Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/3f63df-b6f7-4d42-a9a9-1a76784a0a21/1/BOd4X-gGHW9qfZrovTpTpCUu16o.roa
File:                     BOd4X-gGHW9qfZrovTpTpCUu16o.roa (raw, json)
Hash identifier:          c75wuvMxn9qd8ioVmRljUDCwusi82rk/MB2SG13ABWY=
Subject key identifier:   04:E7:78:5F:E8:06:1D:6F:6A:7D:9A:E8:BD:3A:53:A4:25:2E:D7:AA
Certificate issuer:       /CN=54913026f079cda241aef4514fd353c28330e461
Certificate serial:       018CC8DEA98BD271DD3EC0281A8837DDC63D
Authority key identifier: 54:91:30:26:F0:79:CD:A2:41:AE:F4:51:4F:D3:53:C2:83:30:E4:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VJEwJvB5zaJBrvRRT9NTwoMw5GE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/3f63df-b6f7-4d42-a9a9-1a76784a0a21/1/BOd4X-gGHW9qfZrovTpTpCUu16o.roa
Signing time:             Tue 02 Jan 2024 06:31:24 +0000
ROA not before:           Tue 02 Jan 2024 06:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199245
IP address blocks:        195.85.44.0/24 maxlen: 24
                          2a12:b940::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/3f63df-b6f7-4d42-a9a9-1a76784a0a21/1/VJEwJvB5zaJBrvRRT9NTwoMw5GE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/3f63df-b6f7-4d42-a9a9-1a76784a0a21/1/VJEwJvB5zaJBrvRRT9NTwoMw5GE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VJEwJvB5zaJBrvRRT9NTwoMw5GE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:a9:8b:d2:71:dd:3e:c0:28:1a:88:37:dd:c6:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54913026f079cda241aef4514fd353c28330e461
        Validity
            Not Before: Jan  2 06:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04e7785fe8061d6f6a7d9ae8bd3a53a4252ed7aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:b7:ff:1e:ac:54:6c:b1:ef:b1:58:63:ec:f1:
                    53:e4:6d:40:46:f8:9b:4d:29:70:44:eb:e1:a3:80:
                    cf:1e:d4:cf:e0:ae:69:68:e6:ec:07:68:72:2b:67:
                    85:34:9c:60:94:ba:18:16:40:f9:5c:eb:69:a0:89:
                    fc:26:58:49:9b:a9:a9:a7:2f:e4:44:e3:1f:ba:91:
                    61:2f:0f:d2:d4:a1:0b:40:c8:65:3a:bc:81:43:9d:
                    b5:10:37:d4:8c:34:dc:c5:f4:0b:8a:31:72:0a:15:
                    4a:20:05:8c:88:31:e6:3c:24:14:b4:4b:d7:22:ea:
                    fc:19:8b:2c:5b:83:df:ee:bc:a9:f3:30:5e:2d:7d:
                    bb:3d:3e:bb:aa:6f:38:0e:4d:06:81:ef:9d:11:70:
                    e3:95:63:3a:c0:de:cb:77:64:a7:75:07:18:96:39:
                    29:c0:56:31:69:f5:5a:59:a4:df:b2:31:54:50:2a:
                    88:b3:0a:86:54:c1:4b:b3:32:d9:d2:55:04:2d:e4:
                    47:84:4a:04:9e:05:20:38:15:8e:3e:d8:19:e0:91:
                    ac:29:91:46:f9:2d:d9:ab:3b:b2:47:d0:b6:70:16:
                    76:68:b7:c3:55:81:da:14:52:7f:3a:61:cd:b1:58:
                    4a:4d:49:85:63:f9:f5:f1:92:a5:25:a5:a0:39:75:
                    1b:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:E7:78:5F:E8:06:1D:6F:6A:7D:9A:E8:BD:3A:53:A4:25:2E:D7:AA
            X509v3 Authority Key Identifier:
                keyid:54:91:30:26:F0:79:CD:A2:41:AE:F4:51:4F:D3:53:C2:83:30:E4:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VJEwJvB5zaJBrvRRT9NTwoMw5GE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/3f63df-b6f7-4d42-a9a9-1a76784a0a21/1/BOd4X-gGHW9qfZrovTpTpCUu16o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/3f63df-b6f7-4d42-a9a9-1a76784a0a21/1/VJEwJvB5zaJBrvRRT9NTwoMw5GE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.44.0/24
                IPv6:
                  2a12:b940::/29

    Signature Algorithm: sha256WithRSAEncryption
         3e:43:b7:75:1f:82:5b:c8:2d:db:3e:a6:99:aa:9a:03:23:e4:
         28:1e:b7:ea:02:ad:89:6e:58:08:9a:29:35:22:4e:8c:a8:15:
         9f:f3:e5:73:91:6a:92:ba:99:d2:4b:38:9d:a9:e1:a0:6a:f6:
         09:2a:9a:26:93:c2:97:62:0c:6e:b7:00:c0:e9:ea:63:77:22:
         1a:73:5a:b2:0f:86:5e:14:dc:89:8e:c0:90:d8:d0:75:f5:05:
         3c:71:6c:a4:26:ce:d3:f4:eb:99:ce:a5:ba:f0:9b:ee:c7:dd:
         40:c2:8f:c1:97:6a:95:7a:5c:7d:57:e8:97:04:08:3a:1c:00:
         d4:b9:ff:42:93:cb:09:8e:21:c9:01:8a:82:4e:64:83:4c:93:
         44:f1:f3:c3:62:ca:2b:cb:8e:4c:5a:0a:9f:90:2b:46:0e:ba:
         fe:c3:cf:2d:7b:32:8f:ec:a1:c0:ee:c6:07:44:f7:2e:91:93:
         3c:41:01:53:5f:0e:f2:59:6b:56:10:5c:1b:74:36:cf:38:ef:
         d9:eb:90:9c:40:2b:4f:c3:4c:34:f2:7f:f8:22:d7:e6:34:3a:
         12:a8:c4:02:b5:b6:93:85:a3:1c:4b:cb:26:b0:d7:d2:f5:ae:
         d2:1d:17:c8:82:96:f7:10:a3:cc:10:27:de:58:b8:8d:a6:7a:
         05:cf:6c:1b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3qmL0nHdPsAoGog33cY9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0OTEzMDI2ZjA3OWNkYTI0MWFlZjQ1MTRmZDM1M2MyODMz
MGU0NjEwHhcNMjQwMTAyMDYzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGU3Nzg1ZmU4MDYxZDZmNmE3ZDlhZThiZDNhNTNhNDI1MmVkN2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi7f/HqxUbLHvsVhj7PFT5G1ARvib
TSlwROvho4DPHtTP4K5paObsB2hyK2eFNJxglLoYFkD5XOtpoIn8JlhJm6mppy/k
ROMfupFhLw/S1KELQMhlOryBQ521EDfUjDTcxfQLijFyChVKIAWMiDHmPCQUtEvX
Iur8GYssW4Pf7ryp8zBeLX27PT67qm84Dk0Gge+dEXDjlWM6wN7Ld2SndQcYljkp
wFYxafVaWaTfsjFUUCqIswqGVMFLszLZ0lUELeRHhEoEngUgOBWOPtgZ4JGsKZFG
+S3ZqzuyR9C2cBZ2aLfDVYHaFFJ/OmHNsVhKTUmFY/n18ZKlJaWgOXUbfwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFATneF/oBh1van2a6L06U6QlLteqMB8GA1UdIwQY
MBaAFFSRMCbwec2iQa70UU/TU8KDMORhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkpFd0p2QjV6YUpCcnZSUlQ5TlR3b013NUdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi8zZjYzZGYtYjZmNy00ZDQyLWE5YTkt
MWE3Njc4NGEwYTIxLzEvQk9kNFgtZ0dIVzlxZlpyb3ZUcFRwQ1V1MTZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi8zZjYzZGYtYjZmNy00ZDQyLWE5YTktMWE3Njc4NGEwYTIx
LzEvVkpFd0p2QjV6YUpCcnZSUlQ5TlR3b013NUdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAw1UsMA0E
AgACMAcDBQMqErlAMA0GCSqGSIb3DQEBCwUAA4IBAQA+Q7d1H4JbyC3bPqaZqpoD
I+QoHrfqAq2JblgImik1Ik6MqBWf8+VzkWqSupnSSzidqeGgavYJKpomk8KXYgxu
twDA6epjdyIac1qyD4ZeFNyJjsCQ2NB19QU8cWykJs7T9OuZzqW68Jvux91Awo/B
l2qVelx9V+iXBAg6HADUuf9Ck8sJjiHJAYqCTmSDTJNE8fPDYsory45MWgqfkCtG
Drr+w88tezKP7KHA7sYHRPcukZM8QQFTXw7yWWtWEFwbdDbPOO/Z65CcQCtPw0w0
8n/4ItfmNDoSqMQCtbaThaMcS8smsNfS9a7SHRfIgpb3EKPMECfeWLiNpnoFz2wb
-----END CERTIFICATE-----