Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/Ub-QOZ6gorVzuCbr4obqXtJufRs.roa
File:                     Ub-QOZ6gorVzuCbr4obqXtJufRs.roa (raw, json)
Hash identifier:          6M+mS7ODWuz7sBsqK5oN5WczMRczRizt3al0SUvnUMg=
Subject key identifier:   51:BF:90:39:9E:A0:A2:B5:73:B8:26:EB:E2:86:EA:5E:D2:6E:7D:1B
Certificate issuer:       /CN=05bfdbb6a4b1663369da407db97b021f73284a28
Certificate serial:       01932A67DC90CED5E79DF5AE9A838CAE3832
Authority key identifier: 05:BF:DB:B6:A4:B1:66:33:69:DA:40:7D:B9:7B:02:1F:73:28:4A:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bb_btqSxZjNp2kB9uXsCH3MoSig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/Ub-QOZ6gorVzuCbr4obqXtJufRs.roa
Signing time:             Thu 14 Nov 2024 11:21:09 +0000
ROA not before:           Thu 14 Nov 2024 11:21:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215322
IP address blocks:        185.17.25.0/24 maxlen: 24
                          2a01:a501::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/Bb_btqSxZjNp2kB9uXsCH3MoSig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/Bb_btqSxZjNp2kB9uXsCH3MoSig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Bb_btqSxZjNp2kB9uXsCH3MoSig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2a:67:dc:90:ce:d5:e7:9d:f5:ae:9a:83:8c:ae:38:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05bfdbb6a4b1663369da407db97b021f73284a28
        Validity
            Not Before: Nov 14 11:21:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51bf90399ea0a2b573b826ebe286ea5ed26e7d1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:e4:aa:13:24:bb:c8:0a:62:64:4d:a2:7c:8d:
                    f2:a8:e9:0a:c5:c3:55:f9:5b:e6:f0:34:6a:56:a0:
                    5c:5f:f2:2c:3b:47:3c:c2:58:16:0f:38:ba:e3:4d:
                    0c:48:49:bb:86:3f:d3:43:28:f5:e3:3d:e0:6e:ab:
                    05:28:9e:f4:2f:84:83:23:0c:59:ed:b7:ed:5d:5e:
                    c4:b7:32:82:a1:0d:c8:7f:26:7d:54:10:b1:51:a1:
                    f1:b4:87:f4:fc:9f:44:53:81:af:cf:c0:b7:77:ab:
                    f8:d3:84:61:3c:f8:5d:0d:bf:d4:44:3f:4b:08:4c:
                    7a:fc:5b:fb:bb:f4:b2:4e:f4:b8:0e:d1:95:12:5c:
                    23:cd:cf:dd:96:51:2a:f0:80:07:92:fc:1f:bc:83:
                    f5:a7:40:7a:c8:4a:ab:ca:3e:d3:39:9b:3f:b9:c8:
                    d5:6c:f5:8a:b8:99:36:e5:c4:68:76:52:12:6b:95:
                    27:09:a6:00:d2:d1:20:18:27:d3:23:a4:7e:81:38:
                    d5:31:98:8b:56:c7:54:ea:c4:55:e7:5f:18:82:ea:
                    b8:3a:fe:56:93:30:53:80:37:41:98:de:3a:50:9a:
                    6c:d3:1a:05:67:a3:9d:b9:43:22:f5:30:0d:5f:2c:
                    4d:e5:d3:d7:ba:c9:0b:6c:ea:30:09:0c:73:62:da:
                    27:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:BF:90:39:9E:A0:A2:B5:73:B8:26:EB:E2:86:EA:5E:D2:6E:7D:1B
            X509v3 Authority Key Identifier:
                keyid:05:BF:DB:B6:A4:B1:66:33:69:DA:40:7D:B9:7B:02:1F:73:28:4A:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bb_btqSxZjNp2kB9uXsCH3MoSig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/Ub-QOZ6gorVzuCbr4obqXtJufRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/Bb_btqSxZjNp2kB9uXsCH3MoSig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.25.0/24
                IPv6:
                  2a01:a501::/32

    Signature Algorithm: sha256WithRSAEncryption
         38:80:ac:de:77:87:54:fe:11:30:4c:ee:da:fd:33:4b:90:ba:
         18:b7:39:a8:1e:20:e7:61:ad:65:10:e6:57:ac:9d:ec:98:bf:
         8a:30:be:4e:1f:1c:6a:db:6e:3a:97:02:78:7c:a2:2e:19:b1:
         4e:93:18:05:d9:24:b5:38:ba:3f:7f:28:95:d0:ad:fc:b2:82:
         a1:f0:2f:ab:96:ad:30:98:5a:c4:ed:f3:70:62:f6:65:a3:23:
         7a:2f:d7:10:56:81:e9:4a:67:f7:b3:f5:c1:12:0a:af:3b:b8:
         e9:4a:a7:8b:e1:87:c7:f4:61:de:76:e7:d1:2a:a9:64:b9:ea:
         51:da:9d:e1:b7:59:70:b2:1e:98:89:ca:9e:e3:e5:d3:14:0e:
         a7:0c:2f:a4:73:92:60:32:ed:e6:db:88:14:ee:b1:cc:6f:8f:
         03:45:57:cb:4a:40:40:b7:bc:51:de:ca:76:39:97:92:ef:9c:
         0d:96:f8:98:d3:a4:e5:cc:b1:20:2b:7b:34:65:1f:ba:2a:ce:
         56:68:54:fd:81:3d:20:2a:dd:fb:55:b6:12:03:c9:d0:21:42:
         11:96:ca:c2:b9:43:e8:f1:c2:2b:e5:74:86:ed:8a:1c:1e:ee:
         31:27:c5:69:aa:e8:62:d7:0e:d4:df:be:06:e7:85:c1:fd:53:
         05:76:44:8b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZMqZ9yQztXnnfWumoOMrjgyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YmZkYmI2YTRiMTY2MzM2OWRhNDA3ZGI5N2IwMjFmNzMy
ODRhMjgwHhcNMjQxMTE0MTEyMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWJmOTAzOTllYTBhMmI1NzNiODI2ZWJlMjg2ZWE1ZWQyNmU3ZDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OSqEyS7yApiZE2ifI3yqOkKxcNV
+Vvm8DRqVqBcX/IsO0c8wlgWDzi6400MSEm7hj/TQyj14z3gbqsFKJ70L4SDIwxZ
7bftXV7EtzKCoQ3IfyZ9VBCxUaHxtIf0/J9EU4Gvz8C3d6v404RhPPhdDb/URD9L
CEx6/Fv7u/SyTvS4DtGVElwjzc/dllEq8IAHkvwfvIP1p0B6yEqryj7TOZs/ucjV
bPWKuJk25cRodlISa5UnCaYA0tEgGCfTI6R+gTjVMZiLVsdU6sRV518Yguq4Ov5W
kzBTgDdBmN46UJps0xoFZ6OduUMi9TANXyxN5dPXuskLbOowCQxzYtonhwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFG/kDmeoKK1c7gm6+KG6l7Sbn0bMB8GA1UdIwQY
MBaAFAW/27aksWYzadpAfbl7Ah9zKEooMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJfYnRxU3haak5wMmtCOXVYc0NIM01vU2lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi80NjBjMDAtM2U5NS00Mjc0LWJjOWMt
MDYwZGFjZmViZTBmLzEvVWItUU9aNmdvclZ6dUNicjRvYnFYdEp1ZlJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi80NjBjMDAtM2U5NS00Mjc0LWJjOWMtMDYwZGFjZmViZTBm
LzEvQmJfYnRxU3haak5wMmtCOXVYc0NIM01vU2lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuREZMA0E
AgACMAcDBQAqAaUBMA0GCSqGSIb3DQEBCwUAA4IBAQA4gKzed4dU/hEwTO7a/TNL
kLoYtzmoHiDnYa1lEOZXrJ3smL+KML5OHxxq2246lwJ4fKIuGbFOkxgF2SS1OLo/
fyiV0K38soKh8C+rlq0wmFrE7fNwYvZloyN6L9cQVoHpSmf3s/XBEgqvO7jpSqeL
4YfH9GHedufRKqlkuepR2p3ht1lwsh6Yicqe4+XTFA6nDC+kc5JgMu3m24gU7rHM
b48DRVfLSkBAt7xR3sp2OZeS75wNlviY06TlzLEgK3s0ZR+6Ks5WaFT9gT0gKt37
VbYSA8nQIUIRlsrCuUPo8cIr5XSG7YocHu4xJ8Vpquhi1w7U374G54XB/VMFdkSL
-----END CERTIFICATE-----