Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/bGHrFVx-D4hOmjhVFYSrLSqm9c0.roa
File:                     bGHrFVx-D4hOmjhVFYSrLSqm9c0.roa (raw, json)
Hash identifier:          +jCvW25FY9yW4gd+sqElyNlGvOzOWBDumJt1QD8OJV4=
Subject key identifier:   6C:61:EB:15:5C:7E:0F:88:4E:9A:38:55:15:84:AB:2D:2A:A6:F5:CD
Certificate issuer:       /CN=13ea78b28f054f72f5226ae3ec454980ed2a10c9
Certificate serial:       018CC2DAE1EEAB2EF504C4E89C2757962EC1
Authority key identifier: 13:EA:78:B2:8F:05:4F:72:F5:22:6A:E3:EC:45:49:80:ED:2A:10:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E-p4so8FT3L1Imrj7EVJgO0qEMk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/bGHrFVx-D4hOmjhVFYSrLSqm9c0.roa
Signing time:             Mon 01 Jan 2024 02:29:33 +0000
ROA not before:           Mon 01 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8678
IP address blocks:        161.9.152.0/21 maxlen: 21
                          161.9.180.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/E-p4so8FT3L1Imrj7EVJgO0qEMk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/E-p4so8FT3L1Imrj7EVJgO0qEMk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E-p4so8FT3L1Imrj7EVJgO0qEMk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 19:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e1:ee:ab:2e:f5:04:c4:e8:9c:27:57:96:2e:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13ea78b28f054f72f5226ae3ec454980ed2a10c9
        Validity
            Not Before: Jan  1 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c61eb155c7e0f884e9a38551584ab2d2aa6f5cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:19:a1:32:46:ca:94:dd:01:9d:83:9f:16:0c:
                    e6:75:7c:59:5d:e8:16:48:f7:15:ea:66:68:16:a5:
                    59:52:04:93:b8:76:94:8d:69:2a:5b:b7:db:20:50:
                    c5:47:ce:23:fd:e3:65:5e:3e:5f:9b:33:c3:d1:b1:
                    a1:5e:27:8b:a3:ff:ac:ba:97:92:ba:31:38:22:35:
                    45:02:a1:dd:ff:24:45:58:c9:84:3a:75:c2:52:27:
                    66:17:8c:35:1f:ef:66:88:9a:57:64:53:42:38:d1:
                    34:20:4e:94:d8:cd:7c:58:e6:e5:37:d8:21:e4:82:
                    be:37:a6:47:22:8e:13:0c:32:5f:ba:86:c8:a6:0d:
                    f8:3e:34:e0:a1:51:ff:14:93:2f:6b:bb:bc:13:23:
                    8c:65:d7:1d:72:03:f8:f4:7f:5b:63:1f:a9:b3:5e:
                    36:d2:15:c1:51:78:1f:27:f2:a8:dc:76:6b:1a:01:
                    a2:74:a6:95:9c:2a:6c:d8:a0:24:6a:9d:80:05:95:
                    33:5d:af:29:9e:47:d3:92:6d:03:39:ef:7d:d8:81:
                    05:35:95:44:2f:8d:e1:0d:44:e4:23:64:62:ef:66:
                    af:fb:02:8d:3c:3c:f2:c7:fc:12:5f:97:58:6b:1d:
                    f5:ae:e8:e3:4f:19:e7:07:9f:6b:99:69:3a:bb:6e:
                    3f:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:61:EB:15:5C:7E:0F:88:4E:9A:38:55:15:84:AB:2D:2A:A6:F5:CD
            X509v3 Authority Key Identifier:
                keyid:13:EA:78:B2:8F:05:4F:72:F5:22:6A:E3:EC:45:49:80:ED:2A:10:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E-p4so8FT3L1Imrj7EVJgO0qEMk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/bGHrFVx-D4hOmjhVFYSrLSqm9c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/E-p4so8FT3L1Imrj7EVJgO0qEMk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.9.152.0/21
                  161.9.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:36:db:bc:7c:1e:99:d1:1c:07:5a:14:90:ac:17:3e:46:79:
         7c:91:9c:87:44:fd:c6:47:5a:3a:39:b4:5d:93:99:96:3c:53:
         33:5d:ef:cb:40:94:e5:6c:39:4d:55:d1:c2:27:b7:ed:34:9c:
         4a:c9:c9:42:2d:92:c8:e2:93:d5:c9:2b:f4:f9:d6:67:f5:67:
         03:a2:ba:45:2b:7b:47:d6:fe:df:d5:07:1b:04:db:e5:02:1f:
         ef:c8:3a:d5:90:8d:c9:c0:fb:e4:24:35:36:84:fe:85:94:37:
         f3:44:22:6b:95:b1:45:5b:3b:c4:da:11:88:45:5b:0a:ca:cc:
         c6:a7:96:b3:c5:72:82:c1:1a:34:98:4c:71:3d:7e:ee:09:df:
         a9:d0:65:a9:e4:0e:b2:2b:44:1f:16:67:82:9b:f3:e7:20:08:
         ee:8a:ba:c0:67:16:ad:db:a4:3a:e9:46:4f:49:e4:04:90:ec:
         30:73:51:80:09:dc:4d:3a:0b:64:78:98:3b:86:1f:8d:39:72:
         d1:f5:51:ac:2d:09:2d:7b:da:4b:f2:b3:ca:17:e1:27:de:fb:
         48:78:6f:0c:ee:bf:2f:c4:f6:ac:21:59:0c:77:56:0a:5b:cb:
         0f:cd:4b:c4:12:b8:b8:da:34:12:97:bf:3d:16:fb:da:0a:41:
         82:b4:c9:27
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2uHuqy71BMTonCdXli7BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZWE3OGIyOGYwNTRmNzJmNTIyNmFlM2VjNDU0OTgwZWQy
YTEwYzkwHhcNMjQwMTAxMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzYxZWIxNTVjN2UwZjg4NGU5YTM4NTUxNTg0YWIyZDJhYTZmNWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRmhMkbKlN0BnYOfFgzmdXxZXegW
SPcV6mZoFqVZUgSTuHaUjWkqW7fbIFDFR84j/eNlXj5fmzPD0bGhXieLo/+supeS
ujE4IjVFAqHd/yRFWMmEOnXCUidmF4w1H+9miJpXZFNCONE0IE6U2M18WOblN9gh
5IK+N6ZHIo4TDDJfuobIpg34PjTgoVH/FJMva7u8EyOMZdcdcgP49H9bYx+ps142
0hXBUXgfJ/Ko3HZrGgGidKaVnCps2KAkap2ABZUzXa8pnkfTkm0DOe992IEFNZVE
L43hDUTkI2Ri72av+wKNPDzyx/wSX5dYax31rujjTxnnB59rmWk6u24/rQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGxh6xVcfg+ITpo4VRWEqy0qpvXNMB8GA1UdIwQY
MBaAFBPqeLKPBU9y9SJq4+xFSYDtKhDJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRS1wNHNvOEZUM0wxSW1yajdFVkpnTzBxRU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9iOTcyOTQtMjgwMi00ZDA1LTkxNTUt
MTA5OGQ2ZDg4ZGU4LzEvYkdIckZWeC1ENGhPbWpoVkZZU3JMU3FtOWMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9iOTcyOTQtMjgwMi00ZDA1LTkxNTUtMTA5OGQ2ZDg4ZGU4
LzEvRS1wNHNvOEZUM0wxSW1yajdFVkpnTzBxRU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDoQmYAwQC
oQm0MA0GCSqGSIb3DQEBCwUAA4IBAQAGNtu8fB6Z0RwHWhSQrBc+Rnl8kZyHRP3G
R1o6ObRdk5mWPFMzXe/LQJTlbDlNVdHCJ7ftNJxKyclCLZLI4pPVySv0+dZn9WcD
orpFK3tH1v7f1QcbBNvlAh/vyDrVkI3JwPvkJDU2hP6FlDfzRCJrlbFFWzvE2hGI
RVsKyszGp5azxXKCwRo0mExxPX7uCd+p0GWp5A6yK0QfFmeCm/PnIAjuirrAZxat
26Q66UZPSeQEkOwwc1GACdxNOgtkeJg7hh+NOXLR9VGsLQkte9pL8rPKF+En3vtI
eG8M7r8vxPasIVkMd1YKW8sPzUvEEri42jQSl789FvvaCkGCtMkn
-----END CERTIFICATE-----