Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/bXzPu6L2HXchD9ZujQmLXPM_bDM.roa
File:                     bXzPu6L2HXchD9ZujQmLXPM_bDM.roa (raw, json)
Hash identifier:          KqR406WMI/nRws1aNrGcGP+z2vKLl1H8bxnYaFt2+LA=
Subject key identifier:   6D:7C:CF:BB:A2:F6:1D:77:21:0F:D6:6E:8D:09:8B:5C:F3:3F:6C:33
Certificate issuer:       /CN=91381bc969de6adc3d1ddc0eb89bdeeace9805cd
Certificate serial:       019427B690F21C55FC3A7E6640B8101598CE
Authority key identifier: 91:38:1B:C9:69:DE:6A:DC:3D:1D:DC:0E:B8:9B:DE:EA:CE:98:05:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kTgbyWneatw9HdwOuJve6s6YBc0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/bXzPu6L2HXchD9ZujQmLXPM_bDM.roa
Signing time:             Thu 02 Jan 2025 15:51:03 +0000
ROA not before:           Thu 02 Jan 2025 15:51:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28819
IP address blocks:        82.112.168.0/24 maxlen: 24
                          82.112.169.0/24 maxlen: 24
                          82.112.170.0/24 maxlen: 24
                          82.112.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/kTgbyWneatw9HdwOuJve6s6YBc0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/kTgbyWneatw9HdwOuJve6s6YBc0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kTgbyWneatw9HdwOuJve6s6YBc0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:90:f2:1c:55:fc:3a:7e:66:40:b8:10:15:98:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91381bc969de6adc3d1ddc0eb89bdeeace9805cd
        Validity
            Not Before: Jan  2 15:51:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d7ccfbba2f61d77210fd66e8d098b5cf33f6c33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:fc:a2:c7:68:e4:a4:43:52:38:8c:79:f4:f3:
                    88:fb:8f:58:d2:d9:ed:92:ed:8f:78:2d:4e:1b:83:
                    8a:0f:9c:ed:c2:e6:a1:87:5a:80:74:87:88:6b:12:
                    cb:27:5a:ac:de:66:36:5b:20:16:ff:57:00:87:28:
                    c4:26:4c:24:0e:64:30:3b:19:ea:72:53:12:e6:c4:
                    69:c4:f9:28:61:59:e9:be:54:94:d8:55:7d:b3:9a:
                    ad:57:77:c1:1a:bc:dc:6b:99:7f:0d:9f:07:48:f1:
                    b5:23:bf:c9:96:e1:ba:7f:82:db:10:51:39:c9:98:
                    02:ca:e7:83:60:a1:87:e3:c9:a9:76:f4:2b:7a:3e:
                    47:39:40:04:71:47:4f:92:ef:ec:c3:b2:3a:15:98:
                    26:9b:86:29:86:0d:90:3a:76:99:64:53:53:73:2a:
                    3f:90:cc:31:fe:e8:6d:e6:0e:83:84:da:e1:47:6a:
                    c4:16:95:92:64:da:16:50:02:4f:52:da:ab:e6:cc:
                    6b:09:d6:2e:70:8f:6b:5e:0d:1c:bb:21:ae:b4:8f:
                    76:c0:1e:a4:29:61:3b:7a:3a:1c:17:53:5c:b0:d3:
                    fa:67:67:7c:97:14:92:fe:01:9d:b0:a9:7c:87:6c:
                    16:e7:5d:65:79:f0:7f:0e:88:7b:e9:13:a7:a7:f4:
                    c4:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:7C:CF:BB:A2:F6:1D:77:21:0F:D6:6E:8D:09:8B:5C:F3:3F:6C:33
            X509v3 Authority Key Identifier:
                keyid:91:38:1B:C9:69:DE:6A:DC:3D:1D:DC:0E:B8:9B:DE:EA:CE:98:05:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kTgbyWneatw9HdwOuJve6s6YBc0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/bXzPu6L2HXchD9ZujQmLXPM_bDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/kTgbyWneatw9HdwOuJve6s6YBc0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.112.168.0-82.112.170.255
                  82.112.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:29:20:ce:da:ee:28:23:3d:ea:7b:68:d7:a0:07:3c:37:11:
         64:27:eb:4f:97:f0:15:e6:1a:5f:16:61:25:36:d8:47:68:97:
         6b:f4:dd:ee:0b:3d:da:9b:51:02:4c:c5:18:42:c8:c3:3a:07:
         95:5f:65:ea:75:23:86:15:cb:47:54:99:68:43:7a:e3:87:ed:
         df:14:e6:09:27:37:14:c9:4b:98:92:4b:88:43:c5:8b:46:eb:
         4b:4c:76:cd:42:a5:6e:31:6d:76:c2:df:d9:fe:9f:4d:ce:27:
         be:c0:b3:0b:19:ba:ea:de:bd:e4:c6:75:e6:15:59:be:c4:a0:
         3d:f3:ee:f2:63:ed:7d:71:b7:da:62:d7:3d:82:82:25:64:67:
         66:41:12:06:8f:b8:24:47:d2:1b:ec:78:b1:2a:05:8b:6b:09:
         e1:48:32:65:55:c7:09:a5:40:33:2b:fe:c9:22:34:b7:2a:5f:
         00:3c:95:36:76:b2:2c:fc:a5:95:78:c4:c5:69:8a:a0:97:24:
         15:1f:55:3c:19:30:12:15:84:5e:8e:71:dd:e5:fe:e5:11:7b:
         e8:47:e4:d6:6c:31:b0:93:54:c5:43:57:40:ac:62:c9:a6:61:
         11:2b:56:da:39:c9:18:6b:93:a4:6c:06:ef:f8:ae:c5:8c:e2:
         71:1e:85:f7
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQntpDyHFX8On5mQLgQFZjOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxMzgxYmM5NjlkZTZhZGMzZDFkZGMwZWI4OWJkZWVhY2U5
ODA1Y2QwHhcNMjUwMTAyMTU1MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDdjY2ZiYmEyZjYxZDc3MjEwZmQ2NmU4ZDA5OGI1Y2YzM2Y2YzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfyix2jkpENSOIx59POI+49Y0tnt
ku2PeC1OG4OKD5ztwuahh1qAdIeIaxLLJ1qs3mY2WyAW/1cAhyjEJkwkDmQwOxnq
clMS5sRpxPkoYVnpvlSU2FV9s5qtV3fBGrzca5l/DZ8HSPG1I7/JluG6f4LbEFE5
yZgCyueDYKGH48mpdvQrej5HOUAEcUdPku/sw7I6FZgmm4Yphg2QOnaZZFNTcyo/
kMwx/uht5g6DhNrhR2rEFpWSZNoWUAJPUtqr5sxrCdYucI9rXg0cuyGutI92wB6k
KWE7ejocF1NcsNP6Z2d8lxSS/gGdsKl8h2wW511lefB/Doh76ROnp/TE7QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFG18z7ui9h13IQ/Wbo0Ji1zzP2wzMB8GA1UdIwQY
MBaAFJE4G8lp3mrcPR3cDrib3urOmAXNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1RnYnlXbmVhdHc5SGR3T3VKdmU2czZZQmMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9mMzU0MDYtZDhjNC00ZjVjLTkyYWMt
MjU2ZGE5NWQxMzQ1LzEvYlh6UHU2TDJIWGNoRDladWpRbUxYUE1fYkRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9mMzU0MDYtZDhjNC00ZjVjLTkyYWMtMjU2ZGE5NWQxMzQ1
LzEva1RnYnlXbmVhdHc5SGR3T3VKdmU2czZZQmMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBANScKgD
BABScKoDBABScKwwDQYJKoZIhvcNAQELBQADggEBAA0pIM7a7igjPep7aNegBzw3
EWQn60+X8BXmGl8WYSU22Edol2v03e4LPdqbUQJMxRhCyMM6B5VfZep1I4YVy0dU
mWhDeuOH7d8U5gknNxTJS5iSS4hDxYtG60tMds1CpW4xbXbC39n+n03OJ77AswsZ
uureveTGdeYVWb7EoD3z7vJj7X1xt9pi1z2CgiVkZ2ZBEgaPuCRH0hvseLEqBYtr
CeFIMmVVxwmlQDMr/skiNLcqXwA8lTZ2siz8pZV4xMVpiqCXJBUfVTwZMBIVhF6O
cd3l/uURe+hH5NZsMbCTVMVDV0CsYsmmYRErVto5yRhrk6RsBu/4rsWM4nEehfc=
-----END CERTIFICATE-----