Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/e32df8-3a1e-42fc-b351-0ed24ebc4ed8/1/BXFA4sZBFLhiXLcYSMHJm_z2lVw.roa
File:                     BXFA4sZBFLhiXLcYSMHJm_z2lVw.roa (raw, json)
Hash identifier:          8fW3jpZ/VNXQyS+7I2HQGo9HvTv5vZBmzc4YCF9XT3A=
Subject key identifier:   05:71:40:E2:C6:41:14:B8:62:5C:B7:18:48:C1:C9:9B:FC:F6:95:5C
Certificate issuer:       /CN=c77fe005d7e58ec033ca9aba87e0606021533617
Certificate serial:       018CC493276074DEBE9251FDBBDA866728C8
Authority key identifier: C7:7F:E0:05:D7:E5:8E:C0:33:CA:9A:BA:87:E0:60:60:21:53:36:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3_gBdfljsAzypq6h-BgYCFTNhc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/e32df8-3a1e-42fc-b351-0ed24ebc4ed8/1/BXFA4sZBFLhiXLcYSMHJm_z2lVw.roa
Signing time:             Mon 01 Jan 2024 10:30:27 +0000
ROA not before:           Mon 01 Jan 2024 10:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202124
IP address blocks:        185.235.46.0/24 maxlen: 24
                          185.235.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/e32df8-3a1e-42fc-b351-0ed24ebc4ed8/1/x3_gBdfljsAzypq6h-BgYCFTNhc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/e32df8-3a1e-42fc-b351-0ed24ebc4ed8/1/x3_gBdfljsAzypq6h-BgYCFTNhc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3_gBdfljsAzypq6h-BgYCFTNhc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:27:60:74:de:be:92:51:fd:bb:da:86:67:28:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c77fe005d7e58ec033ca9aba87e0606021533617
        Validity
            Not Before: Jan  1 10:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=057140e2c64114b8625cb71848c1c99bfcf6955c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:94:30:63:74:d5:dc:ff:3f:53:04:c1:70:45:
                    f0:05:e9:2a:92:8e:5f:79:24:22:6c:f5:f9:1a:40:
                    61:0c:d5:30:71:49:6c:a7:d2:6d:b4:ef:92:d9:fa:
                    c8:21:95:e4:6a:12:a5:e2:db:de:86:1e:90:1f:85:
                    e0:04:f2:0b:18:a8:73:15:fd:93:74:a6:d3:b8:57:
                    e7:d7:43:30:77:df:88:75:4b:82:a6:6c:c4:5e:3f:
                    e4:91:62:4b:e9:b7:aa:43:56:fc:43:5f:da:c9:b9:
                    61:be:5a:55:25:3e:cb:8e:a9:86:06:6a:13:36:73:
                    25:bf:8b:be:39:e8:1d:e1:4c:fd:ee:4b:4c:df:28:
                    df:cd:be:07:2f:96:27:20:51:6b:0e:67:11:76:bd:
                    eb:3e:57:da:3d:73:53:d3:2a:08:46:91:de:8d:23:
                    7b:dc:e4:e6:13:89:6f:d5:f4:76:d4:2f:16:05:a4:
                    9e:69:69:15:6c:81:d1:c1:8c:19:ba:89:78:51:f3:
                    53:5e:6a:05:6d:79:ec:cc:5b:1f:cc:8f:db:7c:b7:
                    61:55:cf:95:f6:08:f4:bc:17:c8:e7:5e:38:84:f4:
                    89:28:94:79:2d:d4:83:e8:8a:ca:7c:08:f0:e1:c2:
                    d5:40:34:bf:38:98:1e:6e:77:39:3a:82:76:41:23:
                    75:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:71:40:E2:C6:41:14:B8:62:5C:B7:18:48:C1:C9:9B:FC:F6:95:5C
            X509v3 Authority Key Identifier:
                keyid:C7:7F:E0:05:D7:E5:8E:C0:33:CA:9A:BA:87:E0:60:60:21:53:36:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3_gBdfljsAzypq6h-BgYCFTNhc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/e32df8-3a1e-42fc-b351-0ed24ebc4ed8/1/BXFA4sZBFLhiXLcYSMHJm_z2lVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/e32df8-3a1e-42fc-b351-0ed24ebc4ed8/1/x3_gBdfljsAzypq6h-BgYCFTNhc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a1:fa:6d:20:9e:b7:4b:b1:b5:2e:0c:63:93:42:65:a4:51:e6:
         2c:b3:03:38:7e:84:d4:5a:75:9d:3b:18:67:6d:4d:4a:10:64:
         ab:15:bc:70:b2:9a:62:5d:ab:aa:b7:c8:b8:2f:19:82:c6:7e:
         11:63:8a:91:2c:00:db:1c:54:9a:9d:4a:b9:29:ad:dd:ec:34:
         bb:c9:36:b8:c9:54:84:3e:9f:58:78:51:0a:f5:41:fe:ae:b9:
         ee:09:f8:b9:0c:ad:53:32:cd:1c:36:b1:9e:38:96:61:d8:17:
         c0:86:fd:d4:16:ec:7f:3c:ec:c0:73:bf:a9:31:6a:80:0f:bd:
         84:9e:82:81:36:eb:83:55:db:b5:7b:18:c8:f7:58:d1:e8:69:
         86:f3:0b:bf:67:81:41:a1:4e:8a:d5:e9:b3:51:f3:0c:22:36:
         81:ec:ec:0f:b4:68:ba:ba:06:db:bf:44:bc:85:2c:58:0f:cc:
         f8:92:03:20:a6:54:75:90:3a:ab:c8:76:54:56:07:f1:15:c3:
         39:84:9b:87:21:1d:70:f6:c2:4b:fd:9e:76:20:a7:50:c5:8d:
         5e:e3:02:3b:b0:b3:17:f5:5b:1c:c4:91:2b:83:24:18:54:bb:
         38:4c:98:2d:73:0d:90:a7:1f:f7:c2:65:68:3c:dd:b5:b2:91:
         32:6f:9f:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkydgdN6+klH9u9qGZyjIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3N2ZlMDA1ZDdlNThlYzAzM2NhOWFiYTg3ZTA2MDYwMjE1
MzM2MTcwHhcNMjQwMTAxMTAzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTcxNDBlMmM2NDExNGI4NjI1Y2I3MTg0OGMxYzk5YmZjZjY5NTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZQwY3TV3P8/UwTBcEXwBekqko5f
eSQibPX5GkBhDNUwcUlsp9JttO+S2frIIZXkahKl4tvehh6QH4XgBPILGKhzFf2T
dKbTuFfn10Mwd9+IdUuCpmzEXj/kkWJL6beqQ1b8Q1/ayblhvlpVJT7LjqmGBmoT
NnMlv4u+Oegd4Uz97ktM3yjfzb4HL5YnIFFrDmcRdr3rPlfaPXNT0yoIRpHejSN7
3OTmE4lv1fR21C8WBaSeaWkVbIHRwYwZuol4UfNTXmoFbXnszFsfzI/bfLdhVc+V
9gj0vBfI5144hPSJKJR5LdSD6IrKfAjw4cLVQDS/OJgebnc5OoJ2QSN1MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAVxQOLGQRS4Yly3GEjByZv89pVcMB8GA1UdIwQY
MBaAFMd/4AXX5Y7AM8qauofgYGAhUzYXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDNfZ0JkZmxqc0F6eXBxNmgtQmdZQ0ZUTmhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9lMzJkZjgtM2ExZS00MmZjLWIzNTEt
MGVkMjRlYmM0ZWQ4LzEvQlhGQTRzWkJGTGhpWExjWVNNSEptX3oybFZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9lMzJkZjgtM2ExZS00MmZjLWIzNTEtMGVkMjRlYmM0ZWQ4
LzEveDNfZ0JkZmxqc0F6eXBxNmgtQmdZQ0ZUTmhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuesuMA0G
CSqGSIb3DQEBCwUAA4IBAQCh+m0gnrdLsbUuDGOTQmWkUeYsswM4foTUWnWdOxhn
bU1KEGSrFbxwsppiXauqt8i4LxmCxn4RY4qRLADbHFSanUq5Ka3d7DS7yTa4yVSE
Pp9YeFEK9UH+rrnuCfi5DK1TMs0cNrGeOJZh2BfAhv3UFux/POzAc7+pMWqAD72E
noKBNuuDVdu1exjI91jR6GmG8wu/Z4FBoU6K1emzUfMMIjaB7OwPtGi6ugbbv0S8
hSxYD8z4kgMgplR1kDqryHZUVgfxFcM5hJuHIR1w9sJL/Z52IKdQxY1e4wI7sLMX
9VscxJErgyQYVLs4TJgtcw2Qpx/3wmVoPN21spEyb58u
-----END CERTIFICATE-----