Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/BMRqTwX3F-7Eyu9sUWJRxbbnObs.roa
File:                     BMRqTwX3F-7Eyu9sUWJRxbbnObs.roa (raw, json)
Hash identifier:          iwSQ0rUmNhGV89dfOp4pcxcUZZLRA+Kc94ZUHHnJkbg=
Subject key identifier:   04:C4:6A:4F:05:F7:17:EE:C4:CA:EF:6C:51:62:51:C5:B6:E7:39:BB
Certificate issuer:       /CN=f6af433974df373b70abd76b13e1c70c775f554b
Certificate serial:       018CCA2A1BB6E0C5401F258C00DB5DE34C88
Authority key identifier: F6:AF:43:39:74:DF:37:3B:70:AB:D7:6B:13:E1:C7:0C:77:5F:55:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9q9DOXTfNztwq9drE-HHDHdfVUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/BMRqTwX3F-7Eyu9sUWJRxbbnObs.roa
Signing time:             Tue 02 Jan 2024 12:33:26 +0000
ROA not before:           Tue 02 Jan 2024 12:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44486
IP address blocks:        45.85.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/9q9DOXTfNztwq9drE-HHDHdfVUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/9q9DOXTfNztwq9drE-HHDHdfVUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9q9DOXTfNztwq9drE-HHDHdfVUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 04:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:1b:b6:e0:c5:40:1f:25:8c:00:db:5d:e3:4c:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6af433974df373b70abd76b13e1c70c775f554b
        Validity
            Not Before: Jan  2 12:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04c46a4f05f717eec4caef6c516251c5b6e739bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:b7:b3:af:3e:39:5a:19:ac:ce:ff:1e:8d:2e:
                    d8:b8:c7:76:99:94:d0:17:cc:e4:44:8b:56:da:c2:
                    bc:c6:60:8a:60:4e:6c:a4:6b:ec:cf:6d:08:b0:ae:
                    56:3b:9c:f4:47:4e:c5:d4:3b:de:51:e3:65:c2:70:
                    8a:ff:2a:00:e7:46:32:98:42:f7:19:7f:a2:bc:9e:
                    64:57:6a:31:9e:70:05:39:e1:4b:c6:a5:8a:1b:0a:
                    3d:61:1c:be:68:1b:85:b7:8e:bb:5a:95:b4:fa:3b:
                    30:d8:53:23:bb:a4:dd:11:91:c6:90:fc:70:c7:7d:
                    c2:c5:c4:76:e3:7b:d5:bb:01:37:52:2b:f0:ce:04:
                    71:ca:27:33:ab:20:9f:5c:36:74:d3:0b:57:67:3d:
                    c1:1e:ea:c4:3e:73:5c:34:60:c6:73:e8:ed:09:22:
                    c4:15:09:8d:91:17:a3:d9:e6:61:51:0c:85:eb:2c:
                    59:f5:79:7c:72:f2:e7:de:96:a7:8f:00:f9:17:88:
                    47:56:83:e2:93:bd:c7:20:0e:15:71:33:c4:52:46:
                    89:e4:0f:74:36:72:81:a2:b3:3d:81:a3:3e:b1:35:
                    55:17:7e:b5:a0:f6:44:ee:c6:88:8f:73:28:83:83:
                    d5:98:a4:3a:e8:ae:bf:68:e2:44:a9:39:09:58:e3:
                    f4:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:C4:6A:4F:05:F7:17:EE:C4:CA:EF:6C:51:62:51:C5:B6:E7:39:BB
            X509v3 Authority Key Identifier:
                keyid:F6:AF:43:39:74:DF:37:3B:70:AB:D7:6B:13:E1:C7:0C:77:5F:55:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9q9DOXTfNztwq9drE-HHDHdfVUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/BMRqTwX3F-7Eyu9sUWJRxbbnObs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f9caf0-2c2e-4897-8a3b-a26bc653b06b/1/9q9DOXTfNztwq9drE-HHDHdfVUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:03:74:49:87:6f:76:09:a2:3b:ff:76:09:ab:51:fc:41:68:
         ba:84:d8:13:49:b9:ea:40:91:88:f8:02:94:0c:03:f3:91:ba:
         b0:a6:6f:8c:cb:43:94:5a:5f:86:11:ee:24:0e:15:b4:c1:15:
         54:04:c6:d2:25:0b:c7:a0:49:3e:eb:8e:f5:a9:d2:f1:2c:4c:
         8a:29:20:87:45:56:8c:0c:5d:e9:55:c1:dc:2d:56:ff:05:12:
         76:7a:23:b3:ab:ae:2f:2d:6b:a6:84:12:e5:20:13:07:fd:6a:
         30:ea:ae:b3:73:d6:09:0e:41:27:e4:8f:b0:6f:7b:e0:59:8b:
         15:80:8d:2e:da:07:2b:50:00:c8:40:95:59:bd:ba:82:34:cd:
         42:7c:b6:9e:45:ae:f0:9d:65:02:49:96:31:7a:32:b5:9b:0f:
         85:a9:56:d8:35:81:a2:dc:12:4e:ba:b3:ae:23:a6:3a:72:1d:
         a4:b5:5a:9a:94:4c:69:ec:b3:12:27:76:75:1d:6c:36:18:a8:
         e8:e0:da:80:34:05:c2:43:d3:42:c9:41:d5:ed:56:b2:37:a3:
         bd:66:8b:77:88:8c:4e:18:c7:a0:fe:30:46:f6:1a:e2:74:84:
         7c:23:50:23:db:64:d6:8d:5a:4a:0e:87:e1:fc:f9:57:b3:14:
         72:a0:34:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKhu24MVAHyWMANtd40yIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YWY0MzM5NzRkZjM3M2I3MGFiZDc2YjEzZTFjNzBjNzc1
ZjU1NGIwHhcNMjQwMTAyMTIzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGM0NmE0ZjA1ZjcxN2VlYzRjYWVmNmM1MTYyNTFjNWI2ZTczOWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjbezrz45Whmszv8ejS7YuMd2mZTQ
F8zkRItW2sK8xmCKYE5spGvsz20IsK5WO5z0R07F1DveUeNlwnCK/yoA50YymEL3
GX+ivJ5kV2oxnnAFOeFLxqWKGwo9YRy+aBuFt467WpW0+jsw2FMju6TdEZHGkPxw
x33CxcR243vVuwE3UivwzgRxyiczqyCfXDZ00wtXZz3BHurEPnNcNGDGc+jtCSLE
FQmNkRej2eZhUQyF6yxZ9Xl8cvLn3panjwD5F4hHVoPik73HIA4VcTPEUkaJ5A90
NnKBorM9gaM+sTVVF361oPZE7saIj3Mog4PVmKQ66K6/aOJEqTkJWOP0zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFATEak8F9xfuxMrvbFFiUcW25zm7MB8GA1UdIwQY
MBaAFPavQzl03zc7cKvXaxPhxwx3X1VLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXE5RE9YVGZOenR3cTlkckUtSEhESGRmVlVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9mOWNhZjAtMmMyZS00ODk3LThhM2It
YTI2YmM2NTNiMDZiLzEvQk1ScVR3WDNGLTdFeXU5c1VXSlJ4YmJuT2JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9mOWNhZjAtMmMyZS00ODk3LThhM2ItYTI2YmM2NTNiMDZi
LzEvOXE5RE9YVGZOenR3cTlkckUtSEhESGRmVlVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVXbMA0G
CSqGSIb3DQEBCwUAA4IBAQAsA3RJh292CaI7/3YJq1H8QWi6hNgTSbnqQJGI+AKU
DAPzkbqwpm+My0OUWl+GEe4kDhW0wRVUBMbSJQvHoEk+6471qdLxLEyKKSCHRVaM
DF3pVcHcLVb/BRJ2eiOzq64vLWumhBLlIBMH/Wow6q6zc9YJDkEn5I+wb3vgWYsV
gI0u2gcrUADIQJVZvbqCNM1CfLaeRa7wnWUCSZYxejK1mw+FqVbYNYGi3BJOurOu
I6Y6ch2ktVqalExp7LMSJ3Z1HWw2GKjo4NqANAXCQ9NCyUHV7VayN6O9Zot3iIxO
GMeg/jBG9hridIR8I1Aj22TWjVpKDofh/PlXsxRyoDRJ
-----END CERTIFICATE-----