Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/252968-b8ba-4e19-84d7-3228286da601/1/BqifMvFhxEjzHqr3r2YZFMXU5pM.roa
File:                     BqifMvFhxEjzHqr3r2YZFMXU5pM.roa (raw, json)
Hash identifier:          6RcmiG2ucMhVXzs8K8ncecsMQOsijemSsWH9VrQg8n4=
Subject key identifier:   06:A8:9F:32:F1:61:C4:48:F3:1E:AA:F7:AF:66:19:14:C5:D4:E6:93
Certificate issuer:       /CN=5056c750840fe5c0103a7f51022c7ceea8fe969b
Certificate serial:       018F31A0BB02912CD61F30A7DF51A2EC93CE
Authority key identifier: 50:56:C7:50:84:0F:E5:C0:10:3A:7F:51:02:2C:7C:EE:A8:FE:96:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UFbHUIQP5cAQOn9RAix87qj-lps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/252968-b8ba-4e19-84d7-3228286da601/1/BqifMvFhxEjzHqr3r2YZFMXU5pM.roa
Signing time:             Wed 01 May 2024 00:49:28 +0000
ROA not before:           Wed 01 May 2024 00:49:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206260
IP address blocks:        37.18.64.0/21 maxlen: 24
                          46.227.192.0/21 maxlen: 24
                          185.137.4.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/252968-b8ba-4e19-84d7-3228286da601/1/UFbHUIQP5cAQOn9RAix87qj-lps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/252968-b8ba-4e19-84d7-3228286da601/1/UFbHUIQP5cAQOn9RAix87qj-lps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UFbHUIQP5cAQOn9RAix87qj-lps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:31:a0:bb:02:91:2c:d6:1f:30:a7:df:51:a2:ec:93:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5056c750840fe5c0103a7f51022c7ceea8fe969b
        Validity
            Not Before: May  1 00:49:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06a89f32f161c448f31eaaf7af661914c5d4e693
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:85:ff:1d:65:ad:41:10:85:d3:8f:37:5b:47:
                    18:d2:81:6c:d6:aa:7c:31:42:ee:62:88:62:7f:b7:
                    32:89:57:49:6c:7b:36:2e:85:ac:51:63:9f:32:33:
                    31:62:3f:f0:b3:9b:3f:1c:45:85:b7:c9:48:ec:5b:
                    94:1f:72:34:b1:10:7f:62:24:ec:06:17:12:6c:50:
                    c4:a2:96:19:c7:c8:11:2a:fc:c2:df:ad:dd:90:06:
                    4a:c4:c2:59:18:0b:0f:c7:ec:63:dd:80:d1:da:60:
                    03:c0:7f:fe:b6:4b:66:cf:9c:9f:d2:23:92:cb:bf:
                    c5:97:fb:de:e5:f7:2d:0c:64:45:e2:2e:83:9c:f3:
                    5b:ce:1b:33:59:53:6e:dd:98:1f:e2:27:5d:f0:44:
                    78:50:cd:aa:d1:f1:b6:69:30:35:9d:02:d3:a0:7e:
                    25:8f:9c:6c:7b:32:33:da:99:2a:73:a5:b4:cb:33:
                    b3:b4:c0:0c:af:23:19:6a:cd:aa:4a:e9:3a:d6:fc:
                    dd:7e:b3:a3:81:20:2a:68:3b:2e:57:80:6c:d8:fc:
                    e9:03:d2:80:5d:c5:c9:4e:71:d4:30:08:3a:db:04:
                    4a:14:54:78:ac:60:92:ce:c1:05:3b:ca:30:a1:f5:
                    49:43:ba:f2:28:6b:02:f6:9a:24:e5:2b:af:bb:b5:
                    fe:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:A8:9F:32:F1:61:C4:48:F3:1E:AA:F7:AF:66:19:14:C5:D4:E6:93
            X509v3 Authority Key Identifier:
                keyid:50:56:C7:50:84:0F:E5:C0:10:3A:7F:51:02:2C:7C:EE:A8:FE:96:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UFbHUIQP5cAQOn9RAix87qj-lps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/252968-b8ba-4e19-84d7-3228286da601/1/BqifMvFhxEjzHqr3r2YZFMXU5pM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/252968-b8ba-4e19-84d7-3228286da601/1/UFbHUIQP5cAQOn9RAix87qj-lps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.18.64.0/21
                  46.227.192.0/21
                  185.137.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:7b:1a:f6:59:fe:d6:7a:ee:72:65:ed:20:bd:15:ce:59:7f:
         d1:00:a2:6c:b0:88:2d:3d:a0:d4:2d:79:63:f8:7a:05:67:eb:
         d6:97:01:9c:96:a3:a0:2c:34:7f:db:dd:e5:39:ba:fa:c4:82:
         2f:25:1e:db:d0:a7:83:64:5c:7d:62:ad:22:30:0a:2c:d4:92:
         56:84:73:33:e4:b4:ef:40:87:c3:ed:f5:14:af:09:44:62:14:
         d4:d2:ef:f8:47:fe:a2:5f:12:2f:85:85:01:dd:a8:a2:c5:24:
         f1:0a:fc:c3:91:81:d2:68:61:88:f9:d3:4a:b7:f8:08:03:ae:
         14:7f:48:69:43:5d:54:62:fd:2a:57:4c:3a:01:09:8c:08:da:
         51:3b:ec:90:7f:84:29:e8:77:43:38:66:a4:bf:01:2a:ba:2c:
         a6:17:67:e5:61:52:24:a6:3c:78:c8:97:ff:9d:9a:4c:73:75:
         9f:e1:8e:ea:c2:55:16:e4:29:fe:20:51:08:b7:73:a1:f1:01:
         21:22:c8:9c:83:74:05:49:42:76:d4:b3:97:70:3f:1f:fd:f4:
         d5:f2:92:65:93:b6:93:7d:d3:14:b7:8b:2e:ee:b3:11:30:46:
         50:8d:f1:0a:8a:91:9b:d1:31:7d:00:79:f6:67:3f:63:b4:9c:
         a6:a5:a7:48
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY8xoLsCkSzWHzCn31Gi7JPOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNTZjNzUwODQwZmU1YzAxMDNhN2Y1MTAyMmM3Y2VlYThm
ZTk2OWIwHhcNMjQwNTAxMDA0OTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmE4OWYzMmYxNjFjNDQ4ZjMxZWFhZjdhZjY2MTkxNGM1ZDRlNjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4X/HWWtQRCF0483W0cY0oFs1qp8
MULuYohif7cyiVdJbHs2LoWsUWOfMjMxYj/ws5s/HEWFt8lI7FuUH3I0sRB/YiTs
BhcSbFDEopYZx8gRKvzC363dkAZKxMJZGAsPx+xj3YDR2mADwH/+tktmz5yf0iOS
y7/Fl/ve5fctDGRF4i6DnPNbzhszWVNu3Zgf4idd8ER4UM2q0fG2aTA1nQLToH4l
j5xsezIz2pkqc6W0yzOztMAMryMZas2qSuk61vzdfrOjgSAqaDsuV4Bs2PzpA9KA
XcXJTnHUMAg62wRKFFR4rGCSzsEFO8owofVJQ7ryKGsC9pok5Suvu7X+2wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAaonzLxYcRI8x6q969mGRTF1OaTMB8GA1UdIwQY
MBaAFFBWx1CED+XAEDp/UQIsfO6o/pabMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUZiSFVJUVA1Y0FRT245UkFpeDg3cWotbHBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi8yNTI5NjgtYjhiYS00ZTE5LTg0ZDct
MzIyODI4NmRhNjAxLzEvQnFpZk12Rmh4RWp6SHFyM3IyWVpGTVhVNXBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi8yNTI5NjgtYjhiYS00ZTE5LTg0ZDctMzIyODI4NmRhNjAx
LzEvVUZiSFVJUVA1Y0FRT245UkFpeDg3cWotbHBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDJRJAAwQD
LuPAAwQCuYkEMA0GCSqGSIb3DQEBCwUAA4IBAQAiexr2Wf7Weu5yZe0gvRXOWX/R
AKJssIgtPaDULXlj+HoFZ+vWlwGclqOgLDR/293lObr6xIIvJR7b0KeDZFx9Yq0i
MAos1JJWhHMz5LTvQIfD7fUUrwlEYhTU0u/4R/6iXxIvhYUB3aiixSTxCvzDkYHS
aGGI+dNKt/gIA64Uf0hpQ11UYv0qV0w6AQmMCNpRO+yQf4Qp6HdDOGakvwEquiym
F2flYVIkpjx4yJf/nZpMc3Wf4Y7qwlUW5Cn+IFEIt3Oh8QEhIsicg3QFSUJ21LOX
cD8f/fTV8pJlk7aTfdMUt4su7rMRMEZQjfEKipGb0TF9AHn2Zz9jtJympadI
-----END CERTIFICATE-----