Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/BJFrBBVcMKJNgYHzJl56-Cm2naE.roa
File:                     BJFrBBVcMKJNgYHzJl56-Cm2naE.roa (raw, json)
Hash identifier:          3bxcheZrX+VkjR5lL/H4yn7jSfM5EMisMMEJjXeLqzc=
Subject key identifier:   04:91:6B:04:15:5C:30:A2:4D:81:81:F3:26:5E:7A:F8:29:B6:9D:A1
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       018CC7945867A9E4CE6D856A7D5014A25709
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/BJFrBBVcMKJNgYHzJl56-Cm2naE.roa
Signing time:             Tue 02 Jan 2024 00:30:37 +0000
ROA not before:           Tue 02 Jan 2024 00:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212036
IP address blocks:        2.187.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:58:67:a9:e4:ce:6d:85:6a:7d:50:14:a2:57:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 00:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04916b04155c30a24d8181f3265e7af829b69da1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:15:72:dd:b0:8b:7a:ac:9e:e1:0c:08:e1:5f:
                    4d:a8:07:cb:fe:54:6b:40:32:d2:8b:ec:2c:d4:5e:
                    34:25:6c:dd:91:1c:af:7d:8c:2e:b2:df:62:d1:56:
                    8d:53:37:f3:3d:f1:98:a0:d1:ff:da:2c:48:6d:5a:
                    e7:04:05:69:a3:e7:5d:3d:45:85:38:c3:99:56:09:
                    63:1d:33:e3:ba:9a:db:8b:a3:18:91:a4:73:70:e3:
                    6d:ce:df:ac:72:4d:ce:bc:5e:09:37:fe:a9:a3:ff:
                    ed:ac:bc:e2:90:55:e1:16:54:b4:49:7a:80:df:29:
                    cb:e5:ac:9f:25:54:10:08:78:f5:29:aa:0e:17:c0:
                    a2:fe:a5:c7:1b:12:34:75:41:81:7d:60:a1:bb:0e:
                    2d:89:36:36:9e:56:e0:1e:1f:72:06:aa:64:e6:0b:
                    28:2f:a0:1a:ab:54:53:07:8c:1e:bd:76:df:2f:a5:
                    f5:f4:10:b6:80:0c:14:50:e7:da:89:94:2e:ad:4d:
                    5c:b0:69:24:13:f3:94:d8:1d:b0:19:08:b7:26:dd:
                    b7:1c:16:a0:03:2e:1f:bf:e0:da:7c:a6:4f:8f:3f:
                    6a:06:4c:ed:5d:40:b8:ad:de:dd:90:0b:53:61:b2:
                    f3:85:d2:d9:9f:5a:72:ef:4d:dd:18:3a:ae:73:aa:
                    b2:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:91:6B:04:15:5C:30:A2:4D:81:81:F3:26:5E:7A:F8:29:B6:9D:A1
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/BJFrBBVcMKJNgYHzJl56-Cm2naE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.187.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:a7:d3:5e:99:85:af:8b:5f:c2:5a:8d:f3:39:f2:02:c5:1e:
         3a:b5:d7:31:87:41:05:03:aa:22:b2:f0:fc:b4:59:13:c6:7c:
         2d:7c:43:de:b3:c0:94:d4:e1:ce:14:92:72:f6:96:51:af:e4:
         cd:2c:35:41:e6:fd:d1:65:c9:ec:46:c9:dd:24:38:83:39:e2:
         a5:6b:c1:fa:03:fb:5b:db:fe:01:48:a4:4e:8f:6b:ab:cf:b9:
         24:a3:0b:67:45:0e:65:84:b0:bd:73:5c:f9:14:2f:33:5f:e0:
         fb:b2:0b:02:50:e0:22:93:ea:80:b2:fc:a3:0c:4c:d6:56:76:
         d1:10:f4:87:40:98:fa:6f:06:d3:0b:29:e8:0c:0d:96:b8:91:
         6d:4a:10:26:1e:6f:81:5f:19:1b:03:d3:dc:5f:ea:7d:44:55:
         7d:f0:84:82:36:de:94:26:58:55:b9:96:03:3f:19:cf:d8:0a:
         de:e7:f6:70:21:ef:7a:39:e8:0b:dc:e0:50:74:53:53:1b:d1:
         25:f0:ae:68:68:99:3d:9d:26:58:9a:22:c1:18:a6:94:03:fb:
         b3:69:a6:82:65:4c:e4:72:f0:98:8e:8a:0e:03:a6:b1:7b:f0:
         28:69:0d:6f:d3:8c:83:38:07:86:ca:65:06:6b:03:74:b8:02:
         be:ef:a5:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlFhnqeTObYVqfVAUolcJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjQwMTAyMDAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDkxNmIwNDE1NWMzMGEyNGQ4MTgxZjMyNjVlN2FmODI5YjY5ZGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBVy3bCLeqye4QwI4V9NqAfL/lRr
QDLSi+ws1F40JWzdkRyvfYwust9i0VaNUzfzPfGYoNH/2ixIbVrnBAVpo+ddPUWF
OMOZVgljHTPjuprbi6MYkaRzcONtzt+sck3OvF4JN/6po//trLzikFXhFlS0SXqA
3ynL5ayfJVQQCHj1KaoOF8Ci/qXHGxI0dUGBfWChuw4tiTY2nlbgHh9yBqpk5gso
L6Aaq1RTB4wevXbfL6X19BC2gAwUUOfaiZQurU1csGkkE/OU2B2wGQi3Jt23HBag
Ay4fv+DafKZPjz9qBkztXUC4rd7dkAtTYbLzhdLZn1py703dGDquc6qynwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASRawQVXDCiTYGB8yZeevgptp2hMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvQkpGckJCVmNNS0pOZ1lIekpsNTYtQ20ybmFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAArsOMA0G
CSqGSIb3DQEBCwUAA4IBAQAFp9NemYWvi1/CWo3zOfICxR46tdcxh0EFA6oisvD8
tFkTxnwtfEPes8CU1OHOFJJy9pZRr+TNLDVB5v3RZcnsRsndJDiDOeKla8H6A/tb
2/4BSKROj2urz7kkowtnRQ5lhLC9c1z5FC8zX+D7sgsCUOAik+qAsvyjDEzWVnbR
EPSHQJj6bwbTCynoDA2WuJFtShAmHm+BXxkbA9PcX+p9RFV98ISCNt6UJlhVuZYD
PxnP2Are5/ZwIe96OegL3OBQdFNTG9El8K5oaJk9nSZYmiLBGKaUA/uzaaaCZUzk
cvCYjooOA6axe/AoaQ1v04yDOAeGymUGawN0uAK+76XX
-----END CERTIFICATE-----