Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/bke-YJ-tbDLGpp3kvZGH2TLdlOI.roa
File:                     bke-YJ-tbDLGpp3kvZGH2TLdlOI.roa (raw, json)
Hash identifier:          NXBX9RHNDwlq1k9iub5dxUrFv5q8FjUTbkNsfuh2Uzo=
Subject key identifier:   6E:47:BE:60:9F:AD:6C:32:C6:A6:9D:E4:BD:91:87:D9:32:DD:94:E2
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       0194222004D91D70A87153EFC2EC7C73039C
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/bke-YJ-tbDLGpp3kvZGH2TLdlOI.roa
Signing time:             Wed 01 Jan 2025 13:48:31 +0000
ROA not before:           Wed 01 Jan 2025 13:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51102
IP address blocks:        45.86.242.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:04:d9:1d:70:a8:71:53:ef:c2:ec:7c:73:03:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Jan  1 13:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e47be609fad6c32c6a69de4bd9187d932dd94e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:53:9e:81:2a:3a:c9:32:3d:57:af:78:72:b0:
                    54:66:cc:5a:8a:ad:9f:86:84:4e:05:05:0d:f8:a5:
                    1e:7b:c5:be:88:6b:8e:0a:26:e0:fa:1a:20:98:5e:
                    46:b2:77:9f:fa:15:b0:99:a1:89:f5:77:d0:21:af:
                    22:74:dc:1d:51:88:c5:24:9f:be:5d:47:2e:84:d0:
                    df:1a:67:c9:bf:06:38:0f:19:a9:a7:4f:bc:e4:69:
                    c1:c3:f6:a2:96:c5:11:11:e5:9c:0e:98:ad:1f:32:
                    63:4a:82:d8:2b:0f:0e:99:a7:9f:e0:72:fc:4e:5a:
                    67:d6:28:2d:57:35:b3:38:d9:d0:61:95:3b:cf:ce:
                    71:04:11:2d:33:4e:ab:94:af:42:20:d8:e2:09:98:
                    63:56:23:2b:da:2f:99:34:c2:d5:fd:d0:e3:dd:1a:
                    4c:f6:16:bf:c2:55:68:b3:bd:e9:bb:30:f6:ee:b8:
                    62:25:b9:ac:78:1a:7a:a0:78:23:9d:5c:f2:52:6a:
                    80:3b:76:59:d5:9d:13:e4:ca:54:3a:0b:cc:3f:bd:
                    7c:09:57:00:d5:e4:9d:c4:6b:4f:1c:fc:3f:bf:2d:
                    7e:9d:13:23:24:c3:12:b0:d7:26:b4:b9:87:64:08:
                    fc:c7:78:94:be:6f:7d:b1:de:79:ef:fd:bf:dc:ff:
                    19:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:47:BE:60:9F:AD:6C:32:C6:A6:9D:E4:BD:91:87:D9:32:DD:94:E2
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/bke-YJ-tbDLGpp3kvZGH2TLdlOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:74:17:a9:65:90:74:ff:f4:71:7d:76:60:f8:ab:8c:31:f6:
         ab:31:cf:a0:41:ac:90:f5:ff:0a:67:f7:c6:f6:8c:68:b3:70:
         51:99:10:c3:23:97:f8:a0:96:3f:9a:a2:c1:0a:dd:e7:35:e4:
         46:3d:31:45:94:b6:bf:37:c3:5c:ac:c5:7e:61:c7:52:e0:f2:
         e8:7a:8a:21:44:37:a1:f9:77:48:7a:6b:23:37:8b:af:f9:1f:
         c4:e6:ee:2e:df:f9:ec:da:1f:05:08:bf:6d:ac:6d:a4:eb:68:
         b7:3f:45:ff:07:40:5a:f6:4c:c8:55:33:3b:1a:08:6a:b7:32:
         5f:69:03:4a:83:ea:32:08:6b:6d:ee:73:8c:d0:3f:c9:a6:0f:
         ed:37:40:36:87:bd:c1:f6:27:0e:e5:0c:ea:83:53:26:82:13:
         ba:10:95:60:01:32:e6:2a:eb:00:1c:9e:76:3e:be:79:5c:5c:
         8e:7a:32:8d:ea:7b:2d:3c:c5:18:f1:4e:a1:5b:5c:94:3b:7f:
         8e:7d:1c:da:71:f2:69:6c:fb:a5:1a:fa:90:6f:05:3f:1e:e0:
         db:64:22:28:07:e8:22:e1:0d:e3:43:e3:f1:39:ca:b0:83:b7:
         f9:4c:14:ba:bd:14:e5:24:aa:7b:b8:26:48:db:b7:4d:34:20:
         2e:3b:f2:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIATZHXCocVPvwux8cwOcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjUwMTAxMTM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTQ3YmU2MDlmYWQ2YzMyYzZhNjlkZTRiZDkxODdkOTMyZGQ5NGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VOegSo6yTI9V694crBUZsxaiq2f
hoROBQUN+KUee8W+iGuOCibg+hogmF5Gsnef+hWwmaGJ9XfQIa8idNwdUYjFJJ++
XUcuhNDfGmfJvwY4Dxmpp0+85GnBw/ailsUREeWcDpitHzJjSoLYKw8Omaef4HL8
Tlpn1igtVzWzONnQYZU7z85xBBEtM06rlK9CINjiCZhjViMr2i+ZNMLV/dDj3RpM
9ha/wlVos73puzD27rhiJbmseBp6oHgjnVzyUmqAO3ZZ1Z0T5MpUOgvMP718CVcA
1eSdxGtPHPw/vy1+nRMjJMMSsNcmtLmHZAj8x3iUvm99sd557/2/3P8ZDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5HvmCfrWwyxqad5L2Rh9ky3ZTiMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvYmtlLVlKLXRiRExHcHAza3ZaR0gyVExkbE9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVbyMA0G
CSqGSIb3DQEBCwUAA4IBAQBqdBepZZB0//RxfXZg+KuMMfarMc+gQayQ9f8KZ/fG
9oxos3BRmRDDI5f4oJY/mqLBCt3nNeRGPTFFlLa/N8NcrMV+YcdS4PLoeoohRDeh
+XdIemsjN4uv+R/E5u4u3/ns2h8FCL9trG2k62i3P0X/B0Ba9kzIVTM7GghqtzJf
aQNKg+oyCGtt7nOM0D/Jpg/tN0A2h73B9icO5Qzqg1MmghO6EJVgATLmKusAHJ52
Pr55XFyOejKN6nstPMUY8U6hW1yUO3+OfRzacfJpbPulGvqQbwU/HuDbZCIoB+gi
4Q3jQ+PxOcqwg7f5TBS6vRTlJKp7uCZI27dNNCAuO/LF
-----END CERTIFICATE-----