Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/BNkQtXiM60kiU0nw9OarYUPU-FE.roa
File:                     BNkQtXiM60kiU0nw9OarYUPU-FE.roa (raw, json)
Hash identifier:          KAnMTU1uozNUXciKFw3TttqCR8L3QyMCFO63edikSUY=
Subject key identifier:   04:D9:10:B5:78:8C:EB:49:22:53:49:F0:F4:E6:AB:61:43:D4:F8:51
Certificate issuer:       /CN=10721ead6a4575643cb703062c0968755e8281eb
Certificate serial:       018CC9BBAE0F57A997709EC85A5974AABABE
Authority key identifier: 10:72:1E:AD:6A:45:75:64:3C:B7:03:06:2C:09:68:75:5E:82:81:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EHIerWpFdWQ8twMGLAlodV6Cges.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/BNkQtXiM60kiU0nw9OarYUPU-FE.roa
Signing time:             Tue 02 Jan 2024 10:32:49 +0000
ROA not before:           Tue 02 Jan 2024 10:32:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47967
IP address blocks:        91.236.216.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/EHIerWpFdWQ8twMGLAlodV6Cges.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/EHIerWpFdWQ8twMGLAlodV6Cges.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EHIerWpFdWQ8twMGLAlodV6Cges.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:ae:0f:57:a9:97:70:9e:c8:5a:59:74:aa:ba:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10721ead6a4575643cb703062c0968755e8281eb
        Validity
            Not Before: Jan  2 10:32:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04d910b5788ceb49225349f0f4e6ab6143d4f851
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:0e:20:bf:a7:f1:17:fc:12:72:74:df:db:91:
                    43:ed:f5:10:fc:9a:91:f3:da:9b:11:b3:34:ff:5c:
                    30:ae:41:db:bb:54:9d:dc:8c:36:66:5f:fe:8d:00:
                    3c:04:e5:b7:a4:22:fb:f3:1a:9f:60:db:67:20:92:
                    1b:43:8c:c9:0b:e2:c9:2b:48:87:92:b8:38:4c:cf:
                    0c:c3:4b:7f:68:51:51:cf:30:ad:01:97:ff:d5:7c:
                    61:dc:5c:c1:e1:64:29:5a:df:3d:31:50:0c:30:03:
                    39:da:46:57:70:90:89:83:b1:5e:b2:cd:23:6d:47:
                    b0:64:83:58:70:78:e5:cf:c4:5f:fc:b6:22:23:b1:
                    7c:7c:92:a2:d1:b2:6d:13:95:84:7b:57:c6:b8:c8:
                    42:d8:a9:6d:81:50:82:a0:1e:c9:4f:b0:15:7a:b5:
                    88:33:71:6d:00:a6:13:20:29:32:d0:56:07:98:aa:
                    b6:07:8f:24:ae:ea:5e:7a:f2:62:b7:66:67:c3:ef:
                    a4:8b:3f:16:76:24:4e:c5:2c:c2:84:fd:b8:61:5c:
                    57:56:19:aa:f1:9d:16:b2:2d:67:ed:e6:79:ff:f0:
                    f1:8c:80:4e:7a:36:55:73:f8:d1:65:84:68:4a:02:
                    7c:4f:64:ce:e2:14:12:22:b2:2f:17:fc:a3:d6:be:
                    5a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:D9:10:B5:78:8C:EB:49:22:53:49:F0:F4:E6:AB:61:43:D4:F8:51
            X509v3 Authority Key Identifier:
                keyid:10:72:1E:AD:6A:45:75:64:3C:B7:03:06:2C:09:68:75:5E:82:81:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHIerWpFdWQ8twMGLAlodV6Cges.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/BNkQtXiM60kiU0nw9OarYUPU-FE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/EHIerWpFdWQ8twMGLAlodV6Cges.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:1e:d8:21:84:06:fe:e7:3a:ae:ba:9d:20:d6:ff:b0:75:11:
         7d:e2:b2:21:c4:6f:7f:72:0e:20:0f:44:e1:b4:27:03:1c:fe:
         d7:47:8b:28:58:2e:03:63:ba:f3:08:06:88:32:e5:88:e2:90:
         1d:23:e4:e0:c1:8c:8f:54:c2:d6:c4:0d:36:7f:47:68:e2:d4:
         3e:f7:c0:fa:d6:95:75:88:9d:a1:03:6c:f3:67:43:3d:4b:b4:
         c5:46:e4:f3:ca:02:c6:90:df:96:02:c1:41:d6:46:48:42:3d:
         50:9e:6b:c4:b0:f7:e1:66:8c:64:fb:98:81:c7:d9:51:7f:3c:
         ea:4b:05:e5:24:57:9f:bf:1a:7a:b9:ba:fb:17:7d:43:3d:3a:
         73:e9:6b:46:01:cc:54:35:52:1e:71:b8:c4:ed:72:b8:e2:d5:
         21:12:fb:36:b8:c2:f7:66:45:c6:36:c3:7e:22:84:53:9d:ae:
         f0:20:97:37:4c:d8:ef:0f:8a:9e:6f:3f:db:40:0b:d7:9b:c3:
         d2:30:b0:65:c9:df:94:3c:dd:06:1e:b7:74:45:50:8a:7d:85:
         92:b5:b0:6f:54:ca:17:ca:9b:dd:aa:3d:77:60:ce:01:b1:da:
         c3:98:b7:08:9b:d1:2b:37:06:92:6c:2a:aa:d5:1f:95:20:b8:
         d1:05:69:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu64PV6mXcJ7IWll0qrq+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzIxZWFkNmE0NTc1NjQzY2I3MDMwNjJjMDk2ODc1NWU4
MjgxZWIwHhcNMjQwMTAyMTAzMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGQ5MTBiNTc4OGNlYjQ5MjI1MzQ5ZjBmNGU2YWI2MTQzZDRmODUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAow4gv6fxF/wScnTf25FD7fUQ/JqR
89qbEbM0/1wwrkHbu1Sd3Iw2Zl/+jQA8BOW3pCL78xqfYNtnIJIbQ4zJC+LJK0iH
krg4TM8Mw0t/aFFRzzCtAZf/1Xxh3FzB4WQpWt89MVAMMAM52kZXcJCJg7Fess0j
bUewZINYcHjlz8Rf/LYiI7F8fJKi0bJtE5WEe1fGuMhC2KltgVCCoB7JT7AVerWI
M3FtAKYTICky0FYHmKq2B48krupeevJit2Znw++kiz8WdiROxSzChP24YVxXVhmq
8Z0Wsi1n7eZ5//DxjIBOejZVc/jRZYRoSgJ8T2TO4hQSIrIvF/yj1r5aoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFATZELV4jOtJIlNJ8PTmq2FD1PhRMB8GA1UdIwQY
MBaAFBByHq1qRXVkPLcDBiwJaHVegoHrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhJZXJXcEZkV1E4dHdNR0xBbG9kVjZDZ2VzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9jYTkzNWItMjQ4NC00MDIwLWI4MTQt
M2Q0YWU4MGZjNDVkLzEvQk5rUXRYaU02MGtpVTBudzlPYXJZVVBVLUZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9jYTkzNWItMjQ4NC00MDIwLWI4MTQtM2Q0YWU4MGZjNDVk
LzEvRUhJZXJXcEZkV1E4dHdNR0xBbG9kVjZDZ2VzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+zYMA0G
CSqGSIb3DQEBCwUAA4IBAQAnHtghhAb+5zquup0g1v+wdRF94rIhxG9/cg4gD0Th
tCcDHP7XR4soWC4DY7rzCAaIMuWI4pAdI+TgwYyPVMLWxA02f0do4tQ+98D61pV1
iJ2hA2zzZ0M9S7TFRuTzygLGkN+WAsFB1kZIQj1QnmvEsPfhZoxk+5iBx9lRfzzq
SwXlJFefvxp6ubr7F31DPTpz6WtGAcxUNVIecbjE7XK44tUhEvs2uML3ZkXGNsN+
IoRTna7wIJc3TNjvD4qebz/bQAvXm8PSMLBlyd+UPN0GHrd0RVCKfYWStbBvVMoX
ypvdqj13YM4BsdrDmLcIm9ErNwaSbCqq1R+VILjRBWmE
-----END CERTIFICATE-----