Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/BvxwicsH1ZVfBk6Q4DoBq1qq_Cg.roa
File:                     BvxwicsH1ZVfBk6Q4DoBq1qq_Cg.roa (raw, json)
Hash identifier:          4jEtLdDvLytqaDFqVfLMjurgO3/mhXlRnfALOClKcPM=
Subject key identifier:   06:FC:70:89:CB:07:D5:95:5F:06:4E:90:E0:3A:01:AB:5A:AA:FC:28
Certificate issuer:       /CN=cecd391c660c3e57c53b87c0b52ec0d2f2f42775
Certificate serial:       01942669E05A9A554B7623215371E82CE2AD
Authority key identifier: CE:CD:39:1C:66:0C:3E:57:C5:3B:87:C0:B5:2E:C0:D2:F2:F4:27:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zs05HGYMPlfFO4fAtS7A0vL0J3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/BvxwicsH1ZVfBk6Q4DoBq1qq_Cg.roa
Signing time:             Thu 02 Jan 2025 09:47:40 +0000
ROA not before:           Thu 02 Jan 2025 09:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44066
IP address blocks:        193.107.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/zs05HGYMPlfFO4fAtS7A0vL0J3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/zs05HGYMPlfFO4fAtS7A0vL0J3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zs05HGYMPlfFO4fAtS7A0vL0J3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 06:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:69:e0:5a:9a:55:4b:76:23:21:53:71:e8:2c:e2:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cecd391c660c3e57c53b87c0b52ec0d2f2f42775
        Validity
            Not Before: Jan  2 09:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06fc7089cb07d5955f064e90e03a01ab5aaafc28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:4b:14:9a:af:de:1d:c0:e7:63:7e:36:1d:26:
                    49:85:a0:eb:b6:42:5a:1d:42:72:6d:42:d5:d4:fb:
                    76:dd:dd:05:63:b2:0c:d4:92:66:17:27:eb:63:9c:
                    79:d7:36:de:d9:e9:e3:1f:a5:9c:66:5c:38:f8:be:
                    d7:ce:f2:82:09:d1:ae:a8:4c:25:b8:5f:c9:a1:bf:
                    0e:57:6f:d8:f1:46:7f:7b:09:c0:98:f3:4e:39:81:
                    4c:f5:76:dd:73:bb:41:d9:86:f5:9c:ae:15:54:04:
                    ac:df:11:36:2f:f3:da:bc:91:cb:23:8f:64:fa:b1:
                    a9:86:dc:d7:35:1c:e8:ba:7b:ca:5e:ea:5d:97:99:
                    59:66:74:8d:33:23:cc:30:6a:df:6e:d7:d9:0c:45:
                    12:ef:67:40:00:a4:9e:af:d1:53:69:9c:cc:ee:3c:
                    91:4f:fc:2e:cb:29:c8:e1:c2:49:cf:36:2b:a7:47:
                    8b:ad:9b:3b:45:a3:b2:22:00:a9:2e:96:98:2f:8b:
                    c6:5b:46:1b:f1:1e:81:08:17:ab:f9:89:63:a0:52:
                    92:37:dd:30:0f:8f:ef:4b:79:a9:f4:1a:fb:c2:d8:
                    7c:5a:50:92:c5:1a:2d:53:86:d2:bc:a5:ca:05:c8:
                    59:15:e7:02:14:1b:75:99:c2:59:53:76:fd:09:2e:
                    35:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:FC:70:89:CB:07:D5:95:5F:06:4E:90:E0:3A:01:AB:5A:AA:FC:28
            X509v3 Authority Key Identifier:
                keyid:CE:CD:39:1C:66:0C:3E:57:C5:3B:87:C0:B5:2E:C0:D2:F2:F4:27:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zs05HGYMPlfFO4fAtS7A0vL0J3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/BvxwicsH1ZVfBk6Q4DoBq1qq_Cg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/0a2e01-9aa6-48c9-b79a-a4d359d91251/1/zs05HGYMPlfFO4fAtS7A0vL0J3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9a:99:4e:cc:06:4f:d4:93:26:1d:cc:92:cc:ab:16:6c:8c:e8:
         98:36:c1:55:6e:58:6f:95:42:5d:d0:81:1e:ff:d3:65:bb:71:
         34:9c:a2:f3:8d:74:2b:03:ee:fa:66:99:38:4c:54:f2:30:c2:
         a8:3e:4f:5e:b1:a8:8e:53:40:a0:79:7e:00:24:12:c9:c4:88:
         2a:c2:3c:67:fc:da:3a:76:8e:3e:42:21:26:42:15:a7:07:6b:
         46:fd:7b:65:e5:8f:b6:85:51:fd:7b:b6:d3:46:82:36:d4:bc:
         8a:f6:42:e7:eb:cd:1e:70:1d:b8:a8:0d:89:57:ff:32:98:09:
         90:0d:73:f5:50:40:39:ec:43:da:ee:a6:81:b2:b8:82:e5:c1:
         47:1c:6a:e4:65:11:0c:a9:eb:b9:ea:c2:f5:98:5d:a6:50:be:
         37:ea:3f:7a:11:76:7a:ca:dc:62:bc:de:03:a2:0f:52:65:df:
         46:5c:31:6f:bf:43:d4:8d:c5:46:c5:57:ee:80:a8:df:e2:67:
         36:15:ec:54:f6:23:45:59:68:ef:bd:e1:77:88:57:03:97:1b:
         ae:dc:66:3e:8d:88:a1:47:80:bb:d1:3f:7d:45:e3:4d:a8:7e:
         57:e8:63:aa:3e:81:6c:ae:e2:fc:08:57:38:84:39:49:89:e1:
         92:59:91:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmaeBamlVLdiMhU3HoLOKtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlY2QzOTFjNjYwYzNlNTdjNTNiODdjMGI1MmVjMGQyZjJm
NDI3NzUwHhcNMjUwMTAyMDk0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmZjNzA4OWNiMDdkNTk1NWYwNjRlOTBlMDNhMDFhYjVhYWFmYzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEsUmq/eHcDnY342HSZJhaDrtkJa
HUJybULV1Pt23d0FY7IM1JJmFyfrY5x51zbe2enjH6WcZlw4+L7XzvKCCdGuqEwl
uF/Job8OV2/Y8UZ/ewnAmPNOOYFM9Xbdc7tB2Yb1nK4VVASs3xE2L/PavJHLI49k
+rGphtzXNRzounvKXupdl5lZZnSNMyPMMGrfbtfZDEUS72dAAKSer9FTaZzM7jyR
T/wuyynI4cJJzzYrp0eLrZs7RaOyIgCpLpaYL4vGW0Yb8R6BCBer+YljoFKSN90w
D4/vS3mp9Br7wth8WlCSxRotU4bSvKXKBchZFecCFBt1mcJZU3b9CS412wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAb8cInLB9WVXwZOkOA6AataqvwoMB8GA1UdIwQY
MBaAFM7NORxmDD5XxTuHwLUuwNLy9Cd1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenMwNUhHWU1QbGZGTzRmQXRTN0EwdkwwSjNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8wYTJlMDEtOWFhNi00OGM5LWI3OWEt
YTRkMzU5ZDkxMjUxLzEvQnZ4d2ljc0gxWlZmQms2UTREb0JxMXFxX0NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8wYTJlMDEtOWFhNi00OGM5LWI3OWEtYTRkMzU5ZDkxMjUx
LzEvenMwNUhHWU1QbGZGTzRmQXRTN0EwdkwwSjNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwWt4MA0G
CSqGSIb3DQEBCwUAA4IBAQCamU7MBk/UkyYdzJLMqxZsjOiYNsFVblhvlUJd0IEe
/9Nlu3E0nKLzjXQrA+76Zpk4TFTyMMKoPk9esaiOU0CgeX4AJBLJxIgqwjxn/No6
do4+QiEmQhWnB2tG/Xtl5Y+2hVH9e7bTRoI21LyK9kLn680ecB24qA2JV/8ymAmQ
DXP1UEA57EPa7qaBsriC5cFHHGrkZREMqeu56sL1mF2mUL436j96EXZ6ytxivN4D
og9SZd9GXDFvv0PUjcVGxVfugKjf4mc2FexU9iNFWWjvveF3iFcDlxuu3GY+jYih
R4C70T99ReNNqH5X6GOqPoFsruL8CFc4hDlJieGSWZGY
-----END CERTIFICATE-----