Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/BQMEopYhuBuoYXOOlYe1DeOe9Y8.roa
File:                     BQMEopYhuBuoYXOOlYe1DeOe9Y8.roa (raw, json)
Hash identifier:          Fo3adPy+AhVk1kUMAOP6po3NDqQXKlv1FFyWoqPXN9k=
Subject key identifier:   05:03:04:A2:96:21:B8:1B:A8:61:73:8E:95:87:B5:0D:E3:9E:F5:8F
Certificate issuer:       /CN=beba48c7e2c9e05eda546d899146b89f799df85d
Certificate serial:       018CC6B88FF03520894FF1CE7781D6AA666F
Authority key identifier: BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/BQMEopYhuBuoYXOOlYe1DeOe9Y8.roa
Signing time:             Mon 01 Jan 2024 20:30:33 +0000
ROA not before:           Mon 01 Jan 2024 20:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44899
IP address blocks:        193.110.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:8f:f0:35:20:89:4f:f1:ce:77:81:d6:aa:66:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=beba48c7e2c9e05eda546d899146b89f799df85d
        Validity
            Not Before: Jan  1 20:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=050304a29621b81ba861738e9587b50de39ef58f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a1:51:d9:c1:11:b9:7c:96:1a:43:81:b2:f4:
                    07:11:ad:6d:12:04:5d:9e:ff:39:e7:b0:a9:3e:ed:
                    0f:ce:79:b6:9e:1d:06:b5:0d:3d:9c:f3:56:25:9e:
                    d7:83:65:70:03:ca:d8:7a:e8:50:b6:98:c2:75:c8:
                    1a:90:10:49:4c:fb:89:97:04:3d:3b:6f:51:71:eb:
                    c6:88:93:09:b6:6e:6e:b0:78:af:13:f0:a5:88:59:
                    71:34:ca:80:52:f6:c1:c6:16:ce:f9:17:48:94:b6:
                    9f:0b:08:de:0c:50:2e:9b:55:3f:6c:92:3f:db:93:
                    8f:03:fd:6f:e8:66:17:f4:da:3f:37:3b:9a:97:22:
                    34:a1:4e:19:74:d6:ed:cd:f1:da:17:42:98:25:bd:
                    78:2f:b1:5f:c8:ca:32:33:bd:40:47:f0:e3:46:bb:
                    2a:3d:ed:79:78:45:bc:8a:69:51:7d:85:a9:69:35:
                    af:56:cc:5e:c0:0a:77:92:88:4b:8f:35:a5:fd:00:
                    11:de:75:3f:bc:c6:87:f1:1f:5c:e2:75:e2:68:21:
                    99:8e:79:17:a4:fb:a1:ab:16:9f:1e:15:4a:fc:15:
                    c4:78:42:67:84:3e:d7:a6:3a:7f:dd:34:c0:3b:3d:
                    0e:9d:83:53:62:6a:a5:95:a0:25:8a:a6:0f:69:8d:
                    3f:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:03:04:A2:96:21:B8:1B:A8:61:73:8E:95:87:B5:0D:E3:9E:F5:8F
            X509v3 Authority Key Identifier:
                keyid:BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/BQMEopYhuBuoYXOOlYe1DeOe9Y8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:d4:8f:36:0c:40:3e:00:8f:0f:2d:57:08:ad:3d:66:d3:48:
         a2:d0:a5:6c:ef:48:91:5e:c9:9f:b4:7d:f2:af:2f:99:8d:b6:
         5a:1e:69:05:99:bd:89:ce:f0:81:ca:65:d7:fd:ed:61:55:54:
         99:71:53:19:cd:57:48:06:a1:3d:16:80:74:64:44:44:db:b8:
         06:a2:f8:b0:12:db:d6:93:e5:04:04:73:1b:89:f8:85:da:b9:
         e9:9e:88:c4:b6:3d:72:cb:44:04:1e:82:8c:02:90:c3:be:46:
         05:9f:59:30:14:69:7f:6c:5c:e8:b9:90:8f:83:09:f0:46:d5:
         fc:d2:b0:5a:7f:24:3c:85:3e:12:ae:e2:6c:a3:22:9b:a1:7e:
         ef:67:a4:c8:73:e4:05:bc:d5:c3:1c:12:b6:ae:7b:c5:68:ca:
         8d:6b:9d:d0:34:08:fc:1a:23:25:33:f4:86:3a:23:35:77:e6:
         09:bd:77:40:bd:c0:bc:7a:b9:50:33:3c:0d:9f:20:9a:be:77:
         67:e0:7b:e9:49:d6:7c:c1:a6:e0:1d:c4:52:bf:33:10:59:ae:
         ea:ed:f8:0a:9d:27:a6:b2:86:a4:41:5c:1a:7b:1d:0d:99:c7:
         36:ae:20:f2:72:c4:8a:19:d1:11:6b:42:1b:b8:b6:58:41:a3:
         bf:74:fc:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuI/wNSCJT/HOd4HWqmZvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYmE0OGM3ZTJjOWUwNWVkYTU0NmQ4OTkxNDZiODlmNzk5
ZGY4NWQwHhcNMjQwMTAxMjAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTAzMDRhMjk2MjFiODFiYTg2MTczOGU5NTg3YjUwZGUzOWVmNThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaFR2cERuXyWGkOBsvQHEa1tEgRd
nv8557CpPu0Pznm2nh0GtQ09nPNWJZ7Xg2VwA8rYeuhQtpjCdcgakBBJTPuJlwQ9
O29RcevGiJMJtm5usHivE/CliFlxNMqAUvbBxhbO+RdIlLafCwjeDFAum1U/bJI/
25OPA/1v6GYX9No/NzualyI0oU4ZdNbtzfHaF0KYJb14L7FfyMoyM71AR/DjRrsq
Pe15eEW8imlRfYWpaTWvVsxewAp3kohLjzWl/QAR3nU/vMaH8R9c4nXiaCGZjnkX
pPuhqxafHhVK/BXEeEJnhD7Xpjp/3TTAOz0OnYNTYmqllaAliqYPaY0/wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUDBKKWIbgbqGFzjpWHtQ3jnvWPMB8GA1UdIwQY
MBaAFL66SMfiyeBe2lRtiZFGuJ95nfhdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYt
M2Q1MjIxODFhMmM0LzEvQlFNRW9wWWh1QnVvWVhPT2xZZTFEZU9lOVk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYtM2Q1MjIxODFhMmM0
LzEvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwW7sMA0G
CSqGSIb3DQEBCwUAA4IBAQCG1I82DEA+AI8PLVcIrT1m00ii0KVs70iRXsmftH3y
ry+ZjbZaHmkFmb2JzvCBymXX/e1hVVSZcVMZzVdIBqE9FoB0ZERE27gGoviwEtvW
k+UEBHMbifiF2rnpnojEtj1yy0QEHoKMApDDvkYFn1kwFGl/bFzouZCPgwnwRtX8
0rBafyQ8hT4SruJsoyKboX7vZ6TIc+QFvNXDHBK2rnvFaMqNa53QNAj8GiMlM/SG
OiM1d+YJvXdAvcC8erlQMzwNnyCavndn4HvpSdZ8wabgHcRSvzMQWa7q7fgKnSem
soakQVwaex0Nmcc2riDycsSKGdERa0IbuLZYQaO/dPx1
-----END CERTIFICATE-----