Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/6e1961-3da6-47c1-9b6d-dbb64a6835ad/1/BLv0MO2bhFqNNiooZw7IxddDp8s.roa
File:                     BLv0MO2bhFqNNiooZw7IxddDp8s.roa (raw, json)
Hash identifier:          q5p1I81STwTqhQhwzqvdFIrA1d1S040nS47//ImyZhY=
Subject key identifier:   04:BB:F4:30:ED:9B:84:5A:8D:36:2A:28:67:0E:C8:C5:D7:43:A7:CB
Certificate issuer:       /CN=18b889f0ddbb52801e2d2e7a2ebe1167cad34c06
Certificate serial:       019420D6462FF0CA4F52B56E90EA8BDD928D
Authority key identifier: 18:B8:89:F0:DD:BB:52:80:1E:2D:2E:7A:2E:BE:11:67:CA:D3:4C:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GLiJ8N27UoAeLS56Lr4RZ8rTTAY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/6e1961-3da6-47c1-9b6d-dbb64a6835ad/1/BLv0MO2bhFqNNiooZw7IxddDp8s.roa
Signing time:             Wed 01 Jan 2025 07:48:21 +0000
ROA not before:           Wed 01 Jan 2025 07:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        176.113.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/6e1961-3da6-47c1-9b6d-dbb64a6835ad/1/GLiJ8N27UoAeLS56Lr4RZ8rTTAY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/6e1961-3da6-47c1-9b6d-dbb64a6835ad/1/GLiJ8N27UoAeLS56Lr4RZ8rTTAY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GLiJ8N27UoAeLS56Lr4RZ8rTTAY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:46:2f:f0:ca:4f:52:b5:6e:90:ea:8b:dd:92:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18b889f0ddbb52801e2d2e7a2ebe1167cad34c06
        Validity
            Not Before: Jan  1 07:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=04bbf430ed9b845a8d362a28670ec8c5d743a7cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:24:5d:4e:73:75:df:cf:7e:ff:bc:d8:d9:91:
                    1b:4a:8c:4a:3b:e4:02:bb:11:18:10:dd:fc:88:78:
                    51:c4:f8:49:c0:62:b6:64:e5:b6:a0:2e:0c:fd:7a:
                    52:b0:74:f0:e8:53:bd:06:14:e4:1f:92:70:73:7a:
                    cc:07:1c:54:72:e3:bb:0b:2c:d1:6e:f6:1a:a9:76:
                    47:46:1a:cf:dc:fd:73:72:74:de:39:d7:bf:61:b0:
                    5a:f1:64:33:32:fa:11:bb:55:b7:20:3d:f9:af:55:
                    c2:0e:28:c1:d2:10:e8:a9:c0:a9:91:f3:d8:f5:03:
                    70:d7:7d:f0:7d:ce:fe:9f:b3:a1:7a:90:58:d3:b1:
                    f3:c3:8d:19:ef:17:dd:09:8e:29:55:67:e3:55:c2:
                    13:8b:6f:ee:2a:af:ed:91:3d:63:1a:1b:b5:cc:ab:
                    ff:0b:38:b7:75:a2:fe:a7:a6:20:56:0a:3d:6a:7c:
                    bf:a4:ab:69:23:73:2b:04:97:06:d2:3a:c2:ba:d5:
                    7a:af:e9:54:b0:d2:d2:c5:7f:8a:de:8e:96:9a:6d:
                    bf:b6:38:ea:08:71:6a:d5:24:14:ee:3b:ff:22:8e:
                    63:96:11:b0:de:18:9f:86:11:72:24:50:df:ee:d5:
                    e8:46:e8:f8:fd:1a:4e:62:45:65:95:90:3c:59:31:
                    79:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:BB:F4:30:ED:9B:84:5A:8D:36:2A:28:67:0E:C8:C5:D7:43:A7:CB
            X509v3 Authority Key Identifier:
                keyid:18:B8:89:F0:DD:BB:52:80:1E:2D:2E:7A:2E:BE:11:67:CA:D3:4C:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GLiJ8N27UoAeLS56Lr4RZ8rTTAY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/6e1961-3da6-47c1-9b6d-dbb64a6835ad/1/BLv0MO2bhFqNNiooZw7IxddDp8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/6e1961-3da6-47c1-9b6d-dbb64a6835ad/1/GLiJ8N27UoAeLS56Lr4RZ8rTTAY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.113.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:a0:d1:06:6b:dc:8d:2b:3b:31:0c:6b:b0:5d:f8:f6:74:4a:
         05:f4:53:d8:ab:71:54:fc:5f:72:9c:de:d1:17:6d:af:3f:45:
         bc:ba:9b:24:2b:a4:57:54:bb:4b:54:ab:e5:36:b1:65:3e:7b:
         54:e3:60:b9:65:91:98:e2:50:ee:80:68:19:1c:70:a7:22:88:
         7f:b8:c5:2b:93:eb:b2:81:bd:e9:34:f1:be:38:09:bf:c2:80:
         f3:13:75:df:7a:d6:b7:68:4b:04:e6:68:7c:0c:85:92:4b:f1:
         d0:06:36:e6:85:29:55:7e:02:e3:83:4a:54:d0:31:b0:d0:23:
         da:ce:55:c2:c1:59:31:45:41:75:f5:17:a4:6b:c2:72:4d:af:
         4a:37:ed:d3:8d:4f:95:3f:e8:20:92:ca:28:e7:a3:45:f3:c5:
         82:80:db:6d:6b:85:22:26:6b:ed:ba:dc:e3:49:f3:f1:f5:83:
         c1:58:3e:73:6d:48:3c:1a:4c:3f:4c:26:fe:db:ee:85:50:57:
         1a:03:8a:f1:11:6b:7a:0e:77:cf:a8:a4:16:7d:95:89:30:2c:
         9f:b5:6b:8c:bc:78:4c:e6:6a:71:6e:16:fc:29:b1:d7:a6:3b:
         27:aa:09:f3:f1:54:0e:a3:8a:df:cf:66:d4:bf:61:ed:3c:54:
         b0:8a:fb:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1kYv8MpPUrVukOqL3ZKNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4Yjg4OWYwZGRiYjUyODAxZTJkMmU3YTJlYmUxMTY3Y2Fk
MzRjMDYwHhcNMjUwMTAxMDc0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGJiZjQzMGVkOWI4NDVhOGQzNjJhMjg2NzBlYzhjNWQ3NDNhN2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCRdTnN1389+/7zY2ZEbSoxKO+QC
uxEYEN38iHhRxPhJwGK2ZOW2oC4M/XpSsHTw6FO9BhTkH5Jwc3rMBxxUcuO7CyzR
bvYaqXZHRhrP3P1zcnTeOde/YbBa8WQzMvoRu1W3ID35r1XCDijB0hDoqcCpkfPY
9QNw133wfc7+n7OhepBY07Hzw40Z7xfdCY4pVWfjVcITi2/uKq/tkT1jGhu1zKv/
Czi3daL+p6YgVgo9any/pKtpI3MrBJcG0jrCutV6r+lUsNLSxX+K3o6Wmm2/tjjq
CHFq1SQU7jv/Io5jlhGw3hifhhFyJFDf7tXoRuj4/RpOYkVllZA8WTF5uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAS79DDtm4RajTYqKGcOyMXXQ6fLMB8GA1UdIwQY
MBaAFBi4ifDdu1KAHi0uei6+EWfK00wGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0xpSjhOMjdVb0FlTFM1NkxyNFJaOHJUVEFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC82ZTE5NjEtM2RhNi00N2MxLTliNmQt
ZGJiNjRhNjgzNWFkLzEvQkx2ME1PMmJoRnFOTmlvb1p3N0l4ZGREcDhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC82ZTE5NjEtM2RhNi00N2MxLTliNmQtZGJiNjRhNjgzNWFk
LzEvR0xpSjhOMjdVb0FlTFM1NkxyNFJaOHJUVEFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHEvMA0G
CSqGSIb3DQEBCwUAA4IBAQBooNEGa9yNKzsxDGuwXfj2dEoF9FPYq3FU/F9ynN7R
F22vP0W8upskK6RXVLtLVKvlNrFlPntU42C5ZZGY4lDugGgZHHCnIoh/uMUrk+uy
gb3pNPG+OAm/woDzE3Xfeta3aEsE5mh8DIWSS/HQBjbmhSlVfgLjg0pU0DGw0CPa
zlXCwVkxRUF19Reka8JyTa9KN+3TjU+VP+ggksoo56NF88WCgNtta4UiJmvtutzj
SfPx9YPBWD5zbUg8Gkw/TCb+2+6FUFcaA4rxEWt6DnfPqKQWfZWJMCyftWuMvHhM
5mpxbhb8KbHXpjsnqgnz8VQOo4rfz2bUv2HtPFSwivsR
-----END CERTIFICATE-----