Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/Bb8ycOE7qhSFoSMHyD2xB85u_Z0.roa
File:                     Bb8ycOE7qhSFoSMHyD2xB85u_Z0.roa (raw, json)
Hash identifier:          KcdCM+LEn+v24gkqqCtc8motwJZXGA9KFLUTB0+gGg8=
Subject key identifier:   05:BF:32:70:E1:3B:AA:14:85:A1:23:07:C8:3D:B1:07:CE:6E:FD:9D
Certificate issuer:       /CN=593897174f967490dbf6189d479df2c9371bf404
Certificate serial:       019422FB586ACA67C52B4BA7B23075B2E101
Authority key identifier: 59:38:97:17:4F:96:74:90:DB:F6:18:9D:47:9D:F2:C9:37:1B:F4:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WTiXF0-WdJDb9hidR53yyTcb9AQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/Bb8ycOE7qhSFoSMHyD2xB85u_Z0.roa
Signing time:             Wed 01 Jan 2025 17:48:04 +0000
ROA not before:           Wed 01 Jan 2025 17:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201681
IP address blocks:        2a05:bc1:8000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/WTiXF0-WdJDb9hidR53yyTcb9AQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/WTiXF0-WdJDb9hidR53yyTcb9AQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WTiXF0-WdJDb9hidR53yyTcb9AQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:58:6a:ca:67:c5:2b:4b:a7:b2:30:75:b2:e1:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=593897174f967490dbf6189d479df2c9371bf404
        Validity
            Not Before: Jan  1 17:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05bf3270e13baa1485a12307c83db107ce6efd9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d2:cc:ee:b8:34:45:32:93:64:7c:f4:cd:3a:
                    21:c9:fd:41:5a:7c:ed:67:36:1c:14:49:d0:53:85:
                    1a:d0:ed:93:0e:c2:4d:dc:df:cf:1d:d5:67:96:36:
                    b6:20:58:36:6d:4f:ea:fa:48:46:50:9e:4e:67:6a:
                    a2:58:f0:fb:9b:10:97:5d:71:7f:fe:98:98:78:c8:
                    7c:b7:bd:cc:e4:1c:9b:37:35:95:7b:2a:30:00:7b:
                    40:8a:d7:b7:d1:0e:7f:74:7b:d9:9d:d9:59:d7:48:
                    93:43:66:f9:f1:81:0b:a2:be:40:6a:0d:33:57:1b:
                    31:47:32:8c:94:72:a0:bb:dd:61:80:3c:d2:48:c8:
                    bc:21:a0:d4:b9:56:b4:48:2c:eb:46:cb:ec:89:19:
                    d7:ef:1d:09:08:d1:4b:cb:17:c8:c1:6a:77:0d:f7:
                    6b:ae:05:7b:99:46:cf:74:a4:5c:32:83:89:73:79:
                    62:af:ac:3f:11:af:f7:a0:35:5d:92:58:f2:16:06:
                    6b:62:06:a7:a4:89:cd:5f:24:b7:14:d0:b7:ea:19:
                    1d:19:bc:6a:85:f5:40:25:81:b8:70:f6:6c:43:bd:
                    86:d7:a2:2a:0f:c1:54:7b:b5:dc:34:51:e1:86:b5:
                    d6:8d:a0:91:53:8f:b7:62:93:2a:eb:24:4a:d0:b3:
                    d2:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:BF:32:70:E1:3B:AA:14:85:A1:23:07:C8:3D:B1:07:CE:6E:FD:9D
            X509v3 Authority Key Identifier:
                keyid:59:38:97:17:4F:96:74:90:DB:F6:18:9D:47:9D:F2:C9:37:1B:F4:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WTiXF0-WdJDb9hidR53yyTcb9AQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/Bb8ycOE7qhSFoSMHyD2xB85u_Z0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dcf976-007d-4542-b0e2-5f8fc707836a/1/WTiXF0-WdJDb9hidR53yyTcb9AQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:bc1:8000::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:f8:e3:00:f7:83:37:48:de:04:89:0b:bf:5f:9c:c7:39:98:
         c1:27:aa:b6:d2:d1:cc:8d:60:52:77:20:4d:65:2d:65:8a:55:
         c1:8f:eb:7a:88:8d:1c:6f:76:d8:ab:a7:e3:80:99:9d:8a:75:
         b2:6a:2a:76:ec:60:20:af:4c:e0:93:74:bb:fd:ae:43:75:2d:
         ce:19:ae:ec:ce:8a:a5:db:27:93:b1:7f:d6:a8:8e:4d:27:d7:
         71:37:f7:d6:df:5a:41:70:66:d5:ca:fe:bb:e2:0c:f6:8a:a2:
         29:80:9a:4e:a2:a5:88:ec:b1:bc:0d:7e:35:d6:8e:45:7c:53:
         c3:de:4c:dc:7d:4b:6f:ab:3d:4c:ff:09:78:25:32:ad:8f:ac:
         75:7f:7c:f6:6c:55:2c:db:04:81:14:35:86:51:a1:d4:60:cd:
         03:a6:15:c4:33:23:e2:bb:91:eb:76:1c:90:74:f0:62:76:ac:
         81:5a:48:91:fc:a7:c6:1d:3f:0f:b4:67:cc:f5:d4:a0:d5:e8:
         1c:02:e2:31:ba:bc:88:6c:7d:50:f2:a1:6d:46:c0:3b:fc:e2:
         3a:32:8c:54:a9:66:72:0b:9b:7b:b3:7b:21:5a:17:4b:22:e1:
         5d:b7:3f:44:e1:4c:ec:13:97:1c:e3:f3:a2:30:e1:5c:7a:41:
         72:94:c2:a9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi+1hqymfFK0unsjB1suEBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5Mzg5NzE3NGY5Njc0OTBkYmY2MTg5ZDQ3OWRmMmM5Mzcx
YmY0MDQwHhcNMjUwMTAxMTc0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWJmMzI3MGUxM2JhYTE0ODVhMTIzMDdjODNkYjEwN2NlNmVmZDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9LM7rg0RTKTZHz0zTohyf1BWnzt
ZzYcFEnQU4Ua0O2TDsJN3N/PHdVnlja2IFg2bU/q+khGUJ5OZ2qiWPD7mxCXXXF/
/piYeMh8t73M5BybNzWVeyowAHtAite30Q5/dHvZndlZ10iTQ2b58YELor5Aag0z
VxsxRzKMlHKgu91hgDzSSMi8IaDUuVa0SCzrRsvsiRnX7x0JCNFLyxfIwWp3Dfdr
rgV7mUbPdKRcMoOJc3lir6w/Ea/3oDVdkljyFgZrYganpInNXyS3FNC36hkdGbxq
hfVAJYG4cPZsQ72G16IqD8FUe7XcNFHhhrXWjaCRU4+3YpMq6yRK0LPSWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAW/MnDhO6oUhaEjB8g9sQfObv2dMB8GA1UdIwQY
MBaAFFk4lxdPlnSQ2/YYnUed8sk3G/QEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1RpWEYwLVdkSkRiOWhpZFI1M3l5VGNiOUFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9kY2Y5NzYtMDA3ZC00NTQyLWIwZTIt
NWY4ZmM3MDc4MzZhLzEvQmI4eWNPRTdxaFNGb1NNSHlEMnhCODV1X1owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9kY2Y5NzYtMDA3ZC00NTQyLWIwZTItNWY4ZmM3MDc4MzZh
LzEvV1RpWEYwLVdkSkRiOWhpZFI1M3l5VGNiOUFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgULwYAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAI+OMA94M3SN4EiQu/X5zHOZjBJ6q20tHMjWBS
dyBNZS1lilXBj+t6iI0cb3bYq6fjgJmdinWyaip27GAgr0zgk3S7/a5DdS3OGa7s
zoql2yeTsX/WqI5NJ9dxN/fW31pBcGbVyv674gz2iqIpgJpOoqWI7LG8DX411o5F
fFPD3kzcfUtvqz1M/wl4JTKtj6x1f3z2bFUs2wSBFDWGUaHUYM0DphXEMyPiu5Hr
dhyQdPBidqyBWkiR/KfGHT8PtGfM9dSg1egcAuIxuryIbH1Q8qFtRsA7/OI6MoxU
qWZyC5t7s3shWhdLIuFdtz9E4UzsE5cc4/OiMOFcekFylMKp
-----END CERTIFICATE-----