Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/256cb6-dc42-41a5-b920-24cba1c03c99/1/BXunOv9mPJkYgZ0NI5qUZKgTb1A.roa
File:                     BXunOv9mPJkYgZ0NI5qUZKgTb1A.roa (raw, json)
Hash identifier:          mmzsr5EgAhUZUxSJCRXBAFNum+pVa7EBF4L0ocnSXCg=
Subject key identifier:   05:7B:A7:3A:FF:66:3C:99:18:81:9D:0D:23:9A:94:64:A8:13:6F:50
Certificate issuer:       /CN=c9392c3276b243aff740a082c588fb73941ebbf7
Certificate serial:       018DC7E748EDC590404BA370FA055A4EEDD2
Authority key identifier: C9:39:2C:32:76:B2:43:AF:F7:40:A0:82:C5:88:FB:73:94:1E:BB:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yTksMnayQ6_3QKCCxYj7c5Qeu_c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/256cb6-dc42-41a5-b920-24cba1c03c99/1/BXunOv9mPJkYgZ0NI5qUZKgTb1A.roa
Signing time:             Tue 20 Feb 2024 19:03:59 +0000
ROA not before:           Tue 20 Feb 2024 19:03:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        195.128.184.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/256cb6-dc42-41a5-b920-24cba1c03c99/1/yTksMnayQ6_3QKCCxYj7c5Qeu_c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/256cb6-dc42-41a5-b920-24cba1c03c99/1/yTksMnayQ6_3QKCCxYj7c5Qeu_c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yTksMnayQ6_3QKCCxYj7c5Qeu_c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c7:e7:48:ed:c5:90:40:4b:a3:70:fa:05:5a:4e:ed:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9392c3276b243aff740a082c588fb73941ebbf7
        Validity
            Not Before: Feb 20 19:03:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=057ba73aff663c9918819d0d239a9464a8136f50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:67:02:99:47:44:9e:47:3f:c4:ed:f7:88:78:
                    3f:69:16:68:07:18:73:a6:63:bb:1a:b0:2a:00:03:
                    ea:0e:aa:13:30:d3:df:d2:bd:eb:82:46:1a:59:95:
                    29:71:b2:f1:47:e7:9d:00:35:fc:9c:f0:99:e6:84:
                    37:2c:c1:38:2c:2a:28:f9:ee:61:fe:b8:1f:09:58:
                    eb:8a:66:48:af:55:76:30:13:81:89:f8:dd:76:ec:
                    e6:5a:16:ec:73:56:a1:43:ad:77:dd:e5:cf:ae:1d:
                    5a:f5:5a:53:87:c2:d2:09:94:f1:bd:c4:86:04:0b:
                    0c:22:75:ea:cf:b4:b2:73:9d:58:c1:d5:be:0f:6e:
                    19:6e:6c:c9:89:52:46:11:03:5b:95:b7:d2:75:25:
                    9a:3a:48:24:1c:7a:c3:48:8f:c1:cc:85:05:b4:e7:
                    cb:ba:cb:82:2c:d4:10:62:fd:97:e2:81:c1:6c:b1:
                    e1:c4:a1:a1:5a:7f:06:b9:51:78:98:7e:4a:05:0a:
                    c3:ba:be:e5:e3:18:90:51:37:8b:5f:1c:25:c7:5e:
                    33:1f:2c:93:0b:a4:b4:7c:f8:56:d9:e3:41:47:e3:
                    64:65:f0:ea:53:a9:56:b3:d4:de:2d:d9:2c:cd:aa:
                    ef:13:82:58:7b:67:26:f2:db:4b:bf:bb:c0:02:1b:
                    02:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:7B:A7:3A:FF:66:3C:99:18:81:9D:0D:23:9A:94:64:A8:13:6F:50
            X509v3 Authority Key Identifier:
                keyid:C9:39:2C:32:76:B2:43:AF:F7:40:A0:82:C5:88:FB:73:94:1E:BB:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yTksMnayQ6_3QKCCxYj7c5Qeu_c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/256cb6-dc42-41a5-b920-24cba1c03c99/1/BXunOv9mPJkYgZ0NI5qUZKgTb1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/256cb6-dc42-41a5-b920-24cba1c03c99/1/yTksMnayQ6_3QKCCxYj7c5Qeu_c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.128.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         76:df:03:80:38:b7:58:e1:76:65:df:30:b1:b5:e2:60:7a:4a:
         48:d1:cf:51:2b:b8:35:e4:60:4e:55:10:3c:64:7f:a7:c3:44:
         f8:45:d5:d2:6a:88:d5:5d:f0:bc:6a:14:19:5b:0f:a0:3e:b4:
         f1:13:d0:62:9b:1f:5f:8a:cf:8f:a8:32:34:ec:c9:d8:1f:43:
         20:d2:c7:56:f5:5c:e2:c6:54:2e:0d:51:32:a4:98:18:c8:f1:
         25:97:7d:84:44:05:fe:5d:fd:17:24:16:b8:d0:b7:c6:03:77:
         d5:d5:cf:35:d4:41:14:f6:43:f8:86:81:4c:43:4d:ef:0c:73:
         05:87:0a:6a:02:f8:1b:dd:f9:27:73:8c:9b:3c:2f:f5:a8:a3:
         eb:93:8e:02:41:df:c0:38:10:ff:00:46:4c:f7:1f:e1:1c:4a:
         c1:c4:54:b3:ea:8e:0d:ee:f6:8f:39:6a:e9:21:c1:6f:a6:a4:
         94:27:b7:f9:4e:72:e1:38:8e:72:1c:ea:86:c1:9e:ba:2e:bb:
         ce:e3:2f:91:9b:84:43:e7:73:a3:96:86:fc:23:91:b8:15:60:
         01:05:44:39:83:6b:7c:c2:5a:29:40:63:a1:d4:23:bd:cd:e3:
         de:c5:e1:72:a9:8a:e5:15:b3:6d:fd:92:90:49:db:9f:a9:e5:
         b1:8c:42:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3H50jtxZBAS6Nw+gVaTu3SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5MzkyYzMyNzZiMjQzYWZmNzQwYTA4MmM1ODhmYjczOTQx
ZWJiZjcwHhcNMjQwMjIwMTkwMzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTdiYTczYWZmNjYzYzk5MTg4MTlkMGQyMzlhOTQ2NGE4MTM2ZjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGcCmUdEnkc/xO33iHg/aRZoBxhz
pmO7GrAqAAPqDqoTMNPf0r3rgkYaWZUpcbLxR+edADX8nPCZ5oQ3LME4LCoo+e5h
/rgfCVjrimZIr1V2MBOBifjdduzmWhbsc1ahQ6133eXPrh1a9VpTh8LSCZTxvcSG
BAsMInXqz7Syc51YwdW+D24ZbmzJiVJGEQNblbfSdSWaOkgkHHrDSI/BzIUFtOfL
usuCLNQQYv2X4oHBbLHhxKGhWn8GuVF4mH5KBQrDur7l4xiQUTeLXxwlx14zHyyT
C6S0fPhW2eNBR+NkZfDqU6lWs9TeLdkszarvE4JYe2cm8ttLv7vAAhsCJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAV7pzr/ZjyZGIGdDSOalGSoE29QMB8GA1UdIwQY
MBaAFMk5LDJ2skOv90CggsWI+3OUHrv3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVRrc01uYXlRNl8zUUtDQ3hZajdjNVFldV9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8yNTZjYjYtZGM0Mi00MWE1LWI5MjAt
MjRjYmExYzAzYzk5LzEvQlh1bk92OW1QSmtZZ1owTkk1cVVaS2dUYjFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8yNTZjYjYtZGM0Mi00MWE1LWI5MjAtMjRjYmExYzAzYzk5
LzEveVRrc01uYXlRNl8zUUtDQ3hZajdjNVFldV9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw4C4MA0G
CSqGSIb3DQEBCwUAA4IBAQB23wOAOLdY4XZl3zCxteJgekpI0c9RK7g15GBOVRA8
ZH+nw0T4RdXSaojVXfC8ahQZWw+gPrTxE9Bimx9fis+PqDI07MnYH0Mg0sdW9Vzi
xlQuDVEypJgYyPEll32ERAX+Xf0XJBa40LfGA3fV1c811EEU9kP4hoFMQ03vDHMF
hwpqAvgb3fknc4ybPC/1qKPrk44CQd/AOBD/AEZM9x/hHErBxFSz6o4N7vaPOWrp
IcFvpqSUJ7f5TnLhOI5yHOqGwZ66LrvO4y+Rm4RD53Ojlob8I5G4FWABBUQ5g2t8
wlopQGOh1CO9zePexeFyqYrlFbNt/ZKQSdufqeWxjEJt
-----END CERTIFICATE-----