Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/bvhxhmAqyDusWG8L2BubxFp6Byg.roa
File:                     bvhxhmAqyDusWG8L2BubxFp6Byg.roa (raw, json)
Hash identifier:          SHS3jK9UFMV78c0xUf6ZLaaMiJ9/VJhwk1oZbalxq7g=
Subject key identifier:   6E:F8:71:86:60:2A:C8:3B:AC:58:6F:0B:D8:1B:9B:C4:5A:7A:07:28
Certificate issuer:       /CN=bb9b56d8d96ebcb5fcf87de2ec2b52c194ccf9f9
Certificate serial:       019488FB20BA9240765880A69C4D9FB1A3EB
Authority key identifier: BB:9B:56:D8:D9:6E:BC:B5:FC:F8:7D:E2:EC:2B:52:C1:94:CC:F9:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u5tW2NluvLX8-H3i7CtSwZTM-fk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/bvhxhmAqyDusWG8L2BubxFp6Byg.roa
Signing time:             Tue 21 Jan 2025 13:09:06 +0000
ROA not before:           Tue 21 Jan 2025 13:09:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206065
IP address blocks:        185.222.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/u5tW2NluvLX8-H3i7CtSwZTM-fk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/u5tW2NluvLX8-H3i7CtSwZTM-fk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u5tW2NluvLX8-H3i7CtSwZTM-fk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 07:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:88:fb:20:ba:92:40:76:58:80:a6:9c:4d:9f:b1:a3:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb9b56d8d96ebcb5fcf87de2ec2b52c194ccf9f9
        Validity
            Not Before: Jan 21 13:09:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ef87186602ac83bac586f0bd81b9bc45a7a0728
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:8c:ee:15:24:3d:56:c1:04:8f:ec:f2:c9:b6:
                    de:92:60:08:60:a2:33:ed:73:92:cc:b7:c6:48:6b:
                    f7:a4:7c:26:04:96:dc:e6:62:37:93:6d:58:5d:ea:
                    e1:99:01:6f:e6:92:5e:51:ad:50:66:0d:0a:5c:d5:
                    1a:6e:73:a5:f9:c6:e8:29:96:a5:0b:61:e6:0f:8e:
                    7f:78:7e:62:ae:1a:9d:0f:e2:2a:cf:a3:1c:79:ad:
                    f0:08:68:44:c2:c1:b3:54:6b:3d:4d:03:d4:f3:b8:
                    7a:43:3d:0b:6b:b5:f5:a8:94:bc:a7:35:0d:fd:f9:
                    be:80:8d:ac:83:97:2d:f3:60:81:cc:43:97:4c:c7:
                    e6:1d:0d:a6:4d:f7:b4:79:5c:6d:80:87:b3:24:ed:
                    55:ed:01:60:61:db:aa:23:20:91:a4:8c:49:11:b1:
                    ff:cc:12:88:9d:84:14:63:2a:56:71:a0:ef:71:0e:
                    2f:da:b3:57:a3:5c:d3:13:76:f4:f6:8d:d2:b9:5c:
                    a6:3d:81:64:e8:42:df:ab:e5:35:a0:a0:40:80:d6:
                    6d:71:05:15:27:90:20:82:f2:b6:5e:65:14:00:64:
                    5c:9c:1e:08:e5:d6:7c:a4:3d:b4:13:34:ab:fc:0f:
                    9a:86:47:09:d6:4b:ec:da:90:2a:3a:dd:f8:aa:df:
                    5a:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:F8:71:86:60:2A:C8:3B:AC:58:6F:0B:D8:1B:9B:C4:5A:7A:07:28
            X509v3 Authority Key Identifier:
                keyid:BB:9B:56:D8:D9:6E:BC:B5:FC:F8:7D:E2:EC:2B:52:C1:94:CC:F9:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u5tW2NluvLX8-H3i7CtSwZTM-fk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/bvhxhmAqyDusWG8L2BubxFp6Byg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/u5tW2NluvLX8-H3i7CtSwZTM-fk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:62:fe:20:0b:27:1d:87:4a:af:01:d8:5d:85:b2:db:b7:7d:
         c9:1c:5e:88:c5:f9:c8:12:c2:20:98:72:ad:1a:f5:34:28:07:
         86:45:4c:6d:63:51:8c:4c:fd:c0:81:3a:e3:c8:f8:68:f7:00:
         04:ae:eb:c6:fe:13:56:87:09:ac:9a:3e:5a:f8:b6:a1:94:f5:
         99:31:48:16:ea:9a:af:ce:d4:60:dc:06:9b:bf:53:f1:ef:5b:
         04:0d:d8:c8:29:1f:fb:f3:cd:fc:70:be:31:57:4e:12:3e:7b:
         90:b1:54:12:ba:bd:58:11:f4:7a:57:53:a2:86:c5:c5:15:a4:
         06:10:43:e5:18:1c:95:d8:b1:bf:89:fc:a7:2d:81:1f:d8:f6:
         b4:74:6a:08:70:8f:5f:fa:41:4d:92:59:32:28:fa:d4:cd:5c:
         fb:28:94:49:87:a6:73:58:ad:d9:fc:7b:fd:ea:21:3a:c7:96:
         e0:81:13:f2:7a:2b:a2:d0:99:ef:bf:d0:08:6f:5a:43:db:4c:
         58:78:d3:c9:2d:33:40:89:a2:b8:71:42:ad:93:0c:a6:51:05:
         84:ce:2f:1c:2f:63:1d:7b:02:a1:50:54:8e:b6:7d:4d:96:f9:
         09:db:da:c1:af:d5:28:ac:89:7d:50:06:51:31:a8:39:4b:15:
         98:d3:b4:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSI+yC6kkB2WICmnE2fsaPrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiOWI1NmQ4ZDk2ZWJjYjVmY2Y4N2RlMmVjMmI1MmMxOTRj
Y2Y5ZjkwHhcNMjUwMTIxMTMwOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWY4NzE4NjYwMmFjODNiYWM1ODZmMGJkODFiOWJjNDVhN2EwNzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYzuFSQ9VsEEj+zyybbekmAIYKIz
7XOSzLfGSGv3pHwmBJbc5mI3k21YXerhmQFv5pJeUa1QZg0KXNUabnOl+cboKZal
C2HmD45/eH5irhqdD+Iqz6Mcea3wCGhEwsGzVGs9TQPU87h6Qz0La7X1qJS8pzUN
/fm+gI2sg5ct82CBzEOXTMfmHQ2mTfe0eVxtgIezJO1V7QFgYduqIyCRpIxJEbH/
zBKInYQUYypWcaDvcQ4v2rNXo1zTE3b09o3SuVymPYFk6ELfq+U1oKBAgNZtcQUV
J5AggvK2XmUUAGRcnB4I5dZ8pD20EzSr/A+ahkcJ1kvs2pAqOt34qt9arwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG74cYZgKsg7rFhvC9gbm8RaegcoMB8GA1UdIwQY
MBaAFLubVtjZbry1/Ph94uwrUsGUzPn5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTV0VzJObHV2TFg4LUgzaTdDdFN3WlRNLWZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84ZjM5NDItMTdmNy00OTNjLWJjNmIt
NGY0ZmU4MDNiMDE1LzEvYnZoeGhtQXF5RHVzV0c4TDJCdWJ4RnA2QnlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84ZjM5NDItMTdmNy00OTNjLWJjNmItNGY0ZmU4MDNiMDE1
LzEvdTV0VzJObHV2TFg4LUgzaTdDdFN3WlRNLWZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud54MA0G
CSqGSIb3DQEBCwUAA4IBAQDFYv4gCycdh0qvAdhdhbLbt33JHF6IxfnIEsIgmHKt
GvU0KAeGRUxtY1GMTP3AgTrjyPho9wAEruvG/hNWhwmsmj5a+LahlPWZMUgW6pqv
ztRg3Aabv1Px71sEDdjIKR/78838cL4xV04SPnuQsVQSur1YEfR6V1OihsXFFaQG
EEPlGByV2LG/ifynLYEf2Pa0dGoIcI9f+kFNklkyKPrUzVz7KJRJh6ZzWK3Z/Hv9
6iE6x5bggRPyeiui0Jnvv9AIb1pD20xYeNPJLTNAiaK4cUKtkwymUQWEzi8cL2Md
ewKhUFSOtn1NlvkJ29rBr9UorIl9UAZRMag5SxWY07S8
-----END CERTIFICATE-----