Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/cd17fe-e44a-4b98-9f1c-2d8a8d9669f8/1/BJjEtGOcYjKJp4ZeVDjeyjCCQ40.roa
File:                     BJjEtGOcYjKJp4ZeVDjeyjCCQ40.roa (raw, json)
Hash identifier:          U0AbnIlJbdx/D2UiDKF/RJHQp+UqZ3jckOEuXUZrhyY=
Subject key identifier:   04:98:C4:B4:63:9C:62:32:89:A7:86:5E:54:38:DE:CA:30:82:43:8D
Certificate issuer:       /CN=78fb099aa43081ac8395ee0b90ccf1a8844f8d64
Certificate serial:       018CC94BD3E8BF57E8C1ABFDBEC111079338
Authority key identifier: 78:FB:09:9A:A4:30:81:AC:83:95:EE:0B:90:CC:F1:A8:84:4F:8D:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ePsJmqQwgayDle4LkMzxqIRPjWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/cd17fe-e44a-4b98-9f1c-2d8a8d9669f8/1/BJjEtGOcYjKJp4ZeVDjeyjCCQ40.roa
Signing time:             Tue 02 Jan 2024 08:30:39 +0000
ROA not before:           Tue 02 Jan 2024 08:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201587
IP address blocks:        85.194.224.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/cd17fe-e44a-4b98-9f1c-2d8a8d9669f8/1/ePsJmqQwgayDle4LkMzxqIRPjWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/cd17fe-e44a-4b98-9f1c-2d8a8d9669f8/1/ePsJmqQwgayDle4LkMzxqIRPjWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ePsJmqQwgayDle4LkMzxqIRPjWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:d3:e8:bf:57:e8:c1:ab:fd:be:c1:11:07:93:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78fb099aa43081ac8395ee0b90ccf1a8844f8d64
        Validity
            Not Before: Jan  2 08:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0498c4b4639c623289a7865e5438deca3082438d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:92:26:7e:d1:18:5b:a4:4b:6b:bf:ff:1b:ed:
                    6c:b0:79:6b:8a:7f:79:fb:17:93:25:7e:f0:7e:34:
                    7f:00:44:f9:ae:f8:b5:f8:4e:9d:03:fc:a3:03:d9:
                    75:67:76:52:c5:97:0d:8f:28:10:3c:c0:7f:02:bd:
                    12:bb:2e:83:04:0b:34:06:91:e5:ab:03:6d:89:5c:
                    8a:85:5e:20:23:79:fe:0d:a4:48:c8:2d:ea:83:36:
                    a8:10:99:6b:33:06:e3:55:62:fb:12:a9:75:8c:dc:
                    56:3b:11:53:9b:ab:42:0c:1b:e6:8e:78:09:b6:aa:
                    ca:83:7d:c0:98:bd:0e:4f:0b:ee:79:3d:35:57:ef:
                    74:1f:e6:09:b4:b5:c6:19:2c:95:9b:3d:93:1c:27:
                    87:22:b9:d9:09:37:bd:7c:28:51:13:1e:f6:d0:79:
                    60:15:c5:99:3d:cd:a9:8d:7b:4a:cf:8d:5f:5e:1a:
                    02:fb:37:4b:55:ea:bc:89:9a:92:d9:40:8f:67:0a:
                    c7:d5:58:da:5b:89:82:f9:d7:bf:30:1a:b1:6b:c7:
                    42:91:5b:7c:85:76:59:27:43:14:db:ce:0e:f9:43:
                    1a:7a:67:71:6c:b2:cb:f8:6e:13:93:91:60:8a:8b:
                    d9:93:ab:fd:e3:e4:c8:a3:56:60:bc:47:9d:0e:cc:
                    9a:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:98:C4:B4:63:9C:62:32:89:A7:86:5E:54:38:DE:CA:30:82:43:8D
            X509v3 Authority Key Identifier:
                keyid:78:FB:09:9A:A4:30:81:AC:83:95:EE:0B:90:CC:F1:A8:84:4F:8D:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ePsJmqQwgayDle4LkMzxqIRPjWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/cd17fe-e44a-4b98-9f1c-2d8a8d9669f8/1/BJjEtGOcYjKJp4ZeVDjeyjCCQ40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/cd17fe-e44a-4b98-9f1c-2d8a8d9669f8/1/ePsJmqQwgayDle4LkMzxqIRPjWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.194.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         45:70:e2:67:e9:93:a2:1c:58:38:6b:90:9b:2d:f3:5b:c1:25:
         cd:65:2a:b2:fb:83:e3:74:8a:90:ba:8e:e1:e1:73:c2:39:07:
         00:f4:21:6e:87:97:e7:13:e9:9d:dc:1c:06:a7:cd:fe:2f:46:
         30:ce:18:13:08:97:af:e0:b6:8e:86:89:6c:e1:ae:5e:ce:fc:
         fe:c8:d6:d2:8b:b4:c4:c0:db:75:5d:30:23:93:17:66:78:ae:
         5a:62:65:3d:f1:22:8e:48:2a:aa:48:46:38:ba:5c:bf:17:88:
         b2:8b:8f:3e:a1:89:c0:c1:c0:b9:2d:34:3b:ca:4d:8c:90:ad:
         6e:6b:1c:8c:dc:77:91:89:fd:c5:37:4c:ac:bd:f8:f9:64:ac:
         43:21:1f:ba:78:99:ed:90:ec:4f:6f:e8:c9:90:5c:f9:e5:63:
         f6:e9:0f:4e:fc:d7:45:cb:d5:d0:4f:b8:e1:2e:4b:ca:60:0c:
         22:b0:74:13:bb:20:21:27:58:51:53:58:47:a5:c9:4e:e8:d9:
         a8:51:d0:54:4f:7b:2d:46:03:b3:6e:f2:98:79:bc:89:8d:13:
         0e:2d:f9:d3:5d:b0:06:ec:ee:9c:bd:84:38:29:12:0d:e1:8a:
         b1:7b:fb:3e:1c:18:c4:71:2b:07:2b:a7:a3:af:ff:ae:43:ff:
         0e:d1:c3:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJS9Pov1fowav9vsERB5M4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ZmIwOTlhYTQzMDgxYWM4Mzk1ZWUwYjkwY2NmMWE4ODQ0
ZjhkNjQwHhcNMjQwMTAyMDgzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDk4YzRiNDYzOWM2MjMyODlhNzg2NWU1NDM4ZGVjYTMwODI0MzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJImftEYW6RLa7//G+1ssHlrin95
+xeTJX7wfjR/AET5rvi1+E6dA/yjA9l1Z3ZSxZcNjygQPMB/Ar0Suy6DBAs0BpHl
qwNtiVyKhV4gI3n+DaRIyC3qgzaoEJlrMwbjVWL7Eql1jNxWOxFTm6tCDBvmjngJ
tqrKg33AmL0OTwvueT01V+90H+YJtLXGGSyVmz2THCeHIrnZCTe9fChREx720Hlg
FcWZPc2pjXtKz41fXhoC+zdLVeq8iZqS2UCPZwrH1VjaW4mC+de/MBqxa8dCkVt8
hXZZJ0MU284O+UMaemdxbLLL+G4Tk5FgiovZk6v94+TIo1ZgvEedDsyacwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASYxLRjnGIyiaeGXlQ43sowgkONMB8GA1UdIwQY
MBaAFHj7CZqkMIGsg5XuC5DM8aiET41kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVBzSm1xUXdnYXlEbGU0TGtNenhxSVJQaldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9jZDE3ZmUtZTQ0YS00Yjk4LTlmMWMt
MmQ4YThkOTY2OWY4LzEvQkpqRXRHT2NZaktKcDRaZVZEamV5akNDUTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9jZDE3ZmUtZTQ0YS00Yjk4LTlmMWMtMmQ4YThkOTY2OWY4
LzEvZVBzSm1xUXdnYXlEbGU0TGtNenhxSVJQaldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDVcLgMA0G
CSqGSIb3DQEBCwUAA4IBAQBFcOJn6ZOiHFg4a5CbLfNbwSXNZSqy+4PjdIqQuo7h
4XPCOQcA9CFuh5fnE+md3BwGp83+L0YwzhgTCJev4LaOhols4a5ezvz+yNbSi7TE
wNt1XTAjkxdmeK5aYmU98SKOSCqqSEY4uly/F4iyi48+oYnAwcC5LTQ7yk2MkK1u
axyM3HeRif3FN0ysvfj5ZKxDIR+6eJntkOxPb+jJkFz55WP26Q9O/NdFy9XQT7jh
LkvKYAwisHQTuyAhJ1hRU1hHpclO6NmoUdBUT3stRgOzbvKYebyJjRMOLfnTXbAG
7O6cvYQ4KRIN4Yqxe/s+HBjEcSsHK6ejr/+uQ/8O0cNl
-----END CERTIFICATE-----