Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/BFkjCuF1dtutDZTyO0M90vl3IqI.roa
File:                     BFkjCuF1dtutDZTyO0M90vl3IqI.roa (raw, json)
Hash identifier:          UoAfk+1BC2urQIpEb+1nbfkKsH0UX0eAjke0nms5fww=
Subject key identifier:   04:59:23:0A:E1:75:76:DB:AD:0D:94:F2:3B:43:3D:D2:F9:77:22:A2
Certificate issuer:       /CN=8b7f81a6e782e211189c4f34e459b4226c75f4a6
Certificate serial:       018CC6B77AA250EFADD080021B49E1AF10D1
Authority key identifier: 8B:7F:81:A6:E7:82:E2:11:18:9C:4F:34:E4:59:B4:22:6C:75:F4:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i3-BpueC4hEYnE805Fm0Imx19KY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/BFkjCuF1dtutDZTyO0M90vl3IqI.roa
Signing time:             Mon 01 Jan 2024 20:29:22 +0000
ROA not before:           Mon 01 Jan 2024 20:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        45.128.172.0/24 maxlen: 24
                          45.128.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/i3-BpueC4hEYnE805Fm0Imx19KY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/i3-BpueC4hEYnE805Fm0Imx19KY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i3-BpueC4hEYnE805Fm0Imx19KY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:7a:a2:50:ef:ad:d0:80:02:1b:49:e1:af:10:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b7f81a6e782e211189c4f34e459b4226c75f4a6
        Validity
            Not Before: Jan  1 20:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0459230ae17576dbad0d94f23b433dd2f97722a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:33:aa:92:4b:78:cf:4b:93:6c:09:17:06:a0:
                    e3:6c:52:e8:38:59:ab:b3:0f:fe:3b:31:31:a0:05:
                    cc:af:1d:d1:e3:b5:d2:95:5e:1c:87:2e:a8:a4:2e:
                    43:fc:c1:14:3a:17:26:b7:bb:05:63:1f:21:8e:36:
                    f5:dc:6b:e5:ee:cd:25:25:37:d0:eb:b0:ba:d9:4c:
                    1f:51:86:07:b2:48:ca:f4:43:06:aa:8e:21:54:7d:
                    59:ad:87:4c:58:93:f3:f5:85:94:3a:6f:87:d1:14:
                    a5:90:f3:1d:28:a4:99:a7:9e:b7:f2:ea:4b:2e:ad:
                    70:e4:0b:aa:24:5d:0a:41:f9:3e:26:69:22:c3:2f:
                    2c:22:2b:b2:90:6d:5b:af:1d:84:56:6b:88:50:4c:
                    2c:d0:28:5c:46:25:d8:e7:44:2f:c4:16:b4:a2:8c:
                    0c:f9:73:3f:38:cf:6c:fd:08:61:16:12:21:e2:77:
                    2b:0a:9b:a3:22:7e:69:5a:b8:79:45:a4:5d:2f:9b:
                    e0:3a:e2:0f:37:4d:74:44:17:be:90:20:68:87:61:
                    f5:66:6f:52:b9:50:6f:6a:df:0e:68:e8:b0:a5:0f:
                    6e:42:8a:d0:23:86:eb:6b:aa:62:18:f0:d6:ec:86:
                    4b:68:58:67:56:58:ad:28:07:82:82:ad:98:40:81:
                    0b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:59:23:0A:E1:75:76:DB:AD:0D:94:F2:3B:43:3D:D2:F9:77:22:A2
            X509v3 Authority Key Identifier:
                keyid:8B:7F:81:A6:E7:82:E2:11:18:9C:4F:34:E4:59:B4:22:6C:75:F4:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i3-BpueC4hEYnE805Fm0Imx19KY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/BFkjCuF1dtutDZTyO0M90vl3IqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/i3-BpueC4hEYnE805Fm0Imx19KY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:3c:6b:0b:1a:08:82:c3:53:99:03:ae:44:39:7f:99:1b:fd:
         bd:fd:27:98:f7:bd:35:9c:97:f9:cc:ab:e6:84:6d:cb:83:71:
         9e:6e:2b:e5:2e:93:36:79:ca:59:58:cc:67:0e:ce:8a:8e:58:
         a9:d7:24:18:ef:63:14:a8:ce:cf:80:c0:32:d9:a4:a0:3c:04:
         5e:38:ad:18:ea:38:97:14:c3:6b:18:ff:54:45:06:50:a6:e0:
         44:aa:d4:08:7d:b9:f5:11:1c:da:18:44:66:3d:46:ae:d8:03:
         eb:e5:4b:90:c9:74:3b:d0:f7:c8:54:a3:a5:2c:26:cd:4f:f5:
         d7:2e:b3:25:87:33:90:c5:90:68:ae:0a:7c:ba:3c:22:8c:81:
         a1:93:93:fd:23:20:dc:b5:9f:0d:25:b5:63:2f:12:f5:37:b6:
         58:49:90:48:98:62:42:82:1e:fe:5a:f4:a4:aa:36:1a:87:3b:
         83:d6:0a:f5:5e:c0:85:4c:95:87:c1:0e:e8:f7:75:85:f2:65:
         8b:f5:68:bc:9a:0c:b0:f1:a5:9c:06:aa:7f:e8:f5:95:b6:58:
         4c:b8:a6:4d:48:90:54:f8:c7:5b:35:a6:88:d6:9b:64:0c:a7:
         98:79:4f:d9:0d:1d:81:e8:80:cb:c0:c8:c7:7d:a7:5f:8c:c0:
         ed:4a:1c:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt3qiUO+t0IACG0nhrxDRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiN2Y4MWE2ZTc4MmUyMTExODljNGYzNGU0NTliNDIyNmM3
NWY0YTYwHhcNMjQwMTAxMjAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDU5MjMwYWUxNzU3NmRiYWQwZDk0ZjIzYjQzM2RkMmY5NzcyMmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmDOqkkt4z0uTbAkXBqDjbFLoOFmr
sw/+OzExoAXMrx3R47XSlV4chy6opC5D/MEUOhcmt7sFYx8hjjb13Gvl7s0lJTfQ
67C62UwfUYYHskjK9EMGqo4hVH1ZrYdMWJPz9YWUOm+H0RSlkPMdKKSZp5638upL
Lq1w5AuqJF0KQfk+Jmkiwy8sIiuykG1brx2EVmuIUEws0ChcRiXY50QvxBa0oowM
+XM/OM9s/QhhFhIh4ncrCpujIn5pWrh5RaRdL5vgOuIPN010RBe+kCBoh2H1Zm9S
uVBvat8OaOiwpQ9uQorQI4bra6piGPDW7IZLaFhnVlitKAeCgq2YQIEL4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFARZIwrhdXbbrQ2U8jtDPdL5dyKiMB8GA1UdIwQY
MBaAFIt/gabnguIRGJxPNORZtCJsdfSmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTMtQnB1ZUM0aEVZbkU4MDVGbTBJbXgxOUtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi85YjYwZTUtZjk4Zi00YWM2LTk4YTUt
ZjJmNDI2ZWZlMDM5LzEvQkZrakN1RjFkdHV0RFpUeU8wTTkwdmwzSXFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi85YjYwZTUtZjk4Zi00YWM2LTk4YTUtZjJmNDI2ZWZlMDM5
LzEvaTMtQnB1ZUM0aEVZbkU4MDVGbTBJbXgxOUtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYCsMA0G
CSqGSIb3DQEBCwUAA4IBAQBAPGsLGgiCw1OZA65EOX+ZG/29/SeY9701nJf5zKvm
hG3Lg3GebivlLpM2ecpZWMxnDs6Kjlip1yQY72MUqM7PgMAy2aSgPAReOK0Y6jiX
FMNrGP9URQZQpuBEqtQIfbn1ERzaGERmPUau2APr5UuQyXQ70PfIVKOlLCbNT/XX
LrMlhzOQxZBorgp8ujwijIGhk5P9IyDctZ8NJbVjLxL1N7ZYSZBImGJCgh7+WvSk
qjYahzuD1gr1XsCFTJWHwQ7o93WF8mWL9Wi8mgyw8aWcBqp/6PWVtlhMuKZNSJBU
+MdbNaaI1ptkDKeYeU/ZDR2B6IDLwMjHfadfjMDtShyH
-----END CERTIFICATE-----