Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/4702d8-3eaf-4d7b-a3fe-d89758cad22a/1/BxFWtZtCzOYxmbMDMZagNLSbpXw.roa
File:                     BxFWtZtCzOYxmbMDMZagNLSbpXw.roa (raw, json)
Hash identifier:          Pp91AyTBs6bvCF1wnmXCBO/jGcWG6utUwhI6GM9iOQg=
Subject key identifier:   07:11:56:B5:9B:42:CC:E6:31:99:B3:03:31:96:A0:34:B4:9B:A5:7C
Certificate issuer:       /CN=d2c7886641ee101bc7b295fd86f1923fc283f3d0
Certificate serial:       018CC3B72AF6AA8AC9C40BAE86D79C48EC37
Authority key identifier: D2:C7:88:66:41:EE:10:1B:C7:B2:95:FD:86:F1:92:3F:C2:83:F3:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0seIZkHuEBvHspX9hvGSP8KD89A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/4702d8-3eaf-4d7b-a3fe-d89758cad22a/1/BxFWtZtCzOYxmbMDMZagNLSbpXw.roa
Signing time:             Mon 01 Jan 2024 06:30:10 +0000
ROA not before:           Mon 01 Jan 2024 06:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        185.119.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/4702d8-3eaf-4d7b-a3fe-d89758cad22a/1/0seIZkHuEBvHspX9hvGSP8KD89A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/4702d8-3eaf-4d7b-a3fe-d89758cad22a/1/0seIZkHuEBvHspX9hvGSP8KD89A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0seIZkHuEBvHspX9hvGSP8KD89A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 15:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:2a:f6:aa:8a:c9:c4:0b:ae:86:d7:9c:48:ec:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2c7886641ee101bc7b295fd86f1923fc283f3d0
        Validity
            Not Before: Jan  1 06:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=071156b59b42cce63199b3033196a034b49ba57c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:70:26:9c:91:35:e2:ca:7d:65:f6:ec:bc:ab:
                    d3:8e:d6:a3:64:00:58:fb:ce:49:e2:03:22:06:dc:
                    cd:dc:45:1f:88:6a:96:75:33:31:40:fc:68:47:dc:
                    f0:ff:72:16:3c:0b:fd:77:11:76:51:f2:73:4b:7a:
                    09:c5:fe:ed:c5:f1:6a:00:86:3a:f9:8d:a9:b9:f9:
                    b9:14:97:ad:53:8b:06:d0:ee:f7:cb:be:0a:03:a9:
                    ad:74:44:9a:5d:c5:88:f8:fc:fd:e4:81:a0:60:3f:
                    52:8f:3a:cb:33:ae:3c:ef:e6:16:eb:24:72:b9:4d:
                    38:7a:1a:c2:20:a7:71:40:75:8a:96:9d:38:92:7f:
                    39:ee:55:56:a3:33:91:dc:f8:b7:18:22:39:64:f8:
                    47:56:94:a3:a1:3f:44:c6:9e:f6:ec:d1:16:77:c6:
                    59:94:c9:7c:74:69:87:7b:62:74:01:f2:ce:fa:6f:
                    da:30:6c:bd:1c:80:bf:77:8a:61:b5:3d:9b:ea:03:
                    f3:71:7a:d8:7e:63:0a:8b:3c:29:c7:89:c3:dd:88:
                    c2:3e:68:fa:48:42:4d:17:4b:90:2b:8e:10:5b:be:
                    52:1d:5a:20:3d:d3:11:ee:d1:a0:ce:e3:93:41:3d:
                    22:e7:3a:5b:99:46:1c:40:c2:ee:60:2b:32:d2:80:
                    c4:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:11:56:B5:9B:42:CC:E6:31:99:B3:03:31:96:A0:34:B4:9B:A5:7C
            X509v3 Authority Key Identifier:
                keyid:D2:C7:88:66:41:EE:10:1B:C7:B2:95:FD:86:F1:92:3F:C2:83:F3:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0seIZkHuEBvHspX9hvGSP8KD89A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/4702d8-3eaf-4d7b-a3fe-d89758cad22a/1/BxFWtZtCzOYxmbMDMZagNLSbpXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/4702d8-3eaf-4d7b-a3fe-d89758cad22a/1/0seIZkHuEBvHspX9hvGSP8KD89A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:70:8c:8d:47:28:6f:be:86:63:07:dd:ed:5a:70:7c:f3:31:
         ec:53:a5:82:70:97:3b:bd:30:84:5c:88:91:2f:e4:02:29:0b:
         67:cf:19:46:a4:9e:45:c7:a0:f4:fd:90:16:a3:d5:8b:53:41:
         43:c3:a6:e4:95:68:cd:ad:e8:7c:3e:44:4f:96:73:5a:9b:a8:
         14:f7:cf:c7:97:58:57:04:ae:8b:af:bf:54:33:a2:b5:56:6b:
         a2:fe:c2:d0:3a:a1:af:58:0c:65:43:e8:e4:e6:ff:ec:07:ad:
         7c:21:96:12:1f:2a:98:33:04:56:9f:3c:cd:e3:82:fe:b8:48:
         e1:53:77:fa:36:07:d9:da:83:22:9d:79:c7:ed:6b:5b:e0:ba:
         03:7a:55:fb:15:9a:e9:f9:f8:2e:63:a4:19:36:db:0c:b2:cf:
         a2:66:6a:35:9d:53:5a:6d:f9:04:58:39:4e:af:ab:79:60:56:
         2c:84:16:18:24:31:d9:e0:7c:f6:fc:28:35:3e:6d:ed:f4:f6:
         00:ff:0a:c1:62:b4:33:c8:af:67:28:50:a6:a5:f1:26:f7:ac:
         73:0e:a1:87:75:77:1f:f9:4c:92:40:f9:08:80:8e:10:18:10:
         b4:7b:1b:ee:c6:a0:3a:3d:95:d4:ba:c9:65:5b:6b:d5:d6:0b:
         71:88:2f:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyr2qorJxAuuhtecSOw3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyYzc4ODY2NDFlZTEwMWJjN2IyOTVmZDg2ZjE5MjNmYzI4
M2YzZDAwHhcNMjQwMTAxMDYzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzExNTZiNTliNDJjY2U2MzE5OWIzMDMzMTk2YTAzNGI0OWJhNTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlXAmnJE14sp9ZfbsvKvTjtajZABY
+85J4gMiBtzN3EUfiGqWdTMxQPxoR9zw/3IWPAv9dxF2UfJzS3oJxf7txfFqAIY6
+Y2pufm5FJetU4sG0O73y74KA6mtdESaXcWI+Pz95IGgYD9SjzrLM6487+YW6yRy
uU04ehrCIKdxQHWKlp04kn857lVWozOR3Pi3GCI5ZPhHVpSjoT9Exp727NEWd8ZZ
lMl8dGmHe2J0AfLO+m/aMGy9HIC/d4phtT2b6gPzcXrYfmMKizwpx4nD3YjCPmj6
SEJNF0uQK44QW75SHVogPdMR7tGgzuOTQT0i5zpbmUYcQMLuYCsy0oDEgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAcRVrWbQszmMZmzAzGWoDS0m6V8MB8GA1UdIwQY
MBaAFNLHiGZB7hAbx7KV/Ybxkj/Cg/PQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHNlSVprSHVFQnZIc3BYOWh2R1NQOEtEODlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy80NzAyZDgtM2VhZi00ZDdiLWEzZmUt
ZDg5NzU4Y2FkMjJhLzEvQnhGV3RadEN6T1l4bWJNRE1aYWdOTFNicFh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy80NzAyZDgtM2VhZi00ZDdiLWEzZmUtZDg5NzU4Y2FkMjJh
LzEvMHNlSVprSHVFQnZIc3BYOWh2R1NQOEtEODlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXfEMA0G
CSqGSIb3DQEBCwUAA4IBAQClcIyNRyhvvoZjB93tWnB88zHsU6WCcJc7vTCEXIiR
L+QCKQtnzxlGpJ5Fx6D0/ZAWo9WLU0FDw6bklWjNreh8PkRPlnNam6gU98/Hl1hX
BK6Lr79UM6K1Vmui/sLQOqGvWAxlQ+jk5v/sB618IZYSHyqYMwRWnzzN44L+uEjh
U3f6NgfZ2oMinXnH7Wtb4LoDelX7FZrp+fguY6QZNtsMss+iZmo1nVNabfkEWDlO
r6t5YFYshBYYJDHZ4Hz2/Cg1Pm3t9PYA/wrBYrQzyK9nKFCmpfEm96xzDqGHdXcf
+UySQPkIgI4QGBC0exvuxqA6PZXUusllW2vV1gtxiC+R
-----END CERTIFICATE-----