Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/Bg8lhllKg9CX6Ekjn5O7CDFMtfU.roa
File:                     Bg8lhllKg9CX6Ekjn5O7CDFMtfU.roa (raw, json)
Hash identifier:          vXIabELWjcYsoWN0+CEnQF73zPx9rViZciXpZhTap2w=
Subject key identifier:   06:0F:25:86:59:4A:83:D0:97:E8:49:23:9F:93:BB:08:31:4C:B5:F5
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC44D8AF6C8D04514424A4199F152B
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/Bg8lhllKg9CX6Ekjn5O7CDFMtfU.roa
Signing time:             Mon 01 Jan 2024 16:29:56 +0000
ROA not before:           Mon 01 Jan 2024 16:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43581
IP address blocks:        194.226.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:44:d8:af:6c:8d:04:51:44:24:a4:19:9f:15:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=060f2586594a83d097e849239f93bb08314cb5f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:29:7c:33:00:66:fc:35:7e:04:e3:90:2e:ba:
                    d5:6c:aa:40:35:c5:66:49:f6:3a:ab:1f:28:6f:23:
                    95:d9:4b:a7:2d:a3:69:70:bf:b1:99:90:b4:b9:66:
                    a1:61:5c:76:10:c4:73:9d:44:4c:23:d5:fc:51:6b:
                    a0:86:84:30:5a:85:87:96:08:af:b0:2b:6b:ef:f3:
                    28:9c:28:32:44:b6:3e:b1:a5:fd:77:f8:bf:37:78:
                    46:d3:c2:d0:e8:28:bd:24:7f:d7:c2:5a:b4:84:af:
                    41:af:45:e1:06:88:59:60:b3:24:9d:bc:e1:0f:b6:
                    41:e9:bb:84:2e:e3:81:f6:8d:f8:a8:84:19:c4:42:
                    be:12:44:6c:41:93:2a:c6:78:ef:82:f4:e2:64:63:
                    2b:01:0b:b7:af:a0:f6:2c:80:10:d8:3e:b7:ac:70:
                    db:75:98:f2:14:bf:b5:1e:8c:6e:26:55:80:ac:a3:
                    27:ed:15:37:20:54:c2:fb:7d:df:1a:f5:48:c6:44:
                    49:06:f4:97:92:3b:01:95:e8:9a:e7:17:d6:bf:d8:
                    f9:ab:70:10:90:b7:c6:97:29:c7:cb:b9:17:63:15:
                    a1:de:a0:c5:57:90:0d:fc:46:5a:c8:2e:b2:ff:19:
                    2b:32:ab:00:67:7c:3e:fa:98:19:89:4a:b5:b3:dc:
                    ed:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:0F:25:86:59:4A:83:D0:97:E8:49:23:9F:93:BB:08:31:4C:B5:F5
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/Bg8lhllKg9CX6Ekjn5O7CDFMtfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.226.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:54:06:42:cf:95:69:b1:c3:f4:22:5d:a3:f6:17:be:d9:bf:
         9e:2e:41:1c:2c:7d:b8:94:d4:34:09:1b:d9:aa:f7:0a:5e:aa:
         5d:8f:11:5f:d7:25:5a:c2:2e:71:81:74:79:71:23:56:c3:2d:
         42:77:42:7f:ed:be:a0:5f:c9:07:b3:c8:53:12:c0:d3:21:18:
         70:31:7c:f0:73:37:74:84:eb:2d:31:74:20:73:42:c4:f4:43:
         f6:db:3d:05:d9:a4:fb:4e:c3:97:03:17:05:77:93:da:6f:50:
         35:41:fc:08:a3:fd:7a:5e:45:b8:14:47:5c:59:b3:64:80:0e:
         0f:cd:23:6f:eb:b8:35:fc:00:43:4a:39:a2:8e:de:e4:f1:43:
         9f:e2:7f:2c:43:6f:dd:8f:2d:2f:c9:9f:73:b9:4d:41:5b:57:
         f0:e5:da:32:3b:5e:e8:29:a2:e6:30:fd:33:b6:79:f4:21:bf:
         f8:93:3e:e1:f9:d3:a2:a9:bd:65:d2:ba:d5:fb:2d:f0:8c:45:
         d5:30:03:15:74:98:a8:a4:9e:11:7e:48:4a:9f:79:2c:ec:71:
         22:ce:f2:74:3b:44:ab:54:37:f0:47:8e:63:09:25:f6:c4:1f:
         bb:da:1b:23:67:c0:c6:48:61:05:d2:ec:ab:bd:0e:2c:4c:64:
         17:b1:1a:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3ETYr2yNBFFEJKQZnxUrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjBmMjU4NjU5NGE4M2QwOTdlODQ5MjM5ZjkzYmIwODMxNGNiNWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhil8MwBm/DV+BOOQLrrVbKpANcVm
SfY6qx8obyOV2UunLaNpcL+xmZC0uWahYVx2EMRznURMI9X8UWughoQwWoWHlgiv
sCtr7/MonCgyRLY+saX9d/i/N3hG08LQ6Ci9JH/Xwlq0hK9Br0XhBohZYLMknbzh
D7ZB6buELuOB9o34qIQZxEK+EkRsQZMqxnjvgvTiZGMrAQu3r6D2LIAQ2D63rHDb
dZjyFL+1HoxuJlWArKMn7RU3IFTC+33fGvVIxkRJBvSXkjsBleia5xfWv9j5q3AQ
kLfGlynHy7kXYxWh3qDFV5AN/EZayC6y/xkrMqsAZ3w++pgZiUq1s9ztrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYPJYZZSoPQl+hJI5+TuwgxTLX1MB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvQmc4bGhsbEtnOUNYNkVram41TzdDREZNdGZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwuIxMA0G
CSqGSIb3DQEBCwUAA4IBAQACVAZCz5VpscP0Il2j9he+2b+eLkEcLH24lNQ0CRvZ
qvcKXqpdjxFf1yVawi5xgXR5cSNWwy1Cd0J/7b6gX8kHs8hTEsDTIRhwMXzwczd0
hOstMXQgc0LE9EP22z0F2aT7TsOXAxcFd5Pab1A1QfwIo/16XkW4FEdcWbNkgA4P
zSNv67g1/ABDSjmijt7k8UOf4n8sQ2/djy0vyZ9zuU1BW1fw5doyO17oKaLmMP0z
tnn0Ib/4kz7h+dOiqb1l0rrV+y3wjEXVMAMVdJiopJ4RfkhKn3ks7HEizvJ0O0Sr
VDfwR45jCSX2xB+72hsjZ8DGSGEF0uyrvQ4sTGQXsRpj
-----END CERTIFICATE-----