Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/BtbTjlVmCrr8FM6cqZ2L6WfooLI.roa
File:                     BtbTjlVmCrr8FM6cqZ2L6WfooLI.roa (raw, json)
Hash identifier:          DB5JF41Iz6t5oALsnpByg4NgG1R5sryuRnCUBnIxDiY=
Subject key identifier:   06:D6:D3:8E:55:66:0A:BA:FC:14:CE:9C:A9:9D:8B:E9:67:E8:A0:B2
Certificate issuer:       /CN=d48b291b16f6d96c80ad7d31292f560d4faaebf0
Certificate serial:       019420D6503B9C31E74036A414B9CC32DB3A
Authority key identifier: D4:8B:29:1B:16:F6:D9:6C:80:AD:7D:31:29:2F:56:0D:4F:AA:EB:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1IspGxb22WyArX0xKS9WDU-q6_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/BtbTjlVmCrr8FM6cqZ2L6WfooLI.roa
Signing time:             Wed 01 Jan 2025 07:48:23 +0000
ROA not before:           Wed 01 Jan 2025 07:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51327
IP address blocks:        193.104.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/1IspGxb22WyArX0xKS9WDU-q6_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/1IspGxb22WyArX0xKS9WDU-q6_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1IspGxb22WyArX0xKS9WDU-q6_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:50:3b:9c:31:e7:40:36:a4:14:b9:cc:32:db:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48b291b16f6d96c80ad7d31292f560d4faaebf0
        Validity
            Not Before: Jan  1 07:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06d6d38e55660abafc14ce9ca99d8be967e8a0b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:16:94:67:ac:ec:36:e8:57:1e:8e:87:cd:83:
                    c3:05:97:63:9e:37:f8:03:d8:9c:cf:0a:36:01:57:
                    df:ce:6d:56:a3:72:10:42:89:ae:08:29:f1:69:d8:
                    2d:48:e9:83:10:f3:20:f4:8b:13:64:40:3f:8b:6f:
                    ca:a9:0d:0b:2f:d6:32:cc:91:32:59:f5:f9:9c:e2:
                    69:77:19:55:72:19:90:2f:63:31:4b:f5:3d:e3:88:
                    13:7e:df:36:4e:ed:cf:e7:70:eb:0d:d2:2c:fd:58:
                    93:a4:be:03:eb:e1:ac:3f:9a:54:26:45:e8:bd:86:
                    b3:95:79:31:9e:c9:00:19:f7:5e:98:92:bd:a6:80:
                    84:6f:91:b5:92:89:17:50:3e:79:27:50:43:ac:7c:
                    16:e6:c4:1d:bb:56:8a:88:43:ce:1f:bd:f4:82:ac:
                    b0:cc:73:80:ab:d7:e5:c8:f2:f3:81:d8:c1:0e:59:
                    67:dd:51:be:8b:65:a7:0d:83:4e:69:ca:61:c0:82:
                    7f:7e:dd:06:5b:f2:02:83:ca:b8:dd:e5:f8:fa:cd:
                    aa:65:9a:eb:9c:b2:09:58:60:4d:5e:89:0f:42:f0:
                    ac:87:84:c0:36:81:a8:29:1c:3b:06:c8:46:40:2e:
                    b5:c9:2b:e2:14:99:f4:56:b6:36:20:aa:74:a3:a4:
                    5e:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:D6:D3:8E:55:66:0A:BA:FC:14:CE:9C:A9:9D:8B:E9:67:E8:A0:B2
            X509v3 Authority Key Identifier:
                keyid:D4:8B:29:1B:16:F6:D9:6C:80:AD:7D:31:29:2F:56:0D:4F:AA:EB:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1IspGxb22WyArX0xKS9WDU-q6_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/BtbTjlVmCrr8FM6cqZ2L6WfooLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/1083e9-b9dd-4c82-9878-7f8bfac73977/1/1IspGxb22WyArX0xKS9WDU-q6_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:69:a7:75:2c:fb:a7:f4:7b:23:f2:ed:7b:54:3f:9b:7b:fa:
         5f:ff:99:5c:48:f4:50:29:2a:d6:9d:82:7d:f1:27:2c:ae:7b:
         e4:65:19:c5:3c:75:c1:a0:53:fb:e6:92:ff:8d:90:2b:fb:ef:
         00:28:4b:3f:2f:25:10:a7:f7:a2:8e:2c:69:fe:21:ae:dc:16:
         f7:d0:23:a3:1c:24:98:c9:2f:92:5b:9f:5f:c0:ea:06:50:51:
         20:e2:8a:7f:f1:62:a1:85:8c:97:06:5b:91:e1:c5:0c:b7:f7:
         c5:9a:b7:11:34:07:18:2d:42:68:43:58:2b:e8:95:05:3c:a4:
         98:43:bd:82:fc:12:10:b8:c0:15:46:22:af:7d:ea:c3:2c:c8:
         70:3e:a7:d6:d6:42:16:34:50:c5:54:c1:bd:c7:a9:6f:19:6d:
         30:fe:68:11:ef:5d:61:39:f5:5a:de:77:28:74:32:5f:d4:cf:
         b9:43:08:be:73:9f:4a:5c:5e:eb:dd:ed:e1:bf:bc:78:99:79:
         50:2c:06:3d:e3:b7:a1:99:fd:0e:49:d1:a8:e9:53:7f:34:d9:
         33:32:b4:13:d1:bf:af:92:cb:e9:ec:4a:9c:ff:3f:17:5e:12:
         c4:39:84:ce:cb:78:67:6c:f3:8d:59:73:32:33:4b:a0:3d:e8:
         cf:e1:75:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1lA7nDHnQDakFLnMMts6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGIyOTFiMTZmNmQ5NmM4MGFkN2QzMTI5MmY1NjBkNGZh
YWViZjAwHhcNMjUwMTAxMDc0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmQ2ZDM4ZTU1NjYwYWJhZmMxNGNlOWNhOTlkOGJlOTY3ZThhMGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRaUZ6zsNuhXHo6HzYPDBZdjnjf4
A9iczwo2AVffzm1Wo3IQQomuCCnxadgtSOmDEPMg9IsTZEA/i2/KqQ0LL9YyzJEy
WfX5nOJpdxlVchmQL2MxS/U944gTft82Tu3P53DrDdIs/ViTpL4D6+GsP5pUJkXo
vYazlXkxnskAGfdemJK9poCEb5G1kokXUD55J1BDrHwW5sQdu1aKiEPOH730gqyw
zHOAq9flyPLzgdjBDlln3VG+i2WnDYNOacphwIJ/ft0GW/ICg8q43eX4+s2qZZrr
nLIJWGBNXokPQvCsh4TANoGoKRw7BshGQC61ySviFJn0VrY2IKp0o6Re4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAbW045VZgq6/BTOnKmdi+ln6KCyMB8GA1UdIwQY
MBaAFNSLKRsW9tlsgK19MSkvVg1PquvwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlzcEd4YjIyV3lBclgweEtTOVdEVS1xNl9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8xMDgzZTktYjlkZC00YzgyLTk4Nzgt
N2Y4YmZhYzczOTc3LzEvQnRiVGpsVm1DcnI4Rk02Y3FaMkw2V2Zvb0xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8xMDgzZTktYjlkZC00YzgyLTk4NzgtN2Y4YmZhYzczOTc3
LzEvMUlzcEd4YjIyV3lBclgweEtTOVdEVS1xNl9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWg4MA0G
CSqGSIb3DQEBCwUAA4IBAQBAaad1LPun9Hsj8u17VD+be/pf/5lcSPRQKSrWnYJ9
8ScsrnvkZRnFPHXBoFP75pL/jZAr++8AKEs/LyUQp/eijixp/iGu3Bb30COjHCSY
yS+SW59fwOoGUFEg4op/8WKhhYyXBluR4cUMt/fFmrcRNAcYLUJoQ1gr6JUFPKSY
Q72C/BIQuMAVRiKvferDLMhwPqfW1kIWNFDFVMG9x6lvGW0w/mgR711hOfVa3nco
dDJf1M+5Qwi+c59KXF7r3e3hv7x4mXlQLAY947ehmf0OSdGo6VN/NNkzMrQT0b+v
ksvp7Eqc/z8XXhLEOYTOy3hnbPONWXMyM0ugPejP4XVp
-----END CERTIFICATE-----