Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/BsmXdBU_QBsr3jXj6cbX895YEl0.roa
File:                     BsmXdBU_QBsr3jXj6cbX895YEl0.roa (raw, json)
Hash identifier:          3fx1DuR79lKxNbXrL3zEfT0Of8tPRQvGbUGB7YDtSX0=
Subject key identifier:   06:C9:97:74:15:3F:40:1B:2B:DE:35:E3:E9:C6:D7:F3:DE:58:12:5D
Certificate issuer:       /CN=7415fec4ae76b24e4f02991649917b99b740044a
Certificate serial:       018CC3B6EA2BBB6D68D3474610B443369462
Authority key identifier: 74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/BsmXdBU_QBsr3jXj6cbX895YEl0.roa
Signing time:             Mon 01 Jan 2024 06:29:53 +0000
ROA not before:           Mon 01 Jan 2024 06:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49368
IP address blocks:        185.225.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:ea:2b:bb:6d:68:d3:47:46:10:b4:43:36:94:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7415fec4ae76b24e4f02991649917b99b740044a
        Validity
            Not Before: Jan  1 06:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06c99774153f401b2bde35e3e9c6d7f3de58125d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:fa:f8:72:78:e8:24:79:02:de:b2:c2:d8:63:
                    58:b5:55:0b:15:96:e5:5c:5a:fc:1b:8a:c9:e2:c3:
                    27:b8:e6:9b:3b:0e:aa:d2:b7:cc:39:a7:c3:a2:54:
                    1e:8c:b7:4f:28:e3:9e:9a:28:6a:0e:03:08:ca:27:
                    85:1c:0e:8b:6f:43:63:a3:c9:91:43:ee:9b:e4:33:
                    69:9d:5d:57:01:9d:59:8e:9e:d7:2f:13:3c:17:a2:
                    a9:86:59:ce:6c:c6:f9:8d:98:30:d7:0e:e3:fe:d5:
                    f3:29:30:58:c7:9b:9d:75:0c:ce:11:1a:2c:04:8e:
                    3d:94:e4:32:5f:b2:02:b1:a3:06:cb:71:fb:54:87:
                    00:18:bf:10:84:18:15:0c:8a:8b:d5:7f:48:80:bb:
                    ff:cb:71:10:f6:7d:3f:cc:42:3f:6b:8d:7b:9c:f9:
                    11:87:64:0b:0e:3d:9b:1b:1f:d4:71:de:c8:8b:16:
                    df:8f:b6:02:58:f8:b6:7d:50:6d:47:47:61:66:b8:
                    58:f2:04:02:3b:89:18:68:a2:36:22:3e:ae:8a:de:
                    df:de:97:54:4f:d7:de:5c:a9:9a:28:fb:93:84:bc:
                    f1:20:e5:29:c8:a1:2b:a3:09:d1:23:ef:31:47:b2:
                    0f:4a:e1:1d:aa:7e:f8:a7:88:e1:ae:0b:1d:73:b6:
                    a5:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:C9:97:74:15:3F:40:1B:2B:DE:35:E3:E9:C6:D7:F3:DE:58:12:5D
            X509v3 Authority Key Identifier:
                keyid:74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/BsmXdBU_QBsr3jXj6cbX895YEl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:ba:ff:67:5e:b1:6a:ec:2b:c5:3d:05:da:e7:f4:b1:bb:90:
         58:44:56:df:95:ea:57:c6:18:e2:de:18:b1:e9:f9:3e:fd:8e:
         14:71:c5:53:65:fb:3d:5e:73:24:98:ed:30:51:61:b2:f4:13:
         47:3b:de:56:85:4c:c7:fa:05:a8:55:54:2a:60:56:f7:61:6f:
         cc:02:4a:70:bd:0e:d2:00:41:d5:b7:d6:2e:c5:44:81:81:d0:
         31:79:bb:a7:21:ef:09:d5:e4:b1:e8:3e:30:f1:9d:17:4d:f7:
         cf:c7:82:aa:9a:53:f4:95:f8:77:a6:d9:61:a8:16:1f:df:ab:
         38:ee:1e:bf:54:44:8e:6d:22:eb:28:ba:1c:21:8f:2e:80:c2:
         24:db:ec:06:b5:41:fe:f0:a3:32:94:d7:5f:0c:a5:68:a7:f7:
         19:30:21:c1:e8:c7:4c:e5:0f:a6:31:0e:ea:0d:62:cd:db:de:
         a8:28:74:2f:b1:f1:2d:fc:f9:45:a7:b0:75:22:27:95:9f:60:
         84:90:35:40:c5:22:cc:34:b3:0d:e4:23:13:55:d9:d4:0e:b3:
         da:8c:40:c9:09:7c:d3:ca:df:34:fb:32:e3:62:0c:b5:a6:2c:
         55:49:df:df:a9:6e:6c:04:2a:57:4d:a8:ba:22:f3:b2:ea:3d:
         fb:25:aa:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtuoru21o00dGELRDNpRiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MTVmZWM0YWU3NmIyNGU0ZjAyOTkxNjQ5OTE3Yjk5Yjc0
MDA0NGEwHhcNMjQwMTAxMDYyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmM5OTc3NDE1M2Y0MDFiMmJkZTM1ZTNlOWM2ZDdmM2RlNTgxMjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvr4cnjoJHkC3rLC2GNYtVULFZbl
XFr8G4rJ4sMnuOabOw6q0rfMOafDolQejLdPKOOemihqDgMIyieFHA6Lb0Njo8mR
Q+6b5DNpnV1XAZ1Zjp7XLxM8F6KphlnObMb5jZgw1w7j/tXzKTBYx5uddQzOERos
BI49lOQyX7ICsaMGy3H7VIcAGL8QhBgVDIqL1X9IgLv/y3EQ9n0/zEI/a417nPkR
h2QLDj2bGx/Ucd7Iixbfj7YCWPi2fVBtR0dhZrhY8gQCO4kYaKI2Ij6uit7f3pdU
T9feXKmaKPuThLzxIOUpyKErownRI+8xR7IPSuEdqn74p4jhrgsdc7al9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAbJl3QVP0AbK9414+nG1/PeWBJdMB8GA1UdIwQY
MBaAFHQV/sSudrJOTwKZFkmRe5m3QARKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEt
ZWQ1MzU4YjZkYTMxLzEvQnNtWGRCVV9RQnNyM2pYajZjYlg4OTVZRWwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEtZWQ1MzU4YjZkYTMx
LzEvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueHKMA0G
CSqGSIb3DQEBCwUAA4IBAQDIuv9nXrFq7CvFPQXa5/Sxu5BYRFbflepXxhji3hix
6fk+/Y4UccVTZfs9XnMkmO0wUWGy9BNHO95WhUzH+gWoVVQqYFb3YW/MAkpwvQ7S
AEHVt9YuxUSBgdAxebunIe8J1eSx6D4w8Z0XTffPx4KqmlP0lfh3ptlhqBYf36s4
7h6/VESObSLrKLocIY8ugMIk2+wGtUH+8KMylNdfDKVop/cZMCHB6MdM5Q+mMQ7q
DWLN296oKHQvsfEt/PlFp7B1IieVn2CEkDVAxSLMNLMN5CMTVdnUDrPajEDJCXzT
yt80+zLjYgy1pixVSd/fqW5sBCpXTai6IvOy6j37Jard
-----END CERTIFICATE-----