Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/2818b6-1c13-4724-be92-8cd438b5f260/1/BgbPc-EKt-YNkVit1g_N0KZ0UNQ.roa
File:                     BgbPc-EKt-YNkVit1g_N0KZ0UNQ.roa (raw, json)
Hash identifier:          pK93oIvu+LY220BpS2TbRn89Sky1WF5kMybQDnkqTdQ=
Subject key identifier:   06:06:CF:73:E1:0A:B7:E6:0D:91:58:AD:D6:0F:CD:D0:A6:74:50:D4
Certificate issuer:       /CN=c613276cbca6793c33457a9bf22fc10b382301f4
Certificate serial:       018CC86F0CF9D8F413689EC5B09FC8AD2F6C
Authority key identifier: C6:13:27:6C:BC:A6:79:3C:33:45:7A:9B:F2:2F:C1:0B:38:23:01:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhMnbLymeTwzRXqb8i_BCzgjAfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/2818b6-1c13-4724-be92-8cd438b5f260/1/BgbPc-EKt-YNkVit1g_N0KZ0UNQ.roa
Signing time:             Tue 02 Jan 2024 04:29:30 +0000
ROA not before:           Tue 02 Jan 2024 04:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208844
IP address blocks:        45.82.128.0/24 maxlen: 24
                          2a13:fe40::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/2818b6-1c13-4724-be92-8cd438b5f260/1/xhMnbLymeTwzRXqb8i_BCzgjAfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/2818b6-1c13-4724-be92-8cd438b5f260/1/xhMnbLymeTwzRXqb8i_BCzgjAfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhMnbLymeTwzRXqb8i_BCzgjAfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:0c:f9:d8:f4:13:68:9e:c5:b0:9f:c8:ad:2f:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c613276cbca6793c33457a9bf22fc10b382301f4
        Validity
            Not Before: Jan  2 04:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0606cf73e10ab7e60d9158add60fcdd0a67450d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a6:4e:cc:16:d5:f6:df:7b:ed:11:7d:27:19:
                    8b:75:4c:d7:0f:fe:9d:a8:98:c6:0d:12:e8:c6:cd:
                    78:9e:74:2c:52:eb:85:d1:97:cf:cb:ac:2f:86:0f:
                    5f:a3:e4:d7:4b:5b:9f:f3:b1:57:23:4c:b5:6f:73:
                    f8:10:0e:4f:b1:c5:38:fd:e3:e4:f4:ef:1e:c3:77:
                    13:03:45:1f:72:cc:3e:5a:99:79:53:3b:31:f8:d7:
                    fe:82:f3:04:55:5f:39:85:50:2c:95:4c:b4:75:33:
                    50:1b:a1:2e:08:65:e1:be:ee:69:d3:21:4e:93:55:
                    a8:02:67:da:57:c2:55:8a:9b:6c:c2:10:e9:ad:89:
                    4a:b4:12:66:d6:b4:ac:38:6e:b0:c2:13:af:54:c8:
                    16:8b:95:70:97:f8:3e:9b:0f:a7:b5:88:df:4e:c6:
                    15:46:5a:d2:95:59:42:cf:7b:16:17:87:57:a1:11:
                    3e:c0:ce:81:3c:28:40:ab:0d:64:7e:8a:52:56:d3:
                    c4:4c:36:b1:c4:0f:96:76:e7:1d:4c:c1:77:2c:4b:
                    f6:00:b2:fc:0e:65:f5:a4:14:98:da:35:c5:90:84:
                    91:0d:f7:6d:f1:30:8e:0c:b5:da:a9:92:1a:53:cc:
                    17:41:a6:73:13:22:d8:69:c2:7d:95:bc:7f:5a:bd:
                    04:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:06:CF:73:E1:0A:B7:E6:0D:91:58:AD:D6:0F:CD:D0:A6:74:50:D4
            X509v3 Authority Key Identifier:
                keyid:C6:13:27:6C:BC:A6:79:3C:33:45:7A:9B:F2:2F:C1:0B:38:23:01:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhMnbLymeTwzRXqb8i_BCzgjAfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/2818b6-1c13-4724-be92-8cd438b5f260/1/BgbPc-EKt-YNkVit1g_N0KZ0UNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/2818b6-1c13-4724-be92-8cd438b5f260/1/xhMnbLymeTwzRXqb8i_BCzgjAfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.128.0/24
                IPv6:
                  2a13:fe40::/33

    Signature Algorithm: sha256WithRSAEncryption
         c4:bc:03:9c:1c:55:44:4d:e9:2e:81:36:d2:cf:4a:91:d3:20:
         c0:d5:73:21:fc:4f:b6:cc:8c:a6:54:d7:6e:b6:a0:3f:83:df:
         0b:97:3e:30:f9:23:ab:42:c6:6a:77:0b:30:f5:4d:fe:a5:33:
         f6:fc:fe:44:6c:4d:af:40:64:01:e2:0d:36:de:08:5a:37:37:
         ea:59:ba:ff:cf:ec:57:04:a0:68:d7:97:1f:c0:ad:30:67:7b:
         01:75:bc:a2:5a:0b:f5:b5:ec:74:80:13:bf:54:e9:bd:0d:6f:
         10:4c:4f:8c:b1:b5:44:ba:a5:e3:4e:18:4c:ac:8a:5f:54:e8:
         d5:28:e0:94:a8:f1:4d:47:14:cd:f6:4a:43:aa:16:82:14:af:
         f9:ff:83:6f:c0:80:97:b1:d6:5d:b0:fe:21:d4:1d:fb:67:fa:
         83:9d:bc:1e:05:95:2c:79:09:5e:12:4e:be:bb:21:ba:39:79:
         17:49:25:6e:39:6d:0a:e2:8b:d9:e8:19:63:5d:90:62:6a:e5:
         ad:28:74:d1:a8:4e:1f:32:a2:8f:1e:3b:e7:7b:99:fc:9c:67:
         19:27:e7:6e:b3:66:03:d5:e3:69:db:c1:77:51:bb:23:a6:06:
         db:c6:b4:32:9d:ad:af:98:3a:d1:bf:0e:03:0a:b8:19:b0:63:
         36:1d:3b:e4
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzIbwz52PQTaJ7FsJ/IrS9sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTMyNzZjYmNhNjc5M2MzMzQ1N2E5YmYyMmZjMTBiMzgy
MzAxZjQwHhcNMjQwMTAyMDQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjA2Y2Y3M2UxMGFiN2U2MGQ5MTU4YWRkNjBmY2RkMGE2NzQ1MGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1KZOzBbV9t977RF9JxmLdUzXD/6d
qJjGDRLoxs14nnQsUuuF0ZfPy6wvhg9fo+TXS1uf87FXI0y1b3P4EA5PscU4/ePk
9O8ew3cTA0Ufcsw+Wpl5Uzsx+Nf+gvMEVV85hVAslUy0dTNQG6EuCGXhvu5p0yFO
k1WoAmfaV8JViptswhDprYlKtBJm1rSsOG6wwhOvVMgWi5Vwl/g+mw+ntYjfTsYV
RlrSlVlCz3sWF4dXoRE+wM6BPChAqw1kfopSVtPETDaxxA+WducdTMF3LEv2ALL8
DmX1pBSY2jXFkISRDfdt8TCODLXaqZIaU8wXQaZzEyLYacJ9lbx/Wr0EJwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFAYGz3PhCrfmDZFYrdYPzdCmdFDUMB8GA1UdIwQY
MBaAFMYTJ2y8pnk8M0V6m/IvwQs4IwH0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhNbmJMeW1lVHd6UlhxYjhpX0JDemdqQWZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8yODE4YjYtMWMxMy00NzI0LWJlOTIt
OGNkNDM4YjVmMjYwLzEvQmdiUGMtRUt0LVlOa1ZpdDFnX04wS1owVU5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8yODE4YjYtMWMxMy00NzI0LWJlOTItOGNkNDM4YjVmMjYw
LzEveGhNbmJMeW1lVHd6UlhxYjhpX0JDemdqQWZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQALVKAMA4E
AgACMAgDBgcqE/5AADANBgkqhkiG9w0BAQsFAAOCAQEAxLwDnBxVRE3pLoE20s9K
kdMgwNVzIfxPtsyMplTXbragP4PfC5c+MPkjq0LGancLMPVN/qUz9vz+RGxNr0Bk
AeINNt4IWjc36lm6/8/sVwSgaNeXH8CtMGd7AXW8oloL9bXsdIATv1TpvQ1vEExP
jLG1RLql404YTKyKX1To1SjglKjxTUcUzfZKQ6oWghSv+f+Db8CAl7HWXbD+IdQd
+2f6g528HgWVLHkJXhJOvrshujl5F0klbjltCuKL2egZY12QYmrlrSh00ahOHzKi
jx4753uZ/JxnGSfnbrNmA9XjadvBd1G7I6YG28a0Mp2tr5g60b8OAwq4GbBjNh07
5A==
-----END CERTIFICATE-----