Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/bHCOgV--1rqLmlFkJAGCqiaj9rE.roa
File:                     bHCOgV--1rqLmlFkJAGCqiaj9rE.roa (raw, json)
Hash identifier:          sXvTfFF4UYpoeyiOKSAESqnLCcZQI+b0xi3dTkvLDhU=
Subject key identifier:   6C:70:8E:81:5F:BE:D6:BA:8B:9A:51:64:24:01:82:AA:26:A3:F6:B1
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       0191E0933362571611BF3457C3BF87F5CAD4
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/bHCOgV--1rqLmlFkJAGCqiaj9rE.roa
Signing time:             Wed 11 Sep 2024 10:13:48 +0000
ROA not before:           Wed 11 Sep 2024 10:13:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6830
IP address blocks:        77.47.210.0/23 maxlen: 23
                          195.178.140.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e0:93:33:62:57:16:11:bf:34:57:c3:bf:87:f5:ca:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Sep 11 10:13:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c708e815fbed6ba8b9a5164240182aa26a3f6b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:24:c0:31:e5:15:6b:f7:c5:41:7d:9f:e9:6a:
                    a1:c8:01:30:7b:fe:27:8d:bf:18:00:ed:b9:03:ba:
                    c1:25:11:9d:f9:c5:76:35:f1:e4:4e:fb:c2:b4:57:
                    ff:44:65:86:47:84:01:f7:99:c2:14:7e:c8:8f:9a:
                    23:b5:2d:ef:b4:6d:d7:b4:47:57:5a:d3:7b:97:8e:
                    12:56:d0:73:df:c0:7d:89:57:df:26:39:7f:28:54:
                    15:42:0e:5b:04:15:f5:1a:40:28:f9:48:22:69:6a:
                    4a:b1:d5:2b:f3:c8:16:e8:98:fd:1a:8e:ac:78:d9:
                    89:6d:56:10:21:75:e7:66:af:ca:40:db:c4:ff:73:
                    05:37:83:09:b6:a5:d1:9a:5b:ce:c7:14:f4:33:a7:
                    b2:51:15:ed:6d:70:bd:8f:0c:36:21:16:6a:81:07:
                    83:9e:ee:9a:6f:9d:68:d6:2c:bd:0e:aa:4c:b9:f8:
                    32:74:58:a3:cd:be:c7:f8:aa:e4:ca:84:44:c7:92:
                    67:bd:58:dc:fe:97:f1:72:22:5e:0d:c9:ba:2b:a5:
                    1d:b9:7b:df:68:47:8e:aa:c7:a3:19:46:f6:f3:60:
                    4f:b7:48:0f:0b:56:94:41:ec:3a:e4:7b:2b:9e:8d:
                    d4:b1:1c:84:ed:9f:af:fc:e4:3d:a8:54:10:d8:65:
                    0b:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:70:8E:81:5F:BE:D6:BA:8B:9A:51:64:24:01:82:AA:26:A3:F6:B1
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/bHCOgV--1rqLmlFkJAGCqiaj9rE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.210.0/23
                  195.178.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:14:7f:c8:a7:0a:a0:76:74:e0:33:fc:85:ee:4d:e2:75:42:
         36:57:bd:84:1f:57:02:68:be:39:71:39:b9:d3:bc:5d:bb:5d:
         b4:e5:e4:45:ae:3a:fe:d7:d2:b9:24:79:66:82:76:be:33:b1:
         f7:e2:1e:e4:69:28:b5:b3:e0:aa:a9:b6:53:59:21:c7:4e:0f:
         5d:1d:84:c2:a5:a9:e7:60:d2:6a:0e:5b:b4:8a:fd:98:dc:06:
         b3:80:a4:bc:be:c8:ab:cd:5b:07:23:8d:3d:7f:bc:10:01:ed:
         fc:c2:fa:f9:ef:23:9f:97:7c:84:49:2f:bc:68:9d:47:d7:38:
         fb:eb:5d:4e:20:90:77:47:0e:7b:a9:9e:f2:cf:3e:01:d7:07:
         ff:67:4b:34:32:b8:79:c4:6f:c9:76:2c:8b:7c:36:d6:9e:22:
         9f:57:e3:71:a6:b7:59:69:1d:b2:e2:81:17:48:13:22:89:2c:
         a0:f0:8a:6e:87:aa:a5:f6:da:36:7a:41:fc:fe:fb:87:bd:5d:
         2b:35:57:78:cf:9c:29:c2:13:f3:01:ec:83:20:5a:6e:2f:77:
         13:ea:ce:14:61:4e:79:58:40:5f:14:e8:dd:55:33:da:a4:47:
         b7:91:f6:7a:16:39:b1:74:cd:1d:84:6d:88:ea:6e:aa:d5:b9:
         ac:68:1f:f6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZHgkzNiVxYRvzRXw7+H9crUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQwOTExMTAxMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzcwOGU4MTVmYmVkNmJhOGI5YTUxNjQyNDAxODJhYTI2YTNmNmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyTAMeUVa/fFQX2f6WqhyAEwe/4n
jb8YAO25A7rBJRGd+cV2NfHkTvvCtFf/RGWGR4QB95nCFH7Ij5ojtS3vtG3XtEdX
WtN7l44SVtBz38B9iVffJjl/KFQVQg5bBBX1GkAo+UgiaWpKsdUr88gW6Jj9Go6s
eNmJbVYQIXXnZq/KQNvE/3MFN4MJtqXRmlvOxxT0M6eyURXtbXC9jww2IRZqgQeD
nu6ab51o1iy9DqpMufgydFijzb7H+KrkyoREx5JnvVjc/pfxciJeDcm6K6UduXvf
aEeOqsejGUb282BPt0gPC1aUQew65Hsrno3UsRyE7Z+v/OQ9qFQQ2GULgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGxwjoFfvta6i5pRZCQBgqomo/axMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvYkhDT2dWLS0xcnFMbWxGa0pBR0NxaWFqOXJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBTS/SAwQB
w7KMMA0GCSqGSIb3DQEBCwUAA4IBAQBhFH/IpwqgdnTgM/yF7k3idUI2V72EH1cC
aL45cTm507xdu1205eRFrjr+19K5JHlmgna+M7H34h7kaSi1s+CqqbZTWSHHTg9d
HYTCpannYNJqDlu0iv2Y3AazgKS8vsirzVsHI409f7wQAe38wvr57yOfl3yESS+8
aJ1H1zj7611OIJB3Rw57qZ7yzz4B1wf/Z0s0Mrh5xG/JdiyLfDbWniKfV+NxprdZ
aR2y4oEXSBMiiSyg8Ipuh6ql9to2ekH8/vuHvV0rNVd4z5wpwhPzAeyDIFpuL3cT
6s4UYU55WEBfFOjdVTPapEe3kfZ6FjmxdM0dhG2I6m6q1bmsaB/2
-----END CERTIFICATE-----