Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/B2JBrHzahQ8kj_LcGF_BudyXwWE.roa
File:                     B2JBrHzahQ8kj_LcGF_BudyXwWE.roa (raw, json)
Hash identifier:          tnuf93m407Cy/EpwcG/TVc6f2oHQt8rHf9HmkEg6zeI=
Subject key identifier:   07:62:41:AC:7C:DA:85:0F:24:8F:F2:DC:18:5F:C1:B9:DC:97:C1:61
Certificate issuer:       /CN=0e0b0dcb6ad0ca816d2bd204e13f1eaf1104274c
Certificate serial:       0190BFD7E03F24D4AD0527CD1675B8C4B7F6
Authority key identifier: 0E:0B:0D:CB:6A:D0:CA:81:6D:2B:D2:04:E1:3F:1E:AF:11:04:27:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DgsNy2rQyoFtK9IE4T8erxEEJ0w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/B2JBrHzahQ8kj_LcGF_BudyXwWE.roa
Signing time:             Wed 17 Jul 2024 08:38:34 +0000
ROA not before:           Wed 17 Jul 2024 08:38:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        185.127.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/DgsNy2rQyoFtK9IE4T8erxEEJ0w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/DgsNy2rQyoFtK9IE4T8erxEEJ0w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DgsNy2rQyoFtK9IE4T8erxEEJ0w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bf:d7:e0:3f:24:d4:ad:05:27:cd:16:75:b8:c4:b7:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e0b0dcb6ad0ca816d2bd204e13f1eaf1104274c
        Validity
            Not Before: Jul 17 08:38:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=076241ac7cda850f248ff2dc185fc1b9dc97c161
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:32:39:41:73:f8:a8:6f:b6:bc:dc:c0:60:98:
                    f7:13:b4:0d:e2:78:fd:a8:13:0a:90:74:91:9e:d1:
                    cc:7e:d7:e4:49:43:56:9e:dc:ff:dd:ef:53:c5:e5:
                    9c:94:33:44:83:ce:b4:41:80:ab:36:c0:e0:2b:17:
                    5b:d2:86:bd:ae:d0:5c:f0:f9:3f:85:39:cd:61:f3:
                    74:84:99:a8:9a:83:d6:9d:50:d0:28:ea:e3:e5:dd:
                    fb:30:51:19:19:c5:90:70:0a:38:0f:91:8d:83:eb:
                    bb:0c:06:93:db:72:5d:7c:e2:e1:a0:b7:72:60:ee:
                    54:b1:8f:22:69:ae:00:7c:b9:22:60:60:7f:0f:50:
                    ee:de:39:37:60:7f:48:fb:96:b4:22:bc:d2:8b:1a:
                    21:84:ff:9a:e0:99:fa:4b:a2:90:79:53:9d:38:b3:
                    8b:73:5f:01:16:91:b7:ec:3a:40:b7:98:de:a0:4a:
                    50:1b:ed:da:fe:5c:69:e8:1d:36:dd:c4:39:1b:a4:
                    31:48:44:eb:e8:d8:0b:5b:be:c4:83:e7:0f:84:8c:
                    47:ac:84:c1:3f:64:9b:99:99:3e:12:a0:f6:96:11:
                    52:d9:88:b7:32:82:6e:76:c4:da:bc:72:d8:1f:e4:
                    56:fb:5f:31:70:9a:2a:28:a5:cd:47:cd:a3:91:1f:
                    5c:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:62:41:AC:7C:DA:85:0F:24:8F:F2:DC:18:5F:C1:B9:DC:97:C1:61
            X509v3 Authority Key Identifier:
                keyid:0E:0B:0D:CB:6A:D0:CA:81:6D:2B:D2:04:E1:3F:1E:AF:11:04:27:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DgsNy2rQyoFtK9IE4T8erxEEJ0w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/B2JBrHzahQ8kj_LcGF_BudyXwWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/DgsNy2rQyoFtK9IE4T8erxEEJ0w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.127.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:1f:bc:0b:90:59:dc:1d:3e:86:7c:d1:9e:6e:45:bd:61:fb:
         58:7f:73:09:66:c9:fd:d2:ec:96:5d:e0:9c:3b:cb:0d:45:16:
         6c:03:fa:60:a0:3a:06:4d:7f:a3:b4:0f:c2:45:71:8e:02:cd:
         af:b2:ea:87:fb:f8:03:92:4c:d8:c4:86:95:5e:78:bb:38:41:
         35:a8:fc:8b:8f:05:f9:d3:af:5a:fd:2d:30:e3:52:8e:80:2e:
         b5:8c:78:53:01:dc:d2:90:68:0d:d1:89:79:cf:c9:74:15:b1:
         d7:fc:63:a5:9b:01:23:a9:25:58:2e:47:f9:23:a0:71:0f:33:
         ed:d3:90:e1:e4:60:27:b9:05:8d:90:58:44:97:d2:70:6e:93:
         53:63:b4:76:57:b9:2f:01:54:60:4c:4a:14:52:b7:c1:16:9f:
         b8:06:5f:7c:22:cd:c5:2b:d8:73:16:2e:bd:5c:f6:a8:25:6a:
         d8:9d:10:c2:a9:ee:a6:9b:5d:fc:6f:53:2c:be:c9:c5:da:5b:
         b0:a1:4c:da:d2:96:fd:e2:22:60:b4:d2:77:ff:45:c6:69:f1:
         ab:21:67:51:c8:0b:61:cc:7e:26:ef:e7:4b:13:97:15:1d:25:
         e2:83:78:a0:34:8b:1e:4d:14:d2:da:3f:c1:4f:e0:6c:6a:26:
         17:aa:77:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZC/1+A/JNStBSfNFnW4xLf2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMGIwZGNiNmFkMGNhODE2ZDJiZDIwNGUxM2YxZWFmMTEw
NDI3NGMwHhcNMjQwNzE3MDgzODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzYyNDFhYzdjZGE4NTBmMjQ4ZmYyZGMxODVmYzFiOWRjOTdjMTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjI5QXP4qG+2vNzAYJj3E7QN4nj9
qBMKkHSRntHMftfkSUNWntz/3e9TxeWclDNEg860QYCrNsDgKxdb0oa9rtBc8Pk/
hTnNYfN0hJmomoPWnVDQKOrj5d37MFEZGcWQcAo4D5GNg+u7DAaT23JdfOLhoLdy
YO5UsY8iaa4AfLkiYGB/D1Du3jk3YH9I+5a0IrzSixohhP+a4Jn6S6KQeVOdOLOL
c18BFpG37DpAt5jeoEpQG+3a/lxp6B023cQ5G6QxSETr6NgLW77Eg+cPhIxHrITB
P2SbmZk+EqD2lhFS2Yi3MoJudsTavHLYH+RW+18xcJoqKKXNR82jkR9caQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAdiQax82oUPJI/y3Bhfwbncl8FhMB8GA1UdIwQY
MBaAFA4LDctq0MqBbSvSBOE/Hq8RBCdMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGdzTnkyclF5b0Z0SzlJRTRUOGVyeEVFSjB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9mMTlkMDYtYzdmYS00MGU1LWI4MTMt
N2ZlMzk1MWE3MzViLzEvQjJKQnJIemFoUThral9MY0dGX0J1ZHlYd1dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9mMTlkMDYtYzdmYS00MGU1LWI4MTMtN2ZlMzk1MWE3MzVi
LzEvRGdzTnkyclF5b0Z0SzlJRTRUOGVyeEVFSjB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX8cMA0G
CSqGSIb3DQEBCwUAA4IBAQBqH7wLkFncHT6GfNGebkW9YftYf3MJZsn90uyWXeCc
O8sNRRZsA/pgoDoGTX+jtA/CRXGOAs2vsuqH+/gDkkzYxIaVXni7OEE1qPyLjwX5
069a/S0w41KOgC61jHhTAdzSkGgN0Yl5z8l0FbHX/GOlmwEjqSVYLkf5I6BxDzPt
05Dh5GAnuQWNkFhEl9JwbpNTY7R2V7kvAVRgTEoUUrfBFp+4Bl98Is3FK9hzFi69
XPaoJWrYnRDCqe6mm138b1MsvsnF2luwoUza0pb94iJgtNJ3/0XGafGrIWdRyAth
zH4m7+dLE5cVHSXig3igNIseTRTS2j/BT+BsaiYXqnfr
-----END CERTIFICATE-----