Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/BTMc47pLCu53qRabwMOgFltQWdk.roa
File:                     BTMc47pLCu53qRabwMOgFltQWdk.roa (raw, json)
Hash identifier:          s+aHZ8bwo3VIGJafiX3/BN4OIiBp6xgUfqA1YPwUwr0=
Subject key identifier:   05:33:1C:E3:BA:4B:0A:EE:77:A9:16:9B:C0:C3:A0:16:5B:50:59:D9
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       018CC86FB577236CE95E6D90B20569E98EC6
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/BTMc47pLCu53qRabwMOgFltQWdk.roa
Signing time:             Tue 02 Jan 2024 04:30:13 +0000
ROA not before:           Tue 02 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209281
IP address blocks:        213.232.76.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b5:77:23:6c:e9:5e:6d:90:b2:05:69:e9:8e:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  2 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05331ce3ba4b0aee77a9169bc0c3a0165b5059d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e0:08:f9:4f:28:c0:f0:85:21:1c:50:a6:d8:
                    94:60:77:d3:0f:41:2a:ef:9a:ef:ba:98:a0:7d:60:
                    8c:6e:07:5e:1a:28:87:b0:17:90:00:b7:27:b4:69:
                    03:ad:80:0d:9b:3b:af:d3:2e:44:dc:2f:b5:d5:6e:
                    3c:02:9f:22:3f:25:51:7d:3f:95:65:19:86:ff:08:
                    18:aa:6b:06:78:1b:38:6b:c5:b6:7e:ba:50:ec:a2:
                    c3:51:23:71:9b:a3:90:e8:06:2b:e8:06:f1:31:e2:
                    d3:f1:ff:f2:c4:c7:77:0b:26:f5:bc:a4:6d:d3:f4:
                    83:11:95:e8:06:a7:c7:3b:88:6a:71:ab:5f:ec:5d:
                    fa:e3:87:82:94:8b:89:1d:b9:1d:bb:8c:c0:21:dd:
                    25:02:e1:85:2d:6e:2f:bc:b7:26:18:6a:a8:12:e5:
                    02:9a:da:a9:96:4d:66:0a:d2:d1:c0:ad:0f:7c:70:
                    98:34:59:aa:1b:6d:44:b6:8e:d1:7a:19:3b:d7:12:
                    e6:f3:4f:5c:66:5e:fc:d6:dd:97:c4:8f:12:ec:25:
                    51:ea:45:57:2b:d0:10:d1:c3:c4:a2:d2:c9:ef:34:
                    c4:7a:52:77:1a:93:a9:81:78:c4:ae:6b:d1:44:01:
                    cd:01:a0:81:29:70:1c:e4:12:5e:7d:5b:b4:c9:bc:
                    a3:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:33:1C:E3:BA:4B:0A:EE:77:A9:16:9B:C0:C3:A0:16:5B:50:59:D9
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/BTMc47pLCu53qRabwMOgFltQWdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.232.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:b8:cf:d3:a1:50:5c:e9:48:71:ad:e8:70:3e:f3:19:65:88:
         8c:b7:48:f9:5f:c1:27:94:b3:20:6c:6f:1e:98:16:29:9a:b4:
         5e:e3:6d:bb:22:d4:75:49:4e:60:39:8f:32:cc:05:87:89:31:
         5f:d3:f9:f6:be:97:0c:b0:11:63:82:b6:f8:56:7a:7d:4c:6c:
         6d:17:12:8f:a1:f8:92:c9:5d:bc:96:95:9a:c7:7f:bb:8c:3b:
         f1:f6:28:31:78:d8:7f:0c:70:72:05:2c:18:b2:5d:f4:f1:a7:
         13:52:63:b8:0b:98:74:d0:0a:b0:92:e3:86:ca:53:08:79:13:
         15:70:11:d5:7d:cc:88:a7:88:38:d3:63:fc:d3:d2:59:08:32:
         ad:0a:53:75:4f:f4:d5:6c:41:a2:c0:0e:03:55:9c:e4:95:f4:
         15:78:9e:f4:74:ac:f0:f6:df:16:1b:ae:e8:ba:0e:c0:8f:1d:
         2b:ba:11:87:af:c0:c6:f5:99:e6:ec:60:43:e1:db:f5:e6:b6:
         73:94:07:59:be:a6:2a:ad:7f:b4:10:26:36:7e:bd:e6:99:3b:
         9d:a4:d2:f2:b5:5d:dc:69:6b:51:7b:4f:dc:02:09:bc:17:f5:
         02:d1:65:b4:3c:5d:25:79:ac:40:4e:5e:33:c8:78:26:96:15:
         81:8a:a1:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb7V3I2zpXm2QsgVp6Y7GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjQwMTAyMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTMzMWNlM2JhNGIwYWVlNzdhOTE2OWJjMGMzYTAxNjViNTA1OWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgeAI+U8owPCFIRxQptiUYHfTD0Eq
75rvupigfWCMbgdeGiiHsBeQALcntGkDrYANmzuv0y5E3C+11W48Ap8iPyVRfT+V
ZRmG/wgYqmsGeBs4a8W2frpQ7KLDUSNxm6OQ6AYr6AbxMeLT8f/yxMd3Cyb1vKRt
0/SDEZXoBqfHO4hqcatf7F3644eClIuJHbkdu4zAId0lAuGFLW4vvLcmGGqoEuUC
mtqplk1mCtLRwK0PfHCYNFmqG21Eto7Rehk71xLm809cZl781t2XxI8S7CVR6kVX
K9AQ0cPEotLJ7zTEelJ3GpOpgXjErmvRRAHNAaCBKXAc5BJefVu0ybyjzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUzHOO6Swrud6kWm8DDoBZbUFnZMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvQlRNYzQ3cExDdTUzcVJhYndNT2dGbHRRV2RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1ehMMA0G
CSqGSIb3DQEBCwUAA4IBAQA8uM/ToVBc6UhxrehwPvMZZYiMt0j5X8EnlLMgbG8e
mBYpmrRe4227ItR1SU5gOY8yzAWHiTFf0/n2vpcMsBFjgrb4Vnp9TGxtFxKPofiS
yV28lpWax3+7jDvx9igxeNh/DHByBSwYsl308acTUmO4C5h00AqwkuOGylMIeRMV
cBHVfcyIp4g402P809JZCDKtClN1T/TVbEGiwA4DVZzklfQVeJ70dKzw9t8WG67o
ug7Ajx0ruhGHr8DG9Znm7GBD4dv15rZzlAdZvqYqrX+0ECY2fr3mmTudpNLytV3c
aWtRe0/cAgm8F/UC0WW0PF0leaxATl4zyHgmlhWBiqGS
-----END CERTIFICATE-----