Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/BpYa5-7eF45us6su8pm3bS4aHgI.roa
File:                     BpYa5-7eF45us6su8pm3bS4aHgI.roa (raw, json)
Hash identifier:          MBfAk9/bdCv0gBgXcoFZjEIxSOndAngKAY+CiJI8gEE=
Subject key identifier:   06:96:1A:E7:EE:DE:17:8E:6E:B3:AB:2E:F2:99:B7:6D:2E:1A:1E:02
Certificate issuer:       /CN=92253353ba649debee927998ba02c8614399f961
Certificate serial:       018F2A5F1D2600BE4A27BD2E77DC71E2C46F
Authority key identifier: 92:25:33:53:BA:64:9D:EB:EE:92:79:98:BA:02:C8:61:43:99:F9:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kiUzU7pknevuknmYugLIYUOZ-WE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/BpYa5-7eF45us6su8pm3bS4aHgI.roa
Signing time:             Mon 29 Apr 2024 15:00:27 +0000
ROA not before:           Mon 29 Apr 2024 15:00:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151872
IP address blocks:        212.104.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/kiUzU7pknevuknmYugLIYUOZ-WE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/kiUzU7pknevuknmYugLIYUOZ-WE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kiUzU7pknevuknmYugLIYUOZ-WE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2a:5f:1d:26:00:be:4a:27:bd:2e:77:dc:71:e2:c4:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92253353ba649debee927998ba02c8614399f961
        Validity
            Not Before: Apr 29 15:00:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06961ae7eede178e6eb3ab2ef299b76d2e1a1e02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:21:4a:00:03:1e:a5:c4:05:b4:3c:44:79:ae:
                    e0:e6:55:ce:ab:b6:5f:12:85:be:83:8b:db:d3:d2:
                    e6:85:1c:6f:80:1b:da:8c:7b:80:5e:50:43:4f:3c:
                    83:52:25:6b:13:bd:2a:d4:3c:b9:69:6d:69:3e:ef:
                    52:24:c1:25:f8:39:a4:c9:67:48:f9:18:b2:36:aa:
                    e3:c5:93:03:ce:92:e8:c9:7d:13:04:fe:1a:e0:b8:
                    28:12:f9:97:17:d8:59:4b:c6:e2:cd:c5:54:ad:7f:
                    b7:68:eb:51:af:c6:41:5b:65:7e:cf:fa:17:2f:1a:
                    cf:bb:97:05:dd:ab:6e:f5:4f:9b:14:06:39:aa:ac:
                    39:77:ad:ff:cc:fe:86:33:8c:5c:10:27:77:3e:c8:
                    bc:5d:8b:6e:b7:e9:fb:f8:a5:00:ba:d7:8b:80:98:
                    74:3e:d6:28:8e:e6:25:d0:fb:a0:88:8d:27:03:50:
                    50:57:ab:89:bb:be:18:22:08:04:36:56:47:85:40:
                    63:0d:64:dc:b5:1e:bd:a5:ba:79:11:ed:f5:f6:e5:
                    49:68:5b:04:e8:9e:ab:da:a9:56:3c:85:50:3b:55:
                    d0:e5:d3:c2:a1:28:08:bb:5a:ae:a2:72:54:35:c1:
                    20:ff:10:96:22:41:ef:48:ae:18:c9:2f:dc:33:99:
                    cd:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:96:1A:E7:EE:DE:17:8E:6E:B3:AB:2E:F2:99:B7:6D:2E:1A:1E:02
            X509v3 Authority Key Identifier:
                keyid:92:25:33:53:BA:64:9D:EB:EE:92:79:98:BA:02:C8:61:43:99:F9:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kiUzU7pknevuknmYugLIYUOZ-WE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/BpYa5-7eF45us6su8pm3bS4aHgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/kiUzU7pknevuknmYugLIYUOZ-WE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.104.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:db:13:c5:b0:38:63:c4:47:ca:cc:65:64:e2:d9:d5:82:7d:
         58:d7:68:d1:9c:b3:e2:eb:79:cf:65:bf:30:7b:98:72:93:b7:
         3e:98:2e:ca:81:e5:67:cd:bc:22:1d:9c:1d:12:2e:1f:99:0e:
         d5:31:4d:9c:3c:cd:04:d1:3b:46:b7:c9:1d:64:4d:b0:11:47:
         09:6e:fd:5c:66:7c:d0:74:0a:4d:64:c5:51:69:2f:b8:29:73:
         78:74:25:98:b2:94:a2:c1:d7:d3:20:c5:c0:52:47:5f:99:57:
         9e:c9:ae:c0:a7:ea:b6:31:d1:82:62:7e:0d:2d:69:68:91:3b:
         70:52:c7:75:fc:cb:c8:e5:d9:cd:66:4a:0d:be:15:e6:ae:ff:
         6a:a1:c2:cf:23:ea:86:5a:e3:e3:d0:f1:9d:9d:f7:4c:58:cb:
         b5:9e:65:ab:1f:b2:08:f3:b5:73:b4:9a:57:92:37:84:6b:e6:
         f9:2d:ce:96:c6:20:7c:cd:bf:55:cd:5b:04:3d:7d:75:25:5c:
         22:99:29:46:51:65:43:90:c3:14:18:73:de:b8:1d:01:cf:5d:
         6e:b4:78:be:d2:f9:04:bf:e9:ca:95:32:cc:c0:bc:db:38:2a:
         39:63:60:04:cb:0b:94:2a:e1:70:5f:20:47:8c:9b:a6:9f:f1:
         06:fb:2c:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8qXx0mAL5KJ70ud9xx4sRvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMjUzMzUzYmE2NDlkZWJlZTkyNzk5OGJhMDJjODYxNDM5
OWY5NjEwHhcNMjQwNDI5MTUwMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjk2MWFlN2VlZGUxNzhlNmViM2FiMmVmMjk5Yjc2ZDJlMWExZTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApiFKAAMepcQFtDxEea7g5lXOq7Zf
EoW+g4vb09LmhRxvgBvajHuAXlBDTzyDUiVrE70q1Dy5aW1pPu9SJMEl+DmkyWdI
+RiyNqrjxZMDzpLoyX0TBP4a4LgoEvmXF9hZS8bizcVUrX+3aOtRr8ZBW2V+z/oX
LxrPu5cF3atu9U+bFAY5qqw5d63/zP6GM4xcECd3Psi8XYtut+n7+KUAuteLgJh0
PtYojuYl0PugiI0nA1BQV6uJu74YIggENlZHhUBjDWTctR69pbp5Ee319uVJaFsE
6J6r2qlWPIVQO1XQ5dPCoSgIu1quonJUNcEg/xCWIkHvSK4YyS/cM5nNtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAaWGufu3heObrOrLvKZt20uGh4CMB8GA1UdIwQY
MBaAFJIlM1O6ZJ3r7pJ5mLoCyGFDmflhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2lVelU3cGtuZXZ1a25tWXVnTElZVU9aLVdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80NTNhZTMtZjIyNy00ZTBkLWJkMDYt
Njk5N2IyNTc5YTM0LzEvQnBZYTUtN2VGNDV1czZzdThwbTNiUzRhSGdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80NTNhZTMtZjIyNy00ZTBkLWJkMDYtNjk5N2IyNTc5YTM0
LzEva2lVelU3cGtuZXZ1a25tWXVnTElZVU9aLVdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GiDMA0G
CSqGSIb3DQEBCwUAA4IBAQAT2xPFsDhjxEfKzGVk4tnVgn1Y12jRnLPi63nPZb8w
e5hyk7c+mC7KgeVnzbwiHZwdEi4fmQ7VMU2cPM0E0TtGt8kdZE2wEUcJbv1cZnzQ
dApNZMVRaS+4KXN4dCWYspSiwdfTIMXAUkdfmVeeya7Ap+q2MdGCYn4NLWlokTtw
Usd1/MvI5dnNZkoNvhXmrv9qocLPI+qGWuPj0PGdnfdMWMu1nmWrH7II87VztJpX
kjeEa+b5Lc6WxiB8zb9VzVsEPX11JVwimSlGUWVDkMMUGHPeuB0Bz11utHi+0vkE
v+nKlTLMwLzbOCo5Y2AEywuUKuFwXyBHjJumn/EG+yz9
-----END CERTIFICATE-----