Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/Bcd64sXxsrhhoBGEsLgOed4DrGo.roa
File:                     Bcd64sXxsrhhoBGEsLgOed4DrGo.roa (raw, json)
Hash identifier:          AHFj3hAMhkjs3fnWLa2ezZKFTiKwQR7g8qqlIskh2f4=
Subject key identifier:   05:C7:7A:E2:C5:F1:B2:B8:61:A0:11:84:B0:B8:0E:79:DE:03:AC:6A
Certificate issuer:       /CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
Certificate serial:       018CC72704AA4A4AC8E8FC677D381A2CF511
Authority key identifier: 92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/Bcd64sXxsrhhoBGEsLgOed4DrGo.roa
Signing time:             Mon 01 Jan 2024 22:31:12 +0000
ROA not before:           Mon 01 Jan 2024 22:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23470
IP address blocks:        147.161.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:04:aa:4a:4a:c8:e8:fc:67:7d:38:1a:2c:f5:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
        Validity
            Not Before: Jan  1 22:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05c77ae2c5f1b2b861a01184b0b80e79de03ac6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:7e:7a:ba:dc:b0:dd:7d:5e:c3:a8:ea:74:ae:
                    a4:03:ff:13:08:b2:bc:00:6d:4b:a2:13:ff:e0:89:
                    70:ee:6e:e0:b3:02:be:01:95:b7:3c:04:b6:6f:56:
                    a4:4d:a1:95:c3:4f:32:20:66:ce:60:21:6c:b4:40:
                    60:50:32:f9:b7:6d:5a:73:6d:80:96:cf:f9:cc:0e:
                    b9:ea:99:94:44:53:e3:52:cb:51:1c:80:d9:2d:73:
                    ad:a9:ad:05:f3:0e:ab:0c:64:0d:87:56:f7:07:8e:
                    b3:26:df:f7:e7:c1:f5:3f:e0:95:8e:c6:03:7e:b6:
                    0f:30:bf:1a:07:f3:89:e5:b2:d7:58:ec:10:ac:91:
                    db:35:b9:1b:bc:14:62:ca:69:c3:7a:d6:e9:08:c9:
                    96:30:55:55:2c:50:08:97:e7:70:20:a7:67:6b:35:
                    6b:92:bb:73:cb:38:6d:a4:ed:7a:a0:4e:25:60:dd:
                    fd:9d:63:be:9a:12:0f:e0:b7:d9:c7:d8:88:9f:ab:
                    e4:0b:38:36:de:49:df:cd:16:2c:ac:9e:de:40:7d:
                    1b:75:18:74:11:cc:b0:2d:86:37:49:9e:1c:f0:69:
                    b1:a3:8e:fb:79:d8:12:01:6c:13:ac:89:a3:7e:61:
                    f0:be:2b:c0:78:bf:64:1e:5a:8d:51:5d:36:7b:9b:
                    24:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:C7:7A:E2:C5:F1:B2:B8:61:A0:11:84:B0:B8:0E:79:DE:03:AC:6A
            X509v3 Authority Key Identifier:
                keyid:92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/Bcd64sXxsrhhoBGEsLgOed4DrGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.161.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:db:cf:6a:85:5e:88:d0:a2:be:75:66:9f:40:c1:5b:09:74:
         45:14:25:d7:a5:3d:e5:2d:90:fb:21:99:f9:da:d0:91:2b:0b:
         85:3a:ad:cc:b9:58:d3:0e:35:bc:6d:05:8e:fa:eb:95:ee:88:
         a6:c6:ee:f3:3f:f1:6e:a8:8f:ab:8e:bb:11:40:48:e1:d0:ad:
         fb:ee:88:cc:38:d0:a1:0e:84:dc:04:a8:34:01:a7:70:20:9a:
         75:c7:a0:a0:68:e0:f0:b6:e6:a9:17:2d:79:2e:52:3b:09:cd:
         4c:af:57:20:fb:a0:72:03:5e:62:76:9d:09:44:c3:bb:50:a0:
         7d:20:26:9c:02:09:83:4a:7b:93:88:0a:ce:50:1e:88:f9:ec:
         a8:14:35:19:dd:f0:36:3d:0d:f2:40:72:e5:a4:68:46:9c:eb:
         3d:3c:67:5f:53:33:1b:6a:6c:6b:fe:24:ce:9d:48:4d:97:ab:
         53:c1:d1:3f:43:af:0b:5a:a5:06:28:04:b0:0e:28:b3:e3:85:
         f6:a5:85:77:1a:e1:66:3c:ef:a8:bb:37:ae:74:bf:5f:17:82:
         9b:0d:37:89:ef:81:1e:63:88:a2:0b:05:2f:b1:85:67:34:f0:
         76:e4:26:02:42:e6:e9:30:63:de:bf:17:dc:d3:5b:3a:52:12:
         37:5d:c4:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJwSqSkrI6PxnfTgaLPURMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZTcyMDQ2NWM1Y2QwZGE5YzZhMTNiNDRmYTBkODZmNjQ5
ZTUwNTUwHhcNMjQwMTAxMjIzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWM3N2FlMmM1ZjFiMmI4NjFhMDExODRiMGI4MGU3OWRlMDNhYzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApH56utyw3X1ew6jqdK6kA/8TCLK8
AG1LohP/4Ilw7m7gswK+AZW3PAS2b1akTaGVw08yIGbOYCFstEBgUDL5t21ac22A
ls/5zA656pmURFPjUstRHIDZLXOtqa0F8w6rDGQNh1b3B46zJt/358H1P+CVjsYD
frYPML8aB/OJ5bLXWOwQrJHbNbkbvBRiymnDetbpCMmWMFVVLFAIl+dwIKdnazVr
krtzyzhtpO16oE4lYN39nWO+mhIP4LfZx9iIn6vkCzg23knfzRYsrJ7eQH0bdRh0
EcywLYY3SZ4c8Gmxo477edgSAWwTrImjfmHwvivAeL9kHlqNUV02e5skSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAXHeuLF8bK4YaARhLC4DnneA6xqMB8GA1UdIwQY
MBaAFJLnIEZcXNDanGoTtE+g2G9knlBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDkt
OTA5NmUxNjc0ZTIyLzEvQmNkNjRzWHhzcmhob0JHRXNMZ09lZDREckdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDktOTA5NmUxNjc0ZTIy
LzEva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk6ECMA0G
CSqGSIb3DQEBCwUAA4IBAQAy289qhV6I0KK+dWafQMFbCXRFFCXXpT3lLZD7IZn5
2tCRKwuFOq3MuVjTDjW8bQWO+uuV7oimxu7zP/FuqI+rjrsRQEjh0K377ojMONCh
DoTcBKg0AadwIJp1x6CgaODwtuapFy15LlI7Cc1Mr1cg+6ByA15idp0JRMO7UKB9
ICacAgmDSnuTiArOUB6I+eyoFDUZ3fA2PQ3yQHLlpGhGnOs9PGdfUzMbamxr/iTO
nUhNl6tTwdE/Q68LWqUGKASwDiiz44X2pYV3GuFmPO+ouzeudL9fF4KbDTeJ74Ee
Y4iiCwUvsYVnNPB25CYCQubpMGPevxfc01s6UhI3XcRu
-----END CERTIFICATE-----