Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/bc4c53-0db5-4f11-84f6-f55fcdf97846/1/BECHjRO1sNTrECspSOXRaHeMWRM.roa
File:                     BECHjRO1sNTrECspSOXRaHeMWRM.roa (raw, json)
Hash identifier:          CUP2bSCGR2R7pQJIeBFSspVhJwtI4r06AoqaZ9LnrhQ=
Subject key identifier:   04:40:87:8D:13:B5:B0:D4:EB:10:2B:29:48:E5:D1:68:77:8C:59:13
Certificate issuer:       /CN=5e2648f1290d4471bcdb50b82be4ed932003094d
Certificate serial:       01942823113D5AA8745B270C4A266441C146
Authority key identifier: 5E:26:48:F1:29:0D:44:71:BC:DB:50:B8:2B:E4:ED:93:20:03:09:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XiZI8SkNRHG821C4K-TtkyADCU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/bc4c53-0db5-4f11-84f6-f55fcdf97846/1/BECHjRO1sNTrECspSOXRaHeMWRM.roa
Signing time:             Thu 02 Jan 2025 17:49:34 +0000
ROA not before:           Thu 02 Jan 2025 17:49:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47692
IP address blocks:        193.105.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/bc4c53-0db5-4f11-84f6-f55fcdf97846/1/XiZI8SkNRHG821C4K-TtkyADCU0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/bc4c53-0db5-4f11-84f6-f55fcdf97846/1/XiZI8SkNRHG821C4K-TtkyADCU0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XiZI8SkNRHG821C4K-TtkyADCU0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:11:3d:5a:a8:74:5b:27:0c:4a:26:64:41:c1:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e2648f1290d4471bcdb50b82be4ed932003094d
        Validity
            Not Before: Jan  2 17:49:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0440878d13b5b0d4eb102b2948e5d168778c5913
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ce:49:34:4c:e3:d8:2f:05:cc:a0:12:82:5f:
                    45:b3:57:c7:05:f4:e1:43:fa:7b:6b:98:42:1f:73:
                    d9:8f:1a:09:b2:9a:af:2c:ae:53:76:ff:e5:f6:f5:
                    91:49:bb:ad:2d:d3:2d:48:15:ff:bd:5d:28:0f:58:
                    d5:5b:a8:45:45:d4:ef:c6:61:f4:63:7b:b0:18:b2:
                    89:9a:cb:bb:cc:ad:8b:ab:cf:2f:86:c9:c0:fc:61:
                    2a:e2:1f:02:d8:5b:65:62:cd:43:63:bb:c8:ee:96:
                    fa:a9:b1:cb:37:dc:33:6d:a6:d6:4c:de:ef:d3:02:
                    9b:e7:51:74:af:69:e5:53:88:be:4b:34:ea:f7:df:
                    3b:fe:ce:a6:a5:3a:35:45:86:04:06:59:41:92:78:
                    a9:dd:7d:be:4d:fa:88:f6:24:2e:49:81:46:b7:5a:
                    3f:c0:95:59:80:a4:90:2e:1d:86:51:ac:86:5d:5b:
                    e2:6b:e6:8c:09:b5:83:20:a9:6c:6e:c0:d8:ca:c4:
                    c0:e6:e9:37:c8:f3:1b:6b:a7:ea:61:78:df:81:c7:
                    72:58:89:e5:94:e6:d1:42:6b:ad:5b:11:e1:6e:35:
                    f5:d0:c8:48:fb:42:68:ef:c5:80:67:eb:2c:fe:52:
                    f4:ee:fc:32:b7:e9:d9:b3:35:44:82:c1:e0:54:d5:
                    69:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:40:87:8D:13:B5:B0:D4:EB:10:2B:29:48:E5:D1:68:77:8C:59:13
            X509v3 Authority Key Identifier:
                keyid:5E:26:48:F1:29:0D:44:71:BC:DB:50:B8:2B:E4:ED:93:20:03:09:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XiZI8SkNRHG821C4K-TtkyADCU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/bc4c53-0db5-4f11-84f6-f55fcdf97846/1/BECHjRO1sNTrECspSOXRaHeMWRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/bc4c53-0db5-4f11-84f6-f55fcdf97846/1/XiZI8SkNRHG821C4K-TtkyADCU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:5c:e2:15:0b:05:43:e8:ac:39:cb:df:f1:00:70:85:a2:8e:
         c2:6a:8c:6d:f5:6f:ed:24:ff:9b:ac:64:6a:d4:d5:fd:d1:c0:
         a5:88:1f:b0:09:b8:24:d8:19:a7:ff:16:30:fc:27:89:87:f8:
         35:49:10:28:ce:e5:98:b4:d7:b6:12:a1:bb:d2:81:c9:3f:86:
         d6:29:cb:5f:fe:35:3d:01:60:53:f2:5b:e9:c5:f2:cc:2c:a9:
         f9:29:29:69:c2:b3:2d:4b:2d:06:48:ac:68:0a:63:07:a1:58:
         74:de:6e:b0:7e:47:42:2a:1c:57:17:9f:9a:0d:2e:5d:f6:b7:
         30:e7:f5:d4:e0:ba:f1:ac:e1:08:72:41:ff:96:d3:ac:76:83:
         73:70:b2:2d:81:73:3b:63:33:53:fc:bd:2d:a6:3e:84:9f:58:
         ba:a1:98:ff:20:f2:54:7f:30:d6:4b:75:4a:a8:1d:76:d8:f9:
         31:c2:ac:7d:7d:da:70:fa:58:51:54:b3:45:c4:8e:56:e2:20:
         6b:a9:c9:bb:19:ca:23:5b:16:b7:ba:c9:dc:ee:76:83:6a:9d:
         e5:a6:79:68:40:e7:ab:ec:a0:25:e9:64:85:34:98:71:71:5c:
         0e:56:9a:e9:c8:ee:c5:30:bd:0a:af:59:63:52:3b:df:4c:07:
         16:71:19:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoIxE9Wqh0WycMSiZkQcFGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMjY0OGYxMjkwZDQ0NzFiY2RiNTBiODJiZTRlZDkzMjAw
MzA5NGQwHhcNMjUwMTAyMTc0OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDQwODc4ZDEzYjViMGQ0ZWIxMDJiMjk0OGU1ZDE2ODc3OGM1OTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAls5JNEzj2C8FzKASgl9Fs1fHBfTh
Q/p7a5hCH3PZjxoJspqvLK5Tdv/l9vWRSbutLdMtSBX/vV0oD1jVW6hFRdTvxmH0
Y3uwGLKJmsu7zK2Lq88vhsnA/GEq4h8C2FtlYs1DY7vI7pb6qbHLN9wzbabWTN7v
0wKb51F0r2nlU4i+SzTq9987/s6mpTo1RYYEBllBknip3X2+TfqI9iQuSYFGt1o/
wJVZgKSQLh2GUayGXVvia+aMCbWDIKlsbsDYysTA5uk3yPMba6fqYXjfgcdyWInl
lObRQmutWxHhbjX10MhI+0Jo78WAZ+ss/lL07vwyt+nZszVEgsHgVNVptwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFARAh40TtbDU6xArKUjl0Wh3jFkTMB8GA1UdIwQY
MBaAFF4mSPEpDURxvNtQuCvk7ZMgAwlNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGlaSThTa05SSEc4MjFDNEstVHRreUFEQ1UwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9iYzRjNTMtMGRiNS00ZjExLTg0ZjYt
ZjU1ZmNkZjk3ODQ2LzEvQkVDSGpSTzFzTlRyRUNzcFNPWFJhSGVNV1JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9iYzRjNTMtMGRiNS00ZjExLTg0ZjYtZjU1ZmNkZjk3ODQ2
LzEvWGlaSThTa05SSEc4MjFDNEstVHRreUFEQ1UwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWm1MA0G
CSqGSIb3DQEBCwUAA4IBAQCXXOIVCwVD6Kw5y9/xAHCFoo7Caoxt9W/tJP+brGRq
1NX90cCliB+wCbgk2Bmn/xYw/CeJh/g1SRAozuWYtNe2EqG70oHJP4bWKctf/jU9
AWBT8lvpxfLMLKn5KSlpwrMtSy0GSKxoCmMHoVh03m6wfkdCKhxXF5+aDS5d9rcw
5/XU4LrxrOEIckH/ltOsdoNzcLItgXM7YzNT/L0tpj6En1i6oZj/IPJUfzDWS3VK
qB122Pkxwqx9fdpw+lhRVLNFxI5W4iBrqcm7GcojWxa3usnc7naDap3lpnloQOer
7KAl6WSFNJhxcVwOVprpyO7FML0Kr1ljUjvfTAcWcRll
-----END CERTIFICATE-----