Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/bmf5AWUBIUBSpMzmKp_PMgD7cVs.roa
File:                     bmf5AWUBIUBSpMzmKp_PMgD7cVs.roa (raw, json)
Hash identifier:          FfuMW8Tdk6GAAySZ8GFoZW6Egotc4ZQ408Y4cymh0XM=
Subject key identifier:   6E:67:F9:01:65:01:21:40:52:A4:CC:E6:2A:9F:CF:32:00:FB:71:5B
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DEAA3CFFFEA4D3AF9C6BC175B80F2
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/bmf5AWUBIUBSpMzmKp_PMgD7cVs.roa
Signing time:             Mon 01 Jan 2024 14:29:24 +0000
ROA not before:           Mon 01 Jan 2024 14:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50222
IP address blocks:        84.204.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:ea:a3:cf:ff:ea:4d:3a:f9:c6:bc:17:5b:80:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e67f9016501214052a4cce62a9fcf3200fb715b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:75:01:d7:f0:20:72:ed:e5:b6:8d:de:5a:7d:
                    bf:d0:09:f4:48:66:6d:e0:99:bd:43:40:1a:08:82:
                    aa:f4:bc:19:40:65:e5:2d:a2:70:d8:9f:46:4b:e2:
                    6d:39:9a:3a:a3:0e:c8:82:75:c8:fc:a7:e6:46:4b:
                    f0:43:70:7a:1d:f2:2c:13:07:42:cf:47:24:78:18:
                    67:28:e0:ae:a2:65:5f:db:01:35:24:32:14:5d:dc:
                    6a:c9:12:16:92:32:b1:eb:c6:56:ba:5c:70:be:eb:
                    b0:9b:f7:04:76:ec:3c:42:7c:6f:ae:91:75:7d:18:
                    b9:88:11:fe:a3:14:98:b3:5f:60:c6:93:2f:b1:8d:
                    3a:a5:3b:dc:90:29:e1:33:83:0c:be:6f:44:55:27:
                    81:73:88:ed:06:52:e7:18:14:8d:32:84:24:54:48:
                    57:41:1d:d6:d2:05:bc:63:91:0b:83:43:05:86:76:
                    f4:87:15:ee:f8:05:d4:44:70:ce:39:ec:97:63:8d:
                    f5:d5:e8:60:e4:ab:92:ef:e6:c6:d8:16:71:30:6b:
                    9b:3a:e1:de:8e:77:33:c2:ec:4b:a4:4a:9b:50:fd:
                    a9:30:5f:fe:a9:10:fc:8f:52:7f:13:26:92:b0:fc:
                    cb:89:39:1e:6e:0f:55:b3:a7:ba:57:cd:e6:4f:a5:
                    cc:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:67:F9:01:65:01:21:40:52:A4:CC:E6:2A:9F:CF:32:00:FB:71:5B
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/bmf5AWUBIUBSpMzmKp_PMgD7cVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.204.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:cc:c9:0f:2e:3c:69:6d:17:a7:f8:df:fe:fe:8f:bb:d7:db:
         f8:f7:d0:82:d5:9f:64:02:12:cb:a8:49:1f:3d:7e:f8:53:d8:
         02:fa:ea:f7:ad:59:35:00:28:92:b6:28:43:ad:43:ae:c6:fd:
         af:2d:53:df:0e:77:9b:01:31:77:73:61:1a:a5:d7:17:02:c3:
         1a:c2:06:cd:0f:c8:2f:1f:18:6b:75:95:02:eb:85:e7:26:43:
         ee:22:9a:82:c8:bb:80:24:71:27:00:a4:16:b9:8f:7a:dc:03:
         79:40:06:37:ac:fd:4d:d1:da:f6:b9:35:db:00:e9:75:09:78:
         99:f3:41:98:4d:e7:12:92:91:95:ac:ce:f0:40:9a:a0:25:fa:
         18:f8:b8:4e:e7:2d:28:36:7e:01:ce:91:fb:b1:87:f0:49:4c:
         98:f9:c9:93:ab:39:b1:ae:43:c6:5e:06:0c:25:f7:ae:2b:96:
         b8:ae:de:ef:fa:b6:b7:30:c3:9d:49:3a:73:66:5e:3d:f4:59:
         47:79:26:03:cb:89:6b:9a:94:c3:63:dd:11:c6:d1:57:69:6b:
         bf:f4:2f:da:bf:c3:19:df:4d:d5:2b:47:09:9c:b0:a5:0a:92:
         f9:7e:62:84:4c:98:c5:d6:83:81:7b:00:4c:44:67:cb:b3:11:
         76:eb:59:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbeqjz//qTTr5xrwXW4DyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTY3ZjkwMTY1MDEyMTQwNTJhNGNjZTYyYTlmY2YzMjAwZmI3MTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHUB1/Agcu3lto3eWn2/0An0SGZt
4Jm9Q0AaCIKq9LwZQGXlLaJw2J9GS+JtOZo6ow7IgnXI/KfmRkvwQ3B6HfIsEwdC
z0ckeBhnKOCuomVf2wE1JDIUXdxqyRIWkjKx68ZWulxwvuuwm/cEduw8QnxvrpF1
fRi5iBH+oxSYs19gxpMvsY06pTvckCnhM4MMvm9EVSeBc4jtBlLnGBSNMoQkVEhX
QR3W0gW8Y5ELg0MFhnb0hxXu+AXURHDOOeyXY4311ehg5KuS7+bG2BZxMGubOuHe
jnczwuxLpEqbUP2pMF/+qRD8j1J/EyaSsPzLiTkebg9Vs6e6V83mT6XMmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5n+QFlASFAUqTM5iqfzzIA+3FbMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvYm1mNUFXVUJJVUJTcE16bUtwX1BNZ0Q3Y1ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVMw1MA0G
CSqGSIb3DQEBCwUAA4IBAQBgzMkPLjxpbRen+N/+/o+719v499CC1Z9kAhLLqEkf
PX74U9gC+ur3rVk1ACiStihDrUOuxv2vLVPfDnebATF3c2EapdcXAsMawgbND8gv
HxhrdZUC64XnJkPuIpqCyLuAJHEnAKQWuY963AN5QAY3rP1N0dr2uTXbAOl1CXiZ
80GYTecSkpGVrM7wQJqgJfoY+LhO5y0oNn4BzpH7sYfwSUyY+cmTqzmxrkPGXgYM
JfeuK5a4rt7v+ra3MMOdSTpzZl499FlHeSYDy4lrmpTDY90RxtFXaWu/9C/av8MZ
303VK0cJnLClCpL5fmKETJjF1oOBewBMRGfLsxF261mg
-----END CERTIFICATE-----