Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/BQLA3JzycBIIFpPz0Ljbn49kIDw.roa
File:                     BQLA3JzycBIIFpPz0Ljbn49kIDw.roa (raw, json)
Hash identifier:          Ur9b0kBAM9oAk8tMADyeDMoBSgVTtygNA6TlNJY1mqo=
Subject key identifier:   05:02:C0:DC:9C:F2:70:12:08:16:93:F3:D0:B8:DB:9F:8F:64:20:3C
Certificate issuer:       /CN=2e252a477242fb45f20bb08020a403a2bb466a9b
Certificate serial:       018CC5DCD0620C91678CF493AAE83C25F30C
Authority key identifier: 2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/BQLA3JzycBIIFpPz0Ljbn49kIDw.roa
Signing time:             Mon 01 Jan 2024 16:30:31 +0000
ROA not before:           Mon 01 Jan 2024 16:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6736
IP address blocks:        85.132.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:d0:62:0c:91:67:8c:f4:93:aa:e8:3c:25:f3:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e252a477242fb45f20bb08020a403a2bb466a9b
        Validity
            Not Before: Jan  1 16:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0502c0dc9cf27012081693f3d0b8db9f8f64203c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:12:1e:f3:41:a0:4d:2a:a3:19:79:a9:71:f3:
                    37:3e:66:60:a1:e1:93:04:0f:45:4e:a9:e6:bd:2d:
                    2a:2b:18:25:4f:0b:0d:df:1e:32:fc:fe:b2:a0:43:
                    90:81:11:24:30:00:b3:aa:5a:1e:0f:84:96:f7:09:
                    84:32:74:08:eb:69:36:34:73:24:ac:e2:2a:51:66:
                    ea:d0:79:5c:00:f5:fb:c0:7b:50:a0:87:9c:3e:5d:
                    88:f6:e6:6e:7e:bd:f3:df:91:8a:de:d7:f7:cf:cd:
                    8b:e8:ac:fd:21:c9:a5:a2:79:c7:f6:82:ad:6b:4b:
                    bd:b9:18:40:6c:1b:b9:80:05:c3:b8:a3:7d:94:c0:
                    e1:b8:92:34:08:a5:bb:d1:4b:81:85:fe:aa:fc:aa:
                    a6:6f:8d:01:99:32:da:fc:8d:89:33:10:6d:74:16:
                    11:85:0f:54:be:9c:10:15:64:f1:90:4f:f9:da:d2:
                    06:19:f7:f4:1e:11:a4:b6:30:96:09:c6:6d:24:2b:
                    20:1b:8b:53:7b:55:2f:47:ff:fb:e4:db:b9:1d:1c:
                    c4:95:96:da:42:fa:b8:b5:88:38:5a:ca:f4:5d:bd:
                    bf:39:e2:d1:b9:aa:fe:fe:12:e0:e2:ce:33:0d:94:
                    3c:d8:b3:b9:8e:d1:6c:59:ae:94:23:84:be:fb:45:
                    df:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:02:C0:DC:9C:F2:70:12:08:16:93:F3:D0:B8:DB:9F:8F:64:20:3C
            X509v3 Authority Key Identifier:
                keyid:2E:25:2A:47:72:42:FB:45:F2:0B:B0:80:20:A4:03:A2:BB:46:6A:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiUqR3JC-0XyC7CAIKQDortGaps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/BQLA3JzycBIIFpPz0Ljbn49kIDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/b10562-26a1-4645-8d2b-16f146bef995/1/LiUqR3JC-0XyC7CAIKQDortGaps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.132.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:55:2f:c7:b9:8e:24:a2:78:ed:b8:ce:2b:15:a7:1c:7a:d4:
         c7:19:7a:e9:ca:64:7f:f5:2e:c0:f7:1a:c9:fb:b9:35:76:4d:
         e1:5b:11:64:f6:52:be:4b:ab:2e:19:d2:87:b9:d9:e2:18:b8:
         82:87:82:d7:9f:98:08:ca:79:94:36:51:35:1b:6a:00:11:57:
         ff:c6:c3:44:35:d4:32:89:2c:97:f7:15:b3:ec:7f:e7:b1:0e:
         7f:15:bb:74:85:8c:a5:ab:e0:78:63:46:19:b0:2f:35:95:a6:
         c2:d5:5c:40:97:f4:5f:7c:a1:26:e6:b5:0a:d2:24:5f:01:5c:
         ae:80:38:61:e1:b1:95:47:27:c4:5b:4b:74:29:86:87:91:c6:
         a4:e7:ac:b4:4f:4f:8f:01:7b:0c:f9:58:3f:f4:76:3f:28:09:
         8e:2a:15:fb:43:c2:de:1d:ef:d4:de:46:7b:bc:60:ac:89:89:
         72:d7:6a:d0:d0:d7:c1:ea:90:e3:6f:93:ef:5a:9e:57:ad:c6:
         ac:62:03:c1:3d:fc:ae:1e:97:94:1a:d7:15:03:eb:dd:ca:03:
         77:39:07:a2:47:ff:9a:9f:41:16:89:85:3a:32:c3:5b:8b:83:
         0b:7c:1a:e1:68:7e:35:61:e3:79:6e:9d:0b:f8:1c:4f:c7:f9:
         a2:66:da:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3NBiDJFnjPSTqug8JfMMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMjUyYTQ3NzI0MmZiNDVmMjBiYjA4MDIwYTQwM2EyYmI0
NjZhOWIwHhcNMjQwMTAxMTYzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTAyYzBkYzljZjI3MDEyMDgxNjkzZjNkMGI4ZGI5ZjhmNjQyMDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxIe80GgTSqjGXmpcfM3PmZgoeGT
BA9FTqnmvS0qKxglTwsN3x4y/P6yoEOQgREkMACzqloeD4SW9wmEMnQI62k2NHMk
rOIqUWbq0HlcAPX7wHtQoIecPl2I9uZufr3z35GK3tf3z82L6Kz9IcmlonnH9oKt
a0u9uRhAbBu5gAXDuKN9lMDhuJI0CKW70UuBhf6q/Kqmb40BmTLa/I2JMxBtdBYR
hQ9UvpwQFWTxkE/52tIGGff0HhGktjCWCcZtJCsgG4tTe1UvR//75Nu5HRzElZba
Qvq4tYg4Wsr0Xb2/OeLRuar+/hLg4s4zDZQ82LO5jtFsWa6UI4S++0XflQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUCwNyc8nASCBaT89C425+PZCA8MB8GA1UdIwQY
MBaAFC4lKkdyQvtF8guwgCCkA6K7RmqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmIt
MTZmMTQ2YmVmOTk1LzEvQlFMQTNKenljQklJRnBQejBMamJuNDlrSUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9iMTA1NjItMjZhMS00NjQ1LThkMmItMTZmMTQ2YmVmOTk1
LzEvTGlVcVIzSkMtMFh5QzdDQUlLUURvcnRHYXBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYQyMA0G
CSqGSIb3DQEBCwUAA4IBAQAPVS/HuY4konjtuM4rFaccetTHGXrpymR/9S7A9xrJ
+7k1dk3hWxFk9lK+S6suGdKHudniGLiCh4LXn5gIynmUNlE1G2oAEVf/xsNENdQy
iSyX9xWz7H/nsQ5/Fbt0hYylq+B4Y0YZsC81labC1VxAl/RffKEm5rUK0iRfAVyu
gDhh4bGVRyfEW0t0KYaHkcak56y0T0+PAXsM+Vg/9HY/KAmOKhX7Q8LeHe/U3kZ7
vGCsiYly12rQ0NfB6pDjb5PvWp5XrcasYgPBPfyuHpeUGtcVA+vdygN3OQeiR/+a
n0EWiYU6MsNbi4MLfBrhaH41YeN5bp0L+BxPx/miZtpH
-----END CERTIFICATE-----