Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/BnFfpBGVQQZDT8YSDbsqD0Ao6m4.roa
File:                     BnFfpBGVQQZDT8YSDbsqD0Ao6m4.roa (raw, json)
Hash identifier:          p+CZldrYvz77b9LORxcUNV/ys3Plt3SOZBWtubL86c8=
Subject key identifier:   06:71:5F:A4:11:95:41:06:43:4F:C6:12:0D:BB:2A:0F:40:28:EA:6E
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       0191855B5BE947477330353BE5430F90E296
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/BnFfpBGVQQZDT8YSDbsqD0Ao6m4.roa
Signing time:             Sat 24 Aug 2024 17:07:22 +0000
ROA not before:           Sat 24 Aug 2024 17:07:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134176
IP address blocks:        185.92.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 08:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:85:5b:5b:e9:47:47:73:30:35:3b:e5:43:0f:90:e2:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Aug 24 17:07:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06715fa411954106434fc6120dbb2a0f4028ea6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:91:05:96:10:b3:dd:16:85:56:48:f8:cb:a5:
                    ea:d7:2e:e1:23:c8:20:70:f7:2f:b9:13:94:74:2a:
                    80:b4:49:e7:e8:d5:90:ca:ba:f1:c2:ad:a9:e7:1d:
                    44:30:7d:bb:ff:54:97:15:0f:d2:93:0f:3d:31:55:
                    de:6d:9e:d8:c6:14:d0:e6:04:05:9d:fe:95:4a:6c:
                    ec:f8:44:58:a0:4e:53:01:cc:18:f5:19:c7:ce:09:
                    ce:ca:83:57:dd:bb:36:a6:49:80:d9:26:ad:b6:b9:
                    a9:d7:8b:33:fc:55:25:52:67:79:78:99:08:78:51:
                    31:f7:c0:2d:8f:26:a4:a1:7c:03:84:e0:db:59:f2:
                    2b:a8:7c:ce:da:b2:f0:1e:ee:6c:1b:01:eb:ed:39:
                    c5:f5:fa:4c:45:48:93:4a:84:4d:c5:f3:be:ec:4a:
                    3d:65:bc:5a:0c:78:f2:d1:ad:f9:f2:8e:57:e1:1c:
                    ca:4a:e1:28:3b:61:5f:61:97:55:bb:74:f1:ef:e0:
                    9f:8f:1e:e6:b1:f0:f0:39:e3:4f:c2:ce:61:e5:f8:
                    89:42:e7:3e:ef:74:2d:8a:f5:91:b7:cf:1e:6b:03:
                    59:8d:47:d7:ee:24:ab:40:d9:27:67:46:58:1f:8b:
                    06:62:9d:cd:d7:e9:be:de:0a:f8:41:72:f9:34:f2:
                    5b:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:71:5F:A4:11:95:41:06:43:4F:C6:12:0D:BB:2A:0F:40:28:EA:6E
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/BnFfpBGVQQZDT8YSDbsqD0Ao6m4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:f5:96:39:8f:d6:97:17:45:c3:d6:35:19:25:f8:1e:2d:4e:
         42:eb:80:14:31:31:ff:35:30:60:77:19:9a:c0:3e:cc:21:85:
         5e:5e:cd:09:6f:d4:5d:f3:c2:eb:7e:f9:74:fb:33:f9:78:11:
         82:27:22:22:01:99:13:dd:5c:a8:f4:41:f3:b7:99:82:d7:38:
         b2:91:2a:78:17:55:24:40:42:df:8e:b1:12:cf:0c:ed:95:c2:
         c8:fe:f7:2f:7f:21:b5:b5:5a:9c:51:18:1e:c9:63:59:e9:b9:
         6d:1a:1c:cb:df:58:52:76:75:04:10:fe:a2:c5:2e:dc:e1:13:
         a2:cd:5b:2f:f6:6f:56:17:9b:a5:dc:49:69:07:75:2b:e2:47:
         93:3d:6f:27:18:8d:f6:55:ec:d4:1f:64:08:da:e8:d7:c5:b1:
         20:59:3c:6d:39:5f:ef:af:a8:a9:85:fa:6f:3c:e6:68:1f:e6:
         50:86:55:f4:a6:45:bf:9f:0b:0e:c4:22:c8:ad:25:9c:92:b1:
         38:3f:cc:35:99:20:1e:3a:1d:b5:9e:ff:a7:52:94:df:14:51:
         1b:3f:a5:a3:f4:2b:c1:00:49:4c:f8:99:ee:19:b5:d4:70:16:
         ef:22:b2:41:a4:2a:e5:d3:90:fb:c2:b7:b9:a1:7b:db:bb:53:
         ce:6d:27:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGFW1vpR0dzMDU75UMPkOKWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjQwODI0MTcwNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjcxNWZhNDExOTU0MTA2NDM0ZmM2MTIwZGJiMmEwZjQwMjhlYTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5EFlhCz3RaFVkj4y6Xq1y7hI8gg
cPcvuROUdCqAtEnn6NWQyrrxwq2p5x1EMH27/1SXFQ/Skw89MVXebZ7YxhTQ5gQF
nf6VSmzs+ERYoE5TAcwY9RnHzgnOyoNX3bs2pkmA2Sattrmp14sz/FUlUmd5eJkI
eFEx98AtjyakoXwDhODbWfIrqHzO2rLwHu5sGwHr7TnF9fpMRUiTSoRNxfO+7Eo9
ZbxaDHjy0a358o5X4RzKSuEoO2FfYZdVu3Tx7+Cfjx7msfDwOeNPws5h5fiJQuc+
73QtivWRt88eawNZjUfX7iSrQNknZ0ZYH4sGYp3N1+m+3gr4QXL5NPJbFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZxX6QRlUEGQ0/GEg27Kg9AKOpuMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvQm5GZnBCR1ZRUVpEVDhZU0Ric3FEMEFvNm00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVzRMA0G
CSqGSIb3DQEBCwUAA4IBAQDS9ZY5j9aXF0XD1jUZJfgeLU5C64AUMTH/NTBgdxma
wD7MIYVeXs0Jb9Rd88Lrfvl0+zP5eBGCJyIiAZkT3Vyo9EHzt5mC1ziykSp4F1Uk
QELfjrESzwztlcLI/vcvfyG1tVqcURgeyWNZ6bltGhzL31hSdnUEEP6ixS7c4ROi
zVsv9m9WF5ul3ElpB3Ur4keTPW8nGI32VezUH2QI2ujXxbEgWTxtOV/vr6iphfpv
POZoH+ZQhlX0pkW/nwsOxCLIrSWckrE4P8w1mSAeOh21nv+nUpTfFFEbP6Wj9CvB
AElM+JnuGbXUcBbvIrJBpCrl05D7wre5oXvbu1PObScc
-----END CERTIFICATE-----