Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/2c3a30-5498-447d-8d39-25b6bd2e1e43/1/BVdnao2ipiRfdu_oW9_GsBW1FnE.roa
File:                     BVdnao2ipiRfdu_oW9_GsBW1FnE.roa (raw, json)
Hash identifier:          Y+2FKVze/azZpmUhboeRoO5u/t4GVZg428T2ozMTiDc=
Subject key identifier:   05:57:67:6A:8D:A2:A6:24:5F:76:EF:E8:5B:DF:C6:B0:15:B5:16:71
Certificate issuer:       /CN=802fa5b984226183201b701596b0368a27ca9196
Certificate serial:       018CC793ED7C0ED4E1661A1060340BAB0444
Authority key identifier: 80:2F:A5:B9:84:22:61:83:20:1B:70:15:96:B0:36:8A:27:CA:91:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gC-luYQiYYMgG3AVlrA2iifKkZY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/2c3a30-5498-447d-8d39-25b6bd2e1e43/1/BVdnao2ipiRfdu_oW9_GsBW1FnE.roa
Signing time:             Tue 02 Jan 2024 00:30:09 +0000
ROA not before:           Tue 02 Jan 2024 00:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209363
IP address blocks:        185.253.124.0/22 maxlen: 22
                          193.34.148.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/2c3a30-5498-447d-8d39-25b6bd2e1e43/1/gC-luYQiYYMgG3AVlrA2iifKkZY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/2c3a30-5498-447d-8d39-25b6bd2e1e43/1/gC-luYQiYYMgG3AVlrA2iifKkZY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gC-luYQiYYMgG3AVlrA2iifKkZY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:ed:7c:0e:d4:e1:66:1a:10:60:34:0b:ab:04:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=802fa5b984226183201b701596b0368a27ca9196
        Validity
            Not Before: Jan  2 00:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0557676a8da2a6245f76efe85bdfc6b015b51671
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f5:57:82:ca:5c:2f:94:12:87:95:7d:16:d8:
                    fa:b4:ff:2b:8d:0a:7a:b1:1f:0b:e4:a6:50:26:ce:
                    f9:fa:86:b8:29:c2:9d:83:ad:4d:2f:6f:ce:5e:9a:
                    96:7d:11:f6:73:7c:64:06:db:c2:e6:c2:95:1c:3c:
                    38:61:d5:38:a4:af:ec:53:a3:64:e9:a5:bc:10:cd:
                    24:96:ec:ab:78:a6:45:e6:e1:48:76:83:62:9a:35:
                    a7:a1:50:90:22:66:86:73:5a:22:05:73:36:07:39:
                    39:42:b0:f9:28:f2:af:2a:48:04:7d:e8:2f:af:13:
                    9c:48:64:65:7d:4f:a7:06:88:9e:9b:08:d2:18:0b:
                    50:fc:02:88:10:fe:3c:26:ed:98:5d:1a:3a:f0:88:
                    d2:f2:99:79:79:db:7a:05:4d:10:48:a7:bd:62:9f:
                    39:ef:24:6e:44:2a:68:97:55:a7:de:8e:c4:80:0d:
                    73:c7:79:ca:26:94:75:1e:76:48:87:8c:d9:a7:3e:
                    d8:74:71:62:62:c3:2e:31:07:e9:c5:b0:33:0b:1c:
                    a0:4b:25:59:33:b7:96:33:f9:0b:3c:f7:9f:c2:58:
                    6c:42:27:f8:ad:96:41:0a:44:53:97:75:af:67:64:
                    f3:7b:6b:2b:8b:f2:f0:01:51:0d:74:a1:24:d3:36:
                    e2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:57:67:6A:8D:A2:A6:24:5F:76:EF:E8:5B:DF:C6:B0:15:B5:16:71
            X509v3 Authority Key Identifier:
                keyid:80:2F:A5:B9:84:22:61:83:20:1B:70:15:96:B0:36:8A:27:CA:91:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gC-luYQiYYMgG3AVlrA2iifKkZY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/2c3a30-5498-447d-8d39-25b6bd2e1e43/1/BVdnao2ipiRfdu_oW9_GsBW1FnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/2c3a30-5498-447d-8d39-25b6bd2e1e43/1/gC-luYQiYYMgG3AVlrA2iifKkZY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.124.0/22
                  193.34.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:2e:3c:46:96:bc:10:cb:2e:ab:12:5c:f8:0e:10:ff:b8:5f:
         dc:67:cf:a4:6e:41:2b:de:2d:2e:84:41:c5:17:96:ed:dd:a2:
         78:cd:87:ff:2a:cf:ed:66:f9:49:17:cf:cb:29:53:04:ab:7e:
         97:3a:61:d9:c8:cc:97:ef:6b:e2:27:f2:0f:5a:12:9e:aa:14:
         6f:fb:5b:3f:6d:cf:6d:e6:fa:a7:c2:6b:df:6a:13:14:88:0d:
         a2:3d:e7:b2:89:26:6e:e5:de:cd:37:13:c0:a1:25:76:ac:5c:
         f4:ad:3d:b4:b6:8f:c9:15:89:ff:2b:f5:c1:9b:f2:60:07:22:
         17:85:2d:ba:09:08:4c:da:d1:84:ed:9e:32:e1:dc:19:5b:b4:
         c3:2b:9b:53:75:f4:c8:57:f8:c1:f5:5c:23:be:ab:4d:2e:1d:
         8b:c9:8d:c8:6d:53:a4:d9:aa:09:2f:98:da:50:1b:78:f7:ed:
         75:dc:fc:e5:f4:d1:c7:04:8a:38:e8:7c:21:5e:83:4f:b4:df:
         ef:0d:30:1e:ec:d0:32:83:98:1c:55:df:57:02:05:df:55:c4:
         8e:fa:cf:03:61:50:cf:10:f6:be:46:78:c2:f2:51:0f:8e:00:
         36:b3:3b:7d:e7:ff:da:fa:92:0c:bb:a6:00:05:63:44:e3:71:
         22:91:94:b2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHk+18DtThZhoQYDQLqwREMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwMmZhNWI5ODQyMjYxODMyMDFiNzAxNTk2YjAzNjhhMjdj
YTkxOTYwHhcNMjQwMTAyMDAzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTU3Njc2YThkYTJhNjI0NWY3NmVmZTg1YmRmYzZiMDE1YjUxNjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofVXgspcL5QSh5V9Ftj6tP8rjQp6
sR8L5KZQJs75+oa4KcKdg61NL2/OXpqWfRH2c3xkBtvC5sKVHDw4YdU4pK/sU6Nk
6aW8EM0kluyreKZF5uFIdoNimjWnoVCQImaGc1oiBXM2Bzk5QrD5KPKvKkgEfegv
rxOcSGRlfU+nBoiemwjSGAtQ/AKIEP48Ju2YXRo68IjS8pl5edt6BU0QSKe9Yp85
7yRuRCpol1Wn3o7EgA1zx3nKJpR1HnZIh4zZpz7YdHFiYsMuMQfpxbAzCxygSyVZ
M7eWM/kLPPefwlhsQif4rZZBCkRTl3WvZ2Tze2sri/LwAVENdKEk0zbi+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAVXZ2qNoqYkX3bv6FvfxrAVtRZxMB8GA1UdIwQY
MBaAFIAvpbmEImGDIBtwFZawNoonypGWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0MtbHVZUWlZWU1nRzNBVmxyQTJpaWZLa1pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8yYzNhMzAtNTQ5OC00NDdkLThkMzkt
MjViNmJkMmUxZTQzLzEvQlZkbmFvMmlwaVJmZHVfb1c5X0dzQlcxRm5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8yYzNhMzAtNTQ5OC00NDdkLThkMzktMjViNmJkMmUxZTQz
LzEvZ0MtbHVZUWlZWU1nRzNBVmxyQTJpaWZLa1pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuf18AwQB
wSKUMA0GCSqGSIb3DQEBCwUAA4IBAQAjLjxGlrwQyy6rElz4DhD/uF/cZ8+kbkEr
3i0uhEHFF5bt3aJ4zYf/Ks/tZvlJF8/LKVMEq36XOmHZyMyX72viJ/IPWhKeqhRv
+1s/bc9t5vqnwmvfahMUiA2iPeeyiSZu5d7NNxPAoSV2rFz0rT20to/JFYn/K/XB
m/JgByIXhS26CQhM2tGE7Z4y4dwZW7TDK5tTdfTIV/jB9VwjvqtNLh2LyY3IbVOk
2aoJL5jaUBt49+113Pzl9NHHBIo46HwhXoNPtN/vDTAe7NAyg5gcVd9XAgXfVcSO
+s8DYVDPEPa+RnjC8lEPjgA2szt95//a+pIMu6YABWNE43EikZSy
-----END CERTIFICATE-----