Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/BjGl9Q72g_Ec259If-Jk56BpizQ.roa
File:                     BjGl9Q72g_Ec259If-Jk56BpizQ.roa (raw, json)
Hash identifier:          ZmMAA1yu7c6D1XkjZod31MG9U+mujHQhvFcz7QsWW3s=
Subject key identifier:   06:31:A5:F5:0E:F6:83:F1:1C:DB:9F:48:7F:E2:64:E7:A0:69:8B:34
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       01951D3402F7AB4CF06050A05A990E72FBC6
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/BjGl9Q72g_Ec259If-Jk56BpizQ.roa
Signing time:             Wed 19 Feb 2025 07:55:02 +0000
ROA not before:           Wed 19 Feb 2025 07:55:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4826
IP address blocks:        212.69.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 06:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:1d:34:02:f7:ab:4c:f0:60:50:a0:5a:99:0e:72:fb:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Feb 19 07:55:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0631a5f50ef683f11cdb9f487fe264e7a0698b34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a0:14:3f:33:cc:87:8b:7c:bd:7a:67:bc:10:
                    b8:e4:26:d7:c9:71:74:7c:f2:ae:41:2f:66:67:3d:
                    5a:f3:a9:f3:2a:59:22:ca:aa:f6:46:4f:e0:53:5b:
                    0f:9e:46:20:fc:78:f4:a5:44:c9:09:0c:03:19:45:
                    8e:57:eb:f0:e9:9e:28:ba:83:8f:15:ee:6b:78:23:
                    18:d3:08:c1:09:be:58:19:c3:6e:be:76:28:e1:4b:
                    a0:fa:2c:ec:6d:53:e1:e8:65:5a:84:bf:62:f9:a8:
                    f1:45:0a:d3:13:12:2b:f2:54:9c:47:3a:23:f1:45:
                    27:59:d2:ca:48:63:2e:d0:33:df:2d:cd:c5:bb:98:
                    b8:f4:b1:22:c2:6f:b9:2d:5c:08:80:a0:07:55:99:
                    16:d8:2c:ea:27:9b:f4:97:ea:d2:49:02:7f:f9:17:
                    13:33:fb:fa:ba:52:d6:1b:8a:6b:5a:35:8e:ee:a5:
                    f6:1e:67:a2:46:81:68:f6:a5:4a:d6:59:e8:40:b5:
                    7c:8b:e9:37:5d:1a:67:8e:a2:1c:0b:fb:3a:2d:6d:
                    c6:46:21:6f:4d:42:a5:d4:3f:3a:7a:b6:ab:db:da:
                    11:50:ea:b7:ad:3a:33:9e:ba:b8:6a:dc:80:51:18:
                    30:55:9a:13:fd:55:b4:0c:40:9d:f7:62:c6:d7:b2:
                    8f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:31:A5:F5:0E:F6:83:F1:1C:DB:9F:48:7F:E2:64:E7:A0:69:8B:34
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/BjGl9Q72g_Ec259If-Jk56BpizQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.69.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:c7:b5:7d:33:7b:5b:35:50:d7:86:26:84:98:94:65:8b:8a:
         f7:25:df:b8:dc:ea:9e:d3:46:f4:20:a5:32:da:e2:4d:ef:62:
         09:94:dc:6b:ac:9e:33:c1:14:9f:2c:83:0d:8a:52:8e:82:bf:
         e4:b5:e4:4a:f2:ea:23:c8:73:f7:92:43:53:f0:88:c6:e4:24:
         bf:ea:cb:d5:a1:18:2e:f9:bf:d1:76:ae:cb:ca:4a:0a:2b:e6:
         6c:c5:a4:21:92:4b:a2:d1:43:24:06:31:27:3b:20:fd:8c:28:
         59:45:fa:24:9e:20:87:9e:a8:62:58:db:67:8a:3c:e1:fc:19:
         57:06:f0:b7:19:7c:97:76:61:a8:b3:bc:28:a0:e8:34:0e:f3:
         46:6e:bc:1c:54:b8:46:80:c3:19:37:46:cc:c6:23:0f:1e:f9:
         6f:fe:60:47:4b:66:a6:26:0c:3e:00:c3:3d:cc:ce:c9:22:e6:
         ff:58:ba:ff:8b:96:e1:83:21:ef:70:75:08:e9:7a:c4:e3:d6:
         f6:63:ca:c8:f1:f6:a1:2e:d4:25:62:a4:0a:4a:cc:89:41:1d:
         81:17:f0:5d:e9:b2:dd:83:35:4e:6e:e3:c3:62:da:03:ab:f9:
         81:82:f2:25:29:b2:9a:30:e5:4f:44:6b:81:09:38:73:57:99:
         1a:f2:d2:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUdNAL3q0zwYFCgWpkOcvvGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUwMjE5MDc1NTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjMxYTVmNTBlZjY4M2YxMWNkYjlmNDg3ZmUyNjRlN2EwNjk4YjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKAUPzPMh4t8vXpnvBC45CbXyXF0
fPKuQS9mZz1a86nzKlkiyqr2Rk/gU1sPnkYg/Hj0pUTJCQwDGUWOV+vw6Z4ouoOP
Fe5reCMY0wjBCb5YGcNuvnYo4Uug+izsbVPh6GVahL9i+ajxRQrTExIr8lScRzoj
8UUnWdLKSGMu0DPfLc3Fu5i49LEiwm+5LVwIgKAHVZkW2CzqJ5v0l+rSSQJ/+RcT
M/v6ulLWG4prWjWO7qX2HmeiRoFo9qVK1lnoQLV8i+k3XRpnjqIcC/s6LW3GRiFv
TUKl1D86erar29oRUOq3rToznrq4atyAURgwVZoT/VW0DECd92LG17KPBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYxpfUO9oPxHNufSH/iZOegaYs0MB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvQmpHbDlRNzJnX0VjMjU5SWYtSms1NkJwaXpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EUAMA0G
CSqGSIb3DQEBCwUAA4IBAQAax7V9M3tbNVDXhiaEmJRli4r3Jd+43Oqe00b0IKUy
2uJN72IJlNxrrJ4zwRSfLIMNilKOgr/kteRK8uojyHP3kkNT8IjG5CS/6svVoRgu
+b/Rdq7LykoKK+ZsxaQhkkui0UMkBjEnOyD9jChZRfokniCHnqhiWNtnijzh/BlX
BvC3GXyXdmGos7wooOg0DvNGbrwcVLhGgMMZN0bMxiMPHvlv/mBHS2amJgw+AMM9
zM7JIub/WLr/i5bhgyHvcHUI6XrE49b2Y8rI8fahLtQlYqQKSsyJQR2BF/Bd6bLd
gzVObuPDYtoDq/mBgvIlKbKaMOVPRGuBCThzV5ka8tJ3
-----END CERTIFICATE-----