Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/bgHlybEyqi_I0fnTxP3Kh50nMk8.roa
File:                     bgHlybEyqi_I0fnTxP3Kh50nMk8.roa (raw, json)
Hash identifier:          YC1LSyErHWcvQYCAeDniQ3TLsXgw/7PYeRGVM2nQ2I4=
Subject key identifier:   6E:01:E5:C9:B1:32:AA:2F:C8:D1:F9:D3:C4:FD:CA:87:9D:27:32:4F
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DABDF07A2A479B56A93D67E031C201
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/bgHlybEyqi_I0fnTxP3Kh50nMk8.roa
Signing time:             Mon 01 Jan 2024 02:29:24 +0000
ROA not before:           Mon 01 Jan 2024 02:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35404
IP address blocks:        185.241.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:bd:f0:7a:2a:47:9b:56:a9:3d:67:e0:31:c2:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e01e5c9b132aa2fc8d1f9d3c4fdca879d27324f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:2c:c9:47:b3:0a:a0:0d:d7:fa:c9:3d:7d:d8:
                    9b:0c:4d:26:3c:b4:8a:0f:2c:cd:19:0c:2e:f5:df:
                    e8:45:f4:8f:c4:f2:1b:ae:9e:cb:ce:d4:7c:37:35:
                    8a:3f:91:b5:1b:08:ed:cf:d8:b3:ae:b6:51:2c:a3:
                    5f:3c:90:14:d7:86:b6:41:27:6a:ce:c9:bf:dc:87:
                    0d:cc:86:dd:bc:ac:f3:96:83:31:e6:6e:e1:f9:43:
                    70:08:db:96:be:98:75:75:6c:5c:56:1c:7c:40:b9:
                    83:80:36:93:77:93:b6:4a:c5:1f:09:2f:39:f2:d1:
                    84:6f:f0:d8:04:11:44:ce:86:b5:df:8c:78:ee:89:
                    3f:81:77:7a:77:3c:51:fd:7f:98:97:88:76:60:ba:
                    fe:cb:e1:7f:9f:61:20:de:11:b3:11:8c:b9:ba:51:
                    62:6c:51:8d:15:4d:8c:b4:25:30:5a:7e:ec:c6:42:
                    4e:ae:eb:98:e9:4d:d9:ec:ec:db:12:c9:9e:c7:56:
                    a1:a8:82:4f:3a:65:06:4f:45:e0:29:9b:9a:e9:89:
                    83:65:a2:20:63:49:7c:7c:4f:6d:12:35:07:a4:04:
                    0d:0a:17:a2:49:09:4f:7d:56:fa:12:2b:13:97:c0:
                    ba:29:c8:c0:b8:dc:c9:a6:de:2f:ec:46:53:df:a6:
                    56:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:01:E5:C9:B1:32:AA:2F:C8:D1:F9:D3:C4:FD:CA:87:9D:27:32:4F
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/bgHlybEyqi_I0fnTxP3Kh50nMk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:5b:62:40:37:af:ac:9b:36:d5:cd:74:39:f1:60:68:98:69:
         8a:b2:2e:ff:d9:f1:63:5f:61:b0:1d:25:f4:2f:5d:fc:ef:81:
         17:fb:11:26:ac:e9:d9:6c:1d:94:2c:ff:9c:eb:7b:4c:68:98:
         5b:bf:d3:b1:de:fd:00:5e:56:80:9f:ff:64:e3:b7:c2:37:11:
         63:21:75:1e:ab:c8:4a:60:7f:0e:36:78:cb:20:a0:48:e7:f5:
         ed:b4:91:fa:d1:e2:c8:25:de:fe:ed:19:49:84:d0:c3:d1:51:
         31:53:00:22:db:35:88:5f:ef:3e:a6:12:e4:79:ef:74:8b:96:
         6d:23:a8:6d:e1:e4:bf:2c:8c:8c:54:83:a2:ef:8a:d9:70:58:
         7e:f4:7e:f4:7e:43:0e:65:bc:ea:87:b4:a2:e5:f2:c3:62:fe:
         7d:a9:24:3f:ba:19:b5:b4:67:7c:f5:d9:0d:28:59:24:f4:ff:
         28:bb:a8:93:e6:ad:8a:b2:f4:3e:96:3e:0c:8b:6e:53:42:55:
         a1:5c:e7:1b:8b:5e:d3:59:e9:ad:7a:04:53:78:86:e5:bc:e4:
         6b:0f:4d:9e:3d:1d:19:c5:ec:f1:cc:2a:71:a7:d7:d3:dd:12:
         71:31:67:82:13:73:ad:66:14:e2:e1:db:bd:7b:f5:8a:b7:6e:
         65:fb:f1:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2r3weipHm1apPWfgMcIBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTAxZTVjOWIxMzJhYTJmYzhkMWY5ZDNjNGZkY2E4NzlkMjczMjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyzJR7MKoA3X+sk9fdibDE0mPLSK
DyzNGQwu9d/oRfSPxPIbrp7LztR8NzWKP5G1Gwjtz9izrrZRLKNfPJAU14a2QSdq
zsm/3IcNzIbdvKzzloMx5m7h+UNwCNuWvph1dWxcVhx8QLmDgDaTd5O2SsUfCS85
8tGEb/DYBBFEzoa134x47ok/gXd6dzxR/X+Yl4h2YLr+y+F/n2Eg3hGzEYy5ulFi
bFGNFU2MtCUwWn7sxkJOruuY6U3Z7OzbEsmex1ahqIJPOmUGT0XgKZua6YmDZaIg
Y0l8fE9tEjUHpAQNCheiSQlPfVb6EisTl8C6KcjAuNzJpt4v7EZT36ZWnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG4B5cmxMqovyNH508T9yoedJzJPMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvYmdIbHliRXlxaV9JMGZuVHhQM0toNTBuTWs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufH3MA0G
CSqGSIb3DQEBCwUAA4IBAQAFW2JAN6+smzbVzXQ58WBomGmKsi7/2fFjX2GwHSX0
L13874EX+xEmrOnZbB2ULP+c63tMaJhbv9Ox3v0AXlaAn/9k47fCNxFjIXUeq8hK
YH8ONnjLIKBI5/XttJH60eLIJd7+7RlJhNDD0VExUwAi2zWIX+8+phLkee90i5Zt
I6ht4eS/LIyMVIOi74rZcFh+9H70fkMOZbzqh7Si5fLDYv59qSQ/uhm1tGd89dkN
KFkk9P8ou6iT5q2KsvQ+lj4Mi25TQlWhXOcbi17TWemtegRTeIblvORrD02ePR0Z
xezxzCpxp9fT3RJxMWeCE3OtZhTi4du9e/WKt25l+/E5
-----END CERTIFICATE-----