Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/bpaKuEAw0otMthQ9-b23wRkADvY.roa
File:                     bpaKuEAw0otMthQ9-b23wRkADvY.roa (raw, json)
Hash identifier:          yYSTDQ16bToc0Dvx/q9K7sh5nTVKal98OTGQCTUzPmQ=
Subject key identifier:   6E:96:8A:B8:40:30:D2:8B:4C:B6:14:3D:F9:BD:B7:C1:19:00:0E:F6
Certificate issuer:       /CN=beba48c7e2c9e05eda546d899146b89f799df85d
Certificate serial:       018CC6B891E4517D522B88C075F683AEE345
Authority key identifier: BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/bpaKuEAw0otMthQ9-b23wRkADvY.roa
Signing time:             Mon 01 Jan 2024 20:30:33 +0000
ROA not before:           Mon 01 Jan 2024 20:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202650
IP address blocks:        91.190.82.48/28 maxlen: 28

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:91:e4:51:7d:52:2b:88:c0:75:f6:83:ae:e3:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=beba48c7e2c9e05eda546d899146b89f799df85d
        Validity
            Not Before: Jan  1 20:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e968ab84030d28b4cb6143df9bdb7c119000ef6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:a4:f9:54:d3:8d:a6:d1:8d:aa:4a:16:09:ef:
                    f5:e0:81:b9:c1:09:cd:04:13:f0:76:e6:4d:af:80:
                    06:2b:51:b3:1d:85:e9:21:60:b8:34:f1:ff:b3:1f:
                    c4:c5:f0:35:01:c9:fa:c6:19:02:3f:d2:f6:79:00:
                    46:d6:ec:fd:d7:84:b1:42:fd:2f:18:0e:fa:2b:db:
                    7f:66:5e:57:86:05:f3:0f:bb:e2:c8:cb:5a:cb:b2:
                    3a:5a:dc:0c:19:12:6f:0e:d8:34:07:a2:1f:ac:53:
                    c9:11:86:97:56:9c:ad:b4:0a:16:89:f5:2c:07:e8:
                    44:0b:97:d8:a9:c0:e4:75:d9:8a:48:d0:df:29:5e:
                    33:81:be:ff:d3:9b:3d:b7:c1:e8:f1:83:fe:0b:06:
                    98:b2:7a:52:45:08:99:2c:66:56:b8:56:5b:6a:c8:
                    f1:00:ec:33:b1:6b:9d:4c:58:55:cf:25:20:81:a5:
                    62:2c:81:a8:37:9a:a1:8f:08:4d:53:9d:e3:fd:58:
                    b2:f7:98:d3:bd:46:d8:8f:bb:9a:42:5a:41:d1:53:
                    20:18:94:2f:ef:d6:4b:fe:ed:10:39:ce:d8:1b:0f:
                    34:09:74:f0:2c:dc:ab:d4:c9:9e:ed:a0:51:3c:3b:
                    3e:1a:a3:a9:9c:58:a7:f9:31:ca:a1:56:07:aa:63:
                    53:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:96:8A:B8:40:30:D2:8B:4C:B6:14:3D:F9:BD:B7:C1:19:00:0E:F6
            X509v3 Authority Key Identifier:
                keyid:BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/bpaKuEAw0otMthQ9-b23wRkADvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.190.82.48/28

    Signature Algorithm: sha256WithRSAEncryption
         48:cf:66:1d:9b:fd:3c:4c:6b:46:59:b0:62:8d:9c:b3:61:56:
         35:8a:d5:25:90:71:d8:6d:2d:57:fc:b5:b8:c3:0f:f2:39:00:
         b4:4a:72:eb:71:a4:86:31:4f:fb:39:c1:1c:5b:9c:2a:ea:2f:
         a1:b3:ec:0d:e2:46:12:d6:e3:96:38:42:ed:ca:c3:02:24:4b:
         4e:34:d5:dc:c5:4c:e5:f8:54:f5:8a:a3:75:b2:8d:0f:76:f8:
         bc:a8:9c:e7:f6:db:1f:4d:cf:81:ee:95:85:86:25:b7:cc:41:
         a0:4e:eb:74:26:06:41:2d:46:31:39:15:ba:4a:5b:57:4c:7e:
         c3:2f:20:87:4b:fd:a2:40:20:05:4d:eb:d5:b3:d5:d1:09:c2:
         8e:dd:73:67:dc:78:24:51:1d:76:97:8f:5f:ce:bf:3d:42:41:
         e3:84:a0:58:ab:d7:16:fc:8a:62:7e:8d:eb:9d:fc:bc:0e:7e:
         8d:25:d0:97:3c:0c:52:10:98:77:1a:f4:39:41:6e:de:89:22:
         fa:43:e1:d2:7b:f6:1c:d5:d0:49:82:95:27:63:72:16:2b:2e:
         19:31:3e:3b:26:ac:eb:b4:91:9a:84:96:c1:b0:b3:7e:a4:0e:
         17:3d:d7:0b:40:39:1c:13:5d:36:20:47:22:c6:a9:86:6d:f9:
         32:03:82:2f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGuJHkUX1SK4jAdfaDruNFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYmE0OGM3ZTJjOWUwNWVkYTU0NmQ4OTkxNDZiODlmNzk5
ZGY4NWQwHhcNMjQwMTAxMjAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTk2OGFiODQwMzBkMjhiNGNiNjE0M2RmOWJkYjdjMTE5MDAwZWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg6T5VNONptGNqkoWCe/14IG5wQnN
BBPwduZNr4AGK1GzHYXpIWC4NPH/sx/ExfA1Acn6xhkCP9L2eQBG1uz914SxQv0v
GA76K9t/Zl5XhgXzD7viyMtay7I6WtwMGRJvDtg0B6IfrFPJEYaXVpyttAoWifUs
B+hEC5fYqcDkddmKSNDfKV4zgb7/05s9t8Ho8YP+CwaYsnpSRQiZLGZWuFZbasjx
AOwzsWudTFhVzyUggaViLIGoN5qhjwhNU53j/Viy95jTvUbYj7uaQlpB0VMgGJQv
79ZL/u0QOc7YGw80CXTwLNyr1Mme7aBRPDs+GqOpnFin+THKoVYHqmNTjwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFG6WirhAMNKLTLYUPfm9t8EZAA72MB8GA1UdIwQY
MBaAFL66SMfiyeBe2lRtiZFGuJ95nfhdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYt
M2Q1MjIxODFhMmM0LzEvYnBhS3VFQXcwb3RNdGhROS1iMjN3UmtBRHZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYtM2Q1MjIxODFhMmM0
LzEvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUEW75SMDAN
BgkqhkiG9w0BAQsFAAOCAQEASM9mHZv9PExrRlmwYo2cs2FWNYrVJZBx2G0tV/y1
uMMP8jkAtEpy63GkhjFP+znBHFucKuovobPsDeJGEtbjljhC7crDAiRLTjTV3MVM
5fhU9YqjdbKND3b4vKic5/bbH03Pge6VhYYlt8xBoE7rdCYGQS1GMTkVukpbV0x+
wy8gh0v9okAgBU3r1bPV0QnCjt1zZ9x4JFEddpePX86/PUJB44SgWKvXFvyKYn6N
6538vA5+jSXQlzwMUhCYdxr0OUFu3oki+kPh0nv2HNXQSYKVJ2NyFisuGTE+Oyas
67SRmoSWwbCzfqQOFz3XC0A5HBNdNiBHIsaphm35MgOCLw==
-----END CERTIFICATE-----