Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/3b8f3b-ebf0-4cb7-a49b-a8585849be14/1/BkXxJ08QC9_3Vd3NcW8FM2IAmGM.roa
File:                     BkXxJ08QC9_3Vd3NcW8FM2IAmGM.roa (raw, json)
Hash identifier:          70b736JocyptWeTinAPgmQZeWZ32ymUU7Kx3xOX+dmc=
Subject key identifier:   06:45:F1:27:4F:10:0B:DF:F7:55:DD:CD:71:6F:05:33:62:00:98:63
Certificate issuer:       /CN=1220dd2b92da284c63cec46f6f6a41c013a9c881
Certificate serial:       01902A3F5EA96D163726D5C3E2E7845444CB
Authority key identifier: 12:20:DD:2B:92:DA:28:4C:63:CE:C4:6F:6F:6A:41:C0:13:A9:C8:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EiDdK5LaKExjzsRvb2pBwBOpyIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/3b8f3b-ebf0-4cb7-a49b-a8585849be14/1/BkXxJ08QC9_3Vd3NcW8FM2IAmGM.roa
Signing time:             Tue 18 Jun 2024 07:28:34 +0000
ROA not before:           Tue 18 Jun 2024 07:28:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137443
IP address blocks:        185.243.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/3b8f3b-ebf0-4cb7-a49b-a8585849be14/1/EiDdK5LaKExjzsRvb2pBwBOpyIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/3b8f3b-ebf0-4cb7-a49b-a8585849be14/1/EiDdK5LaKExjzsRvb2pBwBOpyIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EiDdK5LaKExjzsRvb2pBwBOpyIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2a:3f:5e:a9:6d:16:37:26:d5:c3:e2:e7:84:54:44:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1220dd2b92da284c63cec46f6f6a41c013a9c881
        Validity
            Not Before: Jun 18 07:28:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0645f1274f100bdff755ddcd716f053362009863
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:23:e4:6a:5f:29:ef:f4:b4:62:d8:8b:7c:01:
                    13:f1:62:08:66:98:a2:68:1f:0b:e4:5a:47:7c:89:
                    c2:9d:87:33:bc:6a:2e:2b:6a:96:d1:2d:8e:a4:df:
                    ff:98:ef:fa:47:78:9e:83:b8:f7:7c:8b:46:af:68:
                    b8:14:85:13:88:3c:5d:0d:73:97:8b:58:e7:82:9b:
                    fe:34:e1:9b:c3:a1:13:16:75:87:c5:ca:c3:55:f1:
                    6d:2c:c1:c8:1e:24:7f:21:49:54:3b:4a:1b:0a:5c:
                    51:cf:85:a3:b8:da:14:93:ee:e1:6e:26:56:af:32:
                    77:0d:03:fb:15:68:34:24:5d:65:0e:5a:c4:09:1f:
                    a3:52:2f:3f:ec:01:a8:37:d1:13:0c:7e:dd:e2:ea:
                    66:a3:fd:8c:66:d8:41:69:6e:78:8a:63:48:61:30:
                    da:b0:d9:4a:06:46:67:59:ff:9f:00:af:61:af:cb:
                    85:47:dc:2d:da:2a:53:f0:2a:3f:e2:7a:ee:b0:90:
                    60:76:59:d5:7c:39:58:ce:94:af:12:4b:00:74:fa:
                    41:d1:8f:e2:7e:99:9c:c9:eb:46:b4:de:b0:55:38:
                    8f:23:9f:a0:b4:26:d3:f5:61:53:13:65:21:d6:a8:
                    e8:31:af:c3:66:83:5e:ec:e3:3e:1c:a7:ba:76:2d:
                    06:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:45:F1:27:4F:10:0B:DF:F7:55:DD:CD:71:6F:05:33:62:00:98:63
            X509v3 Authority Key Identifier:
                keyid:12:20:DD:2B:92:DA:28:4C:63:CE:C4:6F:6F:6A:41:C0:13:A9:C8:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EiDdK5LaKExjzsRvb2pBwBOpyIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/3b8f3b-ebf0-4cb7-a49b-a8585849be14/1/BkXxJ08QC9_3Vd3NcW8FM2IAmGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/3b8f3b-ebf0-4cb7-a49b-a8585849be14/1/EiDdK5LaKExjzsRvb2pBwBOpyIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:54:95:4e:43:e4:43:68:0e:a8:1f:2a:d3:02:58:d9:84:04:
         d8:51:6d:28:d4:24:3f:cc:b3:c5:be:2b:4b:2d:95:30:52:75:
         75:f9:8d:b6:74:ef:fa:a9:c0:e8:01:82:7f:30:7a:4f:5c:2b:
         9e:96:aa:a7:4b:1b:05:99:47:f7:84:61:2a:df:b3:d9:c0:d5:
         c9:a9:6b:15:98:99:37:60:9a:30:0d:b6:27:54:c2:c8:f5:e1:
         b5:58:39:57:8c:ef:31:8e:47:6f:42:6c:16:b6:44:b2:69:dd:
         7c:b1:0a:a8:a9:84:72:05:f5:83:5c:51:4f:f9:d7:c7:06:76:
         31:a2:a2:1b:fd:30:26:d8:50:6e:bc:02:77:c6:8b:8c:81:50:
         43:a9:83:93:99:6b:bf:42:ae:32:3a:df:e2:0b:d1:e0:15:e2:
         f6:fa:58:3e:dc:ef:9a:64:bc:86:00:ec:8c:cc:a4:7b:fd:61:
         26:1d:ac:4b:e5:b2:65:4d:70:88:83:0c:f4:e9:66:4f:f6:2e:
         93:cb:63:0e:dd:70:b9:74:0a:99:0e:00:04:49:7e:6a:fb:fe:
         e9:e6:06:0c:3f:95:ed:79:16:fd:ff:a6:d3:5c:f8:41:61:b3:
         0d:80:35:5f:f3:b2:0a:e4:17:97:6f:41:7a:96:71:3d:52:78:
         16:f2:b9:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAqP16pbRY3JtXD4ueEVETLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMjBkZDJiOTJkYTI4NGM2M2NlYzQ2ZjZmNmE0MWMwMTNh
OWM4ODEwHhcNMjQwNjE4MDcyODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjQ1ZjEyNzRmMTAwYmRmZjc1NWRkY2Q3MTZmMDUzMzYyMDA5ODYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yPkal8p7/S0YtiLfAET8WIIZpii
aB8L5FpHfInCnYczvGouK2qW0S2OpN//mO/6R3ieg7j3fItGr2i4FIUTiDxdDXOX
i1jngpv+NOGbw6ETFnWHxcrDVfFtLMHIHiR/IUlUO0obClxRz4WjuNoUk+7hbiZW
rzJ3DQP7FWg0JF1lDlrECR+jUi8/7AGoN9ETDH7d4upmo/2MZthBaW54imNIYTDa
sNlKBkZnWf+fAK9hr8uFR9wt2ipT8Co/4nrusJBgdlnVfDlYzpSvEksAdPpB0Y/i
fpmcyetGtN6wVTiPI5+gtCbT9WFTE2Uh1qjoMa/DZoNe7OM+HKe6di0GQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZF8SdPEAvf91XdzXFvBTNiAJhjMB8GA1UdIwQY
MBaAFBIg3SuS2ihMY87Eb29qQcATqciBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWlEZEs1TGFLRXhqenNSdmIycEJ3Qk9weUlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8zYjhmM2ItZWJmMC00Y2I3LWE0OWIt
YTg1ODU4NDliZTE0LzEvQmtYeEowOFFDOV8zVmQzTmNXOEZNMklBbUdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8zYjhmM2ItZWJmMC00Y2I3LWE0OWItYTg1ODU4NDliZTE0
LzEvRWlEZEs1TGFLRXhqenNSdmIycEJ3Qk9weUlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufMrMA0G
CSqGSIb3DQEBCwUAA4IBAQAeVJVOQ+RDaA6oHyrTAljZhATYUW0o1CQ/zLPFvitL
LZUwUnV1+Y22dO/6qcDoAYJ/MHpPXCuelqqnSxsFmUf3hGEq37PZwNXJqWsVmJk3
YJowDbYnVMLI9eG1WDlXjO8xjkdvQmwWtkSyad18sQqoqYRyBfWDXFFP+dfHBnYx
oqIb/TAm2FBuvAJ3xouMgVBDqYOTmWu/Qq4yOt/iC9HgFeL2+lg+3O+aZLyGAOyM
zKR7/WEmHaxL5bJlTXCIgwz06WZP9i6Ty2MO3XC5dAqZDgAESX5q+/7p5gYMP5Xt
eRb9/6bTXPhBYbMNgDVf87IK5BeXb0F6lnE9UngW8rkz
-----END CERTIFICATE-----