Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/1113d5-7419-4748-b052-4b1de0df21f0/1/BAS0U9mPjEuGyMwPtaYguX9Lx8M.roa
File:                     BAS0U9mPjEuGyMwPtaYguX9Lx8M.roa (raw, json)
Hash identifier:          OvtM+f1nrNFYqueyPV/1JlVtnnu737QmSa3TE+o+Co0=
Subject key identifier:   04:04:B4:53:D9:8F:8C:4B:86:C8:CC:0F:B5:A6:20:B9:7F:4B:C7:C3
Certificate issuer:       /CN=85fcb229d878ae17ab31d98848892eea2bef96e1
Certificate serial:       018CC8DD8DB90CAE6551CFCFCC28570F1C68
Authority key identifier: 85:FC:B2:29:D8:78:AE:17:AB:31:D9:88:48:89:2E:EA:2B:EF:96:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hfyyKdh4rherMdmISIku6ivvluE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/1113d5-7419-4748-b052-4b1de0df21f0/1/BAS0U9mPjEuGyMwPtaYguX9Lx8M.roa
Signing time:             Tue 02 Jan 2024 06:30:12 +0000
ROA not before:           Tue 02 Jan 2024 06:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44780
IP address blocks:        195.149.92.0/23 maxlen: 24
                          195.158.238.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/1113d5-7419-4748-b052-4b1de0df21f0/1/hfyyKdh4rherMdmISIku6ivvluE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/1113d5-7419-4748-b052-4b1de0df21f0/1/hfyyKdh4rherMdmISIku6ivvluE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hfyyKdh4rherMdmISIku6ivvluE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:8d:b9:0c:ae:65:51:cf:cf:cc:28:57:0f:1c:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85fcb229d878ae17ab31d98848892eea2bef96e1
        Validity
            Not Before: Jan  2 06:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0404b453d98f8c4b86c8cc0fb5a620b97f4bc7c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1e:e1:8e:17:80:4a:bb:10:6e:72:89:d8:b7:
                    54:a8:44:3b:47:ea:27:7d:40:0b:67:20:06:f5:10:
                    18:23:f2:3f:37:39:f6:2a:6c:9d:21:3a:94:ce:b8:
                    f4:21:2c:cd:63:51:1a:67:9f:18:6f:3b:63:4e:08:
                    d7:10:a4:57:8e:09:b5:c0:64:4d:ed:14:77:74:f7:
                    0b:a9:a9:80:58:0a:8e:98:86:81:31:f0:f9:af:e9:
                    8d:da:a5:b2:0c:27:f0:d1:9e:ac:69:8a:59:5d:30:
                    10:ca:80:05:07:66:04:65:cf:b4:a5:28:41:41:69:
                    f9:36:aa:23:b8:08:79:ad:a4:79:45:2e:d5:bd:85:
                    19:9d:5f:91:ec:2d:15:1f:6d:74:9e:7c:8d:52:74:
                    fc:93:1a:ba:3d:5d:57:9f:67:6b:f2:30:a4:1f:45:
                    0c:b4:14:5b:6d:f9:79:a2:c4:06:91:f1:83:49:b8:
                    f5:4b:b6:e7:0a:1c:78:00:65:88:31:6d:64:53:6f:
                    a5:be:dd:03:2c:36:71:26:08:32:c5:19:37:06:ac:
                    28:39:b7:65:a8:8d:dc:b9:1a:0e:43:ae:3e:a2:20:
                    3e:df:a6:c2:ff:0d:e8:ed:5d:d9:f9:2d:c0:1e:17:
                    c9:c8:21:4d:b5:a6:d8:2e:52:08:a6:ab:ac:fe:90:
                    b4:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:04:B4:53:D9:8F:8C:4B:86:C8:CC:0F:B5:A6:20:B9:7F:4B:C7:C3
            X509v3 Authority Key Identifier:
                keyid:85:FC:B2:29:D8:78:AE:17:AB:31:D9:88:48:89:2E:EA:2B:EF:96:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hfyyKdh4rherMdmISIku6ivvluE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/1113d5-7419-4748-b052-4b1de0df21f0/1/BAS0U9mPjEuGyMwPtaYguX9Lx8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/1113d5-7419-4748-b052-4b1de0df21f0/1/hfyyKdh4rherMdmISIku6ivvluE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.149.92.0/23
                  195.158.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         17:6f:5a:29:ca:66:c4:6c:24:ea:62:fd:91:b1:89:23:dc:d2:
         dc:c6:b8:32:9c:d4:e4:02:74:d9:6e:d5:45:a9:51:8f:06:48:
         ce:cf:cb:3d:0c:13:6a:a5:56:98:55:ee:af:5b:a1:31:53:c2:
         61:70:9f:f3:69:dc:bb:ca:5d:a7:6f:2c:df:2c:50:78:8b:bb:
         5b:07:27:4f:96:55:d8:69:a8:dc:21:b7:e2:c1:ab:5a:93:d5:
         f0:e7:1f:25:0e:71:74:b6:d5:14:a4:6f:b3:57:5f:23:55:8e:
         4a:1d:16:05:0e:c2:16:a7:d8:17:c7:8c:45:8c:02:6b:e5:ca:
         7b:6a:69:46:e6:89:48:62:62:33:cb:66:5b:66:75:5d:ce:bb:
         84:d3:49:f9:e5:13:fe:0d:ee:d5:80:0c:40:e8:c3:d0:9c:ca:
         5e:25:94:cf:12:cf:b6:d8:4e:c0:04:ee:d1:6f:50:ae:0a:49:
         31:81:af:75:d5:92:c4:3e:c6:12:cd:9b:eb:a1:76:1e:82:59:
         05:ea:83:09:32:02:15:f7:bc:78:07:24:19:d9:63:5d:66:f2:
         40:29:d6:83:89:0b:4a:3e:97:fb:fe:c7:43:ac:84:c3:8b:f5:
         78:54:c5:65:71:9b:d9:e2:ba:58:64:70:b8:78:50:15:63:7e:
         56:7d:b2:68
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3Y25DK5lUc/PzChXDxxoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZmNiMjI5ZDg3OGFlMTdhYjMxZDk4ODQ4ODkyZWVhMmJl
Zjk2ZTEwHhcNMjQwMTAyMDYzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDA0YjQ1M2Q5OGY4YzRiODZjOGNjMGZiNWE2MjBiOTdmNGJjN2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArh7hjheASrsQbnKJ2LdUqEQ7R+on
fUALZyAG9RAYI/I/Nzn2KmydITqUzrj0ISzNY1EaZ58YbztjTgjXEKRXjgm1wGRN
7RR3dPcLqamAWAqOmIaBMfD5r+mN2qWyDCfw0Z6saYpZXTAQyoAFB2YEZc+0pShB
QWn5NqojuAh5raR5RS7VvYUZnV+R7C0VH210nnyNUnT8kxq6PV1Xn2dr8jCkH0UM
tBRbbfl5osQGkfGDSbj1S7bnChx4AGWIMW1kU2+lvt0DLDZxJggyxRk3BqwoObdl
qI3cuRoOQ64+oiA+36bC/w3o7V3Z+S3AHhfJyCFNtabYLlIIpqus/pC0AwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAQEtFPZj4xLhsjMD7WmILl/S8fDMB8GA1UdIwQY
MBaAFIX8sinYeK4XqzHZiEiJLuor75bhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGZ5eUtkaDRyaGVyTWRtSVNJa3U2aXZ2bHVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi8xMTEzZDUtNzQxOS00NzQ4LWIwNTIt
NGIxZGUwZGYyMWYwLzEvQkFTMFU5bVBqRXVHeU13UHRhWWd1WDlMeDhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi8xMTEzZDUtNzQxOS00NzQ4LWIwNTItNGIxZGUwZGYyMWYw
LzEvaGZ5eUtkaDRyaGVyTWRtSVNJa3U2aXZ2bHVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBw5VcAwQB
w57uMA0GCSqGSIb3DQEBCwUAA4IBAQAXb1opymbEbCTqYv2RsYkj3NLcxrgynNTk
AnTZbtVFqVGPBkjOz8s9DBNqpVaYVe6vW6ExU8JhcJ/zady7yl2nbyzfLFB4i7tb
BydPllXYaajcIbfiwatak9Xw5x8lDnF0ttUUpG+zV18jVY5KHRYFDsIWp9gXx4xF
jAJr5cp7amlG5olIYmIzy2ZbZnVdzruE00n55RP+De7VgAxA6MPQnMpeJZTPEs+2
2E7ABO7Rb1CuCkkxga911ZLEPsYSzZvroXYeglkF6oMJMgIV97x4ByQZ2WNdZvJA
KdaDiQtKPpf7/sdDrITDi/V4VMVlcZvZ4rpYZHC4eFAVY35WfbJo
-----END CERTIFICATE-----