Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/107db4-9fd7-4fcd-8d19-25413c260e45/1/bvrVUpHIC1klCGoTlzIfBAgUUN8.roa
File:                     bvrVUpHIC1klCGoTlzIfBAgUUN8.roa (raw, json)
Hash identifier:          tLuOb2gMxtrtStxGcJuqLmx2v2dwKHB2hi6rXRGmuO8=
Subject key identifier:   6E:FA:D5:52:91:C8:0B:59:25:08:6A:13:97:32:1F:04:08:14:50:DF
Certificate issuer:       /CN=47ad34f8c20a5073e860821c8c09bf7579a26d0b
Certificate serial:       018CC42533ECC12A6FE7E9705D67696A8C86
Authority key identifier: 47:AD:34:F8:C2:0A:50:73:E8:60:82:1C:8C:09:BF:75:79:A2:6D:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R600-MIKUHPoYIIcjAm_dXmibQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/107db4-9fd7-4fcd-8d19-25413c260e45/1/bvrVUpHIC1klCGoTlzIfBAgUUN8.roa
Signing time:             Mon 01 Jan 2024 08:30:21 +0000
ROA not before:           Mon 01 Jan 2024 08:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48095
IP address blocks:        185.201.244.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/107db4-9fd7-4fcd-8d19-25413c260e45/1/R600-MIKUHPoYIIcjAm_dXmibQs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/107db4-9fd7-4fcd-8d19-25413c260e45/1/R600-MIKUHPoYIIcjAm_dXmibQs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R600-MIKUHPoYIIcjAm_dXmibQs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:33:ec:c1:2a:6f:e7:e9:70:5d:67:69:6a:8c:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47ad34f8c20a5073e860821c8c09bf7579a26d0b
        Validity
            Not Before: Jan  1 08:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6efad55291c80b5925086a1397321f04081450df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:aa:63:31:a1:c4:08:d3:89:b9:40:78:17:fa:
                    e8:24:d3:f8:15:bb:9b:20:28:17:30:66:5f:b2:50:
                    8b:e5:a3:14:da:34:b7:ad:5f:93:57:9f:44:f2:45:
                    5a:bc:4e:10:ac:01:42:77:dd:47:37:94:fa:30:35:
                    77:ec:fb:a8:55:d8:f0:c7:c0:72:dd:f8:b6:cc:1f:
                    48:94:98:87:de:13:83:ef:3d:07:c4:95:e7:47:be:
                    a2:94:53:a1:27:9c:80:b5:94:01:c6:26:00:14:01:
                    ad:a7:29:98:9b:e6:be:9d:e1:31:15:cf:f9:e9:eb:
                    f7:cd:dc:25:3f:f6:6d:6e:f1:ae:2f:93:c2:67:f2:
                    4b:84:7a:ec:70:4b:2e:e7:0c:f9:89:4b:2d:3f:0b:
                    0a:1b:c5:41:f8:a4:56:83:63:b5:42:a9:50:33:89:
                    c1:e0:ec:ad:d6:05:7a:16:f6:d1:61:23:89:30:e7:
                    f7:7e:24:96:bb:d9:4a:69:2c:64:20:0a:a7:33:88:
                    35:67:3f:82:c5:45:80:e5:77:bf:f8:56:31:43:4b:
                    bb:a8:66:dc:97:cf:5b:77:5d:e2:d8:c1:81:4d:85:
                    52:d9:e4:e5:88:52:b4:cc:a6:4b:bb:a6:0f:3d:a1:
                    41:af:18:ee:aa:0e:07:1a:b5:da:a6:cf:a0:3d:5e:
                    b6:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:FA:D5:52:91:C8:0B:59:25:08:6A:13:97:32:1F:04:08:14:50:DF
            X509v3 Authority Key Identifier:
                keyid:47:AD:34:F8:C2:0A:50:73:E8:60:82:1C:8C:09:BF:75:79:A2:6D:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R600-MIKUHPoYIIcjAm_dXmibQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/107db4-9fd7-4fcd-8d19-25413c260e45/1/bvrVUpHIC1klCGoTlzIfBAgUUN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/107db4-9fd7-4fcd-8d19-25413c260e45/1/R600-MIKUHPoYIIcjAm_dXmibQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:a2:fb:fe:7b:2d:39:77:f3:e9:e9:71:11:fc:f3:46:7d:9e:
         13:9d:45:4b:5c:c9:c3:5f:1c:f1:c9:ad:ce:52:eb:8b:ff:d0:
         f0:9e:fd:b1:bd:42:da:a1:1b:02:1f:22:5b:ca:94:75:b4:3b:
         8b:0b:7e:6a:a0:74:ff:68:3c:e8:45:12:8c:39:0a:bf:c5:67:
         11:72:4d:f2:b5:9b:ab:c5:b2:0d:93:b4:27:90:64:32:fe:b8:
         ec:5d:80:f6:a4:e3:91:0c:47:78:d5:2c:63:e1:8d:22:55:d5:
         06:b4:41:f6:4a:bf:26:51:79:59:ce:16:bd:35:f8:11:93:9b:
         75:30:18:95:4d:f9:fc:c7:86:cf:bf:bd:41:a0:a8:2a:ed:7e:
         d8:70:40:3f:f1:96:f9:52:e5:a5:6a:40:42:68:a5:27:68:6a:
         9a:3e:b9:cd:71:f2:06:fd:35:86:ad:d4:1a:db:09:a8:06:82:
         c3:60:2e:c1:49:72:0f:0a:58:44:35:ad:13:e4:09:8a:96:07:
         fd:21:e6:64:87:12:03:56:5c:5b:64:4c:3e:23:c8:99:05:29:
         03:5f:36:8c:9b:ee:17:15:04:ec:3c:b6:e5:da:74:86:55:9e:
         9f:f6:75:89:32:fa:9d:5f:5a:fb:16:f1:d2:6c:e2:6b:d2:7c:
         14:c4:05:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJTPswSpv5+lwXWdpaoyGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3YWQzNGY4YzIwYTUwNzNlODYwODIxYzhjMDliZjc1Nzlh
MjZkMGIwHhcNMjQwMTAxMDgzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWZhZDU1MjkxYzgwYjU5MjUwODZhMTM5NzMyMWYwNDA4MTQ1MGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6pjMaHECNOJuUB4F/roJNP4Fbub
ICgXMGZfslCL5aMU2jS3rV+TV59E8kVavE4QrAFCd91HN5T6MDV37PuoVdjwx8By
3fi2zB9IlJiH3hOD7z0HxJXnR76ilFOhJ5yAtZQBxiYAFAGtpymYm+a+neExFc/5
6ev3zdwlP/ZtbvGuL5PCZ/JLhHrscEsu5wz5iUstPwsKG8VB+KRWg2O1QqlQM4nB
4Oyt1gV6FvbRYSOJMOf3fiSWu9lKaSxkIAqnM4g1Zz+CxUWA5Xe/+FYxQ0u7qGbc
l89bd13i2MGBTYVS2eTliFK0zKZLu6YPPaFBrxjuqg4HGrXaps+gPV62lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG761VKRyAtZJQhqE5cyHwQIFFDfMB8GA1UdIwQY
MBaAFEetNPjCClBz6GCCHIwJv3V5om0LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjYwMC1NSUtVSFBvWUlJY2pBbV9kWG1pYlFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8xMDdkYjQtOWZkNy00ZmNkLThkMTkt
MjU0MTNjMjYwZTQ1LzEvYnZyVlVwSElDMWtsQ0dvVGx6SWZCQWdVVU44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8xMDdkYjQtOWZkNy00ZmNkLThkMTktMjU0MTNjMjYwZTQ1
LzEvUjYwMC1NSUtVSFBvWUlJY2pBbV9kWG1pYlFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucn0MA0G
CSqGSIb3DQEBCwUAA4IBAQBkovv+ey05d/Pp6XER/PNGfZ4TnUVLXMnDXxzxya3O
UuuL/9Dwnv2xvULaoRsCHyJbypR1tDuLC35qoHT/aDzoRRKMOQq/xWcRck3ytZur
xbINk7QnkGQy/rjsXYD2pOORDEd41Sxj4Y0iVdUGtEH2Sr8mUXlZzha9NfgRk5t1
MBiVTfn8x4bPv71BoKgq7X7YcEA/8Zb5UuWlakBCaKUnaGqaPrnNcfIG/TWGrdQa
2wmoBoLDYC7BSXIPClhENa0T5AmKlgf9IeZkhxIDVlxbZEw+I8iZBSkDXzaMm+4X
FQTsPLbl2nSGVZ6f9nWJMvqdX1r7FvHSbOJr0nwUxAU1
-----END CERTIFICATE-----