Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/b7fe75-30ee-4a6f-b528-fa3071c435f1/1/bmkhfpzln7pGH6_ZpRzl_FUcvfI.roa
File:                     bmkhfpzln7pGH6_ZpRzl_FUcvfI.roa (raw, json)
Hash identifier:          89MuOGK3OXzrjAVye9Wc4Jw/ur49sW8fJPosCRBvPOs=
Subject key identifier:   6E:69:21:7E:9C:E5:9F:BA:46:1F:AF:D9:A5:1C:E5:FC:55:1C:BD:F2
Certificate issuer:       /CN=5c57b61611719ec7c8e0012b1aff7e81fc7689bd
Certificate serial:       018CC5DBF7F5E05FA387FABD6C8DF8FE3911
Authority key identifier: 5C:57:B6:16:11:71:9E:C7:C8:E0:01:2B:1A:FF:7E:81:FC:76:89:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XFe2FhFxnsfI4AErGv9-gfx2ib0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/b7fe75-30ee-4a6f-b528-fa3071c435f1/1/bmkhfpzln7pGH6_ZpRzl_FUcvfI.roa
Signing time:             Mon 01 Jan 2024 16:29:36 +0000
ROA not before:           Mon 01 Jan 2024 16:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28984
IP address blocks:        195.47.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/b7fe75-30ee-4a6f-b528-fa3071c435f1/1/XFe2FhFxnsfI4AErGv9-gfx2ib0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/b7fe75-30ee-4a6f-b528-fa3071c435f1/1/XFe2FhFxnsfI4AErGv9-gfx2ib0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XFe2FhFxnsfI4AErGv9-gfx2ib0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f7:f5:e0:5f:a3:87:fa:bd:6c:8d:f8:fe:39:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c57b61611719ec7c8e0012b1aff7e81fc7689bd
        Validity
            Not Before: Jan  1 16:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e69217e9ce59fba461fafd9a51ce5fc551cbdf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:cc:7d:cf:9e:ca:c9:35:59:3b:eb:1d:f9:1b:
                    73:c9:84:9d:39:75:57:5e:11:7d:61:17:9f:f7:2a:
                    e6:1f:74:08:b7:c1:34:8c:92:e6:11:48:7a:2f:b6:
                    08:8d:8f:fb:cb:9e:4d:fc:ab:a0:57:c0:87:4e:93:
                    6a:b7:6c:f4:78:6f:dd:b7:35:ba:2c:4e:ad:45:f6:
                    0a:2e:82:dc:82:a9:dd:ab:78:99:65:e2:22:5a:c9:
                    3b:a9:1b:c7:ff:ff:d1:52:08:9c:e5:24:8d:38:c0:
                    67:83:35:92:c6:bc:4b:01:78:d4:3f:df:69:fb:56:
                    94:03:73:bf:38:80:e0:84:13:51:96:dd:23:93:b2:
                    5e:e4:4d:80:ac:21:8d:c5:cc:a8:e3:b4:be:e1:e5:
                    86:b8:d6:02:0d:80:a6:cd:11:8a:98:55:d4:7b:88:
                    de:4c:ae:58:d3:97:e8:70:2e:83:2a:b5:99:c7:cd:
                    90:7a:46:b8:b6:ed:ea:ef:59:6f:b2:eb:5d:be:da:
                    18:37:c1:1e:01:1f:7e:2c:66:a4:57:08:23:8d:66:
                    d9:4d:1e:4e:ed:bc:ea:74:6d:2f:c5:27:81:14:e6:
                    e7:c6:1e:c6:2c:ac:f9:47:b2:a4:6c:ac:e3:52:bb:
                    24:ba:f2:1b:55:21:01:92:aa:fd:f1:7e:8f:17:aa:
                    9d:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:69:21:7E:9C:E5:9F:BA:46:1F:AF:D9:A5:1C:E5:FC:55:1C:BD:F2
            X509v3 Authority Key Identifier:
                keyid:5C:57:B6:16:11:71:9E:C7:C8:E0:01:2B:1A:FF:7E:81:FC:76:89:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XFe2FhFxnsfI4AErGv9-gfx2ib0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/b7fe75-30ee-4a6f-b528-fa3071c435f1/1/bmkhfpzln7pGH6_ZpRzl_FUcvfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/b7fe75-30ee-4a6f-b528-fa3071c435f1/1/XFe2FhFxnsfI4AErGv9-gfx2ib0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.47.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:e3:5c:49:98:d5:3d:46:f8:24:46:90:55:f8:a5:ba:14:1c:
         92:f9:35:f4:7e:9a:91:68:e5:2d:76:29:96:67:b4:2f:bb:2c:
         a5:b0:b2:d0:cf:3b:e7:6e:fc:59:ee:3d:ab:38:80:1f:1a:ed:
         11:7d:7f:ce:9e:79:6a:58:92:9d:a7:19:6b:6c:4c:14:f6:20:
         8a:9e:23:41:6f:0a:1c:00:1f:3f:b5:6b:2a:ab:0d:ed:62:f9:
         1c:b3:1d:aa:a5:f8:38:86:9a:7f:84:de:dd:6c:3a:ee:2b:28:
         fa:ff:1b:86:06:52:ba:5c:c8:ea:a2:35:77:8f:58:56:43:7f:
         33:bc:4e:e5:4f:e1:03:8e:ae:28:fc:6f:de:a1:e1:0b:70:a3:
         5e:39:6d:f9:84:bc:21:c1:b5:38:23:61:62:59:71:8b:7e:1e:
         ea:8c:8e:ec:8c:70:21:08:62:c2:b5:cc:b6:f5:cf:97:36:8e:
         38:6c:dd:71:67:ae:05:eb:ac:f3:15:ea:82:4f:a5:f6:14:ae:
         8f:66:d3:70:38:39:99:65:e9:35:c1:57:2d:19:fc:35:e4:6b:
         fa:7c:e9:66:97:b1:ce:a2:84:e4:94:59:a5:92:88:c2:04:eb:
         4c:f7:38:4e:7d:a9:a0:f6:ab:d5:2b:1d:5b:95:cf:0e:ca:3c:
         19:d5:11:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/f14F+jh/q9bI34/jkRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNTdiNjE2MTE3MTllYzdjOGUwMDEyYjFhZmY3ZTgxZmM3
Njg5YmQwHhcNMjQwMTAxMTYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTY5MjE3ZTljZTU5ZmJhNDYxZmFmZDlhNTFjZTVmYzU1MWNiZGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8x9z57KyTVZO+sd+RtzyYSdOXVX
XhF9YRef9yrmH3QIt8E0jJLmEUh6L7YIjY/7y55N/KugV8CHTpNqt2z0eG/dtzW6
LE6tRfYKLoLcgqndq3iZZeIiWsk7qRvH///RUgic5SSNOMBngzWSxrxLAXjUP99p
+1aUA3O/OIDghBNRlt0jk7Je5E2ArCGNxcyo47S+4eWGuNYCDYCmzRGKmFXUe4je
TK5Y05focC6DKrWZx82Qeka4tu3q71lvsutdvtoYN8EeAR9+LGakVwgjjWbZTR5O
7bzqdG0vxSeBFObnxh7GLKz5R7KkbKzjUrskuvIbVSEBkqr98X6PF6qdawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5pIX6c5Z+6Rh+v2aUc5fxVHL3yMB8GA1UdIwQY
MBaAFFxXthYRcZ7HyOABKxr/foH8dom9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEZlMkZoRnhuc2ZJNEFFckd2OS1nZngyaWIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9iN2ZlNzUtMzBlZS00YTZmLWI1Mjgt
ZmEzMDcxYzQzNWYxLzEvYm1raGZwemxuN3BHSDZfWnBSemxfRlVjdmZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9iN2ZlNzUtMzBlZS00YTZmLWI1MjgtZmEzMDcxYzQzNWYx
LzEvWEZlMkZoRnhuc2ZJNEFFckd2OS1nZngyaWIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwy/gMA0G
CSqGSIb3DQEBCwUAA4IBAQCY41xJmNU9RvgkRpBV+KW6FByS+TX0fpqRaOUtdimW
Z7QvuyylsLLQzzvnbvxZ7j2rOIAfGu0RfX/OnnlqWJKdpxlrbEwU9iCKniNBbwoc
AB8/tWsqqw3tYvkcsx2qpfg4hpp/hN7dbDruKyj6/xuGBlK6XMjqojV3j1hWQ38z
vE7lT+EDjq4o/G/eoeELcKNeOW35hLwhwbU4I2FiWXGLfh7qjI7sjHAhCGLCtcy2
9c+XNo44bN1xZ64F66zzFeqCT6X2FK6PZtNwODmZZek1wVctGfw15Gv6fOlml7HO
ooTklFmlkojCBOtM9zhOfamg9qvVKx1blc8OyjwZ1RHS
-----END CERTIFICATE-----