Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/BmdjaS1vNDjNh4B-1vZW2TqI1s0.roa
File:                     BmdjaS1vNDjNh4B-1vZW2TqI1s0.roa (raw, json)
Hash identifier:          vayW4tRByKqm24S2h0GGsg37A5tclZ3fyFJ5m4wiogo=
Subject key identifier:   06:67:63:69:2D:6F:34:38:CD:87:80:7E:D6:F6:56:D9:3A:88:D6:CD
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       018EAD80F818EA6F76F80191B6921D610598
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/BmdjaS1vNDjNh4B-1vZW2TqI1s0.roa
Signing time:             Fri 05 Apr 2024 09:04:54 +0000
ROA not before:           Fri 05 Apr 2024 09:04:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52035
IP address blocks:        158.41.24.0/21 maxlen: 24
                          2a0e:ce40::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ad:80:f8:18:ea:6f:76:f8:01:91:b6:92:1d:61:05:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Apr  5 09:04:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=066763692d6f3438cd87807ed6f656d93a88d6cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:85:8e:67:34:19:a2:27:1e:31:d1:25:ee:ed:
                    0a:82:20:78:ff:70:2f:17:03:18:e0:bd:c4:c3:df:
                    7f:b0:b6:89:7d:da:0d:0e:c7:ee:73:80:27:3a:c8:
                    81:b1:49:19:06:e5:5a:73:ba:58:87:e5:51:fd:7b:
                    ce:47:0c:29:47:b4:95:9c:d9:d5:99:c0:fc:d3:5e:
                    84:48:89:38:b1:ae:36:b7:6e:86:a6:ce:b7:84:a1:
                    f5:76:2b:eb:c9:37:92:e2:ee:03:06:8b:7f:0c:38:
                    a6:f7:dd:a5:a9:02:78:fc:59:62:37:49:32:05:74:
                    47:02:e9:3b:9c:03:66:09:84:73:65:ce:11:da:2f:
                    b7:cb:4d:ff:d2:23:e6:5e:92:d3:63:3e:ca:ac:0b:
                    b0:a7:74:06:97:c5:db:26:77:4a:07:3d:40:99:ad:
                    5c:d3:94:f6:c7:cd:75:da:67:f7:43:5c:17:9a:b7:
                    ae:9f:31:71:7a:fd:7d:d7:f3:9e:cb:d4:0c:db:86:
                    8e:db:4c:92:d4:86:82:51:a0:72:45:c6:3c:67:c4:
                    75:ae:09:35:c5:6d:aa:5d:45:41:e6:0b:b3:b6:56:
                    38:6d:f6:21:9e:16:f8:7b:12:75:a5:7e:01:29:96:
                    f7:80:93:d3:a7:3d:fa:8d:41:d6:f6:91:ae:8b:89:
                    d0:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:67:63:69:2D:6F:34:38:CD:87:80:7E:D6:F6:56:D9:3A:88:D6:CD
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/BmdjaS1vNDjNh4B-1vZW2TqI1s0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.41.24.0/21
                IPv6:
                  2a0e:ce40::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:0c:79:dc:68:a4:6f:2c:1b:38:cb:db:01:0f:f2:b9:e3:bf:
         71:a4:63:92:af:5d:89:5c:21:da:56:db:fb:d3:7a:74:79:b7:
         a5:8c:fc:61:61:3a:c9:42:24:2e:bb:c2:71:7d:22:48:b0:67:
         66:4c:8d:b2:50:49:0f:a7:ad:2c:a5:d7:1f:d5:ff:9b:e5:ab:
         40:55:f9:d6:78:0f:79:d4:b7:ff:d2:de:10:1a:04:df:b9:44:
         bb:1f:ae:a5:bd:db:af:c2:2d:2d:45:ce:c3:02:dd:c7:67:1f:
         39:da:ae:15:cf:a0:08:a7:bc:a5:bf:96:c1:2b:08:b4:e7:52:
         f8:70:05:04:7f:1f:1c:98:61:f9:2b:26:3c:89:a7:61:17:33:
         8f:1a:a7:e2:2f:b9:2e:e2:c9:70:b7:ab:aa:02:39:b4:8d:d2:
         2d:62:87:41:9b:9b:1c:89:b1:c8:5b:1b:66:4e:93:a4:ef:45:
         c5:d9:81:8c:f7:7f:2f:bc:44:24:78:4f:8f:bc:50:a9:7a:db:
         be:b2:c1:4b:f9:55:f9:9b:28:b6:8b:25:78:a9:e2:fd:09:f0:
         46:5a:20:14:a4:3d:82:ea:94:c5:86:de:62:fb:93:d4:2f:20:
         88:7c:7f:e1:21:31:c4:6b:c2:6f:ea:79:0d:13:e6:87:bc:62:
         ff:14:3b:88
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY6tgPgY6m92+AGRtpIdYQWYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjQwNDA1MDkwNDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjY3NjM2OTJkNmYzNDM4Y2Q4NzgwN2VkNmY2NTZkOTNhODhkNmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYWOZzQZoiceMdEl7u0KgiB4/3Av
FwMY4L3Ew99/sLaJfdoNDsfuc4AnOsiBsUkZBuVac7pYh+VR/XvORwwpR7SVnNnV
mcD8016ESIk4sa42t26Gps63hKH1divryTeS4u4DBot/DDim992lqQJ4/FliN0ky
BXRHAuk7nANmCYRzZc4R2i+3y03/0iPmXpLTYz7KrAuwp3QGl8XbJndKBz1Ama1c
05T2x8112mf3Q1wXmreunzFxev191/Oey9QM24aO20yS1IaCUaByRcY8Z8R1rgk1
xW2qXUVB5guztlY4bfYhnhb4exJ1pX4BKZb3gJPTpz36jUHW9pGui4nQ6wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAZnY2ktbzQ4zYeAftb2Vtk6iNbNMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvQm1kamFTMXZORGpOaDRCLTF2WlcyVHFJMXMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDnikYMA0E
AgACMAcDBQMqDs5AMA0GCSqGSIb3DQEBCwUAA4IBAQAiDHncaKRvLBs4y9sBD/K5
479xpGOSr12JXCHaVtv703p0ebeljPxhYTrJQiQuu8JxfSJIsGdmTI2yUEkPp60s
pdcf1f+b5atAVfnWeA951Lf/0t4QGgTfuUS7H66lvduvwi0tRc7DAt3HZx852q4V
z6AIp7ylv5bBKwi051L4cAUEfx8cmGH5KyY8iadhFzOPGqfiL7ku4slwt6uqAjm0
jdItYodBm5scibHIWxtmTpOk70XF2YGM938vvEQkeE+PvFCpetu+ssFL+VX5myi2
iyV4qeL9CfBGWiAUpD2C6pTFht5i+5PULyCIfH/hITHEa8Jv6nkNE+aHvGL/FDuI
-----END CERTIFICATE-----