi8GXdi_qLihMsHq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 12:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:e3:f2:3b:56:1e:25:b1:00:5e:ec:28:de:f0:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fd971a27c6fc2c662f065dd8bfa8b8a132c1eae
        Validity
            Not Before: Jan  2 06:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0638315f0e5d07fc2e434651cd74b8e6c09b2363
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:84:42:61:d4:3d:56:be:ab:7b:bf:6c:a5:c9:
                    f8:63:d3:34:bb:8c:eb:24:46:8d:ef:57:ef:98:5b:
                    92:96:01:6e:c1:58:2e:ac:a3:a9:d2:96:70:41:8a:
                    2b:0f:8b:d7:b6:9b:a0:87:a5:a8:b3:df:e6:58:fc:
                    2d:cb:66:b4:48:b5:b7:6b:03:b1:1a:04:24:9e:70:
                    57:94:1c:52:96:c3:76:05:3c:c8:c0:66:8a:a7:c9:
                    75:c7:a5:3a:85:67:6f:cf:52:70:a7:0f:cd:c9:a9:
                    23:67:2d:5d:c4:8e:c6:d7:cb:77:67:ac:bb:e8:4b:
                    3e:e9:0e:cd:a1:62:1b:bd:57:05:2a:2d:b9:bb:b5:
                    b2:72:94:ad:6c:dd:07:9f:b9:a7:dd:b6:c3:bf:b3:
                    02:10:65:15:40:d6:66:8f:0a:cd:18:24:71:c4:f5:
                    31:dc:33:df:a8:0c:3c:66:4e:e9:26:d1:3a:0e:96:
                    a8:5d:b2:57:7d:e5:25:da:7a:31:45:7b:b8:19:f2:
                    fe:1f:66:ac:97:25:01:1e:b5:60:97:e9:3f:0b:77:
                    95:92:08:28:e5:3a:6e:0d:33:0a:8d:52:ba:61:c1:
                    d1:f5:14:8b:2c:69:78:71:5c:09:d5:b7:79:1b:c4:
                    fa:9c:f6:12:66:4d:e3:69:b7:8b:a4:8e:74:0b:c0:
                    08:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:38:31:5F:0E:5D:07:FC:2E:43:46:51:CD:74:B8:E6:C0:9B:23:63
            X509v3 Authority Key Identifier:
                keyid:2F:D9:71:A2:7C:6F:C2:C6:62:F0:65:DD:8B:FA:8B:8A:13:2C:1E:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L9lxonxvwsZi8GXdi_qLihMsHq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/c2a48a-3a89-46b5-ae62-abeed70fabd1/1/BjgxXw5dB_wuQ0ZRzXS45sCbI2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/c2a48a-3a89-46b5-ae62-abeed70fabd1/1/L9lxonxvwsZi8GXdi_qLihMsHq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.91.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:54:6d:88:3b:a9:c0:97:86:66:b8:bd:97:73:c0:9d:4a:ad:
         10:81:92:3a:d8:70:c1:52:bb:a2:10:36:a4:bd:34:40:0a:cf:
         f6:f3:66:97:28:0a:c9:ca:db:e2:79:18:51:71:3b:0e:50:fd:
         1e:7d:19:d1:66:0b:45:45:f6:57:a4:da:e6:a2:0a:fb:76:28:
         e7:4c:63:ca:33:4b:eb:ee:5f:ba:aa:26:24:9d:1e:af:5f:58:
         48:f9:3a:2f:0a:0e:21:fb:81:18:a6:d2:9b:08:84:4d:36:c4:
         bb:d3:76:8c:13:cd:fa:aa:a7:20:45:a1:a4:ba:02:7e:6d:59:
         ae:4a:e0:1c:64:cb:ed:20:e2:80:bc:8e:58:2c:17:1f:87:0e:
         15:5c:63:6e:e0:b5:cf:80:7f:03:c6:c0:bc:f1:97:57:ba:62:
         c5:6d:3a:d2:44:41:89:05:3f:2e:80:b9:e6:7c:65:d6:77:da:
         35:16:2c:c0:a5:1e:c5:d5:62:27:76:12:b0:79:bc:7c:13:99:
         34:89:b5:ba:9a:54:2c:94:77:36:a7:dd:39:a4:20:78:06:53:
         b4:81:0e:db:4b:d8:d6:b0:89:fe:01:86:07:95:a3:2e:5b:c0:
         2d:47:df:af:41:22:51:ff:5f:89:b3:32:dd:ab:19:1f:97:24:
         22:60:7b:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3uPyO1YeJbEAXuwo3vApMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmZDk3MWEyN2M2ZmMyYzY2MmYwNjVkZDhiZmE4YjhhMTMy
YzFlYWUwHhcNMjQwMTAyMDYzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjM4MzE1ZjBlNWQwN2ZjMmU0MzQ2NTFjZDc0YjhlNmMwOWIyMzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4RCYdQ9Vr6re79spcn4Y9M0u4zr
JEaN71fvmFuSlgFuwVgurKOp0pZwQYorD4vXtpugh6Wos9/mWPwty2a0SLW3awOx
GgQknnBXlBxSlsN2BTzIwGaKp8l1x6U6hWdvz1Jwpw/NyakjZy1dxI7G18t3Z6y7
6Es+6Q7NoWIbvVcFKi25u7WycpStbN0Hn7mn3bbDv7MCEGUVQNZmjwrNGCRxxPUx
3DPfqAw8Zk7pJtE6DpaoXbJXfeUl2noxRXu4GfL+H2aslyUBHrVgl+k/C3eVkggo
5TpuDTMKjVK6YcHR9RSLLGl4cVwJ1bd5G8T6nPYSZk3jabeLpI50C8AIiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAY4MV8OXQf8LkNGUc10uObAmyNjMB8GA1UdIwQY
MBaAFC/ZcaJ8b8LGYvBl3Yv6i4oTLB6uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDlseG9ueHZ3c1ppOEdYZGlfcUxpaE1zSHE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9jMmE0OGEtM2E4OS00NmI1LWFlNjIt
YWJlZWQ3MGZhYmQxLzEvQmpneFh3NWRCX3d1UTBaUnpYUzQ1c0NiSTJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9jMmE0OGEtM2E4OS00NmI1LWFlNjItYWJlZWQ3MGZhYmQx
LzEvTDlseG9ueHZ3c1ppOEdYZGlfcUxpaE1zSHE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFvfMA0G
CSqGSIb3DQEBCwUAA4IBAQBjVG2IO6nAl4ZmuL2Xc8CdSq0QgZI62HDBUruiEDak
vTRACs/282aXKArJytvieRhRcTsOUP0efRnRZgtFRfZXpNrmogr7dijnTGPKM0vr
7l+6qiYknR6vX1hI+TovCg4h+4EYptKbCIRNNsS703aME836qqcgRaGkugJ+bVmu
SuAcZMvtIOKAvI5YLBcfhw4VXGNu4LXPgH8DxsC88ZdXumLFbTrSREGJBT8ugLnm
fGXWd9o1FizApR7F1WIndhKwebx8E5k0ibW6mlQslHc2p905pCB4BlO0gQ7bS9jW
sIn+AYYHlaMuW8AtR9+vQSJR/1+JszLdqxkflyQiYHvg
-----END CERTIFICATE-----