Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/BGFq6mXItjlOiyBcvGQWJ0-fX_c.roa
File:                     BGFq6mXItjlOiyBcvGQWJ0-fX_c.roa (raw, json)
Hash identifier:          nXAgFUb/2Gi0iPn9N30HSosczOix9Ur9UFsd2wCEwfo=
Subject key identifier:   04:61:6A:EA:65:C8:B6:39:4E:8B:20:5C:BC:64:16:27:4F:9F:5F:F7
Certificate issuer:       /CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
Certificate serial:       018CC8DEEAC97B8E07DFFEA51C1D3E01157D
Authority key identifier: 6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/BGFq6mXItjlOiyBcvGQWJ0-fX_c.roa
Signing time:             Tue 02 Jan 2024 06:31:41 +0000
ROA not before:           Tue 02 Jan 2024 06:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50043
IP address blocks:        193.228.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ea:c9:7b:8e:07:df:fe:a5:1c:1d:3e:01:15:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
        Validity
            Not Before: Jan  2 06:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04616aea65c8b6394e8b205cbc6416274f9f5ff7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:d3:a7:dd:ba:cc:75:c0:73:f6:c5:a4:98:fe:
                    2e:ab:fe:fb:45:25:96:a7:0d:d2:c3:bc:7b:33:60:
                    dd:6c:d9:d6:e7:75:6e:42:88:ee:de:b3:7f:43:e0:
                    b3:11:68:8c:23:f7:f5:20:86:6d:9d:3e:9e:c3:e5:
                    3f:78:39:7f:f5:32:03:67:13:e8:3e:ff:de:ac:48:
                    78:96:97:b7:69:bd:5d:0b:9b:6c:05:94:cd:3b:e7:
                    25:bb:cb:45:f2:3e:63:ba:d3:45:f8:ef:bb:2d:9a:
                    8e:3f:09:76:3b:a1:a5:92:70:b4:12:61:ff:22:09:
                    d8:d2:08:7f:8c:c9:35:15:f7:0a:f9:a6:78:b3:ed:
                    1f:d1:9b:66:ec:db:a8:62:68:97:56:d4:48:a0:4c:
                    34:83:e2:04:90:33:66:fc:fa:cb:4b:87:25:b1:5f:
                    d8:32:ad:f8:68:b6:83:39:1a:36:9e:bf:0d:9e:3b:
                    ae:de:02:75:cb:ee:bc:57:bd:5a:be:74:55:2a:fb:
                    76:4f:df:f4:38:b7:cd:c0:61:97:d2:c2:03:40:e1:
                    1c:c9:f5:19:75:3e:35:65:ee:f8:96:62:b0:b8:fc:
                    ac:f4:ab:50:89:1b:1c:6b:73:e3:5a:66:b7:41:c3:
                    b5:9e:a7:af:2c:c3:af:07:ee:2c:93:e2:15:4b:1f:
                    1c:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:61:6A:EA:65:C8:B6:39:4E:8B:20:5C:BC:64:16:27:4F:9F:5F:F7
            X509v3 Authority Key Identifier:
                keyid:6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/BGFq6mXItjlOiyBcvGQWJ0-fX_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.228.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:f3:4d:c6:a1:fa:84:c3:3a:ca:d4:ba:65:4d:54:24:d2:71:
         92:20:9c:f9:d6:58:19:af:bb:8f:c6:15:7c:8d:6d:d4:39:62:
         25:22:35:c8:6e:29:35:63:98:05:15:2a:35:f0:c3:65:4c:0e:
         3c:7f:0e:66:ed:a4:7f:1d:7e:59:81:eb:dd:18:e5:ea:e8:3a:
         f3:62:75:87:2d:aa:9c:4b:50:9d:b8:2e:c7:3a:66:8e:32:46:
         1e:65:20:6c:e2:99:d2:40:40:b1:ff:df:29:50:0e:62:4d:4f:
         16:81:3e:ef:a8:ee:07:48:62:84:af:76:bc:be:09:7d:19:c3:
         9a:5a:e1:ac:99:cc:81:d8:32:f6:0c:fb:20:f9:50:08:ea:ed:
         53:d0:90:f9:ec:0c:51:8e:91:d7:97:83:54:a3:e1:77:6d:2f:
         d1:ad:39:d1:48:46:e7:c4:b7:41:c2:56:21:9e:1c:d5:26:d8:
         dd:ac:f4:a9:52:c9:1d:84:49:1a:8b:1f:14:e5:8d:54:47:63:
         24:ad:6f:98:30:c6:ed:69:b0:45:16:3b:2b:9e:5c:2c:fd:6f:
         41:99:8c:c1:b8:b5:a5:33:b5:e3:14:8b:35:46:33:76:80:59:
         95:36:61:2e:cd:12:d5:10:a1:2b:ad:e6:1d:aa:70:89:4b:60:
         ee:b0:75:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3urJe44H3/6lHB0+ARV9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZTk3Y2Y0ZDhkMGJjMTdiM2FmMWQ2MmM0ZDcxNDg4NjYx
YmQyMTIwHhcNMjQwMTAyMDYzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDYxNmFlYTY1YzhiNjM5NGU4YjIwNWNiYzY0MTYyNzRmOWY1ZmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2NOn3brMdcBz9sWkmP4uq/77RSWW
pw3Sw7x7M2DdbNnW53VuQoju3rN/Q+CzEWiMI/f1IIZtnT6ew+U/eDl/9TIDZxPo
Pv/erEh4lpe3ab1dC5tsBZTNO+clu8tF8j5jutNF+O+7LZqOPwl2O6GlknC0EmH/
IgnY0gh/jMk1FfcK+aZ4s+0f0Ztm7NuoYmiXVtRIoEw0g+IEkDNm/PrLS4clsV/Y
Mq34aLaDORo2nr8Nnjuu3gJ1y+68V71avnRVKvt2T9/0OLfNwGGX0sIDQOEcyfUZ
dT41Ze74lmKwuPys9KtQiRsca3PjWma3QcO1nqevLMOvB+4sk+IVSx8cTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFARhauplyLY5TosgXLxkFidPn1/3MB8GA1UdIwQY
MBaAFGzpfPTY0LwXs68dYsTXFIhmG9ISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMt
Mzk5M2FhMzI0ZTFmLzEvQkdGcTZtWEl0amxPaXlCY3ZHUVdKMC1mWF9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMtMzk5M2FhMzI0ZTFm
LzEvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweR9MA0G
CSqGSIb3DQEBCwUAA4IBAQAf803GofqEwzrK1LplTVQk0nGSIJz51lgZr7uPxhV8
jW3UOWIlIjXIbik1Y5gFFSo18MNlTA48fw5m7aR/HX5ZgevdGOXq6DrzYnWHLaqc
S1CduC7HOmaOMkYeZSBs4pnSQECx/98pUA5iTU8WgT7vqO4HSGKEr3a8vgl9GcOa
WuGsmcyB2DL2DPsg+VAI6u1T0JD57AxRjpHXl4NUo+F3bS/RrTnRSEbnxLdBwlYh
nhzVJtjdrPSpUskdhEkaix8U5Y1UR2MkrW+YMMbtabBFFjsrnlws/W9BmYzBuLWl
M7XjFIs1RjN2gFmVNmEuzRLVEKErreYdqnCJS2DusHXC
-----END CERTIFICATE-----