Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/BQLm8_UGqz5wcLKbg-S1JpitIU0.roa
File:                     BQLm8_UGqz5wcLKbg-S1JpitIU0.roa (raw, json)
Hash identifier:          sHaMrmC1lO2rZfEEUjGbo5FYVsmxDI8lV0TRCisXwO8=
Subject key identifier:   05:02:E6:F3:F5:06:AB:3E:70:70:B2:9B:83:E4:B5:26:98:AD:21:4D
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CC5DC1793AA2E098CB9280734E3CD4810
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/BQLm8_UGqz5wcLKbg-S1JpitIU0.roa
Signing time:             Mon 01 Jan 2024 16:29:44 +0000
ROA not before:           Mon 01 Jan 2024 16:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7155
IP address blocks:        212.16.34.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:17:93:aa:2e:09:8c:b9:28:07:34:e3:cd:48:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 16:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0502e6f3f506ab3e7070b29b83e4b52698ad214d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:55:8c:81:67:bc:0c:cd:c3:a8:86:68:ba:11:
                    52:5c:ae:2e:db:01:75:78:cb:14:f4:0f:8f:26:2f:
                    07:03:81:4d:e7:73:b9:e2:14:06:70:94:03:84:c6:
                    b3:53:ef:0e:55:a7:f9:33:89:ae:1f:28:6f:19:1e:
                    92:ae:45:d1:f1:26:03:e6:1f:9f:55:4d:a3:bf:c5:
                    88:07:a0:c5:d0:0a:da:aa:d8:d1:da:71:45:37:61:
                    42:b2:ce:3b:90:b2:c8:94:6c:c4:22:b8:e3:7f:a1:
                    fe:f4:4c:78:ef:4e:43:46:de:a9:ac:8b:5a:b1:49:
                    d5:07:92:95:ec:8b:53:1d:d4:86:9b:a4:14:23:e7:
                    e4:a5:69:c0:36:92:1c:fa:d3:43:d9:da:d4:95:87:
                    d7:99:9c:6b:40:58:dd:d9:db:b0:91:1a:28:71:48:
                    52:15:2d:09:d7:a2:4d:7f:6a:70:ea:4c:c3:17:e3:
                    d1:66:31:5e:0a:b0:0a:d0:63:27:e0:97:ce:b1:af:
                    b9:16:2c:1c:db:48:c6:3a:a7:ed:d6:9d:c8:3f:88:
                    15:e3:29:f0:62:f1:3a:27:b5:26:0f:93:91:e5:cc:
                    e1:2d:a0:97:a5:e4:fb:ec:e1:c1:15:a6:93:df:55:
                    1b:46:2d:9b:e9:0b:b9:71:15:08:42:ab:25:7d:79:
                    fb:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:02:E6:F3:F5:06:AB:3E:70:70:B2:9B:83:E4:B5:26:98:AD:21:4D
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/BQLm8_UGqz5wcLKbg-S1JpitIU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.16.34.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:3a:2f:5e:1c:40:fc:a9:c0:ea:d6:b0:ae:5b:ef:89:55:b7:
         4e:0a:37:63:77:ae:ff:a7:df:4b:8a:6b:13:d6:35:a7:0e:47:
         b8:f8:32:db:9d:8e:f4:b7:7c:ab:ba:b2:12:fa:a3:40:96:1a:
         60:a3:43:5f:61:ee:63:89:16:0f:8f:75:59:3c:b8:c3:b3:e7:
         01:66:be:f0:0d:36:d4:7b:ee:eb:2e:40:26:89:e1:84:1e:12:
         62:25:8d:40:72:20:af:83:e0:24:0c:1f:3e:ec:77:f7:cf:aa:
         5f:3d:08:60:34:88:2a:2c:df:39:98:bd:33:bf:7d:34:5d:4d:
         7c:cb:80:09:f4:96:bd:47:1e:44:73:3f:a8:af:d2:34:33:62:
         0f:b8:c6:53:75:aa:32:51:db:72:e2:c9:f0:59:19:84:ba:66:
         1d:af:51:e7:b7:90:5f:bf:fb:e5:77:a7:5f:11:10:44:61:80:
         3c:16:ed:02:7d:c4:62:58:7a:39:85:08:e5:f2:70:45:79:e1:
         58:bf:c4:59:fc:a5:ac:33:eb:e7:a2:de:c1:65:48:3a:f8:38:
         54:0a:00:60:78:df:a9:84:cf:c2:0d:b4:fe:c6:4b:b4:79:80:
         24:3e:fd:6d:f6:56:ca:ac:89:08:2d:9f:8d:ba:83:39:75:5b:
         6c:14:34:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3BeTqi4JjLkoBzTjzUgQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTAxMTYyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTAyZTZmM2Y1MDZhYjNlNzA3MGIyOWI4M2U0YjUyNjk4YWQyMTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVWMgWe8DM3DqIZouhFSXK4u2wF1
eMsU9A+PJi8HA4FN53O54hQGcJQDhMazU+8OVaf5M4muHyhvGR6SrkXR8SYD5h+f
VU2jv8WIB6DF0AraqtjR2nFFN2FCss47kLLIlGzEIrjjf6H+9Ex4705DRt6prIta
sUnVB5KV7ItTHdSGm6QUI+fkpWnANpIc+tND2drUlYfXmZxrQFjd2duwkRoocUhS
FS0J16JNf2pw6kzDF+PRZjFeCrAK0GMn4JfOsa+5Fiwc20jGOqft1p3IP4gV4ynw
YvE6J7UmD5OR5czhLaCXpeT77OHBFaaT31UbRi2b6Qu5cRUIQqslfXn7TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUC5vP1Bqs+cHCym4PktSaYrSFNMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvQlFMbThfVUdxejV3Y0xLYmctUzFKcGl0SVUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1BAiMA0G
CSqGSIb3DQEBCwUAA4IBAQBeOi9eHED8qcDq1rCuW++JVbdOCjdjd67/p99LimsT
1jWnDke4+DLbnY70t3yrurIS+qNAlhpgo0NfYe5jiRYPj3VZPLjDs+cBZr7wDTbU
e+7rLkAmieGEHhJiJY1AciCvg+AkDB8+7Hf3z6pfPQhgNIgqLN85mL0zv300XU18
y4AJ9Ja9Rx5Ecz+or9I0M2IPuMZTdaoyUdty4snwWRmEumYdr1Hnt5Bfv/vld6df
ERBEYYA8Fu0CfcRiWHo5hQjl8nBFeeFYv8RZ/KWsM+vnot7BZUg6+DhUCgBgeN+p
hM/CDbT+xku0eYAkPv1t9lbKrIkILZ+NuoM5dVtsFDT7
-----END CERTIFICATE-----