Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/BoQzcBCDVi3N5-N5OGfIOOCnbgA.roa
File:                     BoQzcBCDVi3N5-N5OGfIOOCnbgA.roa (raw, json)
Hash identifier:          k1vm1+ID1RDGsgoEmRKEzLU3ac9vzd9OUmHSYH2WCcs=
Subject key identifier:   06:84:33:70:10:83:56:2D:CD:E7:E3:79:38:67:C8:38:E0:A7:6E:00
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CC5DC1A4AE71DF176C0FECECF5DA7A97D
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/BoQzcBCDVi3N5-N5OGfIOOCnbgA.roa
Signing time:             Mon 01 Jan 2024 16:29:45 +0000
ROA not before:           Mon 01 Jan 2024 16:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33917
IP address blocks:        193.80.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1a:4a:e7:1d:f1:76:c0:fe:ce:cf:5d:a7:a9:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 16:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=068433701083562dcde7e3793867c838e0a76e00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:fb:9b:45:0d:5a:ae:bd:27:71:1c:50:5d:8f:
                    63:e3:84:2d:c7:1f:2c:a1:fa:64:ea:b9:be:b4:2c:
                    9d:6d:ba:5d:a7:85:29:da:fb:fc:7a:3d:97:b5:3f:
                    68:03:02:c9:0c:96:8a:c7:1e:5d:c2:cc:13:50:21:
                    49:f8:c1:45:7d:bb:64:31:fc:5c:30:a5:5d:9d:14:
                    87:91:bc:ef:89:0e:74:93:56:fa:fe:c6:b8:6b:54:
                    e0:cb:e5:00:af:31:00:54:1c:17:38:ca:82:3a:48:
                    a9:f3:8d:22:6a:ba:d6:a5:81:2d:dd:b2:35:1c:26:
                    31:b8:6a:f9:78:04:a1:e1:20:b7:49:70:60:ff:5f:
                    62:c1:e9:1d:0a:31:07:4f:66:95:91:03:79:57:0d:
                    09:e0:7a:b7:48:09:9f:57:9b:94:a8:43:51:6b:cf:
                    27:a8:05:80:fe:dc:c2:db:12:10:1c:42:87:cf:e7:
                    ac:47:a6:ac:60:d7:1f:81:e8:b2:7b:84:6b:80:ef:
                    ba:db:7b:14:87:a1:2b:70:ac:a9:60:7b:3a:2b:54:
                    3c:65:73:c3:4e:77:1c:5b:d2:f9:a5:3e:8c:7c:5b:
                    45:0b:5b:df:38:c8:8e:8d:74:bf:30:39:ce:ca:08:
                    6e:39:2f:a5:b7:17:3f:9f:65:17:a9:aa:6c:c0:81:
                    c6:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:84:33:70:10:83:56:2D:CD:E7:E3:79:38:67:C8:38:E0:A7:6E:00
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/BoQzcBCDVi3N5-N5OGfIOOCnbgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.80.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:2b:38:51:25:18:99:12:da:0c:d5:a2:63:91:b7:c5:3f:56:
         4e:b0:bd:1b:7a:08:fd:b6:f9:15:9d:35:52:f9:4b:25:fe:b4:
         89:2a:a2:b5:ef:60:45:dc:d9:97:eb:1b:db:d0:83:0b:f4:9d:
         54:a1:9e:47:03:2c:4e:0f:f0:55:d0:ee:14:f3:6a:2f:1a:de:
         37:d0:75:1a:b5:80:31:8b:9b:3c:ad:0f:1c:9d:1d:f0:05:51:
         b7:3b:6f:6b:fb:5d:c6:76:98:64:18:dc:c3:06:02:87:a0:3e:
         92:57:bb:60:b0:58:04:2c:de:2c:d9:e3:41:11:8a:bc:4f:2c:
         f7:5e:a6:71:a0:7a:72:c3:e9:eb:38:7a:0f:bf:c5:53:03:9a:
         f7:a8:75:dd:00:29:39:72:94:a6:d4:09:01:d7:ef:e3:43:14:
         01:0d:28:90:4d:c5:0d:07:ea:70:e1:60:68:eb:74:58:38:5c:
         e4:05:25:bc:eb:51:2e:61:fd:2d:2a:8e:29:89:52:18:79:5f:
         69:9e:99:1b:78:78:59:eb:c8:c9:8d:c2:25:7f:8f:15:77:81:
         29:12:bf:98:0f:7b:b7:54:a3:2e:1a:a1:54:32:21:23:de:fd:
         7f:77:38:f7:78:4c:5f:da:35:4c:a3:35:ca:67:5b:bb:42:55:
         0d:ae:74:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3BpK5x3xdsD+zs9dp6l9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTAxMTYyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjg0MzM3MDEwODM1NjJkY2RlN2UzNzkzODY3YzgzOGUwYTc2ZTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPubRQ1arr0ncRxQXY9j44Qtxx8s
ofpk6rm+tCydbbpdp4Up2vv8ej2XtT9oAwLJDJaKxx5dwswTUCFJ+MFFfbtkMfxc
MKVdnRSHkbzviQ50k1b6/sa4a1Tgy+UArzEAVBwXOMqCOkip840iarrWpYEt3bI1
HCYxuGr5eASh4SC3SXBg/19iwekdCjEHT2aVkQN5Vw0J4Hq3SAmfV5uUqENRa88n
qAWA/tzC2xIQHEKHz+esR6asYNcfgeiye4RrgO+623sUh6ErcKypYHs6K1Q8ZXPD
TnccW9L5pT6MfFtFC1vfOMiOjXS/MDnOyghuOS+ltxc/n2UXqapswIHGVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAaEM3AQg1YtzefjeThnyDjgp24AMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvQm9RemNCQ0RWaTNONS1ONU9HZklPT0NuYmdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwVC/MA0G
CSqGSIb3DQEBCwUAA4IBAQAfKzhRJRiZEtoM1aJjkbfFP1ZOsL0begj9tvkVnTVS
+Usl/rSJKqK172BF3NmX6xvb0IML9J1UoZ5HAyxOD/BV0O4U82ovGt430HUatYAx
i5s8rQ8cnR3wBVG3O29r+13GdphkGNzDBgKHoD6SV7tgsFgELN4s2eNBEYq8Tyz3
XqZxoHpyw+nrOHoPv8VTA5r3qHXdACk5cpSm1AkB1+/jQxQBDSiQTcUNB+pw4WBo
63RYOFzkBSW861EuYf0tKo4piVIYeV9pnpkbeHhZ68jJjcIlf48Vd4EpEr+YD3u3
VKMuGqFUMiEj3v1/dzj3eExf2jVMozXKZ1u7QlUNrnQ3
-----END CERTIFICATE-----