Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/bHXLulP8CUgt-JCJIqSM8hvlsCA.roa
File:                     bHXLulP8CUgt-JCJIqSM8hvlsCA.roa (raw, json)
Hash identifier:          Mexso3pNidi3XstQ5hR0lM6Sn2w60SPQEvdapeY/VjQ=
Subject key identifier:   6C:75:CB:BA:53:FC:09:48:2D:F8:90:89:22:A4:8C:F2:1B:E5:B0:20
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       01942827F63B71AECA9649DC5FF39BB46120
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/bHXLulP8CUgt-JCJIqSM8hvlsCA.roa
Signing time:             Thu 02 Jan 2025 17:54:55 +0000
ROA not before:           Thu 02 Jan 2025 17:54:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400040
IP address blocks:        193.37.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 05:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:f6:3b:71:ae:ca:96:49:dc:5f:f3:9b:b4:61:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jan  2 17:54:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c75cbba53fc09482df8908922a48cf21be5b020
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:6b:76:ff:b9:f1:e5:5d:8b:b5:60:21:f3:7a:
                    6c:03:05:a6:b3:e3:22:c7:17:cb:1d:cd:3c:44:3b:
                    f3:89:40:a2:a1:f9:4c:c2:04:cf:3f:df:a8:7c:78:
                    c1:6a:af:af:8b:5f:6b:a9:56:e1:8b:12:9e:d0:0d:
                    f7:06:8a:c2:ac:1d:7d:4a:80:65:46:28:01:61:31:
                    54:d9:a6:68:0d:b1:be:15:7d:0a:01:75:8c:1d:19:
                    80:2c:36:be:bd:83:e3:68:98:2d:78:b8:b7:27:a4:
                    01:35:90:b4:58:25:74:39:06:1f:08:6f:7f:bb:0f:
                    e7:68:69:e0:b1:21:8e:16:37:02:4d:96:af:da:1d:
                    e8:56:9b:e2:1c:8d:43:1f:41:58:99:5b:e2:88:11:
                    6e:85:ce:7b:fd:f8:e6:be:1b:f0:ad:d7:4c:9e:b5:
                    0e:a4:55:7a:db:7d:a3:b6:1a:59:65:dc:74:eb:6b:
                    47:31:bb:4f:02:4f:97:b0:b4:d5:c3:1a:0d:fa:11:
                    ee:06:c9:47:9e:3e:6e:e9:06:31:61:e7:90:e2:3f:
                    20:a0:2e:f8:df:a3:50:0c:a4:7f:7a:59:02:c3:eb:
                    48:46:1f:0d:82:b3:57:4e:e9:45:2d:82:64:79:c0:
                    35:34:15:bf:4e:eb:1d:6f:83:26:3c:e4:a3:d6:89:
                    68:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:75:CB:BA:53:FC:09:48:2D:F8:90:89:22:A4:8C:F2:1B:E5:B0:20
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/bHXLulP8CUgt-JCJIqSM8hvlsCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:e8:70:b5:89:3b:3c:8c:34:3a:ed:48:4d:92:47:69:ba:16:
         5e:9f:1d:76:0b:1a:a7:4a:93:cd:13:1f:05:22:74:ca:9c:06:
         ea:98:e4:67:75:30:c8:68:d4:58:ad:1e:2f:7e:d9:60:fb:5a:
         9e:5e:86:ef:4c:65:9f:c8:de:52:bd:43:1b:98:f5:a3:ee:04:
         a9:d8:66:a7:94:f5:fd:99:7e:94:65:4b:4b:eb:d4:dd:40:01:
         05:b4:a8:0d:1d:1d:3c:20:37:b1:eb:40:ac:1c:3f:92:9b:0c:
         16:62:19:91:95:16:96:9c:7f:e7:2f:4d:6f:8d:7a:31:79:86:
         6f:5b:02:6c:f1:16:0c:d0:54:a3:06:3f:fd:f1:b0:60:07:43:
         96:06:c5:ae:6e:02:b0:8f:d1:37:07:19:6c:fe:0b:c1:6f:df:
         ed:c8:e8:bf:80:7a:6d:0c:22:6d:c7:59:74:59:4c:bd:67:4a:
         2a:32:6b:77:40:58:07:2f:ac:1a:46:cd:1a:cf:cf:e1:54:6f:
         1e:f8:ce:c7:20:07:f4:cb:71:22:08:f7:ba:93:a2:a5:c0:16:
         d0:21:a9:c5:2d:bd:7d:b3:37:94:60:6b:44:bf:e7:46:89:b1:
         1a:de:09:76:4f:d2:a8:92:49:98:b8:31:fa:89:f9:10:b1:8b:
         21:42:49:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ/Y7ca7KlkncX/ObtGEgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwMTAyMTc1NDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yzc1Y2JiYTUzZmMwOTQ4MmRmODkwODkyMmE0OGNmMjFiZTViMDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmt2/7nx5V2LtWAh83psAwWms+Mi
xxfLHc08RDvziUCioflMwgTPP9+ofHjBaq+vi19rqVbhixKe0A33BorCrB19SoBl
RigBYTFU2aZoDbG+FX0KAXWMHRmALDa+vYPjaJgteLi3J6QBNZC0WCV0OQYfCG9/
uw/naGngsSGOFjcCTZav2h3oVpviHI1DH0FYmVviiBFuhc57/fjmvhvwrddMnrUO
pFV6232jthpZZdx062tHMbtPAk+XsLTVwxoN+hHuBslHnj5u6QYxYeeQ4j8goC74
36NQDKR/elkCw+tIRh8NgrNXTulFLYJkecA1NBW/Tusdb4MmPOSj1olofQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGx1y7pT/AlILfiQiSKkjPIb5bAgMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvYkhYTHVsUDhDVWd0LUpDSklxU004aHZsc0NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSXGMA0G
CSqGSIb3DQEBCwUAA4IBAQAa6HC1iTs8jDQ67UhNkkdpuhZenx12CxqnSpPNEx8F
InTKnAbqmORndTDIaNRYrR4vftlg+1qeXobvTGWfyN5SvUMbmPWj7gSp2GanlPX9
mX6UZUtL69TdQAEFtKgNHR08IDex60CsHD+SmwwWYhmRlRaWnH/nL01vjXoxeYZv
WwJs8RYM0FSjBj/98bBgB0OWBsWubgKwj9E3Bxls/gvBb9/tyOi/gHptDCJtx1l0
WUy9Z0oqMmt3QFgHL6waRs0az8/hVG8e+M7HIAf0y3EiCPe6k6KlwBbQIanFLb19
szeUYGtEv+dGibEa3gl2T9KokkmYuDH6ifkQsYshQkmu
-----END CERTIFICATE-----