Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/BiMv8HqHvhESPjdfNiZspDWMcck.roa
File:                     BiMv8HqHvhESPjdfNiZspDWMcck.roa (raw, json)
Hash identifier:          VDtYCMJvov6A+4AQvfrZcV5PKPedCXfg7qI6T/gVIIY=
Subject key identifier:   06:23:2F:F0:7A:87:BE:11:12:3E:37:5F:36:26:6C:A4:35:8C:71:C9
Certificate issuer:       /CN=f651dc9875e35ec580c571fd0416f4d5f5d4158a
Certificate serial:       01942369D3CCF19A9EB389EF040E30B8FAD5
Authority key identifier: F6:51:DC:98:75:E3:5E:C5:80:C5:71:FD:04:16:F4:D5:F5:D4:15:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9lHcmHXjXsWAxXH9BBb01fXUFYo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/BiMv8HqHvhESPjdfNiZspDWMcck.roa
Signing time:             Wed 01 Jan 2025 19:48:45 +0000
ROA not before:           Wed 01 Jan 2025 19:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39020
IP address blocks:        193.30.100.0/24 maxlen: 24
                          2a07:f7c7:ffff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/9lHcmHXjXsWAxXH9BBb01fXUFYo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/9lHcmHXjXsWAxXH9BBb01fXUFYo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9lHcmHXjXsWAxXH9BBb01fXUFYo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 22:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:d3:cc:f1:9a:9e:b3:89:ef:04:0e:30:b8:fa:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f651dc9875e35ec580c571fd0416f4d5f5d4158a
        Validity
            Not Before: Jan  1 19:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06232ff07a87be11123e375f36266ca4358c71c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:05:35:93:6d:3f:58:3b:67:e1:ba:d0:4d:33:
                    74:20:5b:fd:c1:62:89:02:f2:33:f2:8d:80:7d:58:
                    25:5f:fd:fa:de:e8:e6:3c:83:0d:c1:81:57:65:4e:
                    24:61:d3:b1:88:51:bf:9c:2b:73:1c:74:26:81:49:
                    f5:d6:f7:1f:a0:d4:8e:24:f2:5b:6b:f2:11:50:d5:
                    95:08:26:de:0b:62:31:0d:9a:75:fb:7e:5c:9c:f9:
                    73:5e:65:87:80:c8:07:35:df:8d:26:14:a7:0a:ed:
                    df:a7:61:4e:cd:37:ca:67:a2:1e:22:a4:08:a3:a4:
                    c3:d5:ba:16:7e:f8:63:1d:17:2f:d0:2a:68:60:91:
                    1a:3d:b4:99:a9:97:14:1b:55:fe:c6:9f:9d:0b:cb:
                    c2:37:ce:e4:88:59:f8:60:08:af:e8:67:70:cb:e9:
                    35:4f:45:ea:96:11:08:6b:d8:b9:95:f9:f0:41:2c:
                    73:a9:f9:2b:10:13:6b:7e:1d:0b:5b:ef:b7:4f:6e:
                    77:03:fd:c0:35:76:01:be:81:72:28:16:99:2a:db:
                    a2:7f:56:62:d0:b1:02:bb:16:48:67:28:4a:ec:2c:
                    b4:9d:37:9c:e7:dd:3a:b5:0b:73:f4:ae:f3:a6:ee:
                    ad:6d:a4:7b:64:74:96:86:9a:14:49:bf:ef:75:13:
                    35:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:23:2F:F0:7A:87:BE:11:12:3E:37:5F:36:26:6C:A4:35:8C:71:C9
            X509v3 Authority Key Identifier:
                keyid:F6:51:DC:98:75:E3:5E:C5:80:C5:71:FD:04:16:F4:D5:F5:D4:15:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9lHcmHXjXsWAxXH9BBb01fXUFYo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/BiMv8HqHvhESPjdfNiZspDWMcck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/9lHcmHXjXsWAxXH9BBb01fXUFYo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.100.0/24
                IPv6:
                  2a07:f7c7:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:86:68:40:5e:85:22:fa:f3:87:0f:13:97:21:c8:34:7a:f2:
         6a:a0:ea:02:e4:ff:53:ff:46:32:0a:6a:0f:75:72:69:de:a4:
         4f:15:66:19:88:b0:d4:70:0b:59:46:63:d1:ad:86:8d:2f:a4:
         10:16:68:e5:5d:84:38:63:7f:50:4a:b6:b5:0f:ec:bc:60:9d:
         3f:da:98:76:a5:fc:98:db:97:a2:ef:3d:52:6f:0f:40:27:fe:
         4b:ba:91:d5:af:dc:7e:3e:5a:0e:8f:01:f9:30:a9:d5:19:eb:
         49:8a:0f:45:f5:be:aa:15:01:ba:49:ee:fc:86:3a:ae:85:14:
         98:8a:0d:e2:eb:1d:2a:eb:c8:0f:67:43:0a:b9:57:08:a4:b6:
         f8:1f:74:c5:16:26:a0:22:d5:de:23:49:13:30:d1:30:b8:2a:
         85:98:bd:f9:60:a1:59:66:f7:d7:02:26:c9:08:58:bf:87:65:
         07:5a:e5:49:e1:6b:fa:2c:2d:19:ce:bb:58:e0:03:28:35:96:
         ad:5a:b2:c4:2b:dd:43:fd:ef:b5:63:d2:17:5f:20:44:e7:67:
         23:a7:80:1e:b9:af:ef:78:68:40:15:1a:7b:2c:50:de:1d:b0:
         ad:1f:4f:f9:06:5b:5b:46:8d:85:94:39:bb:4d:af:8c:87:86:
         72:0d:17:7c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQjadPM8Zqes4nvBA4wuPrVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2NTFkYzk4NzVlMzVlYzU4MGM1NzFmZDA0MTZmNGQ1ZjVk
NDE1OGEwHhcNMjUwMTAxMTk0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjIzMmZmMDdhODdiZTExMTIzZTM3NWYzNjI2NmNhNDM1OGM3MWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6QU1k20/WDtn4brQTTN0IFv9wWKJ
AvIz8o2AfVglX/363ujmPIMNwYFXZU4kYdOxiFG/nCtzHHQmgUn11vcfoNSOJPJb
a/IRUNWVCCbeC2IxDZp1+35cnPlzXmWHgMgHNd+NJhSnCu3fp2FOzTfKZ6IeIqQI
o6TD1boWfvhjHRcv0CpoYJEaPbSZqZcUG1X+xp+dC8vCN87kiFn4YAiv6Gdwy+k1
T0XqlhEIa9i5lfnwQSxzqfkrEBNrfh0LW++3T253A/3ANXYBvoFyKBaZKtuif1Zi
0LECuxZIZyhK7Cy0nTec5906tQtz9K7zpu6tbaR7ZHSWhpoUSb/vdRM1SwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAYjL/B6h74REj43XzYmbKQ1jHHJMB8GA1UdIwQY
MBaAFPZR3Jh1417FgMVx/QQW9NX11BWKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWxIY21IWGpYc1dBeFhIOUJCYjAxZlhVRllvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iNGQ5ZDctNjcwMy00YjA2LWIzZWUt
MDc1MTAzODE0MjBhLzEvQmlNdjhIcUh2aEVTUGpkZk5pWnNwRFdNY2NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iNGQ5ZDctNjcwMy00YjA2LWIzZWUtMDc1MTAzODE0MjBh
LzEvOWxIY21IWGpYc1dBeFhIOUJCYjAxZlhVRllvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwR5kMA8E
AgACMAkDBwAqB/fH//8wDQYJKoZIhvcNAQELBQADggEBAD6GaEBehSL684cPE5ch
yDR68mqg6gLk/1P/RjIKag91cmnepE8VZhmIsNRwC1lGY9Gtho0vpBAWaOVdhDhj
f1BKtrUP7LxgnT/amHal/Jjbl6LvPVJvD0An/ku6kdWv3H4+Wg6PAfkwqdUZ60mK
D0X1vqoVAbpJ7vyGOq6FFJiKDeLrHSrryA9nQwq5VwiktvgfdMUWJqAi1d4jSRMw
0TC4KoWYvflgoVlm99cCJskIWL+HZQda5Unha/osLRnOu1jgAyg1lq1assQr3UP9
77Vj0hdfIETnZyOngB65r+94aEAVGnssUN4dsK0fT/kGW1tGjYWUObtNr4yHhnIN
F3w=
-----END CERTIFICATE-----