Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BwiLAm7rbpQhuESwGO7HP0q1Jwk.roa
File:                     BwiLAm7rbpQhuESwGO7HP0q1Jwk.roa (raw, json)
Hash identifier:          pDP4DFLkvlupp0yPxLRfDnb73hmVR9oyga0pyVAb6d0=
Subject key identifier:   07:08:8B:02:6E:EB:6E:94:21:B8:44:B0:18:EE:C7:3F:4A:B5:27:09
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019024DBACE6A622922AA74F63FB652BFCA8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BwiLAm7rbpQhuESwGO7HP0q1Jwk.roa
Signing time:             Mon 17 Jun 2024 06:21:34 +0000
ROA not before:           Mon 17 Jun 2024 06:21:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199834
IP address blocks:        193.37.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:24:db:ac:e6:a6:22:92:2a:a7:4f:63:fb:65:2b:fc:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jun 17 06:21:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07088b026eeb6e9421b844b018eec73f4ab52709
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:5d:38:42:42:8f:e4:28:c9:13:43:f5:f4:30:
                    12:ef:13:e4:a9:d3:05:21:19:75:24:d7:96:f8:3a:
                    c6:88:e7:9e:5d:e9:68:fe:fa:ce:7b:36:10:2d:67:
                    54:2f:f1:07:79:23:ac:cd:3d:61:33:8b:25:d0:c2:
                    46:59:25:1f:4c:57:f7:2a:9a:fa:7f:da:27:91:38:
                    4c:8f:83:41:27:af:10:00:2b:f2:11:42:d0:fb:78:
                    6a:72:fd:e1:78:e5:89:66:97:49:d1:a6:4a:e8:0d:
                    8f:7f:e3:25:61:a4:26:89:8a:01:74:cb:71:ce:ac:
                    de:21:66:f1:1a:95:61:11:89:27:c1:79:1d:6d:04:
                    24:e8:4e:82:58:26:84:46:54:57:83:18:c7:f6:a7:
                    e8:18:0f:8b:a3:a6:01:d2:41:86:2e:1a:97:b6:93:
                    bf:e9:6f:40:6f:37:1e:48:b5:23:a5:a4:c7:82:ee:
                    af:5f:8f:09:0a:33:87:03:a0:4b:4c:7f:8c:40:20:
                    92:3a:0c:d8:13:2b:97:db:e1:a7:3f:7a:ac:a5:0a:
                    bb:3b:4f:57:70:3d:b2:e7:77:d5:44:fd:48:23:51:
                    7d:bc:55:34:bd:df:7c:a3:92:59:99:7a:08:f7:d1:
                    d7:2a:08:50:55:ba:ed:7e:ba:de:6a:3f:b3:e8:f6:
                    23:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:08:8B:02:6E:EB:6E:94:21:B8:44:B0:18:EE:C7:3F:4A:B5:27:09
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BwiLAm7rbpQhuESwGO7HP0q1Jwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:2b:1f:0b:ed:f6:4a:57:e4:18:7d:85:e2:db:92:58:8b:0f:
         cf:d4:43:f9:73:46:8c:eb:68:64:42:4a:27:c4:4c:51:37:cd:
         79:dd:63:53:a6:ca:cd:aa:9d:00:5a:3e:c0:0c:0f:17:4b:cc:
         3b:a5:e8:96:4c:52:e2:16:8e:98:c6:74:64:12:f8:c2:34:54:
         bb:de:e1:9d:36:17:7d:24:56:8b:7e:f2:3f:5c:d1:de:e4:ef:
         c5:16:e1:f7:d2:0e:3c:76:3a:33:28:02:bc:60:b8:4c:7e:f7:
         b9:af:26:fe:d4:43:fa:36:f2:67:f8:b6:4b:e2:c9:9e:6b:29:
         cc:65:1d:9c:18:10:91:f6:a6:66:87:89:b9:12:ae:67:d0:81:
         99:27:0c:fa:2e:24:e9:cc:96:45:fb:8f:e4:2f:b8:76:8d:53:
         ea:b2:5a:b6:b7:6b:c2:35:87:4b:70:ae:60:e3:bf:54:7c:1a:
         05:05:8f:6c:8f:dd:bc:67:c9:d6:e8:09:5c:7a:2d:0d:02:3c:
         05:60:ab:47:5e:93:ce:81:ea:7f:70:8c:88:3a:bf:5f:45:1c:
         07:11:61:d0:40:1e:7c:eb:4a:c7:0e:b9:90:6e:7a:ed:46:2c:
         47:be:eb:67:d9:80:39:61:c1:f3:1c:54:93:d4:de:2b:84:72:
         bb:4e:11:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAk26zmpiKSKqdPY/tlK/yoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNjE3MDYyMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzA4OGIwMjZlZWI2ZTk0MjFiODQ0YjAxOGVlYzczZjRhYjUyNzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqV04QkKP5CjJE0P19DAS7xPkqdMF
IRl1JNeW+DrGiOeeXelo/vrOezYQLWdUL/EHeSOszT1hM4sl0MJGWSUfTFf3Kpr6
f9onkThMj4NBJ68QACvyEULQ+3hqcv3heOWJZpdJ0aZK6A2Pf+MlYaQmiYoBdMtx
zqzeIWbxGpVhEYknwXkdbQQk6E6CWCaERlRXgxjH9qfoGA+Lo6YB0kGGLhqXtpO/
6W9AbzceSLUjpaTHgu6vX48JCjOHA6BLTH+MQCCSOgzYEyuX2+GnP3qspQq7O09X
cD2y53fVRP1II1F9vFU0vd98o5JZmXoI99HXKghQVbrtfrreaj+z6PYjlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAcIiwJu626UIbhEsBjuxz9KtScJMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQndpTEFtN3JicFFodUVTd0dPN0hQMHExSndrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSUqMA0G
CSqGSIb3DQEBCwUAA4IBAQAVKx8L7fZKV+QYfYXi25JYiw/P1EP5c0aM62hkQkon
xExRN8153WNTpsrNqp0AWj7ADA8XS8w7peiWTFLiFo6YxnRkEvjCNFS73uGdNhd9
JFaLfvI/XNHe5O/FFuH30g48djozKAK8YLhMfve5ryb+1EP6NvJn+LZL4smeaynM
ZR2cGBCR9qZmh4m5Eq5n0IGZJwz6LiTpzJZF+4/kL7h2jVPqslq2t2vCNYdLcK5g
479UfBoFBY9sj928Z8nW6Alcei0NAjwFYKtHXpPOgep/cIyIOr9fRRwHEWHQQB58
60rHDrmQbnrtRixHvutn2YA5YcHzHFST1N4rhHK7ThEV
-----END CERTIFICATE-----