Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/d2f992-3a17-4975-9c2c-9ca8ea90e617/1/BFvI0ANym3QoN7I-RQKbMIt6gig.roa
File:                     BFvI0ANym3QoN7I-RQKbMIt6gig.roa (raw, json)
Hash identifier:          GrlnaBdw7dBvLMUTrNOXUqsN/qRKJzGUYDALeRJwyFA=
Subject key identifier:   04:5B:C8:D0:03:72:9B:74:28:37:B2:3E:45:02:9B:30:8B:7A:82:28
Certificate issuer:       /CN=5d99e8d5713a5e6382c0d1389d6242816f9d6fb9
Certificate serial:       018CCA96F7756C011C1EE43F1E179E3B5C82
Authority key identifier: 5D:99:E8:D5:71:3A:5E:63:82:C0:D1:38:9D:62:42:81:6F:9D:6F:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XZno1XE6XmOCwNE4nWJCgW-db7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/d2f992-3a17-4975-9c2c-9ca8ea90e617/1/BFvI0ANym3QoN7I-RQKbMIt6gig.roa
Signing time:             Tue 02 Jan 2024 14:32:20 +0000
ROA not before:           Tue 02 Jan 2024 14:32:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208034
IP address blocks:        185.194.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/d2f992-3a17-4975-9c2c-9ca8ea90e617/1/XZno1XE6XmOCwNE4nWJCgW-db7k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/d2f992-3a17-4975-9c2c-9ca8ea90e617/1/XZno1XE6XmOCwNE4nWJCgW-db7k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XZno1XE6XmOCwNE4nWJCgW-db7k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:96:f7:75:6c:01:1c:1e:e4:3f:1e:17:9e:3b:5c:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d99e8d5713a5e6382c0d1389d6242816f9d6fb9
        Validity
            Not Before: Jan  2 14:32:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=045bc8d003729b742837b23e45029b308b7a8228
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:fd:79:63:ad:52:a2:4f:14:52:8c:00:2e:15:
                    5f:89:37:b4:9d:e2:65:86:1b:23:f6:22:16:71:83:
                    62:b5:b2:16:5a:c6:b1:b3:3e:18:ad:ad:c2:9d:e5:
                    8c:93:ed:e7:b0:31:df:8a:65:60:8e:79:f3:65:57:
                    2c:1b:50:2b:53:7d:e7:56:f7:42:f3:74:04:75:2c:
                    34:9a:37:f7:31:16:dd:ac:8d:ba:90:92:5e:34:1e:
                    c0:c3:5d:d4:9d:56:09:de:a7:9b:36:d3:15:5e:ee:
                    30:01:eb:39:44:d4:be:27:f7:b4:ac:40:a4:b0:78:
                    ee:7a:fb:19:2c:cc:a2:79:59:cf:10:94:2c:65:12:
                    19:c2:79:52:c7:20:4a:70:1c:d3:9a:c8:c8:dd:00:
                    b1:a7:f5:e0:e3:f0:10:70:b1:15:07:12:f1:b9:01:
                    7f:8b:ee:06:94:28:30:35:81:d2:30:9c:e1:a6:df:
                    9f:82:4a:0b:40:ed:66:fb:cd:20:e4:28:44:1f:f2:
                    f4:44:80:6e:de:c1:81:cf:f4:cd:40:7f:c0:62:1e:
                    f1:8e:89:d0:7a:e4:b4:b8:0e:ae:b1:94:4f:8b:a3:
                    3a:2d:4c:7a:c7:bd:1f:84:ea:84:16:4c:1c:95:b4:
                    06:e2:ce:95:f6:c6:e1:86:ae:ae:47:a2:7b:a1:0b:
                    67:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:5B:C8:D0:03:72:9B:74:28:37:B2:3E:45:02:9B:30:8B:7A:82:28
            X509v3 Authority Key Identifier:
                keyid:5D:99:E8:D5:71:3A:5E:63:82:C0:D1:38:9D:62:42:81:6F:9D:6F:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XZno1XE6XmOCwNE4nWJCgW-db7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/d2f992-3a17-4975-9c2c-9ca8ea90e617/1/BFvI0ANym3QoN7I-RQKbMIt6gig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/d2f992-3a17-4975-9c2c-9ca8ea90e617/1/XZno1XE6XmOCwNE4nWJCgW-db7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:37:9e:58:04:c3:93:75:27:d6:fd:e2:9f:19:e5:da:45:33:
         8f:f7:2d:c5:1a:d7:07:25:eb:93:0f:22:43:28:84:69:80:1f:
         08:77:1c:b2:ee:f6:36:c1:c2:92:83:6e:38:2a:02:1e:1f:d7:
         72:82:34:88:91:ea:bc:c3:15:4a:b3:a7:35:61:42:f9:7f:8b:
         fc:04:c4:e2:68:bc:56:cf:eb:e1:cc:87:61:15:8f:70:98:bb:
         bb:a9:d5:73:5a:80:4e:b2:dd:1e:f0:c2:80:a9:36:3a:db:50:
         49:c8:1b:19:1e:83:9e:61:a3:ab:55:f0:b6:f1:3b:d1:8a:e0:
         1e:3e:43:a4:64:60:cf:f5:e3:c3:75:12:79:bf:d9:66:01:ae:
         5a:68:57:21:a5:51:5d:b3:d7:c7:db:bc:51:26:5d:45:4c:97:
         b9:44:73:33:c1:5d:ad:3a:bd:d6:21:c7:dc:ae:e1:35:f5:5d:
         2c:46:a9:cf:85:da:7c:e4:81:ac:70:b8:fc:04:ba:2e:34:5f:
         82:8c:77:d2:97:00:bc:66:e1:9b:83:34:79:b3:6d:2c:e4:b2:
         5c:96:6f:48:45:0f:0c:87:c5:23:ce:d7:a1:d0:24:19:2a:86:
         b0:5c:69:37:96:f5:c6:dd:df:42:20:66:58:5c:e4:aa:3c:f9:
         db:07:55:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKlvd1bAEcHuQ/HheeO1yCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkOTllOGQ1NzEzYTVlNjM4MmMwZDEzODlkNjI0MjgxNmY5
ZDZmYjkwHhcNMjQwMTAyMTQzMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDViYzhkMDAzNzI5Yjc0MjgzN2IyM2U0NTAyOWIzMDhiN2E4MjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsf15Y61Sok8UUowALhVfiTe0neJl
hhsj9iIWcYNitbIWWsaxsz4Yra3CneWMk+3nsDHfimVgjnnzZVcsG1ArU33nVvdC
83QEdSw0mjf3MRbdrI26kJJeNB7Aw13UnVYJ3qebNtMVXu4wAes5RNS+J/e0rECk
sHjuevsZLMyieVnPEJQsZRIZwnlSxyBKcBzTmsjI3QCxp/Xg4/AQcLEVBxLxuQF/
i+4GlCgwNYHSMJzhpt+fgkoLQO1m+80g5ChEH/L0RIBu3sGBz/TNQH/AYh7xjonQ
euS0uA6usZRPi6M6LUx6x70fhOqEFkwclbQG4s6V9sbhhq6uR6J7oQtnzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFARbyNADcpt0KDeyPkUCmzCLeoIoMB8GA1UdIwQY
MBaAFF2Z6NVxOl5jgsDROJ1iQoFvnW+5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFpubzFYRTZYbU9Dd05FNG5XSkNnVy1kYjdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9kMmY5OTItM2ExNy00OTc1LTljMmMt
OWNhOGVhOTBlNjE3LzEvQkZ2STBBTnltM1FvTjdJLVJRS2JNSXQ2Z2lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9kMmY5OTItM2ExNy00OTc1LTljMmMtOWNhOGVhOTBlNjE3
LzEvWFpubzFYRTZYbU9Dd05FNG5XSkNnVy1kYjdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucL5MA0G
CSqGSIb3DQEBCwUAA4IBAQCdN55YBMOTdSfW/eKfGeXaRTOP9y3FGtcHJeuTDyJD
KIRpgB8Idxyy7vY2wcKSg244KgIeH9dygjSIkeq8wxVKs6c1YUL5f4v8BMTiaLxW
z+vhzIdhFY9wmLu7qdVzWoBOst0e8MKAqTY621BJyBsZHoOeYaOrVfC28TvRiuAe
PkOkZGDP9ePDdRJ5v9lmAa5aaFchpVFds9fH27xRJl1FTJe5RHMzwV2tOr3WIcfc
ruE19V0sRqnPhdp85IGscLj8BLouNF+CjHfSlwC8ZuGbgzR5s20s5LJclm9IRQ8M
h8Ujzteh0CQZKoawXGk3lvXG3d9CIGZYXOSqPPnbB1WE
-----END CERTIFICATE-----