Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/2669ee-4ba7-4110-8370-dd803c5b85db/1/bjcT27Mkrmm6YUKTzHgcNPrjPBU.roa
File:                     bjcT27Mkrmm6YUKTzHgcNPrjPBU.roa (raw, json)
Hash identifier:          Yn0RgyPmmLSzCmXSFkvVjdwnmhf67ZsvVo3LY47XFQY=
Subject key identifier:   6E:37:13:DB:B3:24:AE:69:BA:61:42:93:CC:78:1C:34:FA:E3:3C:15
Certificate issuer:       /CN=5336a106cecdeba92e0b80e5e9a5c789ba74c62b
Certificate serial:       019425FDA79AEBE8583757F080B0F2668733
Authority key identifier: 53:36:A1:06:CE:CD:EB:A9:2E:0B:80:E5:E9:A5:C7:89:BA:74:C6:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UzahBs7N66kuC4Dl6aXHibp0xis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/2669ee-4ba7-4110-8370-dd803c5b85db/1/bjcT27Mkrmm6YUKTzHgcNPrjPBU.roa
Signing time:             Thu 02 Jan 2025 07:49:27 +0000
ROA not before:           Thu 02 Jan 2025 07:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210299
IP address blocks:        46.16.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/2669ee-4ba7-4110-8370-dd803c5b85db/1/UzahBs7N66kuC4Dl6aXHibp0xis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/2669ee-4ba7-4110-8370-dd803c5b85db/1/UzahBs7N66kuC4Dl6aXHibp0xis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UzahBs7N66kuC4Dl6aXHibp0xis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:a7:9a:eb:e8:58:37:57:f0:80:b0:f2:66:87:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5336a106cecdeba92e0b80e5e9a5c789ba74c62b
        Validity
            Not Before: Jan  2 07:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e3713dbb324ae69ba614293cc781c34fae33c15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c0:0d:58:2d:82:78:83:81:a6:80:e8:33:eb:
                    bb:14:11:36:55:90:6e:b7:2c:07:4a:63:bb:43:dd:
                    53:8d:b3:2a:46:45:c1:60:ae:d2:eb:dc:cc:4a:06:
                    2a:9f:1f:6d:a0:b8:7b:88:3b:d6:73:b4:5d:a1:62:
                    76:d9:74:c0:5b:1e:f9:8f:b0:33:91:23:c8:d5:04:
                    62:b3:43:8b:cf:2f:3b:e5:e4:96:09:d5:56:bd:b3:
                    c2:7d:8a:d5:fa:cd:c9:c7:c9:2a:1b:c7:6d:f2:53:
                    ea:c1:71:5f:e9:b0:62:08:85:0d:ca:65:c1:5a:5b:
                    4f:21:26:48:9f:f7:94:a5:99:ab:62:13:95:bd:36:
                    10:1c:b3:d9:0b:b2:5f:e2:10:eb:ba:4b:9f:cf:c2:
                    af:7d:8e:38:d9:af:87:b4:de:e4:8f:92:d2:b2:05:
                    1e:ec:e4:bd:1c:8b:38:ef:e7:4b:d3:c6:22:1b:ea:
                    e4:40:a1:b0:13:32:fe:15:af:c7:7c:ef:09:e4:f0:
                    37:4b:df:44:b3:64:ac:6b:32:2a:2d:f1:60:89:43:
                    81:53:bf:30:c2:c1:84:e3:8c:87:6b:2f:3e:9c:42:
                    a6:69:88:d9:e5:a7:ac:f8:24:a1:6f:42:88:84:81:
                    53:57:35:86:bb:37:c5:05:73:8d:a1:a7:c3:12:82:
                    8f:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:37:13:DB:B3:24:AE:69:BA:61:42:93:CC:78:1C:34:FA:E3:3C:15
            X509v3 Authority Key Identifier:
                keyid:53:36:A1:06:CE:CD:EB:A9:2E:0B:80:E5:E9:A5:C7:89:BA:74:C6:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UzahBs7N66kuC4Dl6aXHibp0xis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/2669ee-4ba7-4110-8370-dd803c5b85db/1/bjcT27Mkrmm6YUKTzHgcNPrjPBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/2669ee-4ba7-4110-8370-dd803c5b85db/1/UzahBs7N66kuC4Dl6aXHibp0xis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.16.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:53:42:b5:c9:26:3c:38:7b:0d:cc:17:6b:f8:d0:1b:f7:32:
         67:f6:40:45:29:66:fc:7d:90:d4:24:44:a9:76:2d:0a:ed:1a:
         b4:c1:57:59:33:ad:9a:e5:16:b0:11:19:d7:2c:aa:74:da:65:
         90:b6:cf:ea:42:14:f0:92:2c:f8:70:3f:30:e6:b5:bb:21:25:
         fb:a1:21:ad:f0:a5:6d:6b:9d:f4:0f:0c:42:84:ad:7d:29:b7:
         77:fe:ac:f6:54:e8:e1:65:ce:5d:c6:cf:ee:de:44:bb:a3:15:
         c4:4c:24:2b:05:e7:47:0e:2f:e6:7d:65:d1:9a:af:ed:2d:89:
         51:30:29:9b:5a:e8:e1:a2:6a:67:65:28:c7:25:e4:5c:94:19:
         26:19:18:55:b5:de:f0:ab:f7:b8:0d:c3:63:4d:21:89:bd:f3:
         70:13:17:f5:b0:d8:5d:a8:fd:1a:b3:dc:d2:10:c8:3b:f4:0c:
         11:11:22:c6:d8:ab:77:32:8b:16:59:07:71:a7:2e:14:cf:1d:
         c6:3d:04:09:88:dd:a0:69:36:e1:96:11:1a:89:0d:d0:79:17:
         20:c9:4d:8c:0c:54:5a:64:1c:17:79:ab:fd:30:09:f2:76:8a:
         06:8b:1c:6c:ed:fb:53:d5:cd:63:ff:a1:96:55:3c:4d:86:6a:
         c0:5b:7e:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/aea6+hYN1fwgLDyZoczMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMzZhMTA2Y2VjZGViYTkyZTBiODBlNWU5YTVjNzg5YmE3
NGM2MmIwHhcNMjUwMTAyMDc0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTM3MTNkYmIzMjRhZTY5YmE2MTQyOTNjYzc4MWMzNGZhZTMzYzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8ANWC2CeIOBpoDoM+u7FBE2VZBu
tywHSmO7Q91TjbMqRkXBYK7S69zMSgYqnx9toLh7iDvWc7RdoWJ22XTAWx75j7Az
kSPI1QRis0OLzy875eSWCdVWvbPCfYrV+s3Jx8kqG8dt8lPqwXFf6bBiCIUNymXB
WltPISZIn/eUpZmrYhOVvTYQHLPZC7Jf4hDrukufz8KvfY442a+HtN7kj5LSsgUe
7OS9HIs47+dL08YiG+rkQKGwEzL+Fa/HfO8J5PA3S99Es2SsazIqLfFgiUOBU78w
wsGE44yHay8+nEKmaYjZ5aes+CShb0KIhIFTVzWGuzfFBXONoafDEoKPAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG43E9uzJK5pumFCk8x4HDT64zwVMB8GA1UdIwQY
MBaAFFM2oQbOzeupLguA5emlx4m6dMYrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXphaEJzN042Nmt1QzREbDZhWEhpYnAweGlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8yNjY5ZWUtNGJhNy00MTEwLTgzNzAt
ZGQ4MDNjNWI4NWRiLzEvYmpjVDI3TWtybW02WVVLVHpIZ2NOUHJqUEJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8yNjY5ZWUtNGJhNy00MTEwLTgzNzAtZGQ4MDNjNWI4NWRi
LzEvVXphaEJzN042Nmt1QzREbDZhWEhpYnAweGlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhDHMA0G
CSqGSIb3DQEBCwUAA4IBAQB8U0K1ySY8OHsNzBdr+NAb9zJn9kBFKWb8fZDUJESp
di0K7Rq0wVdZM62a5RawERnXLKp02mWQts/qQhTwkiz4cD8w5rW7ISX7oSGt8KVt
a530DwxChK19Kbd3/qz2VOjhZc5dxs/u3kS7oxXETCQrBedHDi/mfWXRmq/tLYlR
MCmbWujhompnZSjHJeRclBkmGRhVtd7wq/e4DcNjTSGJvfNwExf1sNhdqP0as9zS
EMg79AwRESLG2Kt3MosWWQdxpy4Uzx3GPQQJiN2gaTbhlhEaiQ3QeRcgyU2MDFRa
ZBwXeav9MAnydooGixxs7ftT1c1j/6GWVTxNhmrAW36l
-----END CERTIFICATE-----