Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/876203-e8fd-472f-afc2-990385559d1c/1/BGDWVX_LLlbx3kqY9fFrPifeHVo.roa
File:                     BGDWVX_LLlbx3kqY9fFrPifeHVo.roa (raw, json)
Hash identifier:          2YYYGV45QIsRK7UF+2FZhyLXI9BR1kWwqP/D6lJoEy0=
Subject key identifier:   04:60:D6:55:7F:CB:2E:56:F1:DE:4A:98:F5:F1:6B:3E:27:DE:1D:5A
Certificate issuer:       /CN=61ce2e57f6f862ca3056e5fd5b3e6eac35540401
Certificate serial:       018CC72594757411A3A7A1210960167DA22A
Authority key identifier: 61:CE:2E:57:F6:F8:62:CA:30:56:E5:FD:5B:3E:6E:AC:35:54:04:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yc4uV_b4YsowVuX9Wz5urDVUBAE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/876203-e8fd-472f-afc2-990385559d1c/1/BGDWVX_LLlbx3kqY9fFrPifeHVo.roa
Signing time:             Mon 01 Jan 2024 22:29:37 +0000
ROA not before:           Mon 01 Jan 2024 22:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38938
IP address blocks:        2a04:8900::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/876203-e8fd-472f-afc2-990385559d1c/1/Yc4uV_b4YsowVuX9Wz5urDVUBAE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/876203-e8fd-472f-afc2-990385559d1c/1/Yc4uV_b4YsowVuX9Wz5urDVUBAE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yc4uV_b4YsowVuX9Wz5urDVUBAE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:94:75:74:11:a3:a7:a1:21:09:60:16:7d:a2:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61ce2e57f6f862ca3056e5fd5b3e6eac35540401
        Validity
            Not Before: Jan  1 22:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0460d6557fcb2e56f1de4a98f5f16b3e27de1d5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e4:e1:b9:8b:7f:08:f1:f2:00:fd:8c:2c:74:
                    20:f7:a3:88:2a:ea:fd:92:a3:9e:e6:69:1d:d6:f6:
                    bb:b6:25:83:4d:31:8f:80:e2:c2:94:b4:b3:ab:a2:
                    6e:df:ac:f5:44:cd:16:c3:08:69:b7:9e:2b:2c:dc:
                    8a:f0:5d:2d:f9:ad:b4:32:0a:7f:dc:72:bf:f9:c9:
                    ce:7d:a4:b5:e0:1b:d2:0b:25:c5:69:be:16:fd:92:
                    c6:d6:6a:49:f6:e5:11:5e:26:bb:c2:cb:37:c1:2b:
                    91:f1:a5:6c:c8:08:d4:32:01:e6:f9:db:6a:27:f1:
                    08:09:14:d6:52:3b:b5:9a:b4:1e:b2:fb:53:39:8f:
                    43:97:26:48:14:40:8a:15:3e:e9:78:8a:bd:95:ed:
                    41:74:e5:58:fc:9e:05:02:22:8a:ed:8e:15:37:10:
                    0f:00:f7:aa:71:cb:a3:ec:72:1f:8d:e9:db:02:be:
                    db:16:70:94:2a:3b:10:6c:04:31:62:ed:67:4d:87:
                    0d:78:21:55:78:b6:81:93:80:8f:77:b3:14:80:a7:
                    eb:f6:7a:37:66:cc:87:14:7c:64:5c:3c:2d:35:d9:
                    27:9d:cc:d8:1d:66:74:2b:b3:0f:93:92:7c:74:d7:
                    7e:2c:95:7e:4b:52:a4:b7:b2:6c:85:05:5f:9f:0c:
                    4e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:60:D6:55:7F:CB:2E:56:F1:DE:4A:98:F5:F1:6B:3E:27:DE:1D:5A
            X509v3 Authority Key Identifier:
                keyid:61:CE:2E:57:F6:F8:62:CA:30:56:E5:FD:5B:3E:6E:AC:35:54:04:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yc4uV_b4YsowVuX9Wz5urDVUBAE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/876203-e8fd-472f-afc2-990385559d1c/1/BGDWVX_LLlbx3kqY9fFrPifeHVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/876203-e8fd-472f-afc2-990385559d1c/1/Yc4uV_b4YsowVuX9Wz5urDVUBAE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:8900::/29

    Signature Algorithm: sha256WithRSAEncryption
         15:3c:f9:7c:48:a9:8c:dc:c6:00:85:ce:ae:f2:a8:38:24:25:
         3f:43:66:f3:20:11:b2:05:85:37:75:40:a7:ef:e0:66:e7:83:
         93:83:c3:6a:f5:b8:3e:30:05:91:70:3b:d5:2c:d8:44:10:cd:
         e8:ad:cd:ee:ee:7b:7d:7b:ef:ee:4b:5b:69:a0:8b:b0:aa:e4:
         64:2a:17:6b:6d:d2:68:30:d4:56:18:c3:a3:5e:73:50:00:e8:
         56:c7:9e:03:37:de:1f:d3:9b:40:cb:4d:e0:7e:5e:bc:ac:32:
         a5:81:46:a0:46:f7:9b:9d:80:03:35:95:5c:c9:30:70:be:ff:
         49:d4:28:00:82:df:8e:d2:11:cf:35:d6:84:a0:da:fc:ec:95:
         12:7e:90:63:5f:87:80:75:b2:db:45:c3:c2:2f:f6:ce:32:04:
         d2:59:4c:09:1a:f4:ed:68:ec:79:d5:9f:98:25:3c:a3:86:92:
         dd:72:25:f2:65:64:15:a2:72:5c:90:96:a8:7b:43:e6:e5:68:
         45:c2:47:95:cc:46:70:cf:2c:2a:a8:8d:c4:b7:32:c7:48:11:
         ba:cd:7b:b8:e3:f8:24:ca:56:a3:db:f9:13:ee:c2:78:f6:17:
         cd:31:32:3a:37:91:08:42:c8:26:97:89:2f:e9:9d:d4:74:39:
         bf:09:20:90
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJZR1dBGjp6EhCWAWfaIqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxY2UyZTU3ZjZmODYyY2EzMDU2ZTVmZDViM2U2ZWFjMzU1
NDA0MDEwHhcNMjQwMTAxMjIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDYwZDY1NTdmY2IyZTU2ZjFkZTRhOThmNWYxNmIzZTI3ZGUxZDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoeThuYt/CPHyAP2MLHQg96OIKur9
kqOe5mkd1va7tiWDTTGPgOLClLSzq6Ju36z1RM0Wwwhpt54rLNyK8F0t+a20Mgp/
3HK/+cnOfaS14BvSCyXFab4W/ZLG1mpJ9uURXia7wss3wSuR8aVsyAjUMgHm+dtq
J/EICRTWUju1mrQesvtTOY9DlyZIFECKFT7peIq9le1BdOVY/J4FAiKK7Y4VNxAP
APeqccuj7HIfjenbAr7bFnCUKjsQbAQxYu1nTYcNeCFVeLaBk4CPd7MUgKfr9no3
ZsyHFHxkXDwtNdknnczYHWZ0K7MPk5J8dNd+LJV+S1Kkt7JshQVfnwxOnQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFARg1lV/yy5W8d5KmPXxaz4n3h1aMB8GA1UdIwQY
MBaAFGHOLlf2+GLKMFbl/Vs+bqw1VAQBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWM0dVZfYjRZc293VnVYOVd6NXVyRFZVQkFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC84NzYyMDMtZThmZC00NzJmLWFmYzIt
OTkwMzg1NTU5ZDFjLzEvQkdEV1ZYX0xMbGJ4M2txWTlmRnJQaWZlSFZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC84NzYyMDMtZThmZC00NzJmLWFmYzItOTkwMzg1NTU5ZDFj
LzEvWWM0dVZfYjRZc293VnVYOVd6NXVyRFZVQkFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgSJADAN
BgkqhkiG9w0BAQsFAAOCAQEAFTz5fEipjNzGAIXOrvKoOCQlP0Nm8yARsgWFN3VA
p+/gZueDk4PDavW4PjAFkXA71SzYRBDN6K3N7u57fXvv7ktbaaCLsKrkZCoXa23S
aDDUVhjDo15zUADoVseeAzfeH9ObQMtN4H5evKwypYFGoEb3m52AAzWVXMkwcL7/
SdQoAILfjtIRzzXWhKDa/OyVEn6QY1+HgHWy20XDwi/2zjIE0llMCRr07WjsedWf
mCU8o4aS3XIl8mVkFaJyXJCWqHtD5uVoRcJHlcxGcM8sKqiNxLcyx0gRus17uOP4
JMpWo9v5E+7CePYXzTEyOjeRCELIJpeJL+md1HQ5vwkgkA==
-----END CERTIFICATE-----