Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/BmYmhagUQ9q_rtxCeXWJy2Ag1WY.roa
File:                     BmYmhagUQ9q_rtxCeXWJy2Ag1WY.roa (raw, json)
Hash identifier:          S0CDxkjEHunaaCBV+8OKTt6vVwl500p3sBwJIxdveSg=
Subject key identifier:   06:66:26:85:A8:14:43:DA:BF:AE:DC:42:79:75:89:CB:60:20:D5:66
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       018CC3B6D126A489FBBE8D9EC3ECA02DF057
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/BmYmhagUQ9q_rtxCeXWJy2Ag1WY.roa
Signing time:             Mon 01 Jan 2024 06:29:47 +0000
ROA not before:           Mon 01 Jan 2024 06:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     11895
IP address blocks:        193.118.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d1:26:a4:89:fb:be:8d:9e:c3:ec:a0:2d:f0:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  1 06:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06662685a81443dabfaedc42797589cb6020d566
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:01:2c:d5:42:99:2f:d2:1e:41:d7:df:f8:3c:
                    1a:20:87:48:9d:d9:a9:02:8c:14:83:68:b1:6d:81:
                    b5:e9:13:ba:01:20:1d:1f:84:a4:96:70:08:da:39:
                    2d:15:01:43:18:aa:f5:5d:59:49:09:b2:81:10:ea:
                    47:72:e1:64:b8:6e:07:c7:39:b6:8b:20:f4:be:0a:
                    3d:6b:58:17:da:63:d9:b9:d3:2e:6b:da:08:59:6b:
                    e5:b0:79:62:6a:96:a6:ec:07:9d:b6:78:d3:98:c1:
                    e4:be:a9:f9:fd:84:c2:9d:00:4e:30:c1:4e:fe:f3:
                    ee:0a:18:30:78:bd:5f:27:6f:12:98:57:49:42:a5:
                    e3:82:ff:a1:c5:52:1b:5b:6d:0b:23:c6:09:59:1c:
                    34:bb:d4:f3:6b:51:74:e8:41:02:b0:e7:73:0d:df:
                    f8:f1:c4:4c:08:a1:c8:e1:47:d8:e4:ed:87:8d:72:
                    e6:08:b7:87:bb:8f:35:38:4e:8b:5a:24:57:34:1c:
                    93:37:40:02:a2:0e:91:ff:64:e2:76:0b:de:0e:5f:
                    e3:83:02:d9:fa:48:2e:cf:4c:dd:ac:96:89:f5:53:
                    3e:64:bb:34:70:98:a0:6c:3a:f8:37:d1:d8:49:16:
                    b7:ea:29:da:13:e9:65:3c:12:e7:63:01:38:5f:64:
                    76:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:66:26:85:A8:14:43:DA:BF:AE:DC:42:79:75:89:CB:60:20:D5:66
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/BmYmhagUQ9q_rtxCeXWJy2Ag1WY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.118.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:3f:bd:31:46:92:70:94:fc:d4:d8:b2:ad:ac:01:17:96:f6:
         c7:99:28:3c:16:a7:c6:8d:b2:23:af:e9:d8:98:16:79:41:d0:
         db:f8:df:ac:4d:43:cc:f9:ff:17:30:d2:c4:ac:5f:18:54:be:
         5d:eb:d6:43:52:6b:3d:a5:1b:0f:ff:fb:f4:ac:b9:89:75:4a:
         5f:3b:c9:74:5f:de:f9:b5:a9:33:4f:ca:90:aa:05:4e:7c:a3:
         72:d0:e0:c3:71:76:a5:85:67:b3:1b:c0:de:6c:91:c3:ba:c1:
         c5:4c:70:85:2a:2d:d3:7c:33:e5:15:4b:ec:7e:d3:a6:7e:b1:
         01:61:9a:57:50:12:80:14:74:bb:59:05:eb:a7:cd:ad:b4:f7:
         c9:85:da:c5:35:2e:3a:f0:35:fe:e5:80:7b:21:c0:06:1c:c7:
         c1:9e:09:40:5f:ab:ad:8d:b6:50:57:2e:f4:ee:33:d6:a8:31:
         43:d8:53:23:65:ef:22:14:10:f3:78:30:8b:d0:5f:a8:39:e5:
         dc:6e:69:bd:9c:82:79:07:21:cb:73:bd:1e:95:d3:f4:05:d6:
         d0:3c:48:81:b2:0e:32:06:82:51:04:ae:2d:86:00:b9:93:86:
         33:73:17:04:a0:ac:63:7e:f1:84:1a:e6:3e:d3:4d:8f:d2:5e:
         90:c1:fe:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttEmpIn7vo2ew+ygLfBXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjQwMTAxMDYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjY2MjY4NWE4MTQ0M2RhYmZhZWRjNDI3OTc1ODljYjYwMjBkNTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwEs1UKZL9IeQdff+DwaIIdIndmp
AowUg2ixbYG16RO6ASAdH4SklnAI2jktFQFDGKr1XVlJCbKBEOpHcuFkuG4Hxzm2
iyD0vgo9a1gX2mPZudMua9oIWWvlsHliapam7AedtnjTmMHkvqn5/YTCnQBOMMFO
/vPuChgweL1fJ28SmFdJQqXjgv+hxVIbW20LI8YJWRw0u9Tza1F06EECsOdzDd/4
8cRMCKHI4UfY5O2HjXLmCLeHu481OE6LWiRXNByTN0ACog6R/2TidgveDl/jgwLZ
+kguz0zdrJaJ9VM+ZLs0cJigbDr4N9HYSRa36inaE+llPBLnYwE4X2R2lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZmJoWoFEPav67cQnl1ictgINVmMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvQm1ZbWhhZ1VROXFfcnR4Q2VYV0p5MkFnMVdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXamMA0G
CSqGSIb3DQEBCwUAA4IBAQBrP70xRpJwlPzU2LKtrAEXlvbHmSg8FqfGjbIjr+nY
mBZ5QdDb+N+sTUPM+f8XMNLErF8YVL5d69ZDUms9pRsP//v0rLmJdUpfO8l0X975
takzT8qQqgVOfKNy0ODDcXalhWezG8DebJHDusHFTHCFKi3TfDPlFUvsftOmfrEB
YZpXUBKAFHS7WQXrp82ttPfJhdrFNS468DX+5YB7IcAGHMfBnglAX6utjbZQVy70
7jPWqDFD2FMjZe8iFBDzeDCL0F+oOeXcbmm9nIJ5ByHLc70eldP0BdbQPEiBsg4y
BoJRBK4thgC5k4YzcxcEoKxjfvGEGuY+002P0l6Qwf5z
-----END CERTIFICATE-----