Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/BvY09_XQYuRAkdslJQJQ-3dirXU.roa
File:                     BvY09_XQYuRAkdslJQJQ-3dirXU.roa (raw, json)
Hash identifier:          DXX9p9v6N5uhntKUjy+ycbbgjduPB5GXpNdFxvvZeOI=
Subject key identifier:   06:F6:34:F7:F5:D0:62:E4:40:91:DB:25:25:02:50:FB:77:62:AD:75
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       019301AAF6B913441DED67118ECE091E49BA
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/BvY09_XQYuRAkdslJQJQ-3dirXU.roa
Signing time:             Wed 06 Nov 2024 13:30:01 +0000
ROA not before:           Wed 06 Nov 2024 13:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204300
IP address blocks:        94.131.28.0/22 maxlen: 22
                          95.164.196.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:01:aa:f6:b9:13:44:1d:ed:67:11:8e:ce:09:1e:49:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Nov  6 13:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06f634f7f5d062e44091db25250250fb7762ad75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:a9:8a:de:d9:0b:1b:e2:64:40:80:7d:5f:7a:
                    07:cc:16:31:32:4c:5f:5a:9b:5e:0c:42:76:47:09:
                    15:fd:f0:d1:9f:3d:b2:e5:dd:e0:91:5e:6d:98:a0:
                    ce:6d:6a:af:b2:6c:b9:02:11:05:00:37:0d:44:29:
                    43:07:e2:e4:7a:07:df:cb:fc:3a:75:6a:52:43:d5:
                    fc:b1:0d:1d:4d:f7:fe:a1:d4:36:50:06:f9:d0:83:
                    b7:56:de:62:d1:c0:29:3f:bf:8a:7c:f7:73:18:2d:
                    b4:27:cf:9f:41:21:9e:4d:87:dc:ee:8f:f9:05:e0:
                    a2:18:16:8d:5d:36:9f:d4:c8:5f:29:97:98:c7:8b:
                    e6:ff:2b:7d:8b:81:97:98:b4:6f:f8:d5:69:b1:90:
                    0b:69:8a:fe:72:72:3d:62:31:73:82:3f:2d:d7:f4:
                    6e:e3:cf:b4:ea:da:f9:4b:45:85:12:51:4d:55:1d:
                    18:49:cf:63:18:b5:4b:af:86:9e:26:53:f9:bb:84:
                    4d:13:2b:f0:50:0c:77:59:10:1d:8f:a8:7e:80:55:
                    28:56:ba:06:95:75:e8:8c:3b:e6:e1:eb:2f:21:32:
                    1e:fd:9a:57:c7:9d:5e:e8:18:2c:4f:9a:92:89:63:
                    5a:ae:4c:a8:b5:70:c9:55:90:7e:7e:90:30:cc:e9:
                    6c:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:F6:34:F7:F5:D0:62:E4:40:91:DB:25:25:02:50:FB:77:62:AD:75
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/BvY09_XQYuRAkdslJQJQ-3dirXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.28.0/22
                  95.164.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:94:dc:9a:c0:7c:8a:54:3e:38:97:3e:e2:3e:50:59:c6:9e:
         dd:84:cd:b9:c4:62:d9:f8:80:8f:23:c8:ee:21:28:30:d0:18:
         2e:31:fd:87:53:ec:96:c4:10:31:31:64:f9:ee:a7:d8:0c:5b:
         da:cc:76:e0:e4:6f:04:49:b8:01:62:53:b7:5e:0c:25:64:f3:
         61:76:e7:b3:54:a5:e4:a7:3f:67:75:75:0a:77:33:09:6c:df:
         33:54:3b:82:20:2d:64:16:90:68:51:7e:5a:25:67:bd:d7:e1:
         8b:33:c6:53:97:3e:3b:52:03:74:c8:1e:fa:a3:23:74:74:e8:
         1d:c8:e4:f0:82:9f:6e:00:86:49:17:a5:71:de:6c:8e:12:a2:
         b6:2f:61:26:7d:33:a4:bf:4a:64:a2:45:d2:85:54:0d:c0:e2:
         28:99:78:a1:88:1e:37:29:1e:41:da:0c:46:5d:db:cb:1e:43:
         b1:cd:66:a8:d5:f4:e3:7f:5c:c2:4e:68:66:dd:b1:97:1b:bc:
         9f:cd:af:ff:21:5d:e3:96:e2:c2:01:94:a4:32:2d:4a:21:7a:
         0b:1a:05:5d:ae:e9:0c:29:34:d8:1b:44:58:ed:11:41:fc:d5:
         e3:54:74:1d:27:cd:14:79:8e:b2:ee:4b:5a:73:35:3c:f8:c9:
         1a:ac:9a:dc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZMBqva5E0Qd7WcRjs4JHkm6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQxMTA2MTMzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmY2MzRmN2Y1ZDA2MmU0NDA5MWRiMjUyNTAyNTBmYjc3NjJhZDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qmK3tkLG+JkQIB9X3oHzBYxMkxf
WpteDEJ2RwkV/fDRnz2y5d3gkV5tmKDObWqvsmy5AhEFADcNRClDB+Lkegffy/w6
dWpSQ9X8sQ0dTff+odQ2UAb50IO3Vt5i0cApP7+KfPdzGC20J8+fQSGeTYfc7o/5
BeCiGBaNXTaf1MhfKZeYx4vm/yt9i4GXmLRv+NVpsZALaYr+cnI9YjFzgj8t1/Ru
48+06tr5S0WFElFNVR0YSc9jGLVLr4aeJlP5u4RNEyvwUAx3WRAdj6h+gFUoVroG
lXXojDvm4esvITIe/ZpXx51e6BgsT5qSiWNarkyotXDJVZB+fpAwzOlsswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAb2NPf10GLkQJHbJSUCUPt3Yq11MB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvQnZZMDlfWFFZdVJBa2RzbEpRSlEtM2RpclhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXoMcAwQC
X6TEMA0GCSqGSIb3DQEBCwUAA4IBAQA5lNyawHyKVD44lz7iPlBZxp7dhM25xGLZ
+ICPI8juISgw0BguMf2HU+yWxBAxMWT57qfYDFvazHbg5G8ESbgBYlO3XgwlZPNh
duezVKXkpz9ndXUKdzMJbN8zVDuCIC1kFpBoUX5aJWe91+GLM8ZTlz47UgN0yB76
oyN0dOgdyOTwgp9uAIZJF6Vx3myOEqK2L2EmfTOkv0pkokXShVQNwOIomXihiB43
KR5B2gxGXdvLHkOxzWao1fTjf1zCTmhm3bGXG7yfza//IV3jluLCAZSkMi1KIXoL
GgVdrukMKTTYG0RY7RFB/NXjVHQdJ80UeY6y7ktaczU8+MkarJrc
-----END CERTIFICATE-----