Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/828652-addf-4fe8-9fe6-4b1f61653f3d/1/BhKmizTredwkE4q_1uJc2fYiW0o.roa
File:                     BhKmizTredwkE4q_1uJc2fYiW0o.roa (raw, json)
Hash identifier:          /S0LinKtlC9PzvL9xi2n6Rx+UUbak1qg3zgNRKfxZUQ=
Subject key identifier:   06:12:A6:8B:34:EB:79:DC:24:13:8A:BF:D6:E2:5C:D9:F6:22:5B:4A
Certificate issuer:       /CN=13932782ee7758990404fa1ccfb09ec23a86123f
Certificate serial:       018CC4936F262E2C7B67BF6E964BC687FC3E
Authority key identifier: 13:93:27:82:EE:77:58:99:04:04:FA:1C:CF:B0:9E:C2:3A:86:12:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E5Mngu53WJkEBPocz7CewjqGEj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/828652-addf-4fe8-9fe6-4b1f61653f3d/1/BhKmizTredwkE4q_1uJc2fYiW0o.roa
Signing time:             Mon 01 Jan 2024 10:30:45 +0000
ROA not before:           Mon 01 Jan 2024 10:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3344
IP address blocks:        82.136.8.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/828652-addf-4fe8-9fe6-4b1f61653f3d/1/E5Mngu53WJkEBPocz7CewjqGEj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/828652-addf-4fe8-9fe6-4b1f61653f3d/1/E5Mngu53WJkEBPocz7CewjqGEj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E5Mngu53WJkEBPocz7CewjqGEj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 04:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6f:26:2e:2c:7b:67:bf:6e:96:4b:c6:87:fc:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13932782ee7758990404fa1ccfb09ec23a86123f
        Validity
            Not Before: Jan  1 10:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0612a68b34eb79dc24138abfd6e25cd9f6225b4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:6d:3c:17:ac:9e:04:ec:00:03:92:c8:3d:32:
                    a0:15:94:e4:97:a8:e3:b5:c2:56:e4:d3:1d:26:1d:
                    6b:13:15:a5:77:69:b2:f0:11:53:08:58:d4:22:31:
                    2e:d3:65:c1:2d:5b:c3:8b:9b:43:be:fa:7c:a2:84:
                    e5:52:c1:5c:2a:74:30:0c:5d:0e:16:5c:bb:5b:0d:
                    6c:7b:f9:1e:a7:b6:d2:53:3a:00:22:85:f6:2b:e7:
                    44:6e:f3:9d:38:06:91:77:ea:44:99:20:b3:c6:e4:
                    50:0f:1e:49:b1:0b:e4:13:13:1f:42:99:99:13:d3:
                    27:c8:33:60:2e:71:e1:5c:5d:42:1e:b2:ab:cf:36:
                    c3:6f:8a:13:8d:f1:72:0e:e3:bb:9d:3f:4c:10:60:
                    ca:2c:96:2d:63:e0:25:20:2b:89:13:1c:0a:7b:01:
                    d7:2d:d1:9a:2f:c4:c4:5f:71:aa:c1:40:2a:f5:7b:
                    75:d3:bc:bc:23:b3:14:21:53:b9:a9:40:e3:17:2d:
                    cf:de:e7:1d:40:eb:07:ac:ae:67:8c:36:9d:7f:ad:
                    60:fb:5f:a0:d5:21:2c:fe:b2:33:f0:80:8c:4e:c0:
                    36:29:25:d7:63:1f:67:33:95:bb:12:d8:7b:c9:f9:
                    75:44:97:e1:8e:fc:06:2a:34:75:96:6d:61:3b:92:
                    54:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:12:A6:8B:34:EB:79:DC:24:13:8A:BF:D6:E2:5C:D9:F6:22:5B:4A
            X509v3 Authority Key Identifier:
                keyid:13:93:27:82:EE:77:58:99:04:04:FA:1C:CF:B0:9E:C2:3A:86:12:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E5Mngu53WJkEBPocz7CewjqGEj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/828652-addf-4fe8-9fe6-4b1f61653f3d/1/BhKmizTredwkE4q_1uJc2fYiW0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/828652-addf-4fe8-9fe6-4b1f61653f3d/1/E5Mngu53WJkEBPocz7CewjqGEj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.136.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ac:45:8c:e9:d2:3a:e7:37:9e:2f:e8:47:f6:ba:63:36:d8:30:
         70:11:87:f4:60:67:71:6d:8a:4f:79:88:61:16:33:1e:72:3a:
         39:0a:58:c2:ac:84:ed:82:16:12:32:95:84:eb:da:95:59:ea:
         a9:b9:ba:6b:44:78:19:89:17:12:17:b1:90:d6:4f:c6:98:17:
         ef:22:b1:f5:6d:a7:71:17:90:37:32:8d:ca:4a:ac:cf:2b:dd:
         a2:fa:b6:87:d3:47:7a:ef:98:c8:de:bd:13:7c:75:3f:56:89:
         6b:79:92:36:06:18:3a:9d:02:26:6b:5e:1c:49:4c:95:66:e1:
         d9:ec:86:27:1b:8f:5b:51:fe:a8:96:d6:e1:66:40:65:04:f9:
         41:40:f0:7e:5c:ba:66:b9:1c:7c:08:08:d0:2d:56:2b:3c:31:
         cc:88:1f:64:03:cf:7e:be:e6:b5:92:19:fe:12:e2:1d:ea:f4:
         6c:ee:1d:08:5f:6c:c1:d7:47:4c:7b:96:81:ff:f7:dd:16:71:
         3f:17:94:57:17:ad:e7:de:6c:5a:59:aa:11:ea:ba:de:19:85:
         18:a7:24:33:b2:93:4d:7a:0d:eb:8e:2b:14:5b:37:59:25:89:
         10:e7:35:1a:68:31:49:e4:3a:29:e1:7f:31:b7:b8:89:39:61:
         6f:3b:63:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk28mLix7Z79ulkvGh/w+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzOTMyNzgyZWU3NzU4OTkwNDA0ZmExY2NmYjA5ZWMyM2E4
NjEyM2YwHhcNMjQwMTAxMTAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjEyYTY4YjM0ZWI3OWRjMjQxMzhhYmZkNmUyNWNkOWY2MjI1YjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhG08F6yeBOwAA5LIPTKgFZTkl6jj
tcJW5NMdJh1rExWld2my8BFTCFjUIjEu02XBLVvDi5tDvvp8ooTlUsFcKnQwDF0O
Fly7Ww1se/kep7bSUzoAIoX2K+dEbvOdOAaRd+pEmSCzxuRQDx5JsQvkExMfQpmZ
E9MnyDNgLnHhXF1CHrKrzzbDb4oTjfFyDuO7nT9MEGDKLJYtY+AlICuJExwKewHX
LdGaL8TEX3GqwUAq9Xt107y8I7MUIVO5qUDjFy3P3ucdQOsHrK5njDadf61g+1+g
1SEs/rIz8ICMTsA2KSXXYx9nM5W7Eth7yfl1RJfhjvwGKjR1lm1hO5JUwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYSpos063ncJBOKv9biXNn2IltKMB8GA1UdIwQY
MBaAFBOTJ4Lud1iZBAT6HM+wnsI6hhI/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTVNbmd1NTNXSmtFQlBvY3o3Q2V3anFHRWo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS84Mjg2NTItYWRkZi00ZmU4LTlmZTYt
NGIxZjYxNjUzZjNkLzEvQmhLbWl6VHJlZHdrRTRxXzF1SmMyZllpVzBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS84Mjg2NTItYWRkZi00ZmU4LTlmZTYtNGIxZjYxNjUzZjNk
LzEvRTVNbmd1NTNXSmtFQlBvY3o3Q2V3anFHRWo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUogIMA0G
CSqGSIb3DQEBCwUAA4IBAQCsRYzp0jrnN54v6Ef2umM22DBwEYf0YGdxbYpPeYhh
FjMecjo5CljCrITtghYSMpWE69qVWeqpubprRHgZiRcSF7GQ1k/GmBfvIrH1badx
F5A3Mo3KSqzPK92i+raH00d675jI3r0TfHU/VolreZI2Bhg6nQIma14cSUyVZuHZ
7IYnG49bUf6oltbhZkBlBPlBQPB+XLpmuRx8CAjQLVYrPDHMiB9kA89+vua1khn+
EuId6vRs7h0IX2zB10dMe5aB//fdFnE/F5RXF63n3mxaWaoR6rreGYUYpyQzspNN
eg3rjisUWzdZJYkQ5zUaaDFJ5Dop4X8xt7iJOWFvO2Pp
-----END CERTIFICATE-----