Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/BKmZbRh0zQ9oa_wPaKfsvtQfYUE.roa
File:                     BKmZbRh0zQ9oa_wPaKfsvtQfYUE.roa (raw, json)
Hash identifier:          MF5MiDvqIGWrFA0JrjP3/BbBY/oWFnXukDS276OlJ/k=
Subject key identifier:   04:A9:99:6D:18:74:CD:0F:68:6B:FC:0F:68:A7:EC:BE:D4:1F:61:41
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CB9F1196B8F03A82DAB75F407ED85
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/BKmZbRh0zQ9oa_wPaKfsvtQfYUE.roa
Signing time:             Wed 01 Jan 2025 01:48:23 +0000
ROA not before:           Wed 01 Jan 2025 01:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202583
IP address blocks:        157.97.176.0/21 maxlen: 24
                          185.72.0.0/22 maxlen: 24
                          185.250.92.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:b9:f1:19:6b:8f:03:a8:2d:ab:75:f4:07:ed:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=04a9996d1874cd0f686bfc0f68a7ecbed41f6141
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5b:c3:30:80:e0:3b:eb:1f:15:a9:36:db:cc:
                    51:f3:90:73:59:4e:74:97:55:f6:f8:c6:c1:c9:58:
                    6e:a1:bb:77:ad:d2:24:cb:74:9b:4b:56:8b:20:ec:
                    35:8e:b7:0c:52:d4:d3:71:cf:c0:88:58:69:f2:43:
                    fb:7a:48:d8:59:37:8b:55:22:8d:7e:ff:a6:76:1b:
                    dc:cb:7b:a7:cf:58:5e:52:87:42:79:1d:d8:c3:58:
                    71:12:a9:26:b7:bf:46:a2:67:ce:81:b5:3d:29:38:
                    31:7b:85:42:c7:55:b3:19:e2:5b:99:a7:5a:d9:cf:
                    f4:04:86:e9:4f:40:61:3c:47:8a:1d:51:22:80:9e:
                    f6:43:bf:cd:14:40:ee:0f:d9:09:b0:8f:5f:68:73:
                    3f:94:6d:9e:bd:05:a1:54:cf:8f:6d:93:e7:77:4b:
                    8e:da:86:45:bb:20:bb:cc:f6:d6:9e:35:0a:d8:64:
                    36:81:5e:c9:40:05:ac:cf:a8:e8:d6:4e:4f:28:9f:
                    66:dc:a6:bb:45:a7:07:4c:c2:2e:d3:b4:a8:e7:68:
                    98:31:05:77:c1:0d:01:76:37:bf:b1:fb:f0:ad:b5:
                    4d:28:5a:df:6b:9f:06:8c:7e:10:d0:d4:7f:85:1d:
                    84:a5:69:73:1b:5f:42:59:d8:c9:36:92:83:e9:bd:
                    76:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:A9:99:6D:18:74:CD:0F:68:6B:FC:0F:68:A7:EC:BE:D4:1F:61:41
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/BKmZbRh0zQ9oa_wPaKfsvtQfYUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.97.176.0/21
                  185.72.0.0/22
                  185.250.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:bd:f3:87:23:3e:c8:d8:59:ff:a3:88:c2:cb:00:f4:74:48:
         6a:91:32:9a:82:d3:93:9c:c1:d5:3e:f6:09:1a:e2:ef:4b:1f:
         df:3e:fa:a5:30:53:96:32:ef:34:03:ad:1c:04:79:96:d6:7f:
         ab:06:af:c9:92:c8:ad:1a:dd:75:a9:83:18:0e:37:70:97:95:
         de:d3:5b:55:42:77:e5:e5:6d:bb:5b:22:f9:10:30:23:5b:5e:
         86:8b:d0:42:6c:77:19:18:44:39:bb:7a:f3:52:fc:82:57:79:
         bd:0b:2e:3f:0d:d9:db:1d:d3:9d:fa:9c:f7:8c:a8:f9:3e:a3:
         1e:96:64:7a:f4:fd:52:e1:63:9d:d6:3c:98:e4:c5:b3:06:1e:
         a7:1d:67:a5:20:c6:5e:f5:be:6d:d6:74:a7:50:79:53:27:21:
         51:e3:78:66:95:0e:ac:d3:7f:fd:da:b5:8e:e8:2e:a2:bf:1a:
         e5:7f:8e:78:a1:91:0b:05:6b:2d:71:a7:d2:9d:fe:2d:20:70:
         f1:c0:99:c2:eb:6b:77:a9:93:e5:0a:17:94:3f:53:bf:f0:21:
         0a:14:da:69:77:eb:67:35:01:04:f2:41:de:ef:73:75:27:d3:
         de:ab:63:0e:4c:0d:10:61:4f:66:1e:4a:bd:55:7e:8f:88:52:
         cb:46:e9:c6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQfjLnxGWuPA6gtq3X0B+2FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGE5OTk2ZDE4NzRjZDBmNjg2YmZjMGY2OGE3ZWNiZWQ0MWY2MTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVvDMIDgO+sfFak228xR85BzWU50
l1X2+MbByVhuobt3rdIky3SbS1aLIOw1jrcMUtTTcc/AiFhp8kP7ekjYWTeLVSKN
fv+mdhvcy3unz1heUodCeR3Yw1hxEqkmt79GomfOgbU9KTgxe4VCx1WzGeJbmada
2c/0BIbpT0BhPEeKHVEigJ72Q7/NFEDuD9kJsI9faHM/lG2evQWhVM+PbZPnd0uO
2oZFuyC7zPbWnjUK2GQ2gV7JQAWsz6jo1k5PKJ9m3Ka7RacHTMIu07So52iYMQV3
wQ0Bdje/sfvwrbVNKFrfa58GjH4Q0NR/hR2EpWlzG19CWdjJNpKD6b12RwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFASpmW0YdM0PaGv8D2in7L7UH2FBMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvQkttWmJSaDB6UTlvYV93UGFLZnN2dFFmWVVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDnWGwAwQC
uUgAAwQCufpcMA0GCSqGSIb3DQEBCwUAA4IBAQCkvfOHIz7I2Fn/o4jCywD0dEhq
kTKagtOTnMHVPvYJGuLvSx/fPvqlMFOWMu80A60cBHmW1n+rBq/JksitGt11qYMY
Djdwl5Xe01tVQnfl5W27WyL5EDAjW16Gi9BCbHcZGEQ5u3rzUvyCV3m9Cy4/Ddnb
HdOd+pz3jKj5PqMelmR69P1S4WOd1jyY5MWzBh6nHWelIMZe9b5t1nSnUHlTJyFR
43hmlQ6s03/92rWO6C6ivxrlf454oZELBWstcafSnf4tIHDxwJnC62t3qZPlCheU
P1O/8CEKFNppd+tnNQEE8kHe73N1J9Peq2MOTA0QYU9mHkq9VX6PiFLLRunG
-----END CERTIFICATE-----