Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/f153e7-07d9-4b81-aaed-cbec43fd92a1/1/Bx_CIIRTPASTWSI5EL_cFTRm7uk.roa
File:                     Bx_CIIRTPASTWSI5EL_cFTRm7uk.roa (raw, json)
Hash identifier:          e5EthyQ8A+86Z1Aw1D0v4X1GBM7rjtmKNV0eJ1L3+Ns=
Subject key identifier:   07:1F:C2:20:84:53:3C:04:93:59:22:39:10:BF:DC:15:34:66:EE:E9
Certificate issuer:       /CN=b1d802667980944df4da2ab4b08e9d34b20a8d11
Certificate serial:       018CC56E617ED5A7EFDD54F45BDBDFD927C2
Authority key identifier: B1:D8:02:66:79:80:94:4D:F4:DA:2A:B4:B0:8E:9D:34:B2:0A:8D:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sdgCZnmAlE302iq0sI6dNLIKjRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/f153e7-07d9-4b81-aaed-cbec43fd92a1/1/Bx_CIIRTPASTWSI5EL_cFTRm7uk.roa
Signing time:             Mon 01 Jan 2024 14:29:54 +0000
ROA not before:           Mon 01 Jan 2024 14:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207192
IP address blocks:        185.161.48.0/22 maxlen: 22
                          185.161.51.0/24 maxlen: 24
                          185.161.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/f153e7-07d9-4b81-aaed-cbec43fd92a1/1/sdgCZnmAlE302iq0sI6dNLIKjRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/f153e7-07d9-4b81-aaed-cbec43fd92a1/1/sdgCZnmAlE302iq0sI6dNLIKjRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sdgCZnmAlE302iq0sI6dNLIKjRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:61:7e:d5:a7:ef:dd:54:f4:5b:db:df:d9:27:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1d802667980944df4da2ab4b08e9d34b20a8d11
        Validity
            Not Before: Jan  1 14:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=071fc22084533c049359223910bfdc153466eee9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:23:3d:6c:b3:39:62:1e:f1:49:fa:a2:c9:49:
                    ec:83:02:89:dc:6c:b2:84:dd:c5:68:31:2a:75:8a:
                    9f:ce:73:61:c7:59:ac:e6:49:60:85:e9:a4:f5:c7:
                    c1:fa:ed:a4:55:44:a4:f1:fb:ea:b8:27:39:ed:77:
                    db:cc:0c:b8:7d:9d:9f:99:91:2e:73:b9:04:26:bd:
                    a1:6a:78:08:4a:e5:cb:24:30:77:63:50:94:b9:0e:
                    7c:9e:59:fd:ac:0f:a8:87:29:fc:1a:ec:0e:9c:08:
                    01:d1:d6:25:02:4e:a2:ed:d6:e6:b0:a6:af:2d:bf:
                    7d:08:d4:1b:b6:71:d2:51:c3:2a:89:a6:63:3c:a1:
                    38:6b:d9:9d:3d:67:cd:8b:f4:6d:1b:01:31:57:63:
                    65:fe:b7:ff:db:36:c9:e1:8e:85:21:b9:70:d8:02:
                    24:d5:2a:8b:c7:15:7a:82:61:7c:dc:91:52:9a:4f:
                    94:d5:89:12:5b:ae:aa:c8:4d:e6:87:cd:32:7c:7f:
                    f6:11:4e:6f:7f:a1:37:d4:10:82:8b:af:f5:d4:a4:
                    c9:e7:d8:18:81:5a:c7:65:91:77:98:03:41:f0:7b:
                    20:ec:ef:00:34:20:10:60:fa:68:27:6f:02:a3:0f:
                    89:54:66:e7:4e:a2:17:cd:a2:f2:4a:0d:26:37:9f:
                    bb:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:1F:C2:20:84:53:3C:04:93:59:22:39:10:BF:DC:15:34:66:EE:E9
            X509v3 Authority Key Identifier:
                keyid:B1:D8:02:66:79:80:94:4D:F4:DA:2A:B4:B0:8E:9D:34:B2:0A:8D:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sdgCZnmAlE302iq0sI6dNLIKjRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/f153e7-07d9-4b81-aaed-cbec43fd92a1/1/Bx_CIIRTPASTWSI5EL_cFTRm7uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/f153e7-07d9-4b81-aaed-cbec43fd92a1/1/sdgCZnmAlE302iq0sI6dNLIKjRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         51:07:91:43:d6:31:e1:72:1b:45:43:d0:46:2e:29:c1:04:9e:
         66:56:8b:57:6b:bd:b5:52:8a:c5:75:7a:7b:ea:f6:94:2e:9a:
         4e:b7:3b:b7:22:4d:90:9e:17:b5:ac:91:64:3b:0e:6a:bc:83:
         19:6b:f5:44:a8:d9:f7:5e:13:4f:70:e9:42:74:77:e6:14:2b:
         1f:95:0f:0d:22:40:6a:3e:9c:75:57:e6:9a:ae:1b:72:69:bd:
         e8:7c:be:5b:d3:e2:f3:ba:fb:61:74:48:87:fd:67:32:b4:0b:
         be:af:d0:dd:74:2f:c8:ca:95:cf:b7:9d:c2:a7:2e:13:a8:3d:
         0e:a0:b0:69:61:5b:a5:ea:89:74:7b:00:aa:a8:f5:8a:be:eb:
         76:7d:41:23:a8:31:14:74:cf:83:a1:bd:35:bd:3e:3a:01:78:
         f3:b0:b2:b9:e2:3a:6a:52:1a:80:89:db:c9:13:4e:56:b5:2a:
         ad:72:e6:56:58:11:1b:7c:2c:e4:91:3b:1d:a4:a6:88:37:bf:
         29:39:eb:7f:af:26:9c:aa:74:29:29:e1:70:7a:17:05:a3:d9:
         6d:83:d9:c5:cf:f0:ad:1d:90:66:6c:09:2f:ee:7f:18:41:e2:
         2d:a4:87:47:ff:53:ce:53:98:95:9a:99:e7:b4:66:05:47:1f:
         b6:b7:70:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbmF+1afv3VT0W9vf2SfCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxZDgwMjY2Nzk4MDk0NGRmNGRhMmFiNGIwOGU5ZDM0YjIw
YThkMTEwHhcNMjQwMTAxMTQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzFmYzIyMDg0NTMzYzA0OTM1OTIyMzkxMGJmZGMxNTM0NjZlZWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSM9bLM5Yh7xSfqiyUnsgwKJ3Gyy
hN3FaDEqdYqfznNhx1ms5klghemk9cfB+u2kVUSk8fvquCc57XfbzAy4fZ2fmZEu
c7kEJr2hangISuXLJDB3Y1CUuQ58nln9rA+ohyn8GuwOnAgB0dYlAk6i7dbmsKav
Lb99CNQbtnHSUcMqiaZjPKE4a9mdPWfNi/RtGwExV2Nl/rf/2zbJ4Y6FIblw2AIk
1SqLxxV6gmF83JFSmk+U1YkSW66qyE3mh80yfH/2EU5vf6E31BCCi6/11KTJ59gY
gVrHZZF3mANB8Hsg7O8ANCAQYPpoJ28Cow+JVGbnTqIXzaLySg0mN5+7zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAcfwiCEUzwEk1kiORC/3BU0Zu7pMB8GA1UdIwQY
MBaAFLHYAmZ5gJRN9NoqtLCOnTSyCo0RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2RnQ1pubUFsRTMwMmlxMHNJNmROTElLalJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9mMTUzZTctMDdkOS00YjgxLWFhZWQt
Y2JlYzQzZmQ5MmExLzEvQnhfQ0lJUlRQQVNUV1NJNUVMX2NGVFJtN3VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9mMTUzZTctMDdkOS00YjgxLWFhZWQtY2JlYzQzZmQ5MmEx
LzEvc2RnQ1pubUFsRTMwMmlxMHNJNmROTElLalJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaEwMA0G
CSqGSIb3DQEBCwUAA4IBAQBRB5FD1jHhchtFQ9BGLinBBJ5mVotXa721UorFdXp7
6vaULppOtzu3Ik2Qnhe1rJFkOw5qvIMZa/VEqNn3XhNPcOlCdHfmFCsflQ8NIkBq
Ppx1V+aarhtyab3ofL5b0+LzuvthdEiH/WcytAu+r9DddC/IypXPt53Cpy4TqD0O
oLBpYVul6ol0ewCqqPWKvut2fUEjqDEUdM+Dob01vT46AXjzsLK54jpqUhqAidvJ
E05WtSqtcuZWWBEbfCzkkTsdpKaIN78pOet/ryacqnQpKeFwehcFo9ltg9nFz/Ct
HZBmbAkv7n8YQeItpIdH/1POU5iVmpnntGYFRx+2t3A2
-----END CERTIFICATE-----