Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/eeab9a-d207-4b2e-a525-e823e17bb5cc/1/Bq7jjjmdzOsQUn5jkl9FmuBFTgk.roa
File:                     Bq7jjjmdzOsQUn5jkl9FmuBFTgk.roa (raw, json)
Hash identifier:          vXjEkmBbcIy+WZ4QHDNhMeCcKv1GwkQ3i/MdANBFIds=
Subject key identifier:   06:AE:E3:8E:39:9D:CC:EB:10:52:7E:63:92:5F:45:9A:E0:45:4E:09
Certificate issuer:       /CN=bccd52a6a7f957171b15f7be5e20916428369401
Certificate serial:       018FBFC5BBDE645E1EFD4D710A6004878DC4
Authority key identifier: BC:CD:52:A6:A7:F9:57:17:1B:15:F7:BE:5E:20:91:64:28:36:94:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vM1Spqf5VxcbFfe-XiCRZCg2lAE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/eeab9a-d207-4b2e-a525-e823e17bb5cc/1/Bq7jjjmdzOsQUn5jkl9FmuBFTgk.roa
Signing time:             Tue 28 May 2024 15:15:57 +0000
ROA not before:           Tue 28 May 2024 15:15:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7029
IP address blocks:        217.140.64.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/eeab9a-d207-4b2e-a525-e823e17bb5cc/1/vM1Spqf5VxcbFfe-XiCRZCg2lAE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/eeab9a-d207-4b2e-a525-e823e17bb5cc/1/vM1Spqf5VxcbFfe-XiCRZCg2lAE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vM1Spqf5VxcbFfe-XiCRZCg2lAE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 06:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:bf:c5:bb:de:64:5e:1e:fd:4d:71:0a:60:04:87:8d:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bccd52a6a7f957171b15f7be5e20916428369401
        Validity
            Not Before: May 28 15:15:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06aee38e399dcceb10527e63925f459ae0454e09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:25:a6:1e:99:5d:23:82:fa:e5:01:5f:cd:c0:
                    7a:4b:8d:1c:45:5c:76:62:eb:24:0d:6d:61:f0:09:
                    23:0d:ae:ff:fa:e3:90:eb:ab:7d:9a:13:32:e2:e8:
                    74:57:2d:12:9c:e9:98:6e:e7:ce:19:9a:95:1c:68:
                    39:77:90:f5:51:c9:48:48:74:ac:80:00:02:20:1f:
                    33:4b:ad:b7:47:dd:bd:ea:3b:26:11:45:90:db:6d:
                    99:c2:44:b8:89:50:c5:85:6e:41:ec:bc:61:8c:dd:
                    93:7a:9e:ac:f2:f6:b2:dc:60:30:3b:0b:82:05:dc:
                    0b:31:80:9c:19:dd:f9:b7:b8:81:72:96:8d:f0:e8:
                    8e:d6:0d:80:77:ce:4a:9a:d3:19:30:17:bc:a5:ec:
                    ad:2e:ad:78:f3:c7:6f:49:44:5b:b4:bd:84:7a:59:
                    ac:79:ca:65:25:82:9d:fd:e1:c8:22:92:71:67:3b:
                    9b:92:02:2a:4e:2c:68:b1:1e:63:a6:6b:7d:4d:00:
                    9c:5b:cb:1d:91:6d:00:4a:7f:ed:ff:7a:cf:3a:ba:
                    32:32:c7:73:38:25:ed:7c:b6:23:1b:d9:3e:1c:30:
                    b8:01:12:f5:f4:37:9c:df:3c:24:8a:40:6c:88:89:
                    c7:88:61:6b:13:e1:35:ab:75:44:e0:44:e6:45:f4:
                    56:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:AE:E3:8E:39:9D:CC:EB:10:52:7E:63:92:5F:45:9A:E0:45:4E:09
            X509v3 Authority Key Identifier:
                keyid:BC:CD:52:A6:A7:F9:57:17:1B:15:F7:BE:5E:20:91:64:28:36:94:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vM1Spqf5VxcbFfe-XiCRZCg2lAE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/eeab9a-d207-4b2e-a525-e823e17bb5cc/1/Bq7jjjmdzOsQUn5jkl9FmuBFTgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/eeab9a-d207-4b2e-a525-e823e17bb5cc/1/vM1Spqf5VxcbFfe-XiCRZCg2lAE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.140.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         94:b9:7b:b2:7d:9d:0e:0c:c0:49:16:c7:d1:6a:27:3e:6a:94:
         e8:1d:e1:33:c9:c5:00:11:81:f8:dc:72:d3:b1:e1:a2:45:09:
         ee:26:17:3d:0c:7b:c4:d0:2c:86:a7:39:95:00:9e:f6:93:96:
         3a:a6:44:e8:bc:9d:eb:6b:99:9e:9f:77:c9:bc:e1:3e:f3:3c:
         e7:71:eb:63:86:0d:02:8c:50:4f:58:4c:f0:4b:88:7b:a4:01:
         9b:11:1a:1c:f0:b6:d1:6e:b8:8c:46:82:d3:df:0f:49:72:d1:
         80:bf:9e:62:a5:30:7e:c5:6d:b6:18:03:10:e9:e5:ec:54:ad:
         d1:f0:fc:c4:79:f2:d6:eb:d5:cc:bc:61:75:42:3f:da:d5:d4:
         72:c5:32:4d:85:10:91:90:f4:fc:79:9b:f9:1e:d7:44:bb:52:
         e7:c4:08:43:d0:bb:d3:ea:db:51:52:9c:2a:b8:69:64:2a:80:
         64:27:45:28:f1:79:47:30:c9:62:7f:61:39:12:b8:bb:d8:cd:
         da:3d:c3:37:77:67:7a:ba:54:1c:35:b3:0d:20:ce:13:c6:95:
         cf:80:2d:2d:5e:e0:4f:28:7a:5b:8e:bc:cd:42:94:48:0c:fc:
         2a:6c:2d:ce:11:a8:d1:82:a6:ed:8c:5d:7a:65:ba:21:87:82:
         aa:50:d1:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+/xbveZF4e/U1xCmAEh43EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjY2Q1MmE2YTdmOTU3MTcxYjE1ZjdiZTVlMjA5MTY0Mjgz
Njk0MDEwHhcNMjQwNTI4MTUxNTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmFlZTM4ZTM5OWRjY2ViMTA1MjdlNjM5MjVmNDU5YWUwNDU0ZTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5SWmHpldI4L65QFfzcB6S40cRVx2
YuskDW1h8AkjDa7/+uOQ66t9mhMy4uh0Vy0SnOmYbufOGZqVHGg5d5D1UclISHSs
gAACIB8zS623R9296jsmEUWQ222ZwkS4iVDFhW5B7LxhjN2Tep6s8vay3GAwOwuC
BdwLMYCcGd35t7iBcpaN8OiO1g2Ad85KmtMZMBe8peytLq1488dvSURbtL2Eelms
ecplJYKd/eHIIpJxZzubkgIqTixosR5jpmt9TQCcW8sdkW0ASn/t/3rPOroyMsdz
OCXtfLYjG9k+HDC4ARL19Dec3zwkikBsiInHiGFrE+E1q3VE4ETmRfRW2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAau4445nczrEFJ+Y5JfRZrgRU4JMB8GA1UdIwQY
MBaAFLzNUqan+VcXGxX3vl4gkWQoNpQBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdk0xU3BxZjVWeGNiRmZlLVhpQ1JaQ2cybEFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9lZWFiOWEtZDIwNy00YjJlLWE1MjUt
ZTgyM2UxN2JiNWNjLzEvQnE3ampqbWR6T3NRVW41amtsOUZtdUJGVGdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9lZWFiOWEtZDIwNy00YjJlLWE1MjUtZTgyM2UxN2JiNWNj
LzEvdk0xU3BxZjVWeGNiRmZlLVhpQ1JaQ2cybEFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2YxAMA0G
CSqGSIb3DQEBCwUAA4IBAQCUuXuyfZ0ODMBJFsfRaic+apToHeEzycUAEYH43HLT
seGiRQnuJhc9DHvE0CyGpzmVAJ72k5Y6pkTovJ3ra5men3fJvOE+8zzncetjhg0C
jFBPWEzwS4h7pAGbERoc8LbRbriMRoLT3w9JctGAv55ipTB+xW22GAMQ6eXsVK3R
8PzEefLW69XMvGF1Qj/a1dRyxTJNhRCRkPT8eZv5HtdEu1LnxAhD0LvT6ttRUpwq
uGlkKoBkJ0Uo8XlHMMlif2E5Eri72M3aPcM3d2d6ulQcNbMNIM4TxpXPgC0tXuBP
KHpbjrzNQpRIDPwqbC3OEajRgqbtjF16Zbohh4KqUNEY
-----END CERTIFICATE-----