Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/bmvwSd1Oki5Fk1aRcYAVyYkcnZU.roa
File:                     bmvwSd1Oki5Fk1aRcYAVyYkcnZU.roa (raw, json)
Hash identifier:          d2UyyEVSLJ4l4OV7KwhexS2Xpw+eAibmE1i2Joudkw4=
Subject key identifier:   6E:6B:F0:49:DD:4E:92:2E:45:93:56:91:71:80:15:C9:89:1C:9D:95
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       018CC86FB853041725C027E5FDA94972FEC9
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/bmvwSd1Oki5Fk1aRcYAVyYkcnZU.roa
Signing time:             Tue 02 Jan 2024 04:30:14 +0000
ROA not before:           Tue 02 Jan 2024 04:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     262287
IP address blocks:        45.84.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b8:53:04:17:25:c0:27:e5:fd:a9:49:72:fe:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 04:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e6bf049dd4e922e45935691718015c9891c9d95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c4:49:79:87:83:f2:14:16:09:33:42:8c:7f:
                    df:f5:45:a9:29:db:29:c4:e1:46:76:6a:00:4f:cc:
                    10:a2:f0:5b:95:52:6f:18:03:76:be:92:75:fb:6e:
                    98:d6:7f:28:b5:dc:3b:f6:1d:d1:04:92:5f:11:8b:
                    2a:b0:bb:e4:60:26:1b:03:89:48:e1:e2:09:d8:e9:
                    24:32:78:aa:1d:9b:f0:a4:88:da:1b:e7:44:45:b2:
                    80:17:ed:d7:2f:2e:d5:4e:08:ad:8c:a3:4a:ae:c3:
                    8b:68:11:3e:11:03:66:ff:c4:42:fe:71:fd:3d:7f:
                    0e:ae:b7:dc:9b:39:94:c3:61:47:6a:c1:22:18:4f:
                    41:eb:17:10:29:8b:95:e6:a5:fa:ee:57:79:ca:3d:
                    b5:6b:f6:19:67:9c:2f:6e:29:af:8c:31:4d:99:a9:
                    18:3b:bc:cb:83:fe:c2:bb:3d:10:49:c4:40:72:e4:
                    42:3b:af:4b:e6:6a:dd:db:dc:ed:ef:56:a6:b9:fa:
                    ba:b7:35:c3:6c:e8:43:bc:88:b8:63:2d:8c:d7:8a:
                    c3:51:57:ee:41:46:96:98:d9:7d:2b:39:26:32:70:
                    9d:e2:f9:52:a7:83:41:cc:60:a0:ac:54:30:b1:6d:
                    fa:48:85:6b:d5:fd:b8:08:4b:d9:93:61:0b:b5:69:
                    d5:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:6B:F0:49:DD:4E:92:2E:45:93:56:91:71:80:15:C9:89:1C:9D:95
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/bmvwSd1Oki5Fk1aRcYAVyYkcnZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:5a:5b:b4:dc:93:0d:5e:f2:d3:6f:0c:b4:6a:f8:29:f6:14:
         2d:ae:f4:4d:75:cf:b0:30:c6:47:ab:87:3b:d7:b3:c7:3c:d2:
         d8:df:7d:4b:8f:8d:f3:a5:ad:70:90:2b:70:19:af:08:68:71:
         06:15:15:df:d4:18:09:7f:51:9b:13:ad:57:b0:c3:28:1b:dc:
         be:7c:c0:e1:3e:a8:e2:4f:69:bb:9b:87:64:41:ec:75:22:1b:
         95:d3:2c:74:47:27:59:dd:5b:b4:88:14:76:06:bb:95:3c:5c:
         21:c8:a5:6b:b2:56:36:96:63:6c:42:e2:c9:3c:19:d7:30:9c:
         ab:47:f9:74:5e:f0:3e:b2:5d:41:0a:0e:c7:f4:a5:73:d3:46:
         7d:bb:27:87:79:22:09:30:ab:12:9d:a3:80:4e:1f:c9:16:0d:
         33:a6:ac:c8:75:cf:22:25:68:68:21:68:cb:ed:c7:a4:3f:e4:
         bd:30:98:53:df:a9:c2:36:d2:bb:7d:ac:c7:92:3e:94:4d:74:
         c2:52:12:4d:d7:66:2c:af:d3:ea:28:d4:79:9a:e0:fc:9b:4b:
         19:db:f3:d5:91:03:89:08:3f:85:fe:b0:1f:e0:15:0d:4a:f2:
         b1:ae:84:0f:a6:05:a9:ef:ad:63:1d:10:0f:81:a7:ed:67:b5:
         17:e8:a6:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb7hTBBclwCfl/alJcv7JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQwMTAyMDQzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTZiZjA0OWRkNGU5MjJlNDU5MzU2OTE3MTgwMTVjOTg5MWM5ZDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsRJeYeD8hQWCTNCjH/f9UWpKdsp
xOFGdmoAT8wQovBblVJvGAN2vpJ1+26Y1n8otdw79h3RBJJfEYsqsLvkYCYbA4lI
4eIJ2OkkMniqHZvwpIjaG+dERbKAF+3XLy7VTgitjKNKrsOLaBE+EQNm/8RC/nH9
PX8OrrfcmzmUw2FHasEiGE9B6xcQKYuV5qX67ld5yj21a/YZZ5wvbimvjDFNmakY
O7zLg/7Cuz0QScRAcuRCO69L5mrd29zt71amufq6tzXDbOhDvIi4Yy2M14rDUVfu
QUaWmNl9KzkmMnCd4vlSp4NBzGCgrFQwsW36SIVr1f24CEvZk2ELtWnVwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5r8EndTpIuRZNWkXGAFcmJHJ2VMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvYm12d1NkMU9raTVGazFhUmNZQVZ5WWtjblpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVTVMA0G
CSqGSIb3DQEBCwUAA4IBAQA4Wlu03JMNXvLTbwy0avgp9hQtrvRNdc+wMMZHq4c7
17PHPNLY331Lj43zpa1wkCtwGa8IaHEGFRXf1BgJf1GbE61XsMMoG9y+fMDhPqji
T2m7m4dkQex1IhuV0yx0RydZ3Vu0iBR2BruVPFwhyKVrslY2lmNsQuLJPBnXMJyr
R/l0XvA+sl1BCg7H9KVz00Z9uyeHeSIJMKsSnaOATh/JFg0zpqzIdc8iJWhoIWjL
7cekP+S9MJhT36nCNtK7fazHkj6UTXTCUhJN12Ysr9PqKNR5muD8m0sZ2/PVkQOJ
CD+F/rAf4BUNSvKxroQPpgWp761jHRAPgaftZ7UX6KaZ
-----END CERTIFICATE-----