Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/Bt-AqMlv5AGS23NSAHAOENpSz_w.roa
File:                     Bt-AqMlv5AGS23NSAHAOENpSz_w.roa (raw, json)
Hash identifier:          Om38jAdn/FiagKwN0JD11FdBcj5g/guHfAWt957SB1c=
Subject key identifier:   06:DF:80:A8:C9:6F:E4:01:92:DB:73:52:00:70:0E:10:DA:52:CF:FC
Certificate issuer:       /CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Certificate serial:       019425FDD7B8A27963662F67DA3F113678E5
Authority key identifier: D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/Bt-AqMlv5AGS23NSAHAOENpSz_w.roa
Signing time:             Thu 02 Jan 2025 07:49:39 +0000
ROA not before:           Thu 02 Jan 2025 07:49:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19750
IP address blocks:        152.53.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:d7:b8:a2:79:63:66:2f:67:da:3f:11:36:78:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
        Validity
            Not Before: Jan  2 07:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06df80a8c96fe40192db735200700e10da52cffc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ad:f2:93:7c:63:62:15:82:d9:28:ae:51:86:
                    fb:ef:9a:68:28:99:04:79:7c:8f:18:7a:1e:5a:4d:
                    6c:72:44:87:85:a8:ee:e9:f6:54:51:ec:0e:db:b3:
                    7f:72:66:86:c3:39:7e:e1:57:dd:57:b8:e2:ce:7f:
                    f8:11:41:41:c4:2c:11:e1:4f:84:4b:50:2c:85:6b:
                    4d:b0:3c:8e:1b:cd:23:04:36:99:42:d1:ea:50:48:
                    42:60:67:27:19:fe:b4:5b:6a:37:e3:d1:2b:12:bf:
                    9b:b3:9f:4e:97:f3:c6:11:15:6d:b6:2c:98:09:de:
                    4a:b3:3f:5e:1b:4e:3b:de:75:ee:69:6e:c1:8e:54:
                    63:e1:8a:3d:66:92:e9:8c:e0:59:aa:0f:d8:19:4c:
                    ef:57:e2:09:8e:ad:68:ec:47:ab:6c:6f:22:f9:46:
                    69:68:0f:ba:e0:52:7a:bc:d2:83:ed:ba:8b:f0:b5:
                    ef:05:9e:fe:dc:db:6f:f8:29:77:e2:62:56:4a:d2:
                    31:28:c4:d3:e7:5f:2f:0d:fa:60:0c:4f:37:ec:fd:
                    dc:8f:7a:d1:01:14:bd:df:39:af:e8:60:10:40:93:
                    8a:7c:3d:d4:8d:c8:f4:59:6f:c8:b5:19:00:63:54:
                    09:57:df:cc:48:d7:9f:38:6b:cb:1d:3b:99:37:4f:
                    3d:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:DF:80:A8:C9:6F:E4:01:92:DB:73:52:00:70:0E:10:DA:52:CF:FC
            X509v3 Authority Key Identifier:
                keyid:D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/Bt-AqMlv5AGS23NSAHAOENpSz_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.53.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:6a:95:67:18:d3:59:c6:dd:f1:33:f3:c2:71:0b:f1:85:af:
         13:de:24:e0:fc:8f:00:da:7f:c9:f7:2a:64:b0:e0:a7:d3:ba:
         5d:fa:14:5a:8d:9e:8f:b3:1c:8f:fb:05:8c:b4:e8:b1:22:80:
         83:3d:b1:87:cd:27:e5:10:10:40:34:78:f7:b0:ba:2c:3a:5a:
         d8:a6:36:ba:d1:9f:aa:b7:c6:94:cc:13:b4:41:96:31:a2:70:
         38:4e:a6:66:76:a0:0d:30:83:43:26:fe:f3:98:36:36:83:6f:
         01:d3:c5:40:67:38:55:db:9a:d1:2d:e0:be:01:11:cf:e1:c7:
         42:5b:a6:48:9c:bf:7a:e2:2c:4d:bc:d9:db:38:4e:05:db:e2:
         39:c1:d2:df:81:ee:1b:6d:6f:8a:d1:2d:4c:ce:89:ac:8f:99:
         03:30:e0:50:bf:72:c7:cb:80:bb:4a:a6:c4:51:6a:35:b4:05:
         f2:1d:19:fa:85:dd:ac:4c:0f:72:c0:a8:c6:cd:6e:06:32:c3:
         82:07:6c:ae:5b:23:4b:27:e4:30:c4:06:cc:f0:33:a9:09:1e:
         8e:f7:6c:a4:0a:9e:19:15:35:df:34:d0:44:64:34:35:93:a9:
         05:c4:41:49:3c:83:05:cb:5d:e8:03:b5:47:d6:5a:d2:08:eb:
         4a:6e:b7:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/de4onljZi9n2j8RNnjlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMGIzN2I2ZjRiNDQ1NjQ1ZTY5OTNhOWM1ZWM2MDg0OTI0
MjVmMGUwHhcNMjUwMTAyMDc0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmRmODBhOGM5NmZlNDAxOTJkYjczNTIwMDcwMGUxMGRhNTJjZmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvK3yk3xjYhWC2SiuUYb775poKJkE
eXyPGHoeWk1sckSHhaju6fZUUewO27N/cmaGwzl+4VfdV7jizn/4EUFBxCwR4U+E
S1AshWtNsDyOG80jBDaZQtHqUEhCYGcnGf60W2o349ErEr+bs59Ol/PGERVttiyY
Cd5Ksz9eG0473nXuaW7BjlRj4Yo9ZpLpjOBZqg/YGUzvV+IJjq1o7EerbG8i+UZp
aA+64FJ6vNKD7bqL8LXvBZ7+3Ntv+Cl34mJWStIxKMTT518vDfpgDE837P3cj3rR
ARS93zmv6GAQQJOKfD3Ujcj0WW/ItRkAY1QJV9/MSNefOGvLHTuZN0892QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAbfgKjJb+QBkttzUgBwDhDaUs/8MB8GA1UdIwQY
MBaAFNALN7b0tEVkXmmTqcXsYISSQl8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEt
N2RiNjg2OGQ4NDc0LzEvQnQtQXFNbHY1QUdTMjNOU0FIQU9FTnBTel93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEtN2RiNjg2OGQ4NDc0
LzEvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmDVEMA0G
CSqGSIb3DQEBCwUAA4IBAQBxapVnGNNZxt3xM/PCcQvxha8T3iTg/I8A2n/J9ypk
sOCn07pd+hRajZ6PsxyP+wWMtOixIoCDPbGHzSflEBBANHj3sLosOlrYpja60Z+q
t8aUzBO0QZYxonA4TqZmdqANMINDJv7zmDY2g28B08VAZzhV25rRLeC+ARHP4cdC
W6ZInL964ixNvNnbOE4F2+I5wdLfge4bbW+K0S1Mzomsj5kDMOBQv3LHy4C7SqbE
UWo1tAXyHRn6hd2sTA9ywKjGzW4GMsOCB2yuWyNLJ+QwxAbM8DOpCR6O92ykCp4Z
FTXfNNBEZDQ1k6kFxEFJPIMFy13oA7VH1lrSCOtKbrfs
-----END CERTIFICATE-----