Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/a3bfe9-dc56-4c1f-97a7-6b31a7360f0f/1/BLFC-FjMHL4wmy7DW2Qg0ynvAks.roa
File:                     BLFC-FjMHL4wmy7DW2Qg0ynvAks.roa (raw, json)
Hash identifier:          mla/ifgwtBL/TTlFYXL1kHRIJy6aKWlH3+ijLwE0y4c=
Subject key identifier:   04:B1:42:F8:58:CC:1C:BE:30:9B:2E:C3:5B:64:20:D3:29:EF:02:4B
Certificate issuer:       /CN=1b3029634ea8ed54681ba84d14990b00b864ddb8
Certificate serial:       01942143D8716BF9E9A93C51A558D50BBA69
Authority key identifier: 1B:30:29:63:4E:A8:ED:54:68:1B:A8:4D:14:99:0B:00:B8:64:DD:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GzApY06o7VRoG6hNFJkLALhk3bg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/a3bfe9-dc56-4c1f-97a7-6b31a7360f0f/1/BLFC-FjMHL4wmy7DW2Qg0ynvAks.roa
Signing time:             Wed 01 Jan 2025 09:48:01 +0000
ROA not before:           Wed 01 Jan 2025 09:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51776
IP address blocks:        91.199.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/a3bfe9-dc56-4c1f-97a7-6b31a7360f0f/1/GzApY06o7VRoG6hNFJkLALhk3bg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/a3bfe9-dc56-4c1f-97a7-6b31a7360f0f/1/GzApY06o7VRoG6hNFJkLALhk3bg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GzApY06o7VRoG6hNFJkLALhk3bg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:d8:71:6b:f9:e9:a9:3c:51:a5:58:d5:0b:ba:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b3029634ea8ed54681ba84d14990b00b864ddb8
        Validity
            Not Before: Jan  1 09:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=04b142f858cc1cbe309b2ec35b6420d329ef024b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:93:d1:1c:4a:f4:7e:5c:3b:de:e0:39:29:7f:
                    d3:55:be:1f:2e:35:69:1a:ef:73:5d:b2:7b:54:7d:
                    36:80:0e:cb:51:3e:ed:de:12:1c:fe:53:c6:01:34:
                    1c:2e:e3:8b:ad:46:78:e0:e8:d8:a3:86:4a:e2:90:
                    8b:1f:ca:71:76:60:87:66:05:4f:06:3d:06:cd:bd:
                    55:6b:06:f2:ee:d0:ad:73:a9:bd:6b:93:2d:d7:05:
                    7b:2c:36:47:1c:4b:67:b0:74:b1:d9:20:5c:95:23:
                    34:6b:4f:86:33:c7:a8:07:cb:e0:4b:7c:16:14:ac:
                    89:68:47:45:af:15:88:47:7d:b2:67:ae:af:3c:3e:
                    17:c7:6f:89:ca:6b:02:3d:d3:96:04:ab:6c:66:23:
                    57:3a:68:71:95:d2:27:a8:89:ce:2e:b0:5e:b0:24:
                    50:ee:f1:d1:3a:5b:45:30:fe:30:56:47:2a:08:74:
                    54:57:16:de:c8:90:b8:11:90:76:a0:f4:f2:96:77:
                    73:04:c4:7e:e7:35:3b:d7:2e:75:24:ae:fe:ff:5a:
                    4a:ea:1d:7d:6a:f2:c1:91:d7:43:92:5a:b6:ad:71:
                    c9:2b:da:d1:f2:2c:b5:d2:cf:03:64:9d:df:da:45:
                    ac:ea:16:ad:34:76:0e:c3:a0:5a:17:7d:2b:d9:97:
                    b3:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:B1:42:F8:58:CC:1C:BE:30:9B:2E:C3:5B:64:20:D3:29:EF:02:4B
            X509v3 Authority Key Identifier:
                keyid:1B:30:29:63:4E:A8:ED:54:68:1B:A8:4D:14:99:0B:00:B8:64:DD:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GzApY06o7VRoG6hNFJkLALhk3bg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/a3bfe9-dc56-4c1f-97a7-6b31a7360f0f/1/BLFC-FjMHL4wmy7DW2Qg0ynvAks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/a3bfe9-dc56-4c1f-97a7-6b31a7360f0f/1/GzApY06o7VRoG6hNFJkLALhk3bg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:08:62:89:59:98:68:90:a5:c7:b7:56:ef:02:82:39:ed:6c:
         40:9d:89:6b:d9:a7:1e:f0:9c:e6:5b:b6:33:d1:d9:db:00:32:
         8b:30:9e:c8:c4:40:a7:99:eb:81:2e:7e:80:54:26:8f:dc:4c:
         83:be:ac:ae:79:66:2a:0e:06:bd:18:c0:9f:6f:18:17:ce:50:
         99:3e:ce:4b:1a:bc:7d:5e:71:91:84:33:b0:b8:f1:62:c0:bd:
         d5:df:51:92:90:28:75:19:c4:71:7a:36:54:8b:83:25:85:3f:
         2c:28:3f:b2:6e:bb:dd:32:72:fa:fc:d4:83:f4:5f:82:e1:73:
         4f:d9:e4:80:5d:c7:56:7b:21:a7:d9:f3:80:55:82:4a:f7:68:
         c8:4a:66:25:c7:50:28:7c:31:0e:b6:6b:f3:04:71:90:0d:61:
         11:ab:08:bc:c5:97:2b:6a:d4:46:d8:d3:16:30:ac:01:ff:c7:
         c6:80:33:45:3d:5f:5f:cb:7b:17:cd:6f:0f:64:b6:3e:db:2c:
         12:ab:b5:dc:61:53:40:35:80:e7:a8:50:b9:5e:36:b2:a1:1c:
         1e:14:00:44:e8:e7:2f:c3:b1:e2:f9:40:33:da:90:4d:b7:09:
         df:b2:59:6e:dc:d4:df:68:02:3d:4a:29:a4:43:48:c8:96:fc:
         60:e7:c4:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ9hxa/npqTxRpVjVC7ppMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMzAyOTYzNGVhOGVkNTQ2ODFiYTg0ZDE0OTkwYjAwYjg2
NGRkYjgwHhcNMjUwMTAxMDk0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGIxNDJmODU4Y2MxY2JlMzA5YjJlYzM1YjY0MjBkMzI5ZWYwMjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5PRHEr0flw73uA5KX/TVb4fLjVp
Gu9zXbJ7VH02gA7LUT7t3hIc/lPGATQcLuOLrUZ44OjYo4ZK4pCLH8pxdmCHZgVP
Bj0Gzb1Vawby7tCtc6m9a5Mt1wV7LDZHHEtnsHSx2SBclSM0a0+GM8eoB8vgS3wW
FKyJaEdFrxWIR32yZ66vPD4Xx2+JymsCPdOWBKtsZiNXOmhxldInqInOLrBesCRQ
7vHROltFMP4wVkcqCHRUVxbeyJC4EZB2oPTylndzBMR+5zU71y51JK7+/1pK6h19
avLBkddDklq2rXHJK9rR8iy10s8DZJ3f2kWs6hatNHYOw6BaF30r2Zez2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASxQvhYzBy+MJsuw1tkINMp7wJLMB8GA1UdIwQY
MBaAFBswKWNOqO1UaBuoTRSZCwC4ZN24MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3pBcFkwNm83VlJvRzZoTkZKa0xBTGhrM2JnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9hM2JmZTktZGM1Ni00YzFmLTk3YTct
NmIzMWE3MzYwZjBmLzEvQkxGQy1Gak1ITDR3bXk3RFcyUWcweW52QWtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9hM2JmZTktZGM1Ni00YzFmLTk3YTctNmIzMWE3MzYwZjBm
LzEvR3pBcFkwNm83VlJvRzZoTkZKa0xBTGhrM2JnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8evMA0G
CSqGSIb3DQEBCwUAA4IBAQCpCGKJWZhokKXHt1bvAoI57WxAnYlr2ace8JzmW7Yz
0dnbADKLMJ7IxECnmeuBLn6AVCaP3EyDvqyueWYqDga9GMCfbxgXzlCZPs5LGrx9
XnGRhDOwuPFiwL3V31GSkCh1GcRxejZUi4MlhT8sKD+ybrvdMnL6/NSD9F+C4XNP
2eSAXcdWeyGn2fOAVYJK92jISmYlx1AofDEOtmvzBHGQDWERqwi8xZcratRG2NMW
MKwB/8fGgDNFPV9fy3sXzW8PZLY+2ywSq7XcYVNANYDnqFC5XjayoRweFABE6Ocv
w7Hi+UAz2pBNtwnfsllu3NTfaAI9SimkQ0jIlvxg58TW
-----END CERTIFICATE-----