Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/dcbd3a-7528-499e-a3bd-bf28875ab261/1/BUgELr93CJ6m9P8CIgQO7516-qk.roa
File:                     BUgELr93CJ6m9P8CIgQO7516-qk.roa (raw, json)
Hash identifier:          N1Y/8fXAKYZxkstrQteBZlE0mToRQq5m2ix67bg51ek=
Subject key identifier:   05:48:04:2E:BF:77:08:9E:A6:F4:FF:02:22:04:0E:EF:9D:7A:FA:A9
Certificate issuer:       /CN=2c3e1c03efa2f2d9fff9dbec3325bc6c37694250
Certificate serial:       018CC9BCB08ADAEF044075C1760FA0FE2351
Authority key identifier: 2C:3E:1C:03:EF:A2:F2:D9:FF:F9:DB:EC:33:25:BC:6C:37:69:42:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LD4cA--i8tn_-dvsMyW8bDdpQlA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/dcbd3a-7528-499e-a3bd-bf28875ab261/1/BUgELr93CJ6m9P8CIgQO7516-qk.roa
Signing time:             Tue 02 Jan 2024 10:33:55 +0000
ROA not before:           Tue 02 Jan 2024 10:33:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57687
IP address blocks:        185.129.171.0/24 maxlen: 24
                          185.129.170.0/24 maxlen: 24
                          185.129.169.0/24 maxlen: 24
                          185.129.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/dcbd3a-7528-499e-a3bd-bf28875ab261/1/LD4cA--i8tn_-dvsMyW8bDdpQlA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/dcbd3a-7528-499e-a3bd-bf28875ab261/1/LD4cA--i8tn_-dvsMyW8bDdpQlA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LD4cA--i8tn_-dvsMyW8bDdpQlA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:b0:8a:da:ef:04:40:75:c1:76:0f:a0:fe:23:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3e1c03efa2f2d9fff9dbec3325bc6c37694250
        Validity
            Not Before: Jan  2 10:33:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0548042ebf77089ea6f4ff0222040eef9d7afaa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:90:40:8a:8f:c9:62:7f:06:8e:1d:1b:7e:d8:
                    86:31:7d:f5:cf:b0:f9:5e:35:7b:b8:6c:31:9a:60:
                    28:d5:85:5e:3f:7e:26:13:ef:37:b2:0d:95:bc:3b:
                    ae:f8:20:53:1d:8b:d3:aa:87:77:ec:ab:49:8e:ba:
                    71:44:37:2d:d0:28:b8:93:1b:a2:e1:3f:12:6c:83:
                    ec:31:34:e9:26:bb:27:50:0a:b2:5b:0e:3b:74:b8:
                    69:df:48:d5:13:8d:b7:9c:4c:20:05:ff:48:f9:71:
                    39:71:74:56:9f:e4:2d:ed:01:bf:48:75:1d:6e:f7:
                    38:2f:30:ce:65:09:e7:ee:12:69:5a:b9:8e:6f:2e:
                    da:57:ac:8b:11:1c:2a:aa:bb:35:2e:5e:cf:27:18:
                    13:cd:51:eb:ce:bd:cf:f1:3a:66:be:fe:10:81:9d:
                    f1:c6:50:00:ee:a4:24:c1:c5:4f:c9:3b:fb:51:04:
                    ef:ce:3a:53:fd:fc:11:3c:57:f1:ae:e5:08:ee:f9:
                    28:56:1f:31:3b:c3:25:5f:90:ab:49:13:b5:dd:15:
                    b2:de:29:9d:40:9e:0a:e5:07:28:b7:3d:f4:da:91:
                    a6:33:92:5c:96:8b:ef:89:19:ea:09:c2:59:68:e9:
                    e8:37:85:5e:b5:10:8b:bd:a0:36:64:7e:51:2a:0d:
                    f0:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:48:04:2E:BF:77:08:9E:A6:F4:FF:02:22:04:0E:EF:9D:7A:FA:A9
            X509v3 Authority Key Identifier:
                keyid:2C:3E:1C:03:EF:A2:F2:D9:FF:F9:DB:EC:33:25:BC:6C:37:69:42:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LD4cA--i8tn_-dvsMyW8bDdpQlA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/dcbd3a-7528-499e-a3bd-bf28875ab261/1/BUgELr93CJ6m9P8CIgQO7516-qk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/dcbd3a-7528-499e-a3bd-bf28875ab261/1/LD4cA--i8tn_-dvsMyW8bDdpQlA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:58:c4:68:ac:19:5a:eb:53:35:c5:ac:f7:70:bf:48:e3:0f:
         4c:5b:58:bf:17:2b:d0:a8:59:5b:e0:7f:49:f2:e5:2d:f1:b7:
         7a:25:f1:75:9a:e2:b8:26:ac:7b:91:1c:53:d5:cc:0e:04:ee:
         85:5a:4c:14:d4:63:10:3d:a5:af:2d:f0:60:92:12:b8:0d:cb:
         06:6e:f9:fe:da:85:1c:95:a8:d6:15:1a:e3:f2:08:2f:2d:a9:
         b0:7b:0d:e6:b6:43:83:d1:01:e6:88:e8:ca:77:cf:f3:73:35:
         79:d2:3f:58:1a:9a:ab:f1:f6:59:96:3e:7e:4f:24:f3:fa:ed:
         a3:41:5f:9f:80:33:87:6a:22:6d:30:64:b0:4a:69:7b:9d:3f:
         30:30:bd:b0:15:f8:ac:98:9f:13:ff:1f:79:b9:fd:63:cc:38:
         36:f5:47:14:8d:5f:4e:7c:0f:a1:58:5f:f3:e9:6b:73:e5:1c:
         83:e6:32:bb:9b:80:30:1e:07:56:10:4f:83:4e:32:80:23:1a:
         14:35:bf:f4:d3:ac:85:f0:1e:3b:42:eb:fb:dd:70:50:3d:63:
         81:e0:bc:74:16:d1:cb:fb:f7:f6:8b:44:86:f0:b4:77:5e:d7:
         41:fb:52:0d:c5:d1:bd:a9:07:99:5e:62:37:72:cc:69:43:f9:
         8e:03:00:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvLCK2u8EQHXBdg+g/iNRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjM2UxYzAzZWZhMmYyZDlmZmY5ZGJlYzMzMjViYzZjMzc2
OTQyNTAwHhcNMjQwMTAyMTAzMzU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTQ4MDQyZWJmNzcwODllYTZmNGZmMDIyMjA0MGVlZjlkN2FmYWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJBAio/JYn8Gjh0bftiGMX31z7D5
XjV7uGwxmmAo1YVeP34mE+83sg2VvDuu+CBTHYvTqod37KtJjrpxRDct0Ci4kxui
4T8SbIPsMTTpJrsnUAqyWw47dLhp30jVE423nEwgBf9I+XE5cXRWn+Qt7QG/SHUd
bvc4LzDOZQnn7hJpWrmOby7aV6yLERwqqrs1Ll7PJxgTzVHrzr3P8Tpmvv4QgZ3x
xlAA7qQkwcVPyTv7UQTvzjpT/fwRPFfxruUI7vkoVh8xO8MlX5CrSRO13RWy3imd
QJ4K5Qcotz302pGmM5JclovviRnqCcJZaOnoN4VetRCLvaA2ZH5RKg3wdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAVIBC6/dwiepvT/AiIEDu+devqpMB8GA1UdIwQY
MBaAFCw+HAPvovLZ//nb7DMlvGw3aUJQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEQ0Y0EtLWk4dG5fLWR2c015VzhiRGRwUWxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9kY2JkM2EtNzUyOC00OTllLWEzYmQt
YmYyODg3NWFiMjYxLzEvQlVnRUxyOTNDSjZtOVA4Q0lnUU83NTE2LXFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9kY2JkM2EtNzUyOC00OTllLWEzYmQtYmYyODg3NWFiMjYx
LzEvTEQ0Y0EtLWk4dG5fLWR2c015VzhiRGRwUWxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYGoMA0G
CSqGSIb3DQEBCwUAA4IBAQApWMRorBla61M1xaz3cL9I4w9MW1i/FyvQqFlb4H9J
8uUt8bd6JfF1muK4Jqx7kRxT1cwOBO6FWkwU1GMQPaWvLfBgkhK4DcsGbvn+2oUc
lajWFRrj8ggvLamwew3mtkOD0QHmiOjKd8/zczV50j9YGpqr8fZZlj5+TyTz+u2j
QV+fgDOHaiJtMGSwSml7nT8wML2wFfismJ8T/x95uf1jzDg29UcUjV9OfA+hWF/z
6Wtz5RyD5jK7m4AwHgdWEE+DTjKAIxoUNb/006yF8B47Quv73XBQPWOB4Lx0FtHL
+/f2i0SG8LR3XtdB+1INxdG9qQeZXmI3csxpQ/mOAwDR
-----END CERTIFICATE-----