Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/3fd910-78bc-442a-88ac-8c52de6fa888/1/BJDXu8AkFi0yS9lrBHVjPjXoFUc.roa
File:                     BJDXu8AkFi0yS9lrBHVjPjXoFUc.roa (raw, json)
Hash identifier:          V4nBe9QwXGjMAD8qiAwNOmr8GngK6j1RxzENwrPU0Ng=
Subject key identifier:   04:90:D7:BB:C0:24:16:2D:32:4B:D9:6B:04:75:63:3E:35:E8:15:47
Certificate issuer:       /CN=519e97470c63fda14c3265eb741a70e3a8b69aff
Certificate serial:       018CC26D1DD7D9D1F39CAAA7DB63E796E543
Authority key identifier: 51:9E:97:47:0C:63:FD:A1:4C:32:65:EB:74:1A:70:E3:A8:B6:9A:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UZ6XRwxj_aFMMmXrdBpw46i2mv8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/3fd910-78bc-442a-88ac-8c52de6fa888/1/BJDXu8AkFi0yS9lrBHVjPjXoFUc.roa
Signing time:             Mon 01 Jan 2024 00:29:40 +0000
ROA not before:           Mon 01 Jan 2024 00:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42708
IP address blocks:        194.50.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/3fd910-78bc-442a-88ac-8c52de6fa888/1/UZ6XRwxj_aFMMmXrdBpw46i2mv8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/3fd910-78bc-442a-88ac-8c52de6fa888/1/UZ6XRwxj_aFMMmXrdBpw46i2mv8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UZ6XRwxj_aFMMmXrdBpw46i2mv8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 22:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1d:d7:d9:d1:f3:9c:aa:a7:db:63:e7:96:e5:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=519e97470c63fda14c3265eb741a70e3a8b69aff
        Validity
            Not Before: Jan  1 00:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0490d7bbc024162d324bd96b0475633e35e81547
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ce:c3:a9:56:ed:80:07:7d:46:9f:a0:70:e4:
                    d6:3e:bf:73:f8:7e:25:34:7b:c1:a4:96:c1:92:4d:
                    ef:97:8a:29:e7:62:7e:cb:e4:1c:97:ad:da:ff:23:
                    39:7b:4c:f0:90:e8:5b:48:ee:e7:af:da:93:6a:88:
                    21:ef:83:6d:86:7c:76:60:e6:f1:9a:a9:1d:6d:d9:
                    c8:46:6d:c2:80:02:79:8e:fb:5b:85:5d:02:0e:66:
                    f0:04:d2:ef:e5:58:ed:18:96:1b:f6:57:e6:f3:d1:
                    6a:91:fa:95:7d:d7:f0:fb:69:0d:19:92:1f:54:2e:
                    ff:20:2f:86:2c:7a:13:0a:11:06:2a:70:f7:3c:16:
                    c1:65:64:31:d2:77:c6:28:43:07:26:59:62:11:5a:
                    1a:5d:8a:cc:aa:1d:89:a7:8b:7a:d0:8a:c1:f3:94:
                    a2:a7:85:89:35:71:e3:8f:ab:2e:14:47:51:7d:bf:
                    d2:46:01:27:12:d2:2b:d3:55:05:a1:d7:f8:0d:ca:
                    08:b0:93:59:d0:25:12:7a:98:02:54:31:80:eb:4f:
                    ac:3e:3a:59:3f:cf:42:55:a8:08:4d:fa:68:83:a6:
                    08:87:fe:5d:e6:a3:64:37:46:5a:1d:9b:db:fc:35:
                    46:c7:8c:31:e0:a3:07:76:5d:1f:62:40:50:50:d2:
                    ed:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:90:D7:BB:C0:24:16:2D:32:4B:D9:6B:04:75:63:3E:35:E8:15:47
            X509v3 Authority Key Identifier:
                keyid:51:9E:97:47:0C:63:FD:A1:4C:32:65:EB:74:1A:70:E3:A8:B6:9A:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UZ6XRwxj_aFMMmXrdBpw46i2mv8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/3fd910-78bc-442a-88ac-8c52de6fa888/1/BJDXu8AkFi0yS9lrBHVjPjXoFUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/3fd910-78bc-442a-88ac-8c52de6fa888/1/UZ6XRwxj_aFMMmXrdBpw46i2mv8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:ce:33:9a:d3:87:e4:f1:fb:db:51:02:94:c3:e3:50:06:a4:
         2e:72:8a:71:5d:88:ed:9b:bb:a5:38:e5:6c:f9:34:bc:de:fa:
         0c:96:3c:93:f5:e6:88:55:fe:7f:8e:b3:4d:96:52:32:12:eb:
         99:9b:55:91:a1:f7:91:36:ed:21:cf:d8:01:f9:c6:18:8a:e3:
         73:31:79:08:0b:60:54:7d:87:d2:d8:40:43:9e:a8:25:fe:56:
         24:3c:1a:2d:03:a3:01:12:e0:23:c4:c2:ea:ab:d0:9d:26:14:
         c8:74:97:6c:ca:5a:7f:2b:ea:aa:ce:be:71:e5:e0:32:30:4c:
         07:db:04:bb:af:70:b4:57:a9:d5:76:c9:e0:43:b9:90:68:d5:
         9e:8a:b7:d8:88:9b:d3:3b:42:93:3d:e8:fd:23:bb:af:27:ac:
         81:a0:10:f1:cd:10:27:bf:e0:05:cc:1c:1e:95:cb:ee:e8:67:
         de:06:7b:01:d3:14:c8:bd:a6:ea:ac:0a:3d:3c:45:a2:f1:c3:
         1f:73:9c:da:c1:9e:6e:20:7e:65:bd:d4:b2:ff:95:e8:14:30:
         ad:b6:54:3a:55:e9:7c:86:f3:68:93:da:60:02:59:8d:82:8e:
         78:39:58:fb:05:2f:7a:05:90:7f:68:45:fd:a4:f7:02:b2:a2:
         65:94:2d:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbR3X2dHznKqn22PnluVDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxOWU5NzQ3MGM2M2ZkYTE0YzMyNjVlYjc0MWE3MGUzYThi
NjlhZmYwHhcNMjQwMTAxMDAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDkwZDdiYmMwMjQxNjJkMzI0YmQ5NmIwNDc1NjMzZTM1ZTgxNTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmM7DqVbtgAd9Rp+gcOTWPr9z+H4l
NHvBpJbBkk3vl4op52J+y+Qcl63a/yM5e0zwkOhbSO7nr9qTaogh74Nthnx2YObx
mqkdbdnIRm3CgAJ5jvtbhV0CDmbwBNLv5VjtGJYb9lfm89FqkfqVfdfw+2kNGZIf
VC7/IC+GLHoTChEGKnD3PBbBZWQx0nfGKEMHJlliEVoaXYrMqh2Jp4t60IrB85Si
p4WJNXHjj6suFEdRfb/SRgEnEtIr01UFodf4DcoIsJNZ0CUSepgCVDGA60+sPjpZ
P89CVagITfpog6YIh/5d5qNkN0ZaHZvb/DVGx4wx4KMHdl0fYkBQUNLtTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASQ17vAJBYtMkvZawR1Yz416BVHMB8GA1UdIwQY
MBaAFFGel0cMY/2hTDJl63QacOOotpr/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVo2WFJ3eGpfYUZNTW1YcmRCcHc0NmkybXY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8zZmQ5MTAtNzhiYy00NDJhLTg4YWMt
OGM1MmRlNmZhODg4LzEvQkpEWHU4QWtGaTB5UzlsckJIVmpQalhvRlVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8zZmQ5MTAtNzhiYy00NDJhLTg4YWMtOGM1MmRlNmZhODg4
LzEvVVo2WFJ3eGpfYUZNTW1YcmRCcHc0NmkybXY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjK1MA0G
CSqGSIb3DQEBCwUAA4IBAQC0zjOa04fk8fvbUQKUw+NQBqQucopxXYjtm7ulOOVs
+TS83voMljyT9eaIVf5/jrNNllIyEuuZm1WRofeRNu0hz9gB+cYYiuNzMXkIC2BU
fYfS2EBDnqgl/lYkPBotA6MBEuAjxMLqq9CdJhTIdJdsylp/K+qqzr5x5eAyMEwH
2wS7r3C0V6nVdsngQ7mQaNWeirfYiJvTO0KTPej9I7uvJ6yBoBDxzRAnv+AFzBwe
lcvu6GfeBnsB0xTIvabqrAo9PEWi8cMfc5zawZ5uIH5lvdSy/5XoFDCttlQ6Vel8
hvNok9pgAlmNgo54OVj7BS96BZB/aEX9pPcCsqJllC1l
-----END CERTIFICATE-----