Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/bc51f4-61f2-4faa-a02a-602936539405/1/BJ4VFOskRK3bBiJBpHiT_tAzA5A.roa
File:                     BJ4VFOskRK3bBiJBpHiT_tAzA5A.roa (raw, json)
Hash identifier:          UXn6LX6IgvE9frtcP3dcRwG57JPhrEUAXhgX1T/Y+PE=
Subject key identifier:   04:9E:15:14:EB:24:44:AD:DB:06:22:41:A4:78:93:FE:D0:33:03:90
Certificate issuer:       /CN=916033dd557447965bdaef8b4724a5e77d3c05ae
Certificate serial:       019426D980C3D8A934D5E7F69E1144416C41
Authority key identifier: 91:60:33:DD:55:74:47:96:5B:DA:EF:8B:47:24:A5:E7:7D:3C:05:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kWAz3VV0R5Zb2u-LRySl5308Ba4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/bc51f4-61f2-4faa-a02a-602936539405/1/BJ4VFOskRK3bBiJBpHiT_tAzA5A.roa
Signing time:             Thu 02 Jan 2025 11:49:36 +0000
ROA not before:           Thu 02 Jan 2025 11:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29574
IP address blocks:        194.146.140.0/24 maxlen: 24
                          194.146.141.0/24 maxlen: 24
                          194.146.142.0/24 maxlen: 24
                          194.146.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/bc51f4-61f2-4faa-a02a-602936539405/1/kWAz3VV0R5Zb2u-LRySl5308Ba4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/bc51f4-61f2-4faa-a02a-602936539405/1/kWAz3VV0R5Zb2u-LRySl5308Ba4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kWAz3VV0R5Zb2u-LRySl5308Ba4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:80:c3:d8:a9:34:d5:e7:f6:9e:11:44:41:6c:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=916033dd557447965bdaef8b4724a5e77d3c05ae
        Validity
            Not Before: Jan  2 11:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=049e1514eb2444addb062241a47893fed0330390
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:c7:50:16:7b:b4:b7:a5:1c:25:45:d2:bb:46:
                    63:e2:e6:c6:77:7c:e0:bc:d5:28:0c:ed:06:eb:0d:
                    61:3d:85:12:2c:b8:3c:66:23:8a:1e:e2:17:03:2a:
                    0d:94:1c:87:5b:55:f1:ba:14:89:8b:d9:bb:54:28:
                    e5:e4:80:15:47:b5:a7:bc:09:2b:92:5d:11:e5:41:
                    5a:2c:d3:b3:27:f0:49:1f:fa:d9:62:6a:03:85:6a:
                    2a:ef:8e:43:8c:25:70:ed:40:7b:e7:ec:c6:25:1a:
                    a8:71:42:2a:12:b4:ea:b1:84:7c:fc:0a:5f:02:1b:
                    38:72:e1:b7:4a:af:a3:b8:31:3b:1e:1f:53:d8:c4:
                    03:06:91:93:a3:4f:f2:10:46:fe:57:e3:b2:3a:07:
                    f9:db:6c:f7:86:e6:0c:61:b2:9a:83:08:a1:07:60:
                    55:92:36:00:e7:34:cb:3e:ff:0b:cd:ad:75:bd:f1:
                    43:33:7b:3b:d4:be:4d:9c:74:99:33:e2:4e:ee:2b:
                    5b:c3:2f:44:55:95:e3:83:da:aa:4a:59:94:6b:4b:
                    8b:2d:6e:d7:1e:e8:9a:67:0c:6c:a3:00:2d:12:5d:
                    3b:1a:fc:bc:d1:31:0d:07:03:81:9b:f6:6b:53:c5:
                    5f:d3:af:59:2a:9a:63:8e:f4:fb:ff:49:b3:79:d0:
                    71:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:9E:15:14:EB:24:44:AD:DB:06:22:41:A4:78:93:FE:D0:33:03:90
            X509v3 Authority Key Identifier:
                keyid:91:60:33:DD:55:74:47:96:5B:DA:EF:8B:47:24:A5:E7:7D:3C:05:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kWAz3VV0R5Zb2u-LRySl5308Ba4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/bc51f4-61f2-4faa-a02a-602936539405/1/BJ4VFOskRK3bBiJBpHiT_tAzA5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/bc51f4-61f2-4faa-a02a-602936539405/1/kWAz3VV0R5Zb2u-LRySl5308Ba4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.146.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:67:70:d2:13:b9:ca:8d:53:35:ac:12:b0:b7:48:b1:7b:d6:
         74:9d:10:a9:51:91:04:de:ed:f5:43:cd:50:ea:d3:58:66:6d:
         88:b9:96:98:d6:5f:d2:be:3b:6c:4d:7c:64:8f:54:c2:ae:bd:
         b7:78:c0:ca:9a:76:2b:d0:3f:c7:16:f4:a9:26:e6:00:15:fb:
         29:50:4d:b9:2c:79:52:fa:41:d4:84:cb:67:b3:3e:68:4a:ca:
         54:66:bb:e9:51:1f:dd:c2:5e:6f:f9:02:31:df:fd:68:99:64:
         90:42:29:8f:05:5d:dc:5b:11:94:28:fd:a9:d1:9a:a8:37:e0:
         59:58:c4:7d:be:a7:00:08:e4:1c:de:cb:0b:b8:66:1f:19:f5:
         64:3b:2c:c8:f4:1c:ec:f2:09:47:e6:b4:2b:a8:0b:fc:98:fc:
         fe:2c:fa:5a:c3:cf:3f:9a:d7:bf:ec:7b:2d:56:b5:ae:0d:44:
         a1:b8:fb:44:91:25:1f:d1:ab:b1:5d:52:3e:8e:68:d2:99:bb:
         5d:0e:50:eb:57:40:41:4d:0e:68:5d:14:78:5f:fd:21:2e:cd:
         15:1a:ed:d6:9a:87:5d:06:a1:f5:c9:8f:80:8c:c2:58:05:59:
         88:a2:0e:ca:f5:98:46:c6:0f:14:6f:e1:4c:9d:f4:90:51:5b:
         92:fe:6d:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2YDD2Kk01ef2nhFEQWxBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNjAzM2RkNTU3NDQ3OTY1YmRhZWY4YjQ3MjRhNWU3N2Qz
YzA1YWUwHhcNMjUwMTAyMTE0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDllMTUxNGViMjQ0NGFkZGIwNjIyNDFhNDc4OTNmZWQwMzMwMzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlMdQFnu0t6UcJUXSu0Zj4ubGd3zg
vNUoDO0G6w1hPYUSLLg8ZiOKHuIXAyoNlByHW1XxuhSJi9m7VCjl5IAVR7WnvAkr
kl0R5UFaLNOzJ/BJH/rZYmoDhWoq745DjCVw7UB75+zGJRqocUIqErTqsYR8/Apf
Ahs4cuG3Sq+juDE7Hh9T2MQDBpGTo0/yEEb+V+OyOgf522z3huYMYbKagwihB2BV
kjYA5zTLPv8Lza11vfFDM3s71L5NnHSZM+JO7itbwy9EVZXjg9qqSlmUa0uLLW7X
HuiaZwxsowAtEl07Gvy80TENBwOBm/ZrU8Vf069ZKppjjvT7/0mzedBxWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASeFRTrJESt2wYiQaR4k/7QMwOQMB8GA1UdIwQY
MBaAFJFgM91VdEeWW9rvi0ckped9PAWuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1dBejNWVjBSNVpiMnUtTFJ5U2w1MzA4QmE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9iYzUxZjQtNjFmMi00ZmFhLWEwMmEt
NjAyOTM2NTM5NDA1LzEvQko0VkZPc2tSSzNiQmlKQnBIaVRfdEF6QTVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9iYzUxZjQtNjFmMi00ZmFhLWEwMmEtNjAyOTM2NTM5NDA1
LzEva1dBejNWVjBSNVpiMnUtTFJ5U2w1MzA4QmE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwpKMMA0G
CSqGSIb3DQEBCwUAA4IBAQBdZ3DSE7nKjVM1rBKwt0ixe9Z0nRCpUZEE3u31Q81Q
6tNYZm2IuZaY1l/SvjtsTXxkj1TCrr23eMDKmnYr0D/HFvSpJuYAFfspUE25LHlS
+kHUhMtnsz5oSspUZrvpUR/dwl5v+QIx3/1omWSQQimPBV3cWxGUKP2p0ZqoN+BZ
WMR9vqcACOQc3ssLuGYfGfVkOyzI9Bzs8glH5rQrqAv8mPz+LPpaw88/mte/7Hst
VrWuDUShuPtEkSUf0auxXVI+jmjSmbtdDlDrV0BBTQ5oXRR4X/0hLs0VGu3Wmodd
BqH1yY+AjMJYBVmIog7K9ZhGxg8Ub+FMnfSQUVuS/m0U
-----END CERTIFICATE-----