Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/85ff0a-22ab-4190-9b73-259be9fbc1f1/1/BJSflswBbF0KTW1WxnqGispYE6A.roa
File:                     BJSflswBbF0KTW1WxnqGispYE6A.roa (raw, json)
Hash identifier:          0G9L1AGhPY7c7LWy6WEMdnKFLYng4LvVWndIKcOm2KU=
Subject key identifier:   04:94:9F:96:CC:01:6C:5D:0A:4D:6D:56:C6:7A:86:8A:CA:58:13:A0
Certificate issuer:       /CN=02c94804cfcc7ef258d46fc324c1676447603ef6
Certificate serial:       019701E46583C459D370B9E8E288540B499B
Authority key identifier: 02:C9:48:04:CF:CC:7E:F2:58:D4:6F:C3:24:C1:67:64:47:60:3E:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AslIBM_MfvJY1G_DJMFnZEdgPvY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/85ff0a-22ab-4190-9b73-259be9fbc1f1/1/BJSflswBbF0KTW1WxnqGispYE6A.roa
Signing time:             Sat 24 May 2025 10:43:54 +0000
ROA not before:           Sat 24 May 2025 10:43:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4913
IP address blocks:        89.254.18.0/24 maxlen: 24
                          89.254.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/85ff0a-22ab-4190-9b73-259be9fbc1f1/1/AslIBM_MfvJY1G_DJMFnZEdgPvY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/85ff0a-22ab-4190-9b73-259be9fbc1f1/1/AslIBM_MfvJY1G_DJMFnZEdgPvY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AslIBM_MfvJY1G_DJMFnZEdgPvY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 10:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:01:e4:65:83:c4:59:d3:70:b9:e8:e2:88:54:0b:49:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02c94804cfcc7ef258d46fc324c1676447603ef6
        Validity
            Not Before: May 24 10:43:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=04949f96cc016c5d0a4d6d56c67a868aca5813a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:0a:71:5d:c9:c9:7b:81:84:2b:56:88:f0:ed:
                    67:6f:48:9c:66:56:54:0c:27:84:a9:ad:bc:27:72:
                    53:95:a8:aa:22:17:65:a1:41:9a:c4:90:c4:a8:19:
                    7d:85:e7:64:b1:24:70:b0:c4:a4:fb:f7:5e:62:15:
                    02:1c:f3:8a:7d:13:45:5c:37:31:9d:8c:ac:c4:b5:
                    9a:d1:20:db:c3:c1:77:7d:7d:31:44:e4:31:f6:94:
                    cb:ff:31:65:18:27:c4:bb:dd:be:5e:86:96:9f:27:
                    ff:5c:84:e9:f7:c5:10:af:c0:87:cf:ca:a9:cc:d3:
                    88:e9:0b:8f:db:22:7e:c9:fb:6e:74:e7:66:57:bc:
                    c8:4e:27:49:7d:f2:45:33:cf:35:2c:52:38:98:96:
                    e9:e8:02:3e:80:6f:e4:7d:99:c4:97:1f:ff:6e:ba:
                    dd:ab:55:10:84:62:cb:08:0a:02:8d:a9:72:33:fe:
                    49:93:84:81:f1:e3:cc:e8:4c:64:ba:fd:47:2f:ad:
                    4e:d0:74:04:4d:09:05:ce:28:d4:67:53:f1:38:85:
                    a1:14:dd:ed:e4:dd:7b:8e:10:25:aa:24:1b:f3:46:
                    8d:d8:23:d1:b3:13:fd:22:f3:f1:dd:e5:76:7f:58:
                    e2:bb:f4:b4:e3:45:8c:de:c2:70:39:b7:41:22:90:
                    06:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:94:9F:96:CC:01:6C:5D:0A:4D:6D:56:C6:7A:86:8A:CA:58:13:A0
            X509v3 Authority Key Identifier:
                keyid:02:C9:48:04:CF:CC:7E:F2:58:D4:6F:C3:24:C1:67:64:47:60:3E:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AslIBM_MfvJY1G_DJMFnZEdgPvY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/85ff0a-22ab-4190-9b73-259be9fbc1f1/1/BJSflswBbF0KTW1WxnqGispYE6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/85ff0a-22ab-4190-9b73-259be9fbc1f1/1/AslIBM_MfvJY1G_DJMFnZEdgPvY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.254.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:b0:36:e6:21:c9:47:68:0f:16:9d:6d:02:0f:44:f4:0f:d2:
         c6:c4:81:89:29:1e:56:e3:e0:21:21:d5:d8:b6:c2:74:32:e0:
         84:b0:6d:f8:ba:20:d4:1d:53:02:60:d5:65:d4:07:67:53:6e:
         4b:e3:de:1c:25:2b:ea:66:26:5a:36:16:50:eb:64:41:c0:1b:
         08:1e:8a:06:54:29:fd:3c:13:78:b3:0f:ab:36:76:5a:f5:84:
         4b:87:fe:75:cb:81:3b:d1:c2:53:cd:31:8f:10:90:08:30:a3:
         3a:4b:5d:0f:48:3e:bf:26:9f:b9:38:f4:98:4f:52:5b:50:8c:
         dc:46:3d:8e:68:3c:8a:9e:88:05:02:b7:be:b5:00:4a:a3:95:
         35:7f:d3:23:2f:18:b6:2e:d1:c9:0f:2a:b7:4f:3c:b1:0b:d0:
         7e:2d:fa:2e:bb:a2:7f:5a:b0:b7:17:a8:a0:46:f8:77:31:71:
         38:ee:83:7a:1f:28:80:e4:91:9a:b2:d8:53:8e:66:94:c2:98:
         04:41:be:67:cd:b9:6c:1b:e2:f7:bb:16:28:4d:6e:e5:dc:76:
         1f:cd:e5:65:8b:1e:25:25:63:6f:f2:6b:da:e2:4e:44:bc:23:
         d4:15:59:2d:04:ce:38:cf:2b:a1:d7:26:a9:55:0e:4b:29:1d:
         cb:c2:aa:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcB5GWDxFnTcLno4ohUC0mbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyYzk0ODA0Y2ZjYzdlZjI1OGQ0NmZjMzI0YzE2NzY0NDc2
MDNlZjYwHhcNMjUwNTI0MTA0MzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDk0OWY5NmNjMDE2YzVkMGE0ZDZkNTZjNjdhODY4YWNhNTgxM2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwpxXcnJe4GEK1aI8O1nb0icZlZU
DCeEqa28J3JTlaiqIhdloUGaxJDEqBl9hedksSRwsMSk+/deYhUCHPOKfRNFXDcx
nYysxLWa0SDbw8F3fX0xROQx9pTL/zFlGCfEu92+XoaWnyf/XITp98UQr8CHz8qp
zNOI6QuP2yJ+yftudOdmV7zITidJffJFM881LFI4mJbp6AI+gG/kfZnElx//brrd
q1UQhGLLCAoCjalyM/5Jk4SB8ePM6Exkuv1HL61O0HQETQkFzijUZ1PxOIWhFN3t
5N17jhAlqiQb80aN2CPRsxP9IvPx3eV2f1jiu/S040WM3sJwObdBIpAG7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASUn5bMAWxdCk1tVsZ6horKWBOgMB8GA1UdIwQY
MBaAFALJSATPzH7yWNRvwyTBZ2RHYD72MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXNsSUJNX01mdkpZMUdfREpNRm5aRWRnUHZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84NWZmMGEtMjJhYi00MTkwLTliNzMt
MjU5YmU5ZmJjMWYxLzEvQkpTZmxzd0JiRjBLVFcxV3hucUdpc3BZRTZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84NWZmMGEtMjJhYi00MTkwLTliNzMtMjU5YmU5ZmJjMWYx
LzEvQXNsSUJNX01mdkpZMUdfREpNRm5aRWRnUHZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWf4SMA0G
CSqGSIb3DQEBCwUAA4IBAQAzsDbmIclHaA8WnW0CD0T0D9LGxIGJKR5W4+AhIdXY
tsJ0MuCEsG34uiDUHVMCYNVl1AdnU25L494cJSvqZiZaNhZQ62RBwBsIHooGVCn9
PBN4sw+rNnZa9YRLh/51y4E70cJTzTGPEJAIMKM6S10PSD6/Jp+5OPSYT1JbUIzc
Rj2OaDyKnogFAre+tQBKo5U1f9MjLxi2LtHJDyq3TzyxC9B+Lfouu6J/WrC3F6ig
Rvh3MXE47oN6HyiA5JGasthTjmaUwpgEQb5nzblsG+L3uxYoTW7l3HYfzeVlix4l
JWNv8mva4k5EvCPUFVktBM44zyuh1yapVQ5LKR3Lwqo1
-----END CERTIFICATE-----