Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/af601e-c2bf-4a6a-aa32-d2ee15399d06/1/Bpc0lpa789Lt-u0hpbkd7L8ep2s.roa
File:                     Bpc0lpa789Lt-u0hpbkd7L8ep2s.roa (raw, json)
Hash identifier:          GCDA3BLDxT0IHY6JGFpb9rN58vOZpESDgi/5yB51vp0=
Subject key identifier:   06:97:34:96:96:BB:F3:D2:ED:FA:ED:21:A5:B9:1D:EC:BF:1E:A7:6B
Certificate issuer:       /CN=20d4bd499f58494ac0e82263b5520a2c64d6477e
Certificate serial:       018CC3B696C7001960E6B1FCAC88C1D2DE9E
Authority key identifier: 20:D4:BD:49:9F:58:49:4A:C0:E8:22:63:B5:52:0A:2C:64:D6:47:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/INS9SZ9YSUrA6CJjtVIKLGTWR34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/af601e-c2bf-4a6a-aa32-d2ee15399d06/1/Bpc0lpa789Lt-u0hpbkd7L8ep2s.roa
Signing time:             Mon 01 Jan 2024 06:29:32 +0000
ROA not before:           Mon 01 Jan 2024 06:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        192.109.202.0/24 maxlen: 24
                          192.109.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/af601e-c2bf-4a6a-aa32-d2ee15399d06/1/INS9SZ9YSUrA6CJjtVIKLGTWR34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/af601e-c2bf-4a6a-aa32-d2ee15399d06/1/INS9SZ9YSUrA6CJjtVIKLGTWR34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/INS9SZ9YSUrA6CJjtVIKLGTWR34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:96:c7:00:19:60:e6:b1:fc:ac:88:c1:d2:de:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20d4bd499f58494ac0e82263b5520a2c64d6477e
        Validity
            Not Before: Jan  1 06:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0697349696bbf3d2edfaed21a5b91decbf1ea76b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0a:f3:f7:3a:63:ea:31:c8:d1:25:79:c6:fa:
                    a8:ac:40:a6:1c:1e:a1:f5:0c:90:92:ac:fa:33:d7:
                    a3:8f:f2:21:48:06:36:73:b8:bf:60:e9:5e:19:5a:
                    b3:07:fa:3b:f8:57:e7:6b:d6:34:51:12:04:7d:69:
                    f2:d2:1f:75:f8:19:4c:f6:56:d9:d9:58:80:04:d1:
                    80:d8:e5:83:a3:34:60:d8:2b:ef:f0:a8:6b:f2:1f:
                    0a:b0:8f:30:f5:ba:e6:41:13:d2:e3:e8:34:98:bd:
                    32:2e:1d:5c:a3:96:a1:23:cb:43:6b:d4:c3:d0:f3:
                    c4:49:fd:9e:ec:53:9a:62:52:73:a1:8a:bf:f6:e3:
                    c5:2a:d2:bc:6c:ce:16:eb:c7:93:3b:87:96:aa:a3:
                    df:68:76:cd:f6:29:34:23:5e:73:ee:bf:68:fd:db:
                    cf:25:02:93:f8:aa:a8:1d:43:91:d1:65:de:af:fb:
                    9c:39:73:50:56:9e:e8:9d:60:cb:c0:a3:06:d4:12:
                    7b:dc:31:92:3b:12:35:e9:66:17:6b:83:27:09:80:
                    ce:53:8c:4c:01:7c:bc:36:51:79:08:49:83:25:20:
                    2a:78:96:b0:ab:71:fb:a3:d1:5f:e0:01:e4:e3:53:
                    54:d7:c2:e8:6f:94:bd:4d:b7:ff:ec:d8:6e:c6:d3:
                    2d:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:97:34:96:96:BB:F3:D2:ED:FA:ED:21:A5:B9:1D:EC:BF:1E:A7:6B
            X509v3 Authority Key Identifier:
                keyid:20:D4:BD:49:9F:58:49:4A:C0:E8:22:63:B5:52:0A:2C:64:D6:47:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/INS9SZ9YSUrA6CJjtVIKLGTWR34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/af601e-c2bf-4a6a-aa32-d2ee15399d06/1/Bpc0lpa789Lt-u0hpbkd7L8ep2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/af601e-c2bf-4a6a-aa32-d2ee15399d06/1/INS9SZ9YSUrA6CJjtVIKLGTWR34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.19.0/24
                  192.109.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:bc:6d:58:02:47:63:03:b4:4a:c0:5f:e4:85:ca:4c:26:25:
         a7:51:4e:fe:ae:31:9f:e9:a1:8a:cf:27:0f:26:83:93:63:c8:
         37:97:33:be:1c:5d:49:35:84:10:ad:67:09:86:17:7a:93:52:
         6b:87:66:52:7f:e9:ff:18:c4:95:af:e6:3f:cd:ba:6c:94:be:
         fd:56:e4:e2:29:b7:84:9e:22:cb:ea:43:6c:dd:f4:52:f9:29:
         1b:69:91:cb:3c:c9:86:b8:09:df:c8:1a:e4:08:94:e2:d1:28:
         f9:33:c8:e6:30:fd:ba:b6:1f:9a:9b:59:35:6e:45:bf:d5:f7:
         33:6d:75:bc:bb:98:ec:1a:84:c2:65:4f:ff:3b:82:b8:9f:f7:
         78:6c:c6:5a:cb:84:f1:41:a9:3c:83:ea:93:f1:9b:74:5f:2b:
         28:05:ae:02:39:1f:88:38:f4:5c:78:a4:b2:09:96:38:17:0b:
         a7:66:cb:89:71:35:89:82:5e:ed:24:2f:d6:a5:46:58:79:b0:
         00:f8:93:23:b7:f0:81:a2:4b:a7:bd:1b:8b:8f:27:df:2e:cf:
         d4:f5:c3:02:4c:0a:00:b1:4e:58:e5:71:7f:d0:9f:75:d3:49:
         a4:0e:c5:2e:cf:b5:d6:8a:55:4f:f6:74:85:1a:0b:18:10:1a:
         fa:c2:52:c3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtpbHABlg5rH8rIjB0t6eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZDRiZDQ5OWY1ODQ5NGFjMGU4MjI2M2I1NTIwYTJjNjRk
NjQ3N2UwHhcNMjQwMTAxMDYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjk3MzQ5Njk2YmJmM2QyZWRmYWVkMjFhNWI5MWRlY2JmMWVhNzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQrz9zpj6jHI0SV5xvqorECmHB6h
9QyQkqz6M9ejj/IhSAY2c7i/YOleGVqzB/o7+Ffna9Y0URIEfWny0h91+BlM9lbZ
2ViABNGA2OWDozRg2Cvv8Khr8h8KsI8w9brmQRPS4+g0mL0yLh1co5ahI8tDa9TD
0PPESf2e7FOaYlJzoYq/9uPFKtK8bM4W68eTO4eWqqPfaHbN9ik0I15z7r9o/dvP
JQKT+KqoHUOR0WXer/ucOXNQVp7onWDLwKMG1BJ73DGSOxI16WYXa4MnCYDOU4xM
AXy8NlF5CEmDJSAqeJawq3H7o9Ff4AHk41NU18Lob5S9Tbf/7NhuxtMtMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAaXNJaWu/PS7frtIaW5Hey/HqdrMB8GA1UdIwQY
MBaAFCDUvUmfWElKwOgiY7VSCixk1kd+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU5TOVNaOVlTVXJBNkNKanRWSUtMR1RXUjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9hZjYwMWUtYzJiZi00YTZhLWFhMzIt
ZDJlZTE1Mzk5ZDA2LzEvQnBjMGxwYTc4OUx0LXUwaHBia2Q3TDhlcDJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9hZjYwMWUtYzJiZi00YTZhLWFhMzItZDJlZTE1Mzk5ZDA2
LzEvSU5TOVNaOVlTVXJBNkNKanRWSUtMR1RXUjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwG0TAwQA
wG3KMA0GCSqGSIb3DQEBCwUAA4IBAQAFvG1YAkdjA7RKwF/khcpMJiWnUU7+rjGf
6aGKzycPJoOTY8g3lzO+HF1JNYQQrWcJhhd6k1Jrh2ZSf+n/GMSVr+Y/zbpslL79
VuTiKbeEniLL6kNs3fRS+SkbaZHLPMmGuAnfyBrkCJTi0Sj5M8jmMP26th+am1k1
bkW/1fczbXW8u5jsGoTCZU//O4K4n/d4bMZay4TxQak8g+qT8Zt0XysoBa4COR+I
OPRceKSyCZY4FwunZsuJcTWJgl7tJC/WpUZYebAA+JMjt/CBokunvRuLjyffLs/U
9cMCTAoAsU5Y5XF/0J9100mkDsUuz7XWilVP9nSFGgsYEBr6wlLD
-----END CERTIFICATE-----