Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/BPcKYotNA4ZeZvm82W73v75zPQs.roa
File:                     BPcKYotNA4ZeZvm82W73v75zPQs.roa (raw, json)
Hash identifier:          oHpWOGTj/PoKbHsHCYFs8uXPSnbHGEoV8KY7k9zJBk4=
Subject key identifier:   04:F7:0A:62:8B:4D:03:86:5E:66:F9:BC:D9:6E:F7:BF:BE:73:3D:0B
Certificate issuer:       /CN=d0aa4a1a7a3ad23faae2aeae9fa6194f02128129
Certificate serial:       01944ADC9C5826CEB0FF60EB5AB49CAF84DE
Authority key identifier: D0:AA:4A:1A:7A:3A:D2:3F:AA:E2:AE:AE:9F:A6:19:4F:02:12:81:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/BPcKYotNA4ZeZvm82W73v75zPQs.roa
Signing time:             Thu 09 Jan 2025 11:39:19 +0000
ROA not before:           Thu 09 Jan 2025 11:39:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15502
IP address blocks:        195.218.96.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:dc:9c:58:26:ce:b0:ff:60:eb:5a:b4:9c:af:84:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0aa4a1a7a3ad23faae2aeae9fa6194f02128129
        Validity
            Not Before: Jan  9 11:39:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=04f70a628b4d03865e66f9bcd96ef7bfbe733d0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a4:95:6e:60:0d:e3:f1:74:12:bf:6a:9b:2a:
                    5d:9d:ff:36:9d:00:4e:37:3f:bf:ae:eb:8e:24:62:
                    85:d7:69:64:70:23:cc:80:71:8a:b5:81:28:8e:1f:
                    17:b4:04:f9:f2:cf:ec:51:2d:52:3b:1f:6b:f6:7a:
                    07:c8:e0:51:31:d6:cd:71:43:6c:bc:29:7f:4f:a8:
                    e2:05:33:92:11:e6:6c:c9:66:bb:28:1d:3f:d6:84:
                    01:b9:08:ea:bc:7f:cf:77:82:1f:74:46:26:4c:e4:
                    c0:17:b6:2a:58:42:73:f0:aa:f4:cf:31:90:00:61:
                    49:66:05:9d:b6:08:f0:e5:e7:0f:8b:67:3d:1c:f4:
                    5d:16:a5:85:5d:34:58:aa:c4:82:01:ff:90:4e:1f:
                    09:50:94:8a:cd:8c:b4:88:32:b9:f6:88:5c:92:53:
                    88:af:2e:d3:f7:c0:f2:3d:09:b6:e0:5f:7e:ba:2b:
                    a9:6f:9f:2d:96:1c:d5:65:44:28:69:7a:37:4e:b6:
                    f2:50:01:28:39:3e:0e:72:e2:a1:09:db:7f:2d:ff:
                    03:a2:a2:f9:9d:35:fa:2c:c6:56:e5:69:d5:7b:0b:
                    18:5b:20:cb:e0:5c:40:30:3c:8a:50:06:92:41:1e:
                    00:2e:2e:2a:a6:b6:bc:21:ed:da:9f:dc:5c:ac:77:
                    1f:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:F7:0A:62:8B:4D:03:86:5E:66:F9:BC:D9:6E:F7:BF:BE:73:3D:0B
            X509v3 Authority Key Identifier:
                keyid:D0:AA:4A:1A:7A:3A:D2:3F:AA:E2:AE:AE:9F:A6:19:4F:02:12:81:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0KpKGno60j-q4q6un6YZTwISgSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/BPcKYotNA4ZeZvm82W73v75zPQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/76556e-a1d8-4e0a-8468-2214f18eb329/1/0KpKGno60j-q4q6un6YZTwISgSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.218.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         55:1e:1a:c7:6f:33:66:8d:a3:54:0b:3e:4d:ac:cd:a6:cc:4c:
         54:e9:de:eb:f0:29:6c:9d:d0:40:f3:70:3c:22:89:59:dd:0b:
         ba:e6:4e:e3:32:4c:09:e3:06:98:ee:24:2c:fc:3f:2f:78:03:
         a8:4e:f5:d4:d7:e8:cf:0e:3d:70:c1:b9:9f:55:ab:f8:d3:a3:
         04:3d:52:f8:16:d3:0b:3a:cc:c7:00:3e:f0:8e:02:26:f5:d9:
         ab:f5:43:b0:e6:78:8b:da:41:5a:ff:7c:37:7e:0d:1b:12:a7:
         32:25:59:6f:e8:9f:29:89:b1:7c:ff:44:bb:cb:1f:bb:9a:86:
         a6:8e:a2:64:01:34:2c:c1:b9:46:74:2d:23:e4:33:95:ab:4b:
         16:a3:a9:fc:3f:58:0b:fd:5e:b4:5a:31:dc:5c:e3:0d:8c:65:
         c2:df:85:bb:36:f1:6a:07:ad:64:95:92:a5:aa:2d:72:ac:8b:
         4e:3f:77:5b:0b:d7:92:e5:19:fe:56:a6:ff:3c:b5:2a:8d:cf:
         02:b1:fd:db:30:89:0b:67:64:c5:14:43:f4:e9:e8:02:1e:4b:
         10:84:b0:84:e6:2f:a0:69:39:9e:a5:46:38:7f:57:e9:6f:39:
         c9:b0:e9:71:93:59:56:fb:53:bd:89:5a:1f:f7:14:60:7b:7e:
         79:f8:82:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRK3JxYJs6w/2DrWrScr4TeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYWE0YTFhN2EzYWQyM2ZhYWUyYWVhZTlmYTYxOTRmMDIx
MjgxMjkwHhcNMjUwMTA5MTEzOTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGY3MGE2MjhiNGQwMzg2NWU2NmY5YmNkOTZlZjdiZmJlNzMzZDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6SVbmAN4/F0Er9qmypdnf82nQBO
Nz+/ruuOJGKF12lkcCPMgHGKtYEojh8XtAT58s/sUS1SOx9r9noHyOBRMdbNcUNs
vCl/T6jiBTOSEeZsyWa7KB0/1oQBuQjqvH/Pd4IfdEYmTOTAF7YqWEJz8Kr0zzGQ
AGFJZgWdtgjw5ecPi2c9HPRdFqWFXTRYqsSCAf+QTh8JUJSKzYy0iDK59ohcklOI
ry7T98DyPQm24F9+uiupb58tlhzVZUQoaXo3TrbyUAEoOT4OcuKhCdt/Lf8DoqL5
nTX6LMZW5WnVewsYWyDL4FxAMDyKUAaSQR4ALi4qpra8Ie3an9xcrHcfRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAT3CmKLTQOGXmb5vNlu97++cz0LMB8GA1UdIwQY
MBaAFNCqShp6OtI/quKurp+mGU8CEoEpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEtwS0dubzYwai1xNHE2dW42WVpUd0lTZ1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS83NjU1NmUtYTFkOC00ZTBhLTg0Njgt
MjIxNGYxOGViMzI5LzEvQlBjS1lvdE5BNFplWnZtODJXNzN2NzV6UFFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS83NjU1NmUtYTFkOC00ZTBhLTg0NjgtMjIxNGYxOGViMzI5
LzEvMEtwS0dubzYwai1xNHE2dW42WVpUd0lTZ1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFw9pgMA0G
CSqGSIb3DQEBCwUAA4IBAQBVHhrHbzNmjaNUCz5NrM2mzExU6d7r8ClsndBA83A8
IolZ3Qu65k7jMkwJ4waY7iQs/D8veAOoTvXU1+jPDj1wwbmfVav406MEPVL4FtML
OszHAD7wjgIm9dmr9UOw5niL2kFa/3w3fg0bEqcyJVlv6J8pibF8/0S7yx+7moam
jqJkATQswblGdC0j5DOVq0sWo6n8P1gL/V60WjHcXOMNjGXC34W7NvFqB61klZKl
qi1yrItOP3dbC9eS5Rn+Vqb/PLUqjc8Csf3bMIkLZ2TFFEP06egCHksQhLCE5i+g
aTmepUY4f1fpbznJsOlxk1lW+1O9iVof9xRge355+IIs
-----END CERTIFICATE-----