Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/BT8p-L77CGXCV9vBdtuVoPlh_sI.roa
File:                     BT8p-L77CGXCV9vBdtuVoPlh_sI.roa (raw, json)
Hash identifier:          7hjpAyNp1rCCI61PZcpjXBgPTONPGoNeDskhmr8KqPU=
Subject key identifier:   05:3F:29:F8:BE:FB:08:65:C2:57:DB:C1:76:DB:95:A0:F9:61:FE:C2
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       01906E2D92958F80010AEB8AADBCB3BB1241
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/BT8p-L77CGXCV9vBdtuVoPlh_sI.roa
Signing time:             Mon 01 Jul 2024 12:03:18 +0000
ROA not before:           Mon 01 Jul 2024 12:03:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200521
IP address blocks:        195.76.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6e:2d:92:95:8f:80:01:0a:eb:8a:ad:bc:b3:bb:12:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jul  1 12:03:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=053f29f8befb0865c257dbc176db95a0f961fec2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:67:5d:82:ed:fe:08:99:f7:74:3c:fd:99:21:
                    6d:93:a2:af:6a:cb:6d:71:ba:a0:af:c4:5a:b3:96:
                    00:7a:2b:70:49:19:df:61:79:cb:d6:d6:51:31:53:
                    6a:e6:1a:84:05:b7:01:fa:04:ef:33:bc:63:98:97:
                    0b:20:14:96:f2:5a:e6:ab:d0:97:17:de:3d:a8:8f:
                    ca:94:78:bc:22:3a:9b:6f:05:35:a7:20:3f:6d:42:
                    7c:85:78:30:25:2d:65:bd:d1:94:99:b1:5b:93:b4:
                    76:d3:5e:d9:80:57:6b:06:83:0f:4e:b9:67:23:3c:
                    96:3b:a7:75:33:78:ba:49:ef:3d:d8:75:8d:29:d0:
                    80:e3:bd:f1:20:d1:89:a5:a3:93:26:6d:5e:2d:98:
                    ca:eb:63:bc:5f:f0:c3:05:08:75:1a:c9:25:f2:46:
                    9b:80:b2:ed:46:04:c1:e4:0c:32:33:b5:6b:51:74:
                    19:5d:0f:7b:3c:35:03:03:e1:fb:e2:a0:88:0c:c0:
                    49:b5:bf:62:af:f3:a7:97:49:ad:43:80:ce:bb:cb:
                    51:ed:16:0f:58:8b:8b:8a:52:e9:76:6b:4b:fc:18:
                    89:69:1b:01:02:31:f6:17:4e:65:30:26:d1:51:05:
                    f0:e1:65:09:6c:db:ae:d9:91:f7:d5:ba:cb:cc:66:
                    cc:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:3F:29:F8:BE:FB:08:65:C2:57:DB:C1:76:DB:95:A0:F9:61:FE:C2
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/BT8p-L77CGXCV9vBdtuVoPlh_sI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.76.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:f0:70:fe:b1:98:99:c4:f3:cb:4f:df:86:5e:b2:70:c4:fa:
         27:c7:49:ba:6f:a9:7a:cf:7a:46:06:44:b5:2b:44:8c:bb:f2:
         9e:35:b4:f7:3f:7d:7a:c2:41:8c:36:9e:f2:5c:28:63:6d:8d:
         da:d5:f3:7e:d2:fc:5e:90:de:2a:42:b8:83:96:5d:f6:b5:f0:
         2c:48:66:79:b8:c6:19:36:da:1c:66:32:14:7f:04:9f:5a:6d:
         43:11:ef:ae:ca:8c:09:06:8d:89:a9:0a:a7:68:6d:57:6f:99:
         93:ec:16:f2:f5:13:63:cd:12:98:9a:6c:7f:ad:d8:95:05:f0:
         9c:18:11:bd:43:32:97:51:eb:79:8c:bd:56:b4:17:4e:df:c2:
         ad:da:7b:08:9f:40:0a:be:b3:bc:19:54:0f:3a:ad:90:e2:2b:
         fd:5c:a3:bc:4a:78:6a:b8:2b:49:04:24:76:bc:27:ac:66:48:
         64:61:7f:e2:76:30:8b:ca:f2:e0:2f:03:41:4f:18:bf:cb:da:
         77:54:0d:9c:91:c2:be:0b:fa:25:b6:a4:a5:cf:5b:f1:f6:d5:
         de:00:79:50:44:b9:1d:87:86:0a:4a:83:7e:c7:a2:0a:3f:3b:
         89:4e:a8:77:14:79:6b:60:ea:fe:17:d6:1e:4d:2d:0f:cf:b9:
         88:f2:76:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBuLZKVj4ABCuuKrbyzuxJBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjQwNzAxMTIwMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTNmMjlmOGJlZmIwODY1YzI1N2RiYzE3NmRiOTVhMGY5NjFmZWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomddgu3+CJn3dDz9mSFtk6Kvastt
cbqgr8Ras5YAeitwSRnfYXnL1tZRMVNq5hqEBbcB+gTvM7xjmJcLIBSW8lrmq9CX
F949qI/KlHi8IjqbbwU1pyA/bUJ8hXgwJS1lvdGUmbFbk7R2017ZgFdrBoMPTrln
IzyWO6d1M3i6Se892HWNKdCA473xINGJpaOTJm1eLZjK62O8X/DDBQh1Gskl8kab
gLLtRgTB5AwyM7VrUXQZXQ97PDUDA+H74qCIDMBJtb9ir/Onl0mtQ4DOu8tR7RYP
WIuLilLpdmtL/BiJaRsBAjH2F05lMCbRUQXw4WUJbNuu2ZH31brLzGbMzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAU/Kfi++whlwlfbwXbblaD5Yf7CMB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvQlQ4cC1MNzdDR1hDVjl2QmR0dVZvUGxoX3NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0zMMA0G
CSqGSIb3DQEBCwUAA4IBAQA78HD+sZiZxPPLT9+GXrJwxPonx0m6b6l6z3pGBkS1
K0SMu/KeNbT3P316wkGMNp7yXChjbY3a1fN+0vxekN4qQriDll32tfAsSGZ5uMYZ
NtocZjIUfwSfWm1DEe+uyowJBo2JqQqnaG1Xb5mT7Bby9RNjzRKYmmx/rdiVBfCc
GBG9QzKXUet5jL1WtBdO38Kt2nsIn0AKvrO8GVQPOq2Q4iv9XKO8SnhquCtJBCR2
vCesZkhkYX/idjCLyvLgLwNBTxi/y9p3VA2ckcK+C/oltqSlz1vx9tXeAHlQRLkd
h4YKSoN+x6IKPzuJTqh3FHlrYOr+F9YeTS0Pz7mI8nYZ
-----END CERTIFICATE-----