Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/439efe-f130-4931-931c-c8d5c04e3d43/1/BbnlwIhyrOC_wq9s3BdRg9fc6bM.roa
File:                     BbnlwIhyrOC_wq9s3BdRg9fc6bM.roa (raw, json)
Hash identifier:          oM0cwxxbDbi/Rv2GFMgcWwBaJUky6UMWTaWR/yxnVcw=
Subject key identifier:   05:B9:E5:C0:88:72:AC:E0:BF:C2:AF:6C:DC:17:51:83:D7:DC:E9:B3
Certificate issuer:       /CN=cc4491558cd24875db524273410502fdae3a6782
Certificate serial:       0194228D09D761AC1C244B0F9D496F5EC858
Authority key identifier: CC:44:91:55:8C:D2:48:75:DB:52:42:73:41:05:02:FD:AE:3A:67:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zESRVYzSSHXbUkJzQQUC_a46Z4I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/439efe-f130-4931-931c-c8d5c04e3d43/1/BbnlwIhyrOC_wq9s3BdRg9fc6bM.roa
Signing time:             Wed 01 Jan 2025 15:47:35 +0000
ROA not before:           Wed 01 Jan 2025 15:47:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47949
IP address blocks:        92.43.24.0/21 maxlen: 21
                          185.7.45.0/24 maxlen: 24
                          2a02:29c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/439efe-f130-4931-931c-c8d5c04e3d43/1/zESRVYzSSHXbUkJzQQUC_a46Z4I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/439efe-f130-4931-931c-c8d5c04e3d43/1/zESRVYzSSHXbUkJzQQUC_a46Z4I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zESRVYzSSHXbUkJzQQUC_a46Z4I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:09:d7:61:ac:1c:24:4b:0f:9d:49:6f:5e:c8:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc4491558cd24875db524273410502fdae3a6782
        Validity
            Not Before: Jan  1 15:47:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05b9e5c08872ace0bfc2af6cdc175183d7dce9b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c0:5c:af:07:cc:5c:7d:8a:2e:2e:e1:cc:e2:
                    d6:38:b3:3f:4b:8d:1a:57:44:5a:fc:8c:69:00:5a:
                    00:e0:01:f7:b7:fc:86:28:df:99:62:66:ba:55:71:
                    83:6a:14:51:60:a2:8d:2a:41:6d:16:5c:1e:eb:5d:
                    12:ae:9a:87:aa:34:c9:d4:c4:c9:be:a5:96:78:a6:
                    d3:d3:58:ec:19:28:9b:63:6f:d5:49:c3:67:da:50:
                    b6:c9:65:5f:c6:ac:30:16:4d:31:1c:2c:7d:c9:83:
                    98:2e:19:86:2c:dc:e8:f9:38:1a:e7:e2:2d:3e:ae:
                    e6:d4:a6:2e:08:3e:d4:41:f7:7c:fc:89:46:aa:ee:
                    d3:72:eb:7e:10:d5:16:e5:b9:a4:60:87:28:91:ca:
                    e5:63:c3:e1:1a:b8:e0:ac:11:8a:81:6d:b0:02:85:
                    65:ec:be:2d:d7:74:fc:46:a4:b1:df:67:eb:f1:83:
                    62:8e:f5:4e:1e:87:a6:06:49:d1:ea:c7:6f:bb:ba:
                    58:75:e3:6d:67:77:35:bc:eb:2b:9f:94:43:4d:13:
                    78:c1:a6:cd:c3:78:b2:d8:8b:85:59:dc:6c:64:70:
                    98:f2:d8:8f:70:17:99:0a:cf:bf:0f:d3:19:0e:0d:
                    cb:bf:8a:bc:a0:cd:40:1d:67:73:7f:f4:d4:f7:b3:
                    df:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:B9:E5:C0:88:72:AC:E0:BF:C2:AF:6C:DC:17:51:83:D7:DC:E9:B3
            X509v3 Authority Key Identifier:
                keyid:CC:44:91:55:8C:D2:48:75:DB:52:42:73:41:05:02:FD:AE:3A:67:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zESRVYzSSHXbUkJzQQUC_a46Z4I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/439efe-f130-4931-931c-c8d5c04e3d43/1/BbnlwIhyrOC_wq9s3BdRg9fc6bM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/439efe-f130-4931-931c-c8d5c04e3d43/1/zESRVYzSSHXbUkJzQQUC_a46Z4I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.43.24.0/21
                  185.7.45.0/24
                IPv6:
                  2a02:29c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         63:a3:7b:a5:0b:53:10:d4:3d:05:0f:fe:3a:2c:ea:42:1c:fb:
         23:6a:d0:6a:51:43:e1:2f:d8:18:3b:9b:6c:73:70:b3:2d:55:
         52:1e:2b:3c:8c:09:06:39:33:f1:ab:da:e4:89:a8:a0:74:4e:
         16:27:d1:3d:e1:cf:bf:23:6a:52:f2:f8:75:f3:65:f2:ec:d0:
         bf:aa:7b:fa:67:62:e6:5c:0f:c8:fb:47:79:2c:b8:1f:4e:5a:
         d8:35:69:59:f8:3a:e4:d9:ba:88:1b:0a:ba:3e:9c:2f:f5:4a:
         c7:05:c7:e7:c4:a5:77:7c:78:d9:ea:63:dd:bc:fa:bc:fc:f5:
         3c:09:70:34:ac:cb:4e:b4:26:c9:1c:ac:00:72:df:11:e6:c1:
         be:be:e9:9d:d7:a1:f5:e6:ec:f9:5f:da:4b:64:55:c1:e8:06:
         41:f5:2b:52:a6:fc:9e:91:b2:76:60:3a:91:91:a0:5f:23:a6:
         be:e5:78:87:86:f5:b0:5d:9c:42:74:9a:4c:c6:f2:23:32:ac:
         9a:9f:67:f2:5f:e4:be:42:72:2a:03:73:9b:6b:03:3e:ff:fd:
         29:47:78:27:11:1c:13:05:82:46:de:87:da:9b:d7:d1:4c:d3:
         9d:ae:62:37:98:af:dc:cf:ea:f6:00:b1:c2:a6:c9:d3:ac:e1:
         51:d6:a3:b3
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQijQnXYawcJEsPnUlvXshYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNDQ5MTU1OGNkMjQ4NzVkYjUyNDI3MzQxMDUwMmZkYWUz
YTY3ODIwHhcNMjUwMTAxMTU0NzM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWI5ZTVjMDg4NzJhY2UwYmZjMmFmNmNkYzE3NTE4M2Q3ZGNlOWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosBcrwfMXH2KLi7hzOLWOLM/S40a
V0Ra/IxpAFoA4AH3t/yGKN+ZYma6VXGDahRRYKKNKkFtFlwe610SrpqHqjTJ1MTJ
vqWWeKbT01jsGSibY2/VScNn2lC2yWVfxqwwFk0xHCx9yYOYLhmGLNzo+Tga5+It
Pq7m1KYuCD7UQfd8/IlGqu7Tcut+ENUW5bmkYIcokcrlY8PhGrjgrBGKgW2wAoVl
7L4t13T8RqSx32fr8YNijvVOHoemBknR6sdvu7pYdeNtZ3c1vOsrn5RDTRN4wabN
w3iy2IuFWdxsZHCY8tiPcBeZCs+/D9MZDg3Lv4q8oM1AHWdzf/TU97Pf1QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAW55cCIcqzgv8KvbNwXUYPX3OmzMB8GA1UdIwQY
MBaAFMxEkVWM0kh121JCc0EFAv2uOmeCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekVTUlZZelNTSFhiVWtKelFRVUNfYTQ2WjRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC80MzllZmUtZjEzMC00OTMxLTkzMWMt
YzhkNWMwNGUzZDQzLzEvQmJubHdJaHlyT0Nfd3E5czNCZFJnOWZjNmJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC80MzllZmUtZjEzMC00OTMxLTkzMWMtYzhkNWMwNGUzZDQz
LzEvekVTUlZZelNTSFhiVWtKelFRVUNfYTQ2WjRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDXCsYAwQA
uQctMA0EAgACMAcDBQAqAinAMA0GCSqGSIb3DQEBCwUAA4IBAQBjo3ulC1MQ1D0F
D/46LOpCHPsjatBqUUPhL9gYO5tsc3CzLVVSHis8jAkGOTPxq9rkiaigdE4WJ9E9
4c+/I2pS8vh182Xy7NC/qnv6Z2LmXA/I+0d5LLgfTlrYNWlZ+Drk2bqIGwq6Ppwv
9UrHBcfnxKV3fHjZ6mPdvPq8/PU8CXA0rMtOtCbJHKwAct8R5sG+vumd16H15uz5
X9pLZFXB6AZB9StSpvyekbJ2YDqRkaBfI6a+5XiHhvWwXZxCdJpMxvIjMqyan2fy
X+S+QnIqA3ObawM+//0pR3gnERwTBYJG3ofam9fRTNOdrmI3mK/cz+r2ALHCpsnT
rOFR1qOz
-----END CERTIFICATE-----