Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/64666e-af1b-4118-823d-5de99a52aa39/1/BQnbCWl-cPlM4zrT8VIY2RHKhXk.roa
File:                     BQnbCWl-cPlM4zrT8VIY2RHKhXk.roa (raw, json)
Hash identifier:          W9ZhNmf0hRR7munYawsHSh9RHgGz6uZbLE/wbKMgH7U=
Subject key identifier:   05:09:DB:09:69:7E:70:F9:4C:E3:3A:D3:F1:52:18:D9:11:CA:85:79
Certificate issuer:       /CN=d26e4538f1ddea77f57396bb93b907f152df697c
Certificate serial:       0190C0C8A937444681D5AA6EE6AA02C10D5D
Authority key identifier: D2:6E:45:38:F1:DD:EA:77:F5:73:96:BB:93:B9:07:F1:52:DF:69:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0m5FOPHd6nf1c5a7k7kH8VLfaXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/64666e-af1b-4118-823d-5de99a52aa39/1/BQnbCWl-cPlM4zrT8VIY2RHKhXk.roa
Signing time:             Wed 17 Jul 2024 13:01:34 +0000
ROA not before:           Wed 17 Jul 2024 13:01:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197731
IP address blocks:        185.233.172.0/22 maxlen: 24
                          2a0c:eb00::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/64666e-af1b-4118-823d-5de99a52aa39/1/0m5FOPHd6nf1c5a7k7kH8VLfaXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/64666e-af1b-4118-823d-5de99a52aa39/1/0m5FOPHd6nf1c5a7k7kH8VLfaXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0m5FOPHd6nf1c5a7k7kH8VLfaXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c0:c8:a9:37:44:46:81:d5:aa:6e:e6:aa:02:c1:0d:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d26e4538f1ddea77f57396bb93b907f152df697c
        Validity
            Not Before: Jul 17 13:01:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0509db09697e70f94ce33ad3f15218d911ca8579
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:32:50:e3:97:01:ac:37:2a:00:99:c7:bb:ae:
                    83:9c:3d:f7:f5:3d:01:f7:58:9f:c8:c5:b7:8f:33:
                    45:cb:4a:e0:3c:e5:9f:d4:30:e0:25:f4:c7:4c:de:
                    a8:e6:65:78:4c:7d:1e:40:48:c6:92:11:3e:ea:c6:
                    f1:78:f7:96:bf:11:04:29:41:3c:11:ec:58:96:87:
                    4f:f6:a9:ba:10:36:41:3c:ce:00:dc:09:c4:59:31:
                    2a:45:08:31:0b:c0:2e:05:99:f0:e4:e7:72:16:f7:
                    85:9f:23:bb:d4:e7:35:97:a7:3a:77:47:e4:f6:68:
                    52:f0:72:f5:52:ce:e8:74:3f:1c:4f:73:cc:08:a7:
                    67:68:56:13:95:4d:28:e2:b9:3b:c7:5a:ac:9a:7e:
                    67:70:81:f8:c8:2f:9c:39:e1:bd:71:2c:da:0d:14:
                    e8:87:13:e1:96:5c:28:4f:06:a1:1f:b0:56:89:2c:
                    43:a8:42:7f:64:e8:53:22:8d:65:9d:08:bc:26:f1:
                    15:71:27:5d:56:24:7a:8f:0f:5d:79:b1:23:bd:79:
                    51:0a:b0:8f:85:99:a2:a7:7e:6b:3f:59:0e:b4:91:
                    22:01:01:f7:6e:30:16:d9:47:7e:70:63:0d:b7:83:
                    d2:47:6e:d0:4f:09:1e:73:c3:c7:fd:68:4c:e9:25:
                    1b:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:09:DB:09:69:7E:70:F9:4C:E3:3A:D3:F1:52:18:D9:11:CA:85:79
            X509v3 Authority Key Identifier:
                keyid:D2:6E:45:38:F1:DD:EA:77:F5:73:96:BB:93:B9:07:F1:52:DF:69:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0m5FOPHd6nf1c5a7k7kH8VLfaXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/64666e-af1b-4118-823d-5de99a52aa39/1/BQnbCWl-cPlM4zrT8VIY2RHKhXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/64666e-af1b-4118-823d-5de99a52aa39/1/0m5FOPHd6nf1c5a7k7kH8VLfaXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.233.172.0/22
                IPv6:
                  2a0c:eb00::/32

    Signature Algorithm: sha256WithRSAEncryption
         20:56:ef:05:4a:a6:7d:da:89:31:98:6e:14:c9:6e:a2:35:cf:
         cf:25:af:86:a6:39:05:3e:3f:d1:b1:32:9c:f4:e9:f2:1c:60:
         f0:5b:b9:a3:5a:33:05:89:fd:68:e0:4e:ba:5e:22:47:19:0f:
         49:75:22:58:f7:72:b7:bd:f0:a7:06:a9:71:03:45:b5:9b:d3:
         c3:16:bf:93:3c:d1:02:72:94:5e:14:49:33:0d:c5:1c:f1:88:
         65:e6:fc:8d:a6:1d:d8:e5:72:6a:67:87:85:dd:1f:c2:e4:3c:
         51:36:c4:36:31:cd:64:4e:40:c5:4f:32:af:ec:7b:8a:32:79:
         f1:91:f2:be:3a:4c:fc:93:50:dc:15:34:0a:54:72:a7:8b:97:
         d7:7d:1f:1b:d9:35:29:d9:77:23:86:34:25:e8:3e:26:01:23:
         9a:94:f5:2c:fb:70:d8:71:63:4e:6b:45:34:af:6b:34:50:e6:
         23:1c:3a:98:b7:7e:1f:86:bb:42:74:32:78:a8:52:f5:0e:49:
         65:60:cb:0e:a7:7f:47:b8:47:64:fc:3d:44:08:c5:a8:44:88:
         8b:a9:c4:9b:91:ab:bf:b4:c4:fa:d4:09:8c:5c:bf:27:fb:02:
         95:44:06:50:ad:85:db:26:c6:9a:85:00:b4:43:4f:e9:4a:ef:
         e4:3b:d3:29
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZDAyKk3REaB1apu5qoCwQ1dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNmU0NTM4ZjFkZGVhNzdmNTczOTZiYjkzYjkwN2YxNTJk
ZjY5N2MwHhcNMjQwNzE3MTMwMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTA5ZGIwOTY5N2U3MGY5NGNlMzNhZDNmMTUyMThkOTExY2E4NTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzJQ45cBrDcqAJnHu66DnD339T0B
91ifyMW3jzNFy0rgPOWf1DDgJfTHTN6o5mV4TH0eQEjGkhE+6sbxePeWvxEEKUE8
EexYlodP9qm6EDZBPM4A3AnEWTEqRQgxC8AuBZnw5OdyFveFnyO71Oc1l6c6d0fk
9mhS8HL1Us7odD8cT3PMCKdnaFYTlU0o4rk7x1qsmn5ncIH4yC+cOeG9cSzaDRTo
hxPhllwoTwahH7BWiSxDqEJ/ZOhTIo1lnQi8JvEVcSddViR6jw9debEjvXlRCrCP
hZmip35rP1kOtJEiAQH3bjAW2Ud+cGMNt4PSR27QTwkec8PH/WhM6SUbfQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAUJ2wlpfnD5TOM60/FSGNkRyoV5MB8GA1UdIwQY
MBaAFNJuRTjx3ep39XOWu5O5B/FS32l8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG01Rk9QSGQ2bmYxYzVhN2s3a0g4VkxmYVh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS82NDY2NmUtYWYxYi00MTE4LTgyM2Qt
NWRlOTlhNTJhYTM5LzEvQlFuYkNXbC1jUGxNNHpyVDhWSVkyUkhLaFhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS82NDY2NmUtYWYxYi00MTE4LTgyM2QtNWRlOTlhNTJhYTM5
LzEvMG01Rk9QSGQ2bmYxYzVhN2s3a0g4VkxmYVh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuemsMA0E
AgACMAcDBQAqDOsAMA0GCSqGSIb3DQEBCwUAA4IBAQAgVu8FSqZ92okxmG4UyW6i
Nc/PJa+GpjkFPj/RsTKc9OnyHGDwW7mjWjMFif1o4E66XiJHGQ9JdSJY93K3vfCn
BqlxA0W1m9PDFr+TPNECcpReFEkzDcUc8Yhl5vyNph3Y5XJqZ4eF3R/C5DxRNsQ2
Mc1kTkDFTzKv7HuKMnnxkfK+Okz8k1DcFTQKVHKni5fXfR8b2TUp2XcjhjQl6D4m
ASOalPUs+3DYcWNOa0U0r2s0UOYjHDqYt34fhrtCdDJ4qFL1DkllYMsOp39HuEdk
/D1ECMWoRIiLqcSbkau/tMT61AmMXL8n+wKVRAZQrYXbJsaahQC0Q0/pSu/kO9Mp
-----END CERTIFICATE-----