Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/BSi37jJB1XerGllN4k4194sDS0U.roa
File:                     BSi37jJB1XerGllN4k4194sDS0U.roa (raw, json)
Hash identifier:          Bj6fvlHuQ3XxwnUjURRsekJkWyYKkEqHks0CB4dBBps=
Subject key identifier:   05:28:B7:EE:32:41:D5:77:AB:1A:59:4D:E2:4E:35:F7:8B:03:4B:45
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019307A4CE8B0B99E994BF9D9F4E8DA0F732
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/BSi37jJB1XerGllN4k4194sDS0U.roa
Signing time:             Thu 07 Nov 2024 17:21:01 +0000
ROA not before:           Thu 07 Nov 2024 17:21:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213980
IP address blocks:        87.229.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:07:a4:ce:8b:0b:99:e9:94:bf:9d:9f:4e:8d:a0:f7:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Nov  7 17:21:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0528b7ee3241d577ab1a594de24e35f78b034b45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:1c:1f:20:2f:13:7a:e1:90:cc:68:0a:85:55:
                    e1:c8:80:97:e7:0c:63:fe:cf:d2:0e:73:a9:54:be:
                    20:e6:25:b9:2d:5b:d5:3f:66:0d:2d:73:7c:6e:a5:
                    8e:e9:f0:f4:cb:d4:df:78:b2:ed:f9:95:8e:1b:9e:
                    b6:e5:66:de:b7:1d:07:47:54:56:69:93:32:93:0a:
                    f2:d7:b2:f7:5d:06:12:8d:a7:f7:03:0e:d2:fc:d4:
                    56:a6:33:e7:6f:e4:f9:e9:67:47:bd:62:5c:2d:df:
                    f3:22:9f:66:ad:ff:eb:1b:46:b7:18:f7:11:08:de:
                    ec:9b:6a:33:6f:54:c9:7b:e2:58:3b:c8:27:ac:e7:
                    16:39:0f:cb:1a:d0:61:c5:80:d0:a2:e3:92:96:cd:
                    ac:36:92:1a:cf:f6:f1:4d:d0:99:b4:6a:21:05:8a:
                    cc:3a:a3:27:8b:bf:9b:a5:84:71:1f:7b:45:38:be:
                    3b:a7:f2:d2:29:2a:6c:44:4c:d0:f2:45:4f:c7:b7:
                    b4:ba:34:3a:e3:36:d8:26:d2:d8:3a:3e:2c:29:c9:
                    92:5d:41:b3:7b:5b:9d:ad:90:ed:89:3a:83:f6:83:
                    68:37:08:d8:1c:89:95:cb:65:20:ad:b7:08:21:cf:
                    45:ee:73:aa:ff:bd:29:90:b7:63:97:b7:51:a3:00:
                    36:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:28:B7:EE:32:41:D5:77:AB:1A:59:4D:E2:4E:35:F7:8B:03:4B:45
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/BSi37jJB1XerGllN4k4194sDS0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:ac:67:6c:10:f1:29:b9:23:bc:4f:c8:30:6e:f5:fb:50:90:
         9b:e7:a9:f3:6e:36:b2:d3:7d:54:20:70:60:47:f3:91:94:7f:
         53:19:3f:70:44:8e:24:c3:ca:08:6b:85:b1:a6:a7:90:82:41:
         96:ea:97:d8:55:30:8f:43:3b:7f:df:18:67:5b:8c:bc:a7:1b:
         7a:64:1d:10:5a:87:e2:5f:b2:8d:cc:27:40:4b:6c:ac:bb:8c:
         ac:ec:9a:2d:b5:ba:32:dd:36:87:89:43:69:be:61:d2:7d:e8:
         08:dc:00:2f:8b:ae:87:8a:16:23:6e:0a:f1:19:cd:01:fe:f1:
         dd:7e:6e:89:15:26:b6:dc:b3:ad:13:f3:81:70:d6:a8:39:a1:
         e2:42:3a:12:6e:46:63:b6:31:c7:43:dd:25:2b:f2:f1:28:86:
         82:13:e0:47:e0:45:7b:02:cc:a7:08:27:41:45:f0:e8:d9:f6:
         be:1e:84:8c:5b:42:3a:be:d3:15:f8:08:94:ef:d4:99:62:e7:
         28:f9:a3:80:d8:d9:69:fd:e4:f3:b1:fb:4e:eb:64:1d:f6:7f:
         2c:6a:54:38:5e:1f:ac:0f:d0:14:19:c9:cd:27:f2:31:80:68:
         f1:f2:ed:29:a0:61:9b:cf:ad:81:6e:27:cb:3a:01:6a:c9:c3:
         26:f3:e8:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMHpM6LC5nplL+dn06NoPcyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjQxMTA3MTcyMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTI4YjdlZTMyNDFkNTc3YWIxYTU5NGRlMjRlMzVmNzhiMDM0YjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRwfIC8TeuGQzGgKhVXhyICX5wxj
/s/SDnOpVL4g5iW5LVvVP2YNLXN8bqWO6fD0y9TfeLLt+ZWOG5625Wbetx0HR1RW
aZMykwry17L3XQYSjaf3Aw7S/NRWpjPnb+T56WdHvWJcLd/zIp9mrf/rG0a3GPcR
CN7sm2ozb1TJe+JYO8gnrOcWOQ/LGtBhxYDQouOSls2sNpIaz/bxTdCZtGohBYrM
OqMni7+bpYRxH3tFOL47p/LSKSpsREzQ8kVPx7e0ujQ64zbYJtLYOj4sKcmSXUGz
e1udrZDtiTqD9oNoNwjYHImVy2UgrbcIIc9F7nOq/70pkLdjl7dRowA2KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUot+4yQdV3qxpZTeJONfeLA0tFMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvQlNpMzdqSkIxWGVyR2xsTjRrNDE5NHNEUzBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+UpMA0G
CSqGSIb3DQEBCwUAA4IBAQAXrGdsEPEpuSO8T8gwbvX7UJCb56nzbjay031UIHBg
R/ORlH9TGT9wRI4kw8oIa4WxpqeQgkGW6pfYVTCPQzt/3xhnW4y8pxt6ZB0QWofi
X7KNzCdAS2ysu4ys7Jottboy3TaHiUNpvmHSfegI3AAvi66HihYjbgrxGc0B/vHd
fm6JFSa23LOtE/OBcNaoOaHiQjoSbkZjtjHHQ90lK/LxKIaCE+BH4EV7AsynCCdB
RfDo2fa+HoSMW0I6vtMV+AiU79SZYuco+aOA2Nlp/eTzsftO62Qd9n8salQ4Xh+s
D9AUGcnNJ/IxgGjx8u0poGGbz62BbifLOgFqycMm8+hr
-----END CERTIFICATE-----