Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/6a3069-ad3c-4388-b1e8-0c27adb75cdf/1/BuJq75MR8DCU5hnHyoHSIDgc_Go.roa
File:                     BuJq75MR8DCU5hnHyoHSIDgc_Go.roa (raw, json)
Hash identifier:          WYFNii4ePD8MQfSQILNRQNPBQSQiOXOjnZErIQSWojg=
Subject key identifier:   06:E2:6A:EF:93:11:F0:30:94:E6:19:C7:CA:81:D2:20:38:1C:FC:6A
Certificate issuer:       /CN=76d44d97653a06d846b2443535b83e8cbc39d928
Certificate serial:       019421B1C180BD1C14B5CDB17B7A810F73E3
Authority key identifier: 76:D4:4D:97:65:3A:06:D8:46:B2:44:35:35:B8:3E:8C:BC:39:D9:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dtRNl2U6BthGskQ1Nbg-jLw52Sg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/6a3069-ad3c-4388-b1e8-0c27adb75cdf/1/BuJq75MR8DCU5hnHyoHSIDgc_Go.roa
Signing time:             Wed 01 Jan 2025 11:48:05 +0000
ROA not before:           Wed 01 Jan 2025 11:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        194.15.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/6a3069-ad3c-4388-b1e8-0c27adb75cdf/1/dtRNl2U6BthGskQ1Nbg-jLw52Sg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/6a3069-ad3c-4388-b1e8-0c27adb75cdf/1/dtRNl2U6BthGskQ1Nbg-jLw52Sg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dtRNl2U6BthGskQ1Nbg-jLw52Sg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:c1:80:bd:1c:14:b5:cd:b1:7b:7a:81:0f:73:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76d44d97653a06d846b2443535b83e8cbc39d928
        Validity
            Not Before: Jan  1 11:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06e26aef9311f03094e619c7ca81d220381cfc6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:4a:c7:70:d3:1c:d6:14:4a:85:e1:ab:89:e1:
                    ec:9c:9a:cf:c4:e1:01:9f:7b:52:2f:34:f3:2c:3b:
                    30:17:05:e8:4f:c0:6c:9c:61:0d:6b:5a:cf:9e:01:
                    1a:ed:a4:34:eb:d4:86:ad:47:93:71:89:4c:e4:44:
                    a7:2c:05:27:31:d5:a6:d6:5e:ea:39:ca:ac:28:f3:
                    5d:d3:d6:e9:c5:0a:cb:15:a2:1e:4e:6c:02:e8:6a:
                    d2:1c:f0:71:29:ee:35:5b:04:e8:84:da:3c:30:10:
                    d7:20:96:05:1d:dc:dc:de:b3:45:d6:d7:b8:c6:ac:
                    ca:10:68:5d:44:08:7a:cc:8d:a0:14:e8:e7:f1:4b:
                    31:84:d4:88:3e:df:39:8f:b9:2e:b0:7d:f5:b3:87:
                    ae:2b:15:20:1f:9d:0e:46:b3:45:22:c9:96:3c:f8:
                    bf:bc:52:5d:03:a7:5b:7b:ad:4d:e5:c5:f9:b1:2b:
                    59:17:b6:16:dd:f3:4a:63:1b:56:73:0d:57:a3:38:
                    63:22:e7:78:55:a6:de:bc:fb:5b:46:68:46:b2:ef:
                    5b:96:13:a9:10:2c:02:9b:81:a0:41:71:e7:c0:45:
                    68:2e:95:cc:8d:92:41:79:a5:b8:9a:d3:f2:4f:b1:
                    91:60:a1:b5:a0:2f:af:24:21:45:00:42:37:6d:9d:
                    e1:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:E2:6A:EF:93:11:F0:30:94:E6:19:C7:CA:81:D2:20:38:1C:FC:6A
            X509v3 Authority Key Identifier:
                keyid:76:D4:4D:97:65:3A:06:D8:46:B2:44:35:35:B8:3E:8C:BC:39:D9:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dtRNl2U6BthGskQ1Nbg-jLw52Sg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/6a3069-ad3c-4388-b1e8-0c27adb75cdf/1/BuJq75MR8DCU5hnHyoHSIDgc_Go.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/6a3069-ad3c-4388-b1e8-0c27adb75cdf/1/dtRNl2U6BthGskQ1Nbg-jLw52Sg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:e3:ba:2e:f2:85:e0:d1:94:4e:02:08:c8:08:5c:45:ef:77:
         69:16:18:9d:b2:13:46:db:b5:0c:b4:d0:eb:de:78:74:58:b3:
         95:b3:80:ba:d9:72:60:69:7f:d0:86:71:d1:da:58:b2:d6:6f:
         9c:50:02:d6:9d:de:b8:d7:db:34:b0:ef:72:04:39:34:67:73:
         44:59:20:89:31:1a:a7:19:43:89:37:1f:61:ae:f3:89:04:50:
         7f:90:b1:aa:36:8c:5b:c4:ea:44:6b:29:59:53:5b:c4:45:6d:
         e7:b3:9c:66:e4:7c:08:53:1d:2e:20:58:fe:74:b9:f6:3e:ef:
         da:93:a9:f9:34:0f:d1:4c:ef:b6:e7:9a:b8:1b:7d:9b:61:84:
         02:f8:68:5d:e0:9d:67:09:a1:60:eb:c7:9d:4b:2a:01:69:89:
         1d:26:76:d2:cf:9b:58:9d:03:43:36:71:0d:46:67:01:83:fc:
         64:64:ac:ed:08:fa:8b:7e:52:c3:71:70:7c:df:76:1d:59:7b:
         c5:b3:9b:42:54:a7:f6:5d:71:1c:55:b3:fc:ce:7a:d8:ef:ae:
         70:0d:fa:b8:da:23:8c:8b:e1:5a:9b:74:80:1e:da:b2:62:ef:
         ce:e0:08:87:f5:af:bd:45:65:73:5e:23:6b:e8:21:b6:fa:c9:
         af:f2:05:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhscGAvRwUtc2xe3qBD3PjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZDQ0ZDk3NjUzYTA2ZDg0NmIyNDQzNTM1YjgzZThjYmMz
OWQ5MjgwHhcNMjUwMTAxMTE0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmUyNmFlZjkzMTFmMDMwOTRlNjE5YzdjYTgxZDIyMDM4MWNmYzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA90rHcNMc1hRKheGrieHsnJrPxOEB
n3tSLzTzLDswFwXoT8BsnGENa1rPngEa7aQ069SGrUeTcYlM5ESnLAUnMdWm1l7q
OcqsKPNd09bpxQrLFaIeTmwC6GrSHPBxKe41WwTohNo8MBDXIJYFHdzc3rNF1te4
xqzKEGhdRAh6zI2gFOjn8UsxhNSIPt85j7kusH31s4euKxUgH50ORrNFIsmWPPi/
vFJdA6dbe61N5cX5sStZF7YW3fNKYxtWcw1XozhjIud4VabevPtbRmhGsu9blhOp
ECwCm4GgQXHnwEVoLpXMjZJBeaW4mtPyT7GRYKG1oC+vJCFFAEI3bZ3h7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAbiau+TEfAwlOYZx8qB0iA4HPxqMB8GA1UdIwQY
MBaAFHbUTZdlOgbYRrJENTW4Poy8OdkoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHRSTmwyVTZCdGhHc2tRMU5iZy1qTHc1MlNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi82YTMwNjktYWQzYy00Mzg4LWIxZTgt
MGMyN2FkYjc1Y2RmLzEvQnVKcTc1TVI4RENVNWhuSHlvSFNJRGdjX0dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi82YTMwNjktYWQzYy00Mzg4LWIxZTgtMGMyN2FkYjc1Y2Rm
LzEvZHRSTmwyVTZCdGhHc2tRMU5iZy1qTHc1MlNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg/RMA0G
CSqGSIb3DQEBCwUAA4IBAQDJ47ou8oXg0ZROAgjICFxF73dpFhidshNG27UMtNDr
3nh0WLOVs4C62XJgaX/QhnHR2liy1m+cUALWnd6419s0sO9yBDk0Z3NEWSCJMRqn
GUOJNx9hrvOJBFB/kLGqNoxbxOpEaylZU1vERW3ns5xm5HwIUx0uIFj+dLn2Pu/a
k6n5NA/RTO+255q4G32bYYQC+Ghd4J1nCaFg68edSyoBaYkdJnbSz5tYnQNDNnEN
RmcBg/xkZKztCPqLflLDcXB833YdWXvFs5tCVKf2XXEcVbP8znrY765wDfq42iOM
i+Fam3SAHtqyYu/O4AiH9a+9RWVzXiNr6CG2+smv8gVY
-----END CERTIFICATE-----