Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/BSlnEx89lgl_01HQ-REkDQoHDZg.roa
File:                     BSlnEx89lgl_01HQ-REkDQoHDZg.roa (raw, json)
Hash identifier:          MlbhOxiaJMprDhYtQeIoXiaVKxfqoVezHoPe9+NM65Y=
Subject key identifier:   05:29:67:13:1F:3D:96:09:7F:D3:51:D0:F9:11:24:0D:0A:07:0D:98
Certificate issuer:       /CN=8e90bd2870050c84477a161eb090f05eb962016c
Certificate serial:       019424B3ED7FC78BEC3A4EDA945BF1DE74A4
Authority key identifier: 8E:90:BD:28:70:05:0C:84:47:7A:16:1E:B0:90:F0:5E:B9:62:01:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jpC9KHAFDIRHehYesJDwXrliAWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/BSlnEx89lgl_01HQ-REkDQoHDZg.roa
Signing time:             Thu 02 Jan 2025 01:49:18 +0000
ROA not before:           Thu 02 Jan 2025 01:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1213
IP address blocks:        136.201.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/jpC9KHAFDIRHehYesJDwXrliAWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/jpC9KHAFDIRHehYesJDwXrliAWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jpC9KHAFDIRHehYesJDwXrliAWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 03:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:ed:7f:c7:8b:ec:3a:4e:da:94:5b:f1:de:74:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e90bd2870050c84477a161eb090f05eb962016c
        Validity
            Not Before: Jan  2 01:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=052967131f3d96097fd351d0f911240d0a070d98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:34:6a:ed:93:f3:c1:9e:76:96:2c:cd:c8:c4:
                    d3:9a:fc:03:db:f5:19:cc:4a:cb:2b:ce:3d:01:5e:
                    44:b5:4c:5f:7b:b4:3f:33:3c:f1:e3:67:a4:99:14:
                    d6:46:45:b8:ad:3b:bd:db:58:51:b9:d4:9f:7c:40:
                    79:3f:7a:b6:ee:f2:50:18:c6:67:8f:5b:45:42:03:
                    99:63:79:ac:50:0c:c9:9f:ab:fa:e4:03:f0:e6:cb:
                    87:c3:a5:b9:76:ba:1a:89:c4:14:35:d1:3a:21:3e:
                    66:72:eb:53:4a:b4:ac:23:92:d0:23:4e:13:6d:be:
                    51:00:cf:b7:df:21:1d:49:04:db:23:a8:e2:cc:68:
                    f7:ae:90:65:c9:aa:c0:e7:c3:c6:a6:b6:08:ab:d0:
                    06:cc:c6:e8:34:e4:be:94:bf:05:d9:d6:d5:c1:70:
                    88:04:ca:f6:a3:ff:5f:fa:1c:58:f5:2f:c7:b6:97:
                    f0:82:38:3d:51:67:fb:29:80:05:2d:b0:19:c2:79:
                    6b:96:7a:81:db:36:a1:4e:ac:e2:9d:6c:b1:42:7a:
                    72:2c:29:f2:be:15:6e:fc:b7:a0:15:e6:90:72:60:
                    e5:49:32:4c:0c:b0:7c:b0:a5:41:a4:87:19:f7:a5:
                    f6:db:88:c5:72:a1:de:5a:fd:4b:f7:74:8d:b0:07:
                    94:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:29:67:13:1F:3D:96:09:7F:D3:51:D0:F9:11:24:0D:0A:07:0D:98
            X509v3 Authority Key Identifier:
                keyid:8E:90:BD:28:70:05:0C:84:47:7A:16:1E:B0:90:F0:5E:B9:62:01:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jpC9KHAFDIRHehYesJDwXrliAWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/BSlnEx89lgl_01HQ-REkDQoHDZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/28e113-3931-4d3d-b793-ecb80702a117/1/jpC9KHAFDIRHehYesJDwXrliAWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.201.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         58:06:92:86:1a:fe:70:36:4c:d4:da:9b:d2:d9:fd:be:54:0b:
         b2:ca:76:9f:8f:89:56:f4:65:4d:96:b2:16:dd:a0:23:b2:c8:
         82:08:bd:bb:9f:ef:90:79:4d:f4:f5:87:67:0d:6d:a8:99:3b:
         d8:a0:aa:9a:71:b4:cd:97:38:ea:89:5e:95:f1:7a:d4:68:b8:
         98:cf:0b:7b:d8:d6:ce:43:84:34:31:4e:53:16:48:81:f6:ea:
         21:9b:21:62:6a:de:c7:80:54:f8:18:bd:d0:f6:f5:26:be:64:
         ec:c6:39:c8:e0:0c:6a:6b:bd:fa:b6:10:75:48:53:be:67:cc:
         2c:67:31:58:53:1c:27:c6:d3:3d:1e:53:f0:b2:5c:07:0f:1c:
         92:7a:fd:a5:74:04:28:1a:47:0e:a6:f1:0c:91:79:10:c3:ef:
         b9:b6:27:d0:a0:d3:0c:04:8a:41:f3:f3:8c:5b:4d:d3:86:75:
         85:ef:a0:6a:7d:79:7c:49:b5:0b:75:6e:d8:38:7c:b5:b6:fb:
         07:b5:c1:8d:af:6d:05:3c:b4:68:b7:ad:8f:22:e6:46:29:cc:
         09:5e:9f:9b:32:4d:25:a4:0b:b8:96:86:4c:dd:27:d7:8d:75:
         0c:82:36:8e:d5:49:cd:d9:72:ae:f0:6a:82:c7:9f:14:91:85:
         61:bb:54:7d
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQks+1/x4vsOk7alFvx3nSkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlOTBiZDI4NzAwNTBjODQ0NzdhMTYxZWIwOTBmMDVlYjk2
MjAxNmMwHhcNMjUwMTAyMDE0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTI5NjcxMzFmM2Q5NjA5N2ZkMzUxZDBmOTExMjQwZDBhMDcwZDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTRq7ZPzwZ52lizNyMTTmvwD2/UZ
zErLK849AV5EtUxfe7Q/Mzzx42ekmRTWRkW4rTu921hRudSffEB5P3q27vJQGMZn
j1tFQgOZY3msUAzJn6v65APw5suHw6W5droaicQUNdE6IT5mcutTSrSsI5LQI04T
bb5RAM+33yEdSQTbI6jizGj3rpBlyarA58PGprYIq9AGzMboNOS+lL8F2dbVwXCI
BMr2o/9f+hxY9S/Htpfwgjg9UWf7KYAFLbAZwnlrlnqB2zahTqzinWyxQnpyLCny
vhVu/LegFeaQcmDlSTJMDLB8sKVBpIcZ96X224jFcqHeWv1L93SNsAeUzQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFAUpZxMfPZYJf9NR0PkRJA0KBw2YMB8GA1UdIwQY
MBaAFI6QvShwBQyER3oWHrCQ8F65YgFsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanBDOUtIQUZESVJIZWhZZXNKRHdYcmxpQVd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yOGUxMTMtMzkzMS00ZDNkLWI3OTMt
ZWNiODA3MDJhMTE3LzEvQlNsbkV4ODlsZ2xfMDFIUS1SRWtEUW9IRFpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yOGUxMTMtMzkzMS00ZDNkLWI3OTMtZWNiODA3MDJhMTE3
LzEvanBDOUtIQUZESVJIZWhZZXNKRHdYcmxpQVd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAiMkwDQYJ
KoZIhvcNAQELBQADggEBAFgGkoYa/nA2TNTam9LZ/b5UC7LKdp+PiVb0ZU2Wshbd
oCOyyIIIvbuf75B5TfT1h2cNbaiZO9igqppxtM2XOOqJXpXxetRouJjPC3vY1s5D
hDQxTlMWSIH26iGbIWJq3seAVPgYvdD29Sa+ZOzGOcjgDGprvfq2EHVIU75nzCxn
MVhTHCfG0z0eU/CyXAcPHJJ6/aV0BCgaRw6m8QyReRDD77m2J9Cg0wwEikHz84xb
TdOGdYXvoGp9eXxJtQt1btg4fLW2+we1wY2vbQU8tGi3rY8i5kYpzAlen5syTSWk
C7iWhkzdJ9eNdQyCNo7VSc3Zcq7waoLHnxSRhWG7VH0=
-----END CERTIFICATE-----