Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/bGU-zFokjmW-mpFIKKtZc5JKVP8.roa
File:                     bGU-zFokjmW-mpFIKKtZc5JKVP8.roa (raw, json)
Hash identifier:          2Jz89V1C3YsLMvNqMarfsyZ//PNwJKnQu7mSx74JgIk=
Subject key identifier:   6C:65:3E:CC:5A:24:8E:65:BE:9A:91:48:28:AB:59:73:92:4A:54:FF
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A8F696A062BDACF9F33A3C1C18EB9
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/bGU-zFokjmW-mpFIKKtZc5JKVP8.roa
Signing time:             Tue 02 Jan 2024 12:33:56 +0000
ROA not before:           Tue 02 Jan 2024 12:33:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211373
IP address blocks:        193.108.112.0/24 maxlen: 24
                          212.192.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:52:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:8f:69:6a:06:2b:da:cf:9f:33:a3:c1:c1:8e:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c653ecc5a248e65be9a914828ab5973924a54ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:05:72:c6:eb:5c:10:a8:58:1c:db:b3:c5:1e:
                    ea:81:c1:3b:0e:32:2a:1f:0e:9b:a7:d8:6f:35:25:
                    42:48:40:e8:e3:2f:80:af:73:67:8b:49:c4:ac:44:
                    a4:6f:d6:d3:47:92:e1:b6:d9:f4:ec:33:fe:91:df:
                    61:e4:2b:32:7e:3a:d2:f0:50:56:a8:48:09:e6:86:
                    fc:a1:ef:f0:be:c0:d8:04:80:2d:b7:ba:e8:ef:5f:
                    eb:a6:48:8b:95:ee:d4:3d:07:13:c0:a4:a2:5d:be:
                    e3:c7:88:bf:13:73:69:d0:30:c9:5f:22:bc:cc:7b:
                    96:fc:e9:42:45:6d:ac:d7:7d:8b:59:35:b9:35:aa:
                    eb:73:e4:04:ae:f4:13:fd:6b:61:47:8f:a9:c0:bb:
                    ec:f8:12:61:c3:bf:d2:84:3e:db:0e:35:48:fc:64:
                    57:36:21:4f:25:05:27:38:51:09:f0:0c:c2:cd:a1:
                    38:d3:70:fb:27:2c:bd:da:a0:e6:06:c7:14:00:45:
                    de:d7:d0:b1:4c:6a:a4:82:d0:24:19:23:7d:9d:5c:
                    38:fc:46:8c:3e:05:f5:45:82:e5:aa:e8:69:19:b3:
                    d5:e1:4b:35:f7:41:c6:88:e4:a1:66:1d:44:c5:e4:
                    d3:63:8f:bf:43:80:f1:df:13:8e:80:0e:2f:1d:6c:
                    de:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:65:3E:CC:5A:24:8E:65:BE:9A:91:48:28:AB:59:73:92:4A:54:FF
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/bGU-zFokjmW-mpFIKKtZc5JKVP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.112.0/24
                  212.192.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:03:0b:3b:12:81:f5:e0:02:8e:33:84:36:0f:00:12:08:91:
         15:54:5f:56:ed:a1:f2:9a:a0:f4:80:c5:10:b1:23:70:41:ba:
         f8:14:c8:8a:f9:86:87:a0:81:5b:a8:82:8d:9e:1c:21:eb:0c:
         d6:c9:17:f9:3d:aa:fb:c6:1c:d2:55:34:f5:2c:27:a3:0a:48:
         99:90:2e:ad:8d:d8:86:50:9d:7c:77:be:1c:56:be:0d:ed:a4:
         f0:5d:08:8b:51:42:fc:de:d4:f9:12:df:e7:6b:36:77:8d:59:
         3f:4d:3c:34:44:34:4b:b7:d3:79:d6:38:78:fc:a8:d4:ea:a5:
         5c:50:30:54:52:c0:ad:cf:f2:57:73:97:5e:54:83:ba:81:90:
         fa:6d:6a:8e:42:77:d2:47:4e:42:41:f1:6a:07:23:60:ff:52:
         15:15:f6:18:c3:c1:38:27:c4:7d:91:1c:32:7b:db:a6:fa:a7:
         38:8c:8c:dc:b8:4d:6b:82:1b:a8:59:95:3a:33:b1:71:86:5b:
         7d:ef:22:66:ed:c3:e8:29:f3:2c:bc:71:23:38:7c:6a:28:d1:
         3d:b0:0e:f0:5f:a0:b2:3c:2f:41:5d:a0:9f:41:e0:f1:78:e3:
         b1:16:3f:e6:ca:2e:e0:88:29:63:de:28:de:20:ee:16:a7:df:
         13:fe:80:81
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKo9pagYr2s+fM6PBwY65MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzY1M2VjYzVhMjQ4ZTY1YmU5YTkxNDgyOGFiNTk3MzkyNGE1NGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgVyxutcEKhYHNuzxR7qgcE7DjIq
Hw6bp9hvNSVCSEDo4y+Ar3Nni0nErESkb9bTR5Lhttn07DP+kd9h5CsyfjrS8FBW
qEgJ5ob8oe/wvsDYBIAtt7ro71/rpkiLle7UPQcTwKSiXb7jx4i/E3Np0DDJXyK8
zHuW/OlCRW2s132LWTW5Narrc+QErvQT/WthR4+pwLvs+BJhw7/ShD7bDjVI/GRX
NiFPJQUnOFEJ8AzCzaE403D7Jyy92qDmBscUAEXe19CxTGqkgtAkGSN9nVw4/EaM
PgX1RYLlquhpGbPV4Us190HGiOShZh1ExeTTY4+/Q4Dx3xOOgA4vHWzelwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGxlPsxaJI5lvpqRSCirWXOSSlT/MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvYkdVLXpGb2tqbVctbXBGSUtLdFpjNUpLVlA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwWxwAwQA
1MAGMA0GCSqGSIb3DQEBCwUAA4IBAQBrAws7EoH14AKOM4Q2DwASCJEVVF9W7aHy
mqD0gMUQsSNwQbr4FMiK+YaHoIFbqIKNnhwh6wzWyRf5Par7xhzSVTT1LCejCkiZ
kC6tjdiGUJ18d74cVr4N7aTwXQiLUUL83tT5Et/nazZ3jVk/TTw0RDRLt9N51jh4
/KjU6qVcUDBUUsCtz/JXc5deVIO6gZD6bWqOQnfSR05CQfFqByNg/1IVFfYYw8E4
J8R9kRwye9um+qc4jIzcuE1rghuoWZU6M7Fxhlt97yJm7cPoKfMsvHEjOHxqKNE9
sA7wX6CyPC9BXaCfQeDxeOOxFj/myi7giClj3ijeIO4Wp98T/oCB
-----END CERTIFICATE-----