Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/BvGloeMd1pr-0RarsG3frbQCits.roa
File:                     BvGloeMd1pr-0RarsG3frbQCits.roa (raw, json)
Hash identifier:          GcGKUXns2ciEuVorqL/ux5XGAMK5utLWLfmy9SJ0sbM=
Subject key identifier:   06:F1:A5:A1:E3:1D:D6:9A:FE:D1:16:AB:B0:6D:DF:AD:B4:02:8A:DB
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       01953D17C4B1D6A11B8BA20FFD251A322E15
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/BvGloeMd1pr-0RarsG3frbQCits.roa
Signing time:             Tue 25 Feb 2025 12:32:02 +0000
ROA not before:           Tue 25 Feb 2025 12:32:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20860
IP address blocks:        91.205.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 15:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:3d:17:c4:b1:d6:a1:1b:8b:a2:0f:fd:25:1a:32:2e:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Feb 25 12:32:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06f1a5a1e31dd69afed116abb06ddfadb4028adb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:50:cf:8e:df:0f:88:bb:e3:69:b1:20:e8:1d:
                    94:a6:42:81:8d:2e:57:76:4e:c1:5d:f7:45:d4:b1:
                    b3:ed:46:e8:ad:c7:f7:a7:a8:ae:55:e3:e1:21:da:
                    28:06:ba:65:76:64:b3:0d:a0:df:dd:83:a3:3a:ac:
                    a0:d5:36:df:23:1b:77:44:5a:04:7f:bb:15:a9:ec:
                    0f:1f:52:62:a7:f1:40:0f:9d:b8:72:a9:db:c8:2d:
                    d1:fa:26:f5:3b:31:64:5e:4c:c6:a1:7d:ea:a5:cc:
                    83:00:ac:b8:04:fc:cb:a6:07:e3:98:ab:0f:48:5f:
                    c7:74:dc:0c:76:20:30:ac:0d:17:48:fa:a1:ca:ef:
                    0f:fc:c2:48:f6:ee:c0:45:0f:71:64:77:4a:ff:e7:
                    d1:5e:fd:87:7b:20:b9:3c:ab:a6:d6:77:f3:b5:86:
                    73:99:19:76:30:b0:22:2c:b9:bd:67:6f:80:13:ad:
                    8e:cc:54:a1:dc:2d:de:2d:c7:fa:3c:b9:3f:6e:0b:
                    fc:3d:73:7e:19:0d:87:0d:2a:1f:78:1d:ed:20:8c:
                    b6:97:59:e3:18:fc:41:37:cf:e2:09:d0:66:e3:0c:
                    fe:7e:79:58:68:f0:21:c9:8d:d5:97:6c:45:ec:a2:
                    6b:fa:22:78:d4:d4:f4:a5:79:b1:e3:8b:3e:0e:46:
                    38:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:F1:A5:A1:E3:1D:D6:9A:FE:D1:16:AB:B0:6D:DF:AD:B4:02:8A:DB
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/BvGloeMd1pr-0RarsG3frbQCits.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:9b:a8:e3:65:8e:0c:b1:c2:26:10:7c:65:53:a7:e6:67:75:
         d6:49:f5:87:7c:ca:68:42:45:4c:37:f3:f6:90:24:04:45:f5:
         f6:5c:19:33:de:8a:2f:97:65:d4:18:74:80:42:9f:57:cc:ba:
         56:07:9f:4d:6e:37:29:9e:b9:f0:30:71:5c:37:d6:12:5b:a0:
         4b:85:c2:c9:01:bc:45:ce:86:ab:a5:37:24:d3:c5:82:49:5d:
         a6:ae:7f:27:29:7b:87:37:56:1f:02:aa:c1:7b:1a:29:9b:86:
         a5:08:88:e9:bd:bd:02:7b:cc:a1:df:6c:11:38:55:c1:01:89:
         4a:4d:b6:b3:4c:64:ef:d6:e4:d0:cf:64:e8:79:ee:ca:de:66:
         44:2a:32:22:ea:ed:84:2d:22:2a:40:ab:13:c7:60:da:9f:16:
         d4:de:44:03:30:4f:00:b4:61:5a:b2:c6:fb:29:73:7c:28:c0:
         9e:02:79:9c:b5:fd:51:68:fe:7b:32:a3:07:70:55:a9:b5:f1:
         92:24:f7:89:e5:72:7f:d8:25:a9:db:ba:b7:d2:1a:29:ee:b8:
         d2:36:9f:e7:76:de:c3:08:45:d9:11:1c:0e:6e:b0:ac:9f:db:
         47:fc:35:fb:17:45:8f:03:7d:ca:e2:5f:b9:e3:4c:48:18:8a:
         a3:f8:33:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZU9F8Sx1qEbi6IP/SUaMi4VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjUwMjI1MTIzMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmYxYTVhMWUzMWRkNjlhZmVkMTE2YWJiMDZkZGZhZGI0MDI4YWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVDPjt8PiLvjabEg6B2UpkKBjS5X
dk7BXfdF1LGz7Uborcf3p6iuVePhIdooBrpldmSzDaDf3YOjOqyg1TbfIxt3RFoE
f7sVqewPH1Jip/FAD524cqnbyC3R+ib1OzFkXkzGoX3qpcyDAKy4BPzLpgfjmKsP
SF/HdNwMdiAwrA0XSPqhyu8P/MJI9u7ARQ9xZHdK/+fRXv2HeyC5PKum1nfztYZz
mRl2MLAiLLm9Z2+AE62OzFSh3C3eLcf6PLk/bgv8PXN+GQ2HDSofeB3tIIy2l1nj
GPxBN8/iCdBm4wz+fnlYaPAhyY3Vl2xF7KJr+iJ41NT0pXmx44s+DkY4kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAbxpaHjHdaa/tEWq7Bt3620AorbMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvQnZHbG9lTWQxcHItMFJhcnNHM2ZyYlFDaXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW82eMA0G
CSqGSIb3DQEBCwUAA4IBAQBnm6jjZY4MscImEHxlU6fmZ3XWSfWHfMpoQkVMN/P2
kCQERfX2XBkz3oovl2XUGHSAQp9XzLpWB59NbjcpnrnwMHFcN9YSW6BLhcLJAbxF
zoarpTck08WCSV2mrn8nKXuHN1YfAqrBexopm4alCIjpvb0Ce8yh32wROFXBAYlK
TbazTGTv1uTQz2Toee7K3mZEKjIi6u2ELSIqQKsTx2DanxbU3kQDME8AtGFassb7
KXN8KMCeAnmctf1RaP57MqMHcFWptfGSJPeJ5XJ/2CWp27q30hop7rjSNp/ndt7D
CEXZERwObrCsn9tH/DX7F0WPA33K4l+540xIGIqj+DNV
-----END CERTIFICATE-----