Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/BmXBWLA9_6SuRnMhbs95EZUkezI.roa
File:                     BmXBWLA9_6SuRnMhbs95EZUkezI.roa (raw, json)
Hash identifier:          1Lg3r/teD74lzp5Bd3F8aEAT8tvLCJF4h8NvTRLICRE=
Subject key identifier:   06:65:C1:58:B0:3D:FF:A4:AE:46:73:21:6E:CF:79:11:95:24:7B:32
Certificate issuer:       /CN=15286f0225c141d95857fe74646949e75dd96f28
Certificate serial:       019428258281B7C24637B8C52F19706711BA
Authority key identifier: 15:28:6F:02:25:C1:41:D9:58:57:FE:74:64:69:49:E7:5D:D9:6F:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FShvAiXBQdlYV_50ZGlJ513Zbyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/BmXBWLA9_6SuRnMhbs95EZUkezI.roa
Signing time:             Thu 02 Jan 2025 17:52:14 +0000
ROA not before:           Thu 02 Jan 2025 17:52:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        193.8.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/FShvAiXBQdlYV_50ZGlJ513Zbyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/FShvAiXBQdlYV_50ZGlJ513Zbyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FShvAiXBQdlYV_50ZGlJ513Zbyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:82:81:b7:c2:46:37:b8:c5:2f:19:70:67:11:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15286f0225c141d95857fe74646949e75dd96f28
        Validity
            Not Before: Jan  2 17:52:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0665c158b03dffa4ae4673216ecf791195247b32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:98:e5:51:e2:03:75:f5:63:0d:b2:9e:6c:86:
                    81:40:d5:f2:22:a6:be:6d:6b:ce:2a:a5:9d:3c:82:
                    49:86:3f:27:90:95:65:6a:c9:42:72:37:9e:00:3f:
                    93:a3:4d:f9:8d:88:81:e7:26:86:a1:55:00:3f:ee:
                    a9:e7:0b:bf:fe:10:59:b3:20:1a:23:03:3a:1a:a5:
                    fe:a8:5d:12:7a:69:61:f8:7d:15:6b:c5:72:47:32:
                    15:8b:af:f0:27:59:11:b6:54:8e:db:fa:5a:2a:90:
                    59:c4:43:47:97:0f:ff:e5:13:39:d0:76:7a:e0:6e:
                    aa:ae:1e:53:60:28:ee:ae:d5:17:f9:84:2d:0d:55:
                    49:60:f2:5c:f3:e5:8e:9a:df:ef:06:79:46:6f:73:
                    b1:0a:c8:c1:22:ca:6b:55:74:73:68:eb:26:5f:1b:
                    f3:65:1f:ee:cf:7b:71:d5:df:19:16:ae:b7:70:7b:
                    6f:b2:e4:83:8c:de:c7:7b:c3:c9:ca:cb:98:3c:ab:
                    7c:40:1f:ec:6c:96:77:9f:34:07:fa:4a:ac:df:d3:
                    6f:ab:59:d4:1e:5a:da:3c:d4:12:98:03:81:97:2a:
                    cf:5c:b5:3d:63:ff:9e:3e:36:57:90:02:16:f5:8d:
                    1a:e6:dd:63:44:83:0d:5c:71:51:42:05:a9:22:6f:
                    d3:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:65:C1:58:B0:3D:FF:A4:AE:46:73:21:6E:CF:79:11:95:24:7B:32
            X509v3 Authority Key Identifier:
                keyid:15:28:6F:02:25:C1:41:D9:58:57:FE:74:64:69:49:E7:5D:D9:6F:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FShvAiXBQdlYV_50ZGlJ513Zbyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/BmXBWLA9_6SuRnMhbs95EZUkezI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/FShvAiXBQdlYV_50ZGlJ513Zbyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:e0:55:f3:00:47:55:6f:2c:b3:b0:b9:87:c4:23:32:0e:5f:
         8d:cf:55:5a:cf:6e:db:52:f3:70:a7:59:79:d7:0e:8f:6e:dd:
         10:00:e2:c8:4b:b9:4f:5c:64:ed:d8:81:0a:fa:47:7c:10:a6:
         32:1f:d1:6c:af:3f:04:fb:a4:6a:54:31:97:b6:fc:bf:2c:96:
         74:c0:3d:c3:fd:b3:60:dd:99:89:5c:01:48:fb:14:c9:90:95:
         a3:e2:b3:9e:7e:38:a2:6e:c7:4e:2f:ce:91:ec:bb:2d:2f:44:
         d9:b4:43:e6:63:69:4a:c3:dd:79:7e:d3:0c:97:18:fd:47:d8:
         bc:b6:71:14:b8:66:d0:71:fd:54:e4:b4:08:f3:4a:bb:4f:1a:
         f9:d7:b8:40:e4:bb:48:b1:fe:ba:1c:2a:08:85:67:1e:ab:14:
         5f:6c:37:2e:4e:fe:b0:ae:5d:15:32:9c:4e:87:74:04:1e:90:
         1f:a3:9b:47:69:49:01:47:b3:60:57:f1:1d:3a:c1:15:92:df:
         2c:68:96:7d:6a:9d:de:a2:09:aa:9e:84:e4:a5:c2:02:4e:75:
         58:ad:1e:47:9f:e5:60:8e:58:30:d0:09:5c:78:74:1c:f8:f3:
         b8:be:75:0f:35:7c:16:21:f0:51:73:d8:03:0b:81:40:a1:77:
         09:1e:b9:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJYKBt8JGN7jFLxlwZxG6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1Mjg2ZjAyMjVjMTQxZDk1ODU3ZmU3NDY0Njk0OWU3NWRk
OTZmMjgwHhcNMjUwMTAyMTc1MjE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjY1YzE1OGIwM2RmZmE0YWU0NjczMjE2ZWNmNzkxMTk1MjQ3YjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZjlUeIDdfVjDbKebIaBQNXyIqa+
bWvOKqWdPIJJhj8nkJVlaslCcjeeAD+To035jYiB5yaGoVUAP+6p5wu//hBZsyAa
IwM6GqX+qF0Semlh+H0Va8VyRzIVi6/wJ1kRtlSO2/paKpBZxENHlw//5RM50HZ6
4G6qrh5TYCjurtUX+YQtDVVJYPJc8+WOmt/vBnlGb3OxCsjBIsprVXRzaOsmXxvz
ZR/uz3tx1d8ZFq63cHtvsuSDjN7He8PJysuYPKt8QB/sbJZ3nzQH+kqs39Nvq1nU
HlraPNQSmAOBlyrPXLU9Y/+ePjZXkAIW9Y0a5t1jRIMNXHFRQgWpIm/T7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZlwViwPf+krkZzIW7PeRGVJHsyMB8GA1UdIwQY
MBaAFBUobwIlwUHZWFf+dGRpSedd2W8oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlNodkFpWEJRZGxZVl81MFpHbEo1MTNaYnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni82MzQ0MGMtM2Q0My00NThmLTg3OWUt
MDIxZjUwOTMyMTU2LzEvQm1YQldMQTlfNlN1Um5NaGJzOTVFWlVrZXpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni82MzQ0MGMtM2Q0My00NThmLTg3OWUtMDIxZjUwOTMyMTU2
LzEvRlNodkFpWEJRZGxZVl81MFpHbEo1MTNaYnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQj6MA0G
CSqGSIb3DQEBCwUAA4IBAQBV4FXzAEdVbyyzsLmHxCMyDl+Nz1Vaz27bUvNwp1l5
1w6Pbt0QAOLIS7lPXGTt2IEK+kd8EKYyH9Fsrz8E+6RqVDGXtvy/LJZ0wD3D/bNg
3ZmJXAFI+xTJkJWj4rOefjiibsdOL86R7LstL0TZtEPmY2lKw915ftMMlxj9R9i8
tnEUuGbQcf1U5LQI80q7Txr517hA5LtIsf66HCoIhWceqxRfbDcuTv6wrl0VMpxO
h3QEHpAfo5tHaUkBR7NgV/EdOsEVkt8saJZ9ap3eogmqnoTkpcICTnVYrR5Hn+Vg
jlgw0AlceHQc+PO4vnUPNXwWIfBRc9gDC4FAoXcJHrnG
-----END CERTIFICATE-----