Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/BtfjnWHHn2kpIKp127v4jW3s_6I.roa
File:                     BtfjnWHHn2kpIKp127v4jW3s_6I.roa (raw, json)
Hash identifier:          Y91eNiEYb4PBH+aMadt3C7jzOiUEkbntMvMRFnX+RrU=
Subject key identifier:   06:D7:E3:9D:61:C7:9F:69:29:20:AA:75:DB:BB:F8:8D:6D:EC:FF:A2
Certificate issuer:       /CN=79d0d856764a3fee64be14f0a49f59a6865285d1
Certificate serial:       018CC5004B1885A6BBC72D646DC617CEE410
Authority key identifier: 79:D0:D8:56:76:4A:3F:EE:64:BE:14:F0:A4:9F:59:A6:86:52:85:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/edDYVnZKP-5kvhTwpJ9ZpoZShdE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/BtfjnWHHn2kpIKp127v4jW3s_6I.roa
Signing time:             Mon 01 Jan 2024 12:29:39 +0000
ROA not before:           Mon 01 Jan 2024 12:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        193.28.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/edDYVnZKP-5kvhTwpJ9ZpoZShdE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/edDYVnZKP-5kvhTwpJ9ZpoZShdE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/edDYVnZKP-5kvhTwpJ9ZpoZShdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:4b:18:85:a6:bb:c7:2d:64:6d:c6:17:ce:e4:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79d0d856764a3fee64be14f0a49f59a6865285d1
        Validity
            Not Before: Jan  1 12:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06d7e39d61c79f692920aa75dbbbf88d6decffa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:df:17:60:69:0d:86:64:23:43:42:cb:32:09:
                    99:d6:c5:ae:7e:f5:45:dc:40:53:3d:78:39:8b:1e:
                    d2:05:04:a6:c8:fc:43:1d:ad:12:ad:13:35:50:2a:
                    2f:ea:77:d0:d8:68:55:41:2d:a4:cc:10:f5:f3:aa:
                    29:58:e6:46:0a:dc:d6:e8:d3:0a:f5:78:61:03:45:
                    7f:f8:b4:ed:48:4a:a3:f5:2f:90:43:27:13:90:05:
                    a3:d9:5d:fe:63:da:ca:3f:a5:7d:53:a8:2a:de:ef:
                    b2:67:0b:66:53:1d:65:d7:da:88:42:40:c9:d6:c7:
                    1c:2f:23:7e:27:99:93:71:b3:09:9d:76:0a:ff:83:
                    b7:cf:d6:e9:bb:c3:d0:62:11:1c:b0:30:23:2f:bd:
                    46:00:e5:95:50:21:70:04:c0:fb:33:58:a3:fd:66:
                    c5:85:26:0c:55:0a:c6:75:9b:73:b5:dc:e6:ff:15:
                    bd:fc:33:7e:c7:ed:23:85:32:60:a1:70:3d:37:8d:
                    94:92:98:7e:2f:01:bc:f6:80:5b:31:ac:2a:f0:76:
                    2e:1b:c6:0a:2f:3b:ab:be:78:45:b1:be:45:37:da:
                    d0:91:d3:5c:5a:ae:b1:39:0a:20:38:93:46:56:0a:
                    62:3d:c7:76:da:66:16:d7:7d:e2:ad:c1:b1:ea:bc:
                    d0:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:D7:E3:9D:61:C7:9F:69:29:20:AA:75:DB:BB:F8:8D:6D:EC:FF:A2
            X509v3 Authority Key Identifier:
                keyid:79:D0:D8:56:76:4A:3F:EE:64:BE:14:F0:A4:9F:59:A6:86:52:85:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/edDYVnZKP-5kvhTwpJ9ZpoZShdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/BtfjnWHHn2kpIKp127v4jW3s_6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/edDYVnZKP-5kvhTwpJ9ZpoZShdE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:d2:cc:c4:95:72:88:ec:00:73:93:60:85:e0:1a:06:64:29:
         26:92:d7:3d:dd:32:2a:c5:66:1f:8b:fe:7b:63:63:20:06:9c:
         8d:3d:fc:0d:96:6e:71:ee:e5:99:14:0c:64:9d:62:b9:e2:c4:
         41:c9:c6:c4:ab:62:e7:f5:91:3a:75:4b:93:cc:04:97:0e:09:
         18:a0:21:b8:6b:9f:d9:75:4c:8d:93:b0:1a:45:a1:55:c7:a5:
         25:d3:72:9c:b1:51:00:5c:06:28:c7:9d:10:e6:c8:46:b6:f3:
         26:ca:64:ed:b5:fe:42:96:f2:0d:c5:df:7a:d1:e4:b0:97:d3:
         da:b8:9d:56:8c:6f:e2:27:1d:29:7f:5d:95:49:19:86:46:d8:
         77:04:43:b6:3f:72:88:05:48:e9:51:84:db:86:cf:f7:d0:08:
         a5:a6:ac:13:aa:b2:a4:6f:92:c5:ad:c4:1b:a3:24:98:9c:c3:
         d2:9d:9d:39:7a:89:79:50:c8:e9:c3:92:80:d8:9a:e0:a1:24:
         4a:ee:bb:c1:69:78:4a:2a:b5:f4:d8:c3:2d:9a:30:84:7e:ba:
         d7:f4:29:88:08:42:56:7f:dd:06:5c:0c:fb:af:b9:9f:4d:35:
         70:f5:20:cb:cd:7a:62:39:fe:69:eb:c5:50:b2:ab:17:04:24:
         ae:4f:ae:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAEsYhaa7xy1kbcYXzuQQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5ZDBkODU2NzY0YTNmZWU2NGJlMTRmMGE0OWY1OWE2ODY1
Mjg1ZDEwHhcNMjQwMTAxMTIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmQ3ZTM5ZDYxYzc5ZjY5MjkyMGFhNzVkYmJiZjg4ZDZkZWNmZmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqN8XYGkNhmQjQ0LLMgmZ1sWufvVF
3EBTPXg5ix7SBQSmyPxDHa0SrRM1UCov6nfQ2GhVQS2kzBD186opWOZGCtzW6NMK
9XhhA0V/+LTtSEqj9S+QQycTkAWj2V3+Y9rKP6V9U6gq3u+yZwtmUx1l19qIQkDJ
1sccLyN+J5mTcbMJnXYK/4O3z9bpu8PQYhEcsDAjL71GAOWVUCFwBMD7M1ij/WbF
hSYMVQrGdZtztdzm/xW9/DN+x+0jhTJgoXA9N42Ukph+LwG89oBbMawq8HYuG8YK
LzurvnhFsb5FN9rQkdNcWq6xOQogOJNGVgpiPcd22mYW133ircGx6rzQiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAbX451hx59pKSCqddu7+I1t7P+iMB8GA1UdIwQY
MBaAFHnQ2FZ2Sj/uZL4U8KSfWaaGUoXRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWREWVZuWktQLTVrdmhUd3BKOVpwb1pTaGRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS80M2UzMDktNzVjNS00ZjQwLTlkYjMt
ZjJiYjY5ZTc1ZTc0LzEvQnRmam5XSEhuMmtwSUtwMTI3djRqVzNzXzZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS80M2UzMDktNzVjNS00ZjQwLTlkYjMtZjJiYjY5ZTc1ZTc0
LzEvZWREWVZuWktQLTVrdmhUd3BKOVpwb1pTaGRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRz5MA0G
CSqGSIb3DQEBCwUAA4IBAQAf0szElXKI7ABzk2CF4BoGZCkmktc93TIqxWYfi/57
Y2MgBpyNPfwNlm5x7uWZFAxknWK54sRBycbEq2Ln9ZE6dUuTzASXDgkYoCG4a5/Z
dUyNk7AaRaFVx6Ul03KcsVEAXAYox50Q5shGtvMmymTttf5ClvINxd960eSwl9Pa
uJ1WjG/iJx0pf12VSRmGRth3BEO2P3KIBUjpUYTbhs/30AilpqwTqrKkb5LFrcQb
oySYnMPSnZ05eol5UMjpw5KA2JrgoSRK7rvBaXhKKrX02MMtmjCEfrrX9CmICEJW
f90GXAz7r7mfTTVw9SDLzXpiOf5p68VQsqsXBCSuT644
-----END CERTIFICATE-----