Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/6e4e68-87aa-478c-8e5f-e06176ab24fb/1/bpV7I_XNU2chefMU4R09gkSH0wM.roa
File:                     bpV7I_XNU2chefMU4R09gkSH0wM.roa (raw, json)
Hash identifier:          mLHFtO7R0xg1XzqOhJ1OPqVkp4rItC5RQC59eaRQzBs=
Subject key identifier:   6E:95:7B:23:F5:CD:53:67:21:79:F3:14:E1:1D:3D:82:44:87:D3:03
Certificate issuer:       /CN=b6380000fb7e45f8976261a698d418f08e8d67c7
Certificate serial:       018CC424B6633A7ADD391BEB04DB10F54215
Authority key identifier: B6:38:00:00:FB:7E:45:F8:97:62:61:A6:98:D4:18:F0:8E:8D:67:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tjgAAPt-RfiXYmGmmNQY8I6NZ8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/6e4e68-87aa-478c-8e5f-e06176ab24fb/1/bpV7I_XNU2chefMU4R09gkSH0wM.roa
Signing time:             Mon 01 Jan 2024 08:29:49 +0000
ROA not before:           Mon 01 Jan 2024 08:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50517
IP address blocks:        212.57.192.0/19 maxlen: 19
                          212.57.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/6e4e68-87aa-478c-8e5f-e06176ab24fb/1/tjgAAPt-RfiXYmGmmNQY8I6NZ8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/6e4e68-87aa-478c-8e5f-e06176ab24fb/1/tjgAAPt-RfiXYmGmmNQY8I6NZ8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tjgAAPt-RfiXYmGmmNQY8I6NZ8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:b6:63:3a:7a:dd:39:1b:eb:04:db:10:f5:42:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6380000fb7e45f8976261a698d418f08e8d67c7
        Validity
            Not Before: Jan  1 08:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e957b23f5cd53672179f314e11d3d824487d303
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b2:ee:6c:21:b3:7a:5e:14:71:d4:61:62:dd:
                    a6:a3:82:ed:91:57:6b:4f:1e:05:83:d9:6d:d2:8c:
                    be:eb:47:1c:71:2d:fe:d5:1a:2f:15:36:f6:17:7c:
                    94:49:89:7a:b2:cc:4c:d1:fb:8b:6c:3f:9c:07:dd:
                    b4:59:99:b6:20:22:43:ca:6b:94:17:13:04:4f:d8:
                    47:1e:19:fe:04:20:ec:03:da:71:3f:8d:2a:c0:01:
                    9f:ca:83:b9:db:82:d2:6b:bd:b3:30:18:bc:c1:e6:
                    59:fc:d7:29:2b:75:34:c2:81:76:c1:3e:59:0a:c4:
                    27:0f:2e:ca:9a:0c:d9:07:34:1b:f7:32:91:b8:f5:
                    38:8b:2e:e8:75:48:d1:6a:be:64:08:3c:e5:30:89:
                    bb:5f:46:b1:ee:6a:cb:69:bf:72:2f:95:99:69:15:
                    a3:6f:da:8a:6c:1a:b5:13:df:85:2c:5a:96:ac:55:
                    14:56:1f:2f:02:9b:24:41:25:e4:ed:c7:18:ab:56:
                    1d:5b:c1:ff:c6:b3:b2:bf:66:db:fa:44:b8:cf:80:
                    13:01:2a:4b:1a:4e:4d:55:25:af:f8:bc:ce:96:c3:
                    b5:87:93:24:32:8b:cc:d9:a3:ee:38:9c:07:06:3b:
                    54:22:aa:5b:b9:17:aa:eb:60:f0:fc:cb:ba:40:ab:
                    46:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:95:7B:23:F5:CD:53:67:21:79:F3:14:E1:1D:3D:82:44:87:D3:03
            X509v3 Authority Key Identifier:
                keyid:B6:38:00:00:FB:7E:45:F8:97:62:61:A6:98:D4:18:F0:8E:8D:67:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tjgAAPt-RfiXYmGmmNQY8I6NZ8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/6e4e68-87aa-478c-8e5f-e06176ab24fb/1/bpV7I_XNU2chefMU4R09gkSH0wM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/6e4e68-87aa-478c-8e5f-e06176ab24fb/1/tjgAAPt-RfiXYmGmmNQY8I6NZ8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.57.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         1a:18:d0:f8:f0:a0:11:f3:5f:d6:97:31:b9:94:71:6b:3e:db:
         b2:a6:8d:78:6a:d7:9a:31:f7:41:77:53:47:b7:0d:31:c2:55:
         8a:f5:62:0e:87:3e:00:74:c0:04:22:84:57:14:b1:82:26:eb:
         92:81:70:81:a5:f7:b4:d1:3a:18:09:2c:e1:00:ff:2d:a4:86:
         28:d5:fa:70:67:03:e9:3a:3b:e4:39:ce:4b:e0:8c:24:e0:7d:
         7c:7d:de:e4:2e:de:a5:67:bc:e9:98:73:21:4a:cb:e4:12:3c:
         61:61:93:49:27:45:c9:b0:b8:78:c3:6f:c9:da:2d:20:1d:21:
         7b:e6:fe:b5:7c:dd:f3:8c:67:91:19:9e:5f:a8:d5:d9:38:76:
         fa:73:0c:17:c0:be:af:ae:7a:5d:42:f8:55:db:9a:d0:5b:64:
         1c:df:be:71:89:d3:c2:d0:6e:30:6b:20:b3:18:93:33:08:bb:
         f5:4a:93:c5:0e:6f:9a:3e:8b:75:f5:04:4f:b1:45:d8:cf:cf:
         c4:10:8b:06:43:da:10:8c:15:47:16:4b:7a:58:e3:20:44:46:
         e9:9a:d3:0e:c9:d7:c9:92:dd:cc:dd:98:d8:59:cf:64:7f:36:
         10:c1:1a:bd:38:8f:4b:2f:30:35:c1:2d:b4:19:18:e9:55:6c:
         82:42:41:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJLZjOnrdORvrBNsQ9UIVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MzgwMDAwZmI3ZTQ1Zjg5NzYyNjFhNjk4ZDQxOGYwOGU4
ZDY3YzcwHhcNMjQwMTAxMDgyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTk1N2IyM2Y1Y2Q1MzY3MjE3OWYzMTRlMTFkM2Q4MjQ0ODdkMzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bLubCGzel4UcdRhYt2mo4LtkVdr
Tx4Fg9lt0oy+60cccS3+1RovFTb2F3yUSYl6ssxM0fuLbD+cB920WZm2ICJDymuU
FxMET9hHHhn+BCDsA9pxP40qwAGfyoO524LSa72zMBi8weZZ/NcpK3U0woF2wT5Z
CsQnDy7KmgzZBzQb9zKRuPU4iy7odUjRar5kCDzlMIm7X0ax7mrLab9yL5WZaRWj
b9qKbBq1E9+FLFqWrFUUVh8vApskQSXk7ccYq1YdW8H/xrOyv2bb+kS4z4ATASpL
Gk5NVSWv+LzOlsO1h5MkMovM2aPuOJwHBjtUIqpbuReq62Dw/Mu6QKtGRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG6VeyP1zVNnIXnzFOEdPYJEh9MDMB8GA1UdIwQY
MBaAFLY4AAD7fkX4l2JhppjUGPCOjWfHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGpnQUFQdC1SZmlYWW1HbW1OUVk4STZOWjhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi82ZTRlNjgtODdhYS00NzhjLThlNWYt
ZTA2MTc2YWIyNGZiLzEvYnBWN0lfWE5VMmNoZWZNVTRSMDlna1NIMHdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi82ZTRlNjgtODdhYS00NzhjLThlNWYtZTA2MTc2YWIyNGZi
LzEvdGpnQUFQdC1SZmlYWW1HbW1OUVk4STZOWjhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1DnAMA0G
CSqGSIb3DQEBCwUAA4IBAQAaGND48KAR81/WlzG5lHFrPtuypo14ateaMfdBd1NH
tw0xwlWK9WIOhz4AdMAEIoRXFLGCJuuSgXCBpfe00ToYCSzhAP8tpIYo1fpwZwPp
OjvkOc5L4Iwk4H18fd7kLt6lZ7zpmHMhSsvkEjxhYZNJJ0XJsLh4w2/J2i0gHSF7
5v61fN3zjGeRGZ5fqNXZOHb6cwwXwL6vrnpdQvhV25rQW2Qc375xidPC0G4wayCz
GJMzCLv1SpPFDm+aPot19QRPsUXYz8/EEIsGQ9oQjBVHFkt6WOMgREbpmtMOydfJ
kt3M3ZjYWc9kfzYQwRq9OI9LLzA1wS20GRjpVWyCQkHe
-----END CERTIFICATE-----