Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/BpR5NUk03vkRF80Qz6bXQizhKxo.roa
File:                     BpR5NUk03vkRF80Qz6bXQizhKxo.roa (raw, json)
Hash identifier:          2sfi1OYudOjZJURUx0aVBkXYGsLKo4Kb+vWDaiRPR3c=
Subject key identifier:   06:94:79:35:49:34:DE:F9:11:17:CD:10:CF:A6:D7:42:2C:E1:2B:1A
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       01911249FECE7AF15E9ED033F33C1411066B
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/BpR5NUk03vkRF80Qz6bXQizhKxo.roa
Signing time:             Fri 02 Aug 2024 08:52:04 +0000
ROA not before:           Fri 02 Aug 2024 08:52:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        37.153.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:12:49:fe:ce:7a:f1:5e:9e:d0:33:f3:3c:14:11:06:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Aug  2 08:52:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=069479354934def91117cd10cfa6d7422ce12b1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:4d:c5:74:5b:a5:38:00:5f:fb:59:7a:65:e1:
                    99:68:cf:b5:3b:2e:01:18:e4:b3:ca:5b:41:8d:8a:
                    db:23:1d:91:18:bc:6f:9c:ef:3d:b7:31:22:6e:c7:
                    9d:fe:37:53:c5:ce:8b:c2:7a:16:36:67:24:8c:88:
                    3a:3e:02:b2:52:e5:bd:82:f3:96:d6:85:0c:75:d1:
                    7e:12:07:27:20:ea:e8:86:e2:9d:71:83:be:26:65:
                    f9:26:a2:28:e4:70:c7:7b:bd:e8:56:b7:8e:79:b4:
                    ca:a1:20:aa:12:64:f7:7d:e9:4b:87:3c:16:31:42:
                    e8:78:71:19:02:5d:69:82:c5:65:95:5b:e1:b4:f9:
                    bf:07:3f:64:cf:f5:4c:69:ea:2e:90:78:dd:46:e4:
                    2d:65:fb:40:1a:ab:ef:10:d5:d8:0c:ea:58:23:8f:
                    21:76:b0:b8:7f:2c:a5:58:04:9d:da:d9:c4:d9:dc:
                    b0:3e:25:ef:46:37:9e:c2:85:dd:fb:6c:97:c2:a6:
                    59:8c:61:3b:0a:0b:a3:b0:a7:18:9b:82:c4:39:df:
                    66:0d:4d:74:37:15:c0:16:ad:44:9f:93:52:c0:a2:
                    68:f3:57:46:d8:b3:01:c7:39:e3:37:80:79:a6:ab:
                    98:e9:ec:3f:bb:92:76:71:94:07:68:bd:f2:86:31:
                    c2:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:94:79:35:49:34:DE:F9:11:17:CD:10:CF:A6:D7:42:2C:E1:2B:1A
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/BpR5NUk03vkRF80Qz6bXQizhKxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:dc:51:6d:ac:57:24:ae:a8:92:6c:bb:5b:5f:1f:a5:3c:6d:
         4b:92:34:3e:04:cc:76:e0:d9:3c:fe:c1:90:b7:b9:e4:6b:aa:
         07:94:1f:3c:18:a7:ca:02:15:1a:c9:27:bf:10:5b:b5:7b:70:
         50:af:a7:10:cc:68:3b:ab:ea:77:23:9a:e0:a9:c6:63:63:2e:
         1c:73:47:c0:70:78:83:36:82:d6:44:58:fb:b3:c0:a3:99:df:
         36:1c:fa:a3:e4:1c:9d:8e:29:5b:e8:30:a1:d9:98:b5:eb:f3:
         e3:4b:87:0e:61:7f:5b:05:7f:0e:18:6d:8e:dc:47:94:37:fc:
         b4:4f:91:4f:19:b2:5b:fc:37:84:35:27:e6:ef:08:b4:e4:88:
         7f:ba:f9:3d:5a:2b:31:25:6c:8a:03:a5:b5:c4:22:fd:64:1d:
         bb:7d:34:c9:ba:d3:47:3a:91:28:f8:c2:4d:97:70:46:c5:bd:
         72:7f:ae:31:09:c1:f4:57:e1:a8:f7:51:d4:cc:be:ea:13:4e:
         4e:a6:fb:73:cd:51:1b:d1:7e:c6:0e:ce:f9:2a:23:46:8a:35:
         ca:3a:58:ee:c3:9f:61:a3:bf:24:5b:db:2f:46:98:e8:3c:29:
         f9:29:78:c1:8b:16:ed:ea:02:63:35:46:0e:ee:9e:fe:5a:f3:
         a3:ac:3e:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZESSf7OevFentAz8zwUEQZrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjQwODAyMDg1MjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjk0NzkzNTQ5MzRkZWY5MTExN2NkMTBjZmE2ZDc0MjJjZTEyYjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5E3FdFulOABf+1l6ZeGZaM+1Oy4B
GOSzyltBjYrbIx2RGLxvnO89tzEibsed/jdTxc6LwnoWNmckjIg6PgKyUuW9gvOW
1oUMddF+EgcnIOrohuKdcYO+JmX5JqIo5HDHe73oVreOebTKoSCqEmT3felLhzwW
MULoeHEZAl1pgsVllVvhtPm/Bz9kz/VMaeoukHjdRuQtZftAGqvvENXYDOpYI48h
drC4fyylWASd2tnE2dywPiXvRjeewoXd+2yXwqZZjGE7CgujsKcYm4LEOd9mDU10
NxXAFq1En5NSwKJo81dG2LMBxznjN4B5pquY6ew/u5J2cZQHaL3yhjHC5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAaUeTVJNN75ERfNEM+m10Is4SsaMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvQnBSNU5VazAzdmtSRjgwUXo2YlhRaXpoS3hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZmEMA0G
CSqGSIb3DQEBCwUAA4IBAQBP3FFtrFckrqiSbLtbXx+lPG1LkjQ+BMx24Nk8/sGQ
t7nka6oHlB88GKfKAhUaySe/EFu1e3BQr6cQzGg7q+p3I5rgqcZjYy4cc0fAcHiD
NoLWRFj7s8Cjmd82HPqj5Bydjilb6DCh2Zi16/PjS4cOYX9bBX8OGG2O3EeUN/y0
T5FPGbJb/DeENSfm7wi05Ih/uvk9WisxJWyKA6W1xCL9ZB27fTTJutNHOpEo+MJN
l3BGxb1yf64xCcH0V+Go91HUzL7qE05OpvtzzVEb0X7GDs75KiNGijXKOljuw59h
o78kW9svRpjoPCn5KXjBixbt6gJjNUYO7p7+WvOjrD5I
-----END CERTIFICATE-----