Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/BWN4e3q4q8NhdvTvfGU2HIrqPy0.roa
File:                     BWN4e3q4q8NhdvTvfGU2HIrqPy0.roa (raw, json)
Hash identifier:          k8+fuSXCMZL5qcMBOqXsz/EdOWoyeEoxPTU9c090eUM=
Subject key identifier:   05:63:78:7B:7A:B8:AB:C3:61:76:F4:EF:7C:65:36:1C:8A:EA:3F:2D
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D30D83FAEC3181249621C72654A6E
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/BWN4e3q4q8NhdvTvfGU2HIrqPy0.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205591
IP address blocks:        2a0e:aa01:bad0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:30:d8:3f:ae:c3:18:12:49:62:1c:72:65:4a:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0563787b7ab8abc36176f4ef7c65361c8aea3f2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ef:92:5e:cf:ab:36:d4:fc:61:74:96:d4:90:
                    b7:1f:95:3d:46:45:16:04:01:17:bc:fa:6b:54:18:
                    3f:2c:3c:8d:01:00:a1:a5:24:3e:61:9f:ab:d1:40:
                    db:db:d3:f5:1d:da:d7:e0:82:9c:d6:2a:e8:fb:b1:
                    dd:c7:1a:33:fb:fd:dc:c7:c2:b4:c6:ac:b0:8d:a7:
                    f2:cc:4f:88:fb:60:10:0f:d2:68:d9:21:81:55:34:
                    a0:20:d0:19:6d:79:16:d8:27:6a:2a:9a:c6:00:9f:
                    51:22:a4:96:a7:ff:e9:9e:98:ec:24:0f:6a:37:4b:
                    c1:af:6e:54:90:15:28:4a:ee:5b:40:17:26:3b:fc:
                    68:75:b4:5c:68:4c:00:dc:c6:00:93:a7:89:e5:af:
                    23:19:d1:0d:e3:3d:16:52:b3:dd:4c:8b:b2:21:69:
                    96:92:34:99:f9:59:f2:59:d6:86:a0:17:fa:0d:b8:
                    b3:06:9f:a4:19:f2:7c:01:c4:85:c7:06:ef:28:70:
                    40:40:38:26:0c:48:4c:a0:01:1c:5a:69:9d:a9:5a:
                    ac:78:ea:76:cb:6a:7e:ce:aa:39:1e:6f:1f:10:25:
                    27:a7:61:72:e3:34:6a:26:0d:9c:1a:26:bb:75:2a:
                    e6:b4:36:81:71:88:ca:30:ba:8b:2e:58:b2:71:6d:
                    4a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:63:78:7B:7A:B8:AB:C3:61:76:F4:EF:7C:65:36:1C:8A:EA:3F:2D
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/BWN4e3q4q8NhdvTvfGU2HIrqPy0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa01:bad0::/44

    Signature Algorithm: sha256WithRSAEncryption
         26:f7:a2:ae:e3:04:29:bf:87:2a:31:e6:99:0f:02:66:35:29:
         d0:fd:8d:cd:31:cd:1d:6f:cb:c9:4c:fe:6f:4a:2e:38:db:e2:
         47:c1:20:77:45:9d:3f:78:80:5b:a3:1f:18:92:51:2b:95:99:
         89:4e:b0:10:d1:d0:e9:8b:d0:9e:84:5c:e9:70:6f:31:5a:f2:
         12:e4:c7:9a:bb:ea:52:b7:70:c1:fc:eb:f2:84:54:98:2a:e0:
         5f:61:ee:59:45:77:2f:e7:9f:45:53:c1:a3:52:65:19:af:0b:
         3b:a3:b1:2e:a0:25:dd:88:25:ee:a6:da:81:29:72:05:b7:03:
         62:22:a0:c6:a6:a4:ed:94:73:04:12:78:a5:1a:74:7c:83:3d:
         fc:4b:66:7a:9e:75:58:d7:c2:2b:03:f7:4a:83:a6:33:8f:d1:
         80:59:e7:ef:23:ee:73:3e:a3:bf:16:37:5d:c4:1c:fe:75:9b:
         a7:9b:71:58:f9:73:41:45:cb:0e:c8:46:39:4a:2d:c4:c9:80:
         fb:52:05:1a:5d:d8:5e:05:05:19:0b:94:be:99:ab:c9:65:8f:
         ac:a5:a6:c2:0e:95:22:d2:d0:6c:74:e1:92:82:42:ef:64:48:
         bc:df:af:8a:1d:de:78:6d:17:6d:f5:29:1a:1b:5b:b5:32:3f:
         6f:f5:7f:31
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbTDYP67DGBJJYhxyZUpuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTYzNzg3YjdhYjhhYmMzNjE3NmY0ZWY3YzY1MzYxYzhhZWEzZjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgu+SXs+rNtT8YXSW1JC3H5U9RkUW
BAEXvPprVBg/LDyNAQChpSQ+YZ+r0UDb29P1HdrX4IKc1iro+7Hdxxoz+/3cx8K0
xqywjafyzE+I+2AQD9Jo2SGBVTSgINAZbXkW2CdqKprGAJ9RIqSWp//pnpjsJA9q
N0vBr25UkBUoSu5bQBcmO/xodbRcaEwA3MYAk6eJ5a8jGdEN4z0WUrPdTIuyIWmW
kjSZ+VnyWdaGoBf6DbizBp+kGfJ8AcSFxwbvKHBAQDgmDEhMoAEcWmmdqVqseOp2
y2p+zqo5Hm8fECUnp2Fy4zRqJg2cGia7dSrmtDaBcYjKMLqLLliycW1KrQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAVjeHt6uKvDYXb073xlNhyK6j8tMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvQldONGUzcTRxOE5oZHZUdmZHVTJISXJxUHkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qAbrQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAm96Ku4wQpv4cqMeaZDwJmNSnQ/Y3NMc0db8vJ
TP5vSi442+JHwSB3RZ0/eIBbox8YklErlZmJTrAQ0dDpi9CehFzpcG8xWvIS5Mea
u+pSt3DB/OvyhFSYKuBfYe5ZRXcv559FU8GjUmUZrws7o7EuoCXdiCXuptqBKXIF
twNiIqDGpqTtlHMEEnilGnR8gz38S2Z6nnVY18IrA/dKg6Yzj9GAWefvI+5zPqO/
FjddxBz+dZunm3FY+XNBRcsOyEY5Si3EyYD7UgUaXdheBQUZC5S+mavJZY+spabC
DpUi0tBsdOGSgkLvZEi836+KHd54bRdt9SkaG1u1Mj9v9X8x
-----END CERTIFICATE-----