Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/BgbIZI5e5Gw1j3B8O4gauhej0m0.roa
File:                     BgbIZI5e5Gw1j3B8O4gauhej0m0.roa (raw, json)
Hash identifier:          e4HJDhzejcXCWnPGU88e3WKrgNMSVnRdFHj9Tqc8sug=
Subject key identifier:   06:06:C8:64:8E:5E:E4:6C:35:8F:70:7C:3B:88:1A:BA:17:A3:D2:6D
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018E4320ACC6A824251D7E274CD041D0F273
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/BgbIZI5e5Gw1j3B8O4gauhej0m0.roa
Signing time:             Fri 15 Mar 2024 17:19:58 +0000
ROA not before:           Fri 15 Mar 2024 17:19:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212150
IP address blocks:        80.244.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:43:20:ac:c6:a8:24:25:1d:7e:27:4c:d0:41:d0:f2:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Mar 15 17:19:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0606c8648e5ee46c358f707c3b881aba17a3d26d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:59:ca:b6:98:48:fc:c9:b7:af:99:0b:55:e5:
                    6e:9a:82:47:92:e3:4b:c2:a6:02:f1:a7:95:b2:9d:
                    0f:a1:0b:1b:54:5d:3f:c1:89:19:22:6c:41:9b:73:
                    13:13:85:79:d2:e9:a2:e2:b6:68:3d:b5:1f:27:59:
                    4d:5b:dc:63:0f:75:79:83:41:a9:cf:c2:e7:8e:5f:
                    b4:89:69:74:fd:69:02:ba:aa:67:82:ea:bb:a6:8a:
                    96:df:8d:15:b2:2a:0b:55:6a:be:f3:87:81:94:bd:
                    98:40:b0:f5:37:29:91:57:7d:90:5d:76:5c:7a:99:
                    3d:1b:ad:38:7a:4e:f0:95:bd:e1:9a:f5:30:5c:1a:
                    29:21:a9:e1:cc:f7:70:84:5f:9a:7b:8a:12:4d:04:
                    f2:d6:2a:62:f0:a6:64:e1:c2:08:d0:9b:af:da:dc:
                    42:19:48:08:c4:65:44:f4:e0:3f:60:af:c6:08:09:
                    df:29:0a:11:3b:47:08:67:ac:ae:f5:de:e7:1e:10:
                    b5:c0:f1:65:33:cc:43:77:74:13:48:92:8e:41:61:
                    fb:75:5d:1f:a4:6f:b2:d4:6f:c9:47:38:19:34:3c:
                    7d:2b:dc:4c:ce:b0:39:dc:22:88:bd:cc:a5:f9:bb:
                    ad:29:7d:3d:97:63:d6:3c:95:09:32:55:e8:0b:cf:
                    40:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:06:C8:64:8E:5E:E4:6C:35:8F:70:7C:3B:88:1A:BA:17:A3:D2:6D
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/BgbIZI5e5Gw1j3B8O4gauhej0m0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.244.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         dc:b1:35:81:77:ca:0e:5b:33:88:6b:80:ad:a3:6e:b0:87:e3:
         23:a7:a9:8a:1e:f8:d9:57:e3:0a:4e:ca:87:45:4c:9b:e2:ff:
         ae:45:2f:19:9f:2c:5f:7d:c9:8b:dd:60:43:91:2d:9d:fe:04:
         76:29:70:b3:20:e7:92:15:d4:09:6e:25:58:f2:18:80:75:4b:
         85:7a:9d:7b:83:e8:e7:43:63:e3:14:84:79:b3:46:40:2e:b2:
         e3:8f:d0:72:4a:54:b0:b8:c7:90:87:c8:da:15:c6:0d:97:71:
         f4:56:8f:c5:ae:28:0c:cc:f7:de:c5:64:cf:36:72:4c:56:e6:
         d6:91:0d:f5:7b:c7:e1:b6:13:55:8f:90:53:c4:a6:d8:7e:21:
         2d:17:4c:04:42:ab:89:3f:52:f2:fd:50:a5:44:dc:8e:63:02:
         d4:8a:e2:90:70:47:80:52:7a:3d:96:df:89:0f:72:c0:c2:ff:
         c8:fb:bd:9a:db:15:86:31:85:1c:84:b8:6d:a2:97:b6:b8:ae:
         de:b7:64:d9:f5:30:64:41:d5:8a:79:f8:fe:c5:63:c6:e8:20:
         45:2f:3f:4a:c0:2f:8a:97:8b:aa:33:51:fe:ad:4d:25:a3:0b:
         08:c1:28:45:ea:be:e7:88:df:37:f0:95:16:17:e9:22:f6:c3:
         c2:f6:00:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5DIKzGqCQlHX4nTNBB0PJzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwMzE1MTcxOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjA2Yzg2NDhlNWVlNDZjMzU4ZjcwN2MzYjg4MWFiYTE3YTNkMjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFnKtphI/Mm3r5kLVeVumoJHkuNL
wqYC8aeVsp0PoQsbVF0/wYkZImxBm3MTE4V50umi4rZoPbUfJ1lNW9xjD3V5g0Gp
z8Lnjl+0iWl0/WkCuqpnguq7poqW340VsioLVWq+84eBlL2YQLD1NymRV32QXXZc
epk9G604ek7wlb3hmvUwXBopIanhzPdwhF+ae4oSTQTy1ipi8KZk4cII0Juv2txC
GUgIxGVE9OA/YK/GCAnfKQoRO0cIZ6yu9d7nHhC1wPFlM8xDd3QTSJKOQWH7dV0f
pG+y1G/JRzgZNDx9K9xMzrA53CKIvcyl+butKX09l2PWPJUJMlXoC89A0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYGyGSOXuRsNY9wfDuIGroXo9JtMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvQmdiSVpJNWU1R3cxajNCOE80Z2F1aGVqMG0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPQPMA0G
CSqGSIb3DQEBCwUAA4IBAQDcsTWBd8oOWzOIa4Cto26wh+Mjp6mKHvjZV+MKTsqH
RUyb4v+uRS8ZnyxffcmL3WBDkS2d/gR2KXCzIOeSFdQJbiVY8hiAdUuFep17g+jn
Q2PjFIR5s0ZALrLjj9BySlSwuMeQh8jaFcYNl3H0Vo/FrigMzPfexWTPNnJMVubW
kQ31e8fhthNVj5BTxKbYfiEtF0wEQquJP1Ly/VClRNyOYwLUiuKQcEeAUno9lt+J
D3LAwv/I+72a2xWGMYUchLhtope2uK7et2TZ9TBkQdWKefj+xWPG6CBFLz9KwC+K
l4uqM1H+rU0lowsIwShF6r7niN838JUWF+ki9sPC9gA0
-----END CERTIFICATE-----