Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/bfCBQM8FPiLI6wlyNXINBw3pN4o.roa
File:                     bfCBQM8FPiLI6wlyNXINBw3pN4o.roa (raw, json)
Hash identifier:          FWxPU5a7tp5e98KSRX4XzdbNx2BEUQ1mekQ4x9eXz58=
Subject key identifier:   6D:F0:81:40:CF:05:3E:22:C8:EB:09:72:35:72:0D:07:0D:E9:37:8A
Certificate issuer:       /CN=321ec194107843848cd36330232b5f6a43791db4
Certificate serial:       018CC42514131D53CFA946EE45B58BFB8D3E
Authority key identifier: 32:1E:C1:94:10:78:43:84:8C:D3:63:30:23:2B:5F:6A:43:79:1D:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mh7BlBB4Q4SM02MwIytfakN5HbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/bfCBQM8FPiLI6wlyNXINBw3pN4o.roa
Signing time:             Mon 01 Jan 2024 08:30:13 +0000
ROA not before:           Mon 01 Jan 2024 08:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        155.231.110.0/24 maxlen: 24
                          155.231.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/Mh7BlBB4Q4SM02MwIytfakN5HbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/Mh7BlBB4Q4SM02MwIytfakN5HbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mh7BlBB4Q4SM02MwIytfakN5HbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 13:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:14:13:1d:53:cf:a9:46:ee:45:b5:8b:fb:8d:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=321ec194107843848cd36330232b5f6a43791db4
        Validity
            Not Before: Jan  1 08:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6df08140cf053e22c8eb097235720d070de9378a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:5f:91:c4:e9:c6:d4:8e:d8:b2:9b:b6:77:20:
                    51:bf:11:49:1e:da:9e:bb:2a:fb:f7:4d:04:69:c3:
                    45:67:de:87:8c:b4:ba:f8:e6:14:91:30:f9:c0:91:
                    58:c3:2a:66:83:a8:87:3f:a7:bf:97:a6:f2:73:4b:
                    a6:34:ef:97:2c:4b:5e:04:fd:ce:49:14:ba:a9:1d:
                    a1:c3:cf:1d:f9:1a:b8:71:44:e0:ff:af:44:f1:66:
                    7c:5c:eb:61:6e:a4:44:5f:40:3b:68:21:33:a4:d8:
                    bb:3d:d5:6d:ee:08:87:0c:96:6c:83:97:f0:0d:f6:
                    4f:4a:0b:95:e8:26:88:3d:8d:82:b7:9d:d5:ad:05:
                    3b:08:d2:ba:54:a6:73:76:00:86:32:6f:3b:4f:fd:
                    49:93:7a:b3:b8:58:12:67:0b:68:0d:5b:fa:f2:da:
                    f7:0a:01:b5:08:1b:61:e9:fc:c1:29:54:41:3b:f6:
                    7a:54:b8:10:3f:c0:20:fc:7e:0b:c4:10:49:63:01:
                    1e:2e:6b:ee:54:bd:8a:8b:a6:e0:d8:4d:f2:e6:21:
                    cf:95:87:45:e6:b1:db:42:f2:40:a1:fd:c9:bf:23:
                    be:6d:36:f0:17:52:51:b7:6e:be:74:a1:07:cd:8a:
                    7a:7c:f7:33:dc:38:68:40:2d:6b:7a:f6:c6:89:64:
                    27:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:F0:81:40:CF:05:3E:22:C8:EB:09:72:35:72:0D:07:0D:E9:37:8A
            X509v3 Authority Key Identifier:
                keyid:32:1E:C1:94:10:78:43:84:8C:D3:63:30:23:2B:5F:6A:43:79:1D:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mh7BlBB4Q4SM02MwIytfakN5HbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/bfCBQM8FPiLI6wlyNXINBw3pN4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/f1458f-bdc3-4e4b-9f68-3a611c093a2c/1/Mh7BlBB4Q4SM02MwIytfakN5HbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.231.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8c:b6:6f:b4:3d:49:12:5c:be:e7:69:a7:06:f1:e8:fc:39:a8:
         fa:09:9e:82:86:33:84:28:ea:6f:af:f4:76:5c:ab:da:2d:27:
         e8:1a:c0:53:98:83:98:53:29:f3:bb:a8:5b:b5:7e:b7:de:68:
         0b:4d:4e:a7:ae:84:4e:d8:dd:6e:9a:5f:89:b2:88:4d:8e:68:
         1f:97:d6:0f:a7:b7:4f:45:6d:b0:c1:f4:d2:a6:16:62:0f:07:
         d4:98:70:b1:a6:37:ad:86:75:63:0f:a9:82:38:87:63:02:69:
         a1:15:a2:b7:6f:cc:80:d9:2e:c6:d4:6f:a5:72:96:7f:34:6c:
         f0:df:db:08:fa:82:c9:7e:dd:95:9a:54:51:ad:91:e9:7d:ef:
         d3:79:3b:47:3c:2a:6c:dd:05:34:4d:d7:e2:7f:85:d5:f9:22:
         ab:19:55:97:23:93:1a:b4:b1:26:64:0f:53:1d:a2:08:68:dd:
         63:c7:cd:a0:11:65:95:0e:13:9f:57:87:c6:61:fb:3e:61:3f:
         e8:77:d7:3a:46:4c:71:0f:95:8e:89:50:80:b9:d0:ea:a5:20:
         ea:b6:ec:eb:04:58:fc:3b:8e:0e:76:15:05:43:d6:91:c8:38:
         74:9b:39:c2:c2:43:b8:44:65:63:9f:48:e2:96:cc:f5:b4:c9:
         f6:14:1d:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJRQTHVPPqUbuRbWL+40+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMWVjMTk0MTA3ODQzODQ4Y2QzNjMzMDIzMmI1ZjZhNDM3
OTFkYjQwHhcNMjQwMTAxMDgzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGYwODE0MGNmMDUzZTIyYzhlYjA5NzIzNTcyMGQwNzBkZTkzNzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1+RxOnG1I7Yspu2dyBRvxFJHtqe
uyr7900EacNFZ96HjLS6+OYUkTD5wJFYwypmg6iHP6e/l6byc0umNO+XLEteBP3O
SRS6qR2hw88d+Rq4cUTg/69E8WZ8XOthbqREX0A7aCEzpNi7PdVt7giHDJZsg5fw
DfZPSguV6CaIPY2Ct53VrQU7CNK6VKZzdgCGMm87T/1Jk3qzuFgSZwtoDVv68tr3
CgG1CBth6fzBKVRBO/Z6VLgQP8Ag/H4LxBBJYwEeLmvuVL2Ki6bg2E3y5iHPlYdF
5rHbQvJAof3JvyO+bTbwF1JRt26+dKEHzYp6fPcz3DhoQC1revbGiWQnNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG3wgUDPBT4iyOsJcjVyDQcN6TeKMB8GA1UdIwQY
MBaAFDIewZQQeEOEjNNjMCMrX2pDeR20MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWg3QmxCQjRRNFNNMDJNd0l5dGZha041SGJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9mMTQ1OGYtYmRjMy00ZTRiLTlmNjgt
M2E2MTFjMDkzYTJjLzEvYmZDQlFNOEZQaUxJNndseU5YSU5CdzNwTjRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9mMTQ1OGYtYmRjMy00ZTRiLTlmNjgtM2E2MTFjMDkzYTJj
LzEvTWg3QmxCQjRRNFNNMDJNd0l5dGZha041SGJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBm+duMA0G
CSqGSIb3DQEBCwUAA4IBAQCMtm+0PUkSXL7naacG8ej8Oaj6CZ6ChjOEKOpvr/R2
XKvaLSfoGsBTmIOYUynzu6hbtX633mgLTU6nroRO2N1uml+JsohNjmgfl9YPp7dP
RW2wwfTSphZiDwfUmHCxpjethnVjD6mCOIdjAmmhFaK3b8yA2S7G1G+lcpZ/NGzw
39sI+oLJft2VmlRRrZHpfe/TeTtHPCps3QU0Tdfif4XV+SKrGVWXI5MatLEmZA9T
HaIIaN1jx82gEWWVDhOfV4fGYfs+YT/od9c6RkxxD5WOiVCAudDqpSDqtuzrBFj8
O44OdhUFQ9aRyDh0mznCwkO4RGVjn0jilsz1tMn2FB0B
-----END CERTIFICATE-----