Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/77fe48-d1f1-449a-807d-4c19ec5b57ca/1/BhHlkBqvgfUznKIhtb1FFJflTSc.roa
File:                     BhHlkBqvgfUznKIhtb1FFJflTSc.roa (raw, json)
Hash identifier:          1hJQUyjSo/LZB7qrcW6UTXNW99et1+/0rkKXb9T9w7w=
Subject key identifier:   06:11:E5:90:1A:AF:81:F5:33:9C:A2:21:B5:BD:45:14:97:E5:4D:27
Certificate issuer:       /CN=09cd218abcdf66e79500ab913cd21cf06e405d4e
Certificate serial:       018CC5DC189123F9E32E6E71FE0222B8BA07
Authority key identifier: 09:CD:21:8A:BC:DF:66:E7:95:00:AB:91:3C:D2:1C:F0:6E:40:5D:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cc0hirzfZueVAKuRPNIc8G5AXU4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/77fe48-d1f1-449a-807d-4c19ec5b57ca/1/BhHlkBqvgfUznKIhtb1FFJflTSc.roa
Signing time:             Mon 01 Jan 2024 16:29:44 +0000
ROA not before:           Mon 01 Jan 2024 16:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43766
IP address blocks:        82.167.0.0/20 maxlen: 20
                          82.167.16.0/20 maxlen: 20
                          82.167.32.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/77fe48-d1f1-449a-807d-4c19ec5b57ca/1/Cc0hirzfZueVAKuRPNIc8G5AXU4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/77fe48-d1f1-449a-807d-4c19ec5b57ca/1/Cc0hirzfZueVAKuRPNIc8G5AXU4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cc0hirzfZueVAKuRPNIc8G5AXU4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 13:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:18:91:23:f9:e3:2e:6e:71:fe:02:22:b8:ba:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09cd218abcdf66e79500ab913cd21cf06e405d4e
        Validity
            Not Before: Jan  1 16:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0611e5901aaf81f5339ca221b5bd451497e54d27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ce:ca:b5:59:b9:a9:d1:bf:21:e0:26:12:55:
                    60:e8:33:a7:84:09:93:dd:e2:22:cb:8e:dc:6a:a4:
                    c2:bb:e9:71:71:78:c5:d7:d8:28:6c:76:33:a4:64:
                    ff:da:25:12:04:be:00:ae:93:0f:7a:f8:cd:68:f3:
                    94:54:2e:ee:76:e4:f0:88:8c:e9:91:dd:90:5c:20:
                    17:90:f8:51:b1:c1:9a:3c:5e:42:a5:f4:6b:64:d3:
                    4c:20:44:d3:40:71:da:07:73:e0:b4:33:ae:ed:d4:
                    fd:5f:33:21:51:88:02:aa:9a:40:c9:88:e9:89:7c:
                    d1:1b:db:6f:92:9c:09:8f:1d:b8:90:d2:39:1d:ef:
                    ad:8c:a7:5e:9c:3d:f7:37:4d:de:9b:3a:44:73:ba:
                    8d:57:cc:d0:78:db:ac:44:3b:30:72:a4:9e:8e:a5:
                    71:e1:5a:99:18:6d:9d:61:ee:2f:50:d6:af:cd:04:
                    3b:8e:58:cf:39:f2:25:c2:b0:dd:dc:ba:e7:09:1c:
                    6d:8e:37:b3:89:b9:c2:06:3c:17:b2:35:94:45:74:
                    75:8e:22:09:94:bb:15:65:2d:d0:75:d6:fc:fe:da:
                    98:69:b1:2f:d9:82:fd:4b:86:5f:07:e2:c1:d0:6b:
                    21:c7:52:e5:39:14:33:48:ca:49:ff:61:0c:df:cb:
                    68:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:11:E5:90:1A:AF:81:F5:33:9C:A2:21:B5:BD:45:14:97:E5:4D:27
            X509v3 Authority Key Identifier:
                keyid:09:CD:21:8A:BC:DF:66:E7:95:00:AB:91:3C:D2:1C:F0:6E:40:5D:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cc0hirzfZueVAKuRPNIc8G5AXU4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/77fe48-d1f1-449a-807d-4c19ec5b57ca/1/BhHlkBqvgfUznKIhtb1FFJflTSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/77fe48-d1f1-449a-807d-4c19ec5b57ca/1/Cc0hirzfZueVAKuRPNIc8G5AXU4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.167.0.0-82.167.47.255

    Signature Algorithm: sha256WithRSAEncryption
         6a:67:b9:b5:61:86:88:f7:de:45:8d:af:8f:bd:b4:b7:1d:59:
         75:88:b6:da:85:ea:48:41:6e:4e:62:8a:7c:38:b8:5c:58:02:
         76:bd:b2:e1:d8:38:29:1f:18:44:f9:23:27:bb:b0:16:31:5f:
         f7:67:05:24:16:b3:87:4b:d1:38:b1:81:44:3f:dc:47:f9:96:
         6a:31:6a:74:05:5e:54:45:52:d9:28:32:b5:2c:61:b4:48:89:
         0b:98:49:4d:02:b2:c3:1d:02:f7:d8:a4:e4:b3:d5:01:8c:c4:
         79:de:cc:f4:85:d5:2a:09:07:46:19:a6:90:13:aa:d1:49:92:
         b9:e8:3b:50:1b:41:42:cd:91:1f:64:c3:ab:11:ed:9f:01:22:
         00:34:9f:4b:a6:28:a4:11:1f:5a:1e:73:5f:e8:89:c5:1b:05:
         18:db:3d:b2:d1:e1:7d:b1:c2:ab:4a:d1:2d:05:81:d3:08:d5:
         73:68:57:f3:ef:5f:ea:15:b7:41:7d:e6:c1:a5:7b:45:bb:43:
         af:74:fb:0d:7a:6c:d7:8b:c7:c0:df:00:dd:cf:08:52:df:8e:
         90:17:67:5b:f1:0a:39:56:35:7d:72:28:9a:78:1b:cf:3b:3a:
         7a:31:1a:c9:65:62:1a:2c:7f:4e:4f:e8:ae:0b:0c:8f:69:e3:
         fa:c2:7a:f0
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzF3BiRI/njLm5x/gIiuLoHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5Y2QyMThhYmNkZjY2ZTc5NTAwYWI5MTNjZDIxY2YwNmU0
MDVkNGUwHhcNMjQwMTAxMTYyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjExZTU5MDFhYWY4MWY1MzM5Y2EyMjFiNWJkNDUxNDk3ZTU0ZDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo87KtVm5qdG/IeAmElVg6DOnhAmT
3eIiy47caqTCu+lxcXjF19gobHYzpGT/2iUSBL4ArpMPevjNaPOUVC7uduTwiIzp
kd2QXCAXkPhRscGaPF5CpfRrZNNMIETTQHHaB3PgtDOu7dT9XzMhUYgCqppAyYjp
iXzRG9tvkpwJjx24kNI5He+tjKdenD33N03emzpEc7qNV8zQeNusRDswcqSejqVx
4VqZGG2dYe4vUNavzQQ7jljPOfIlwrDd3LrnCRxtjjezibnCBjwXsjWURXR1jiIJ
lLsVZS3Qddb8/tqYabEv2YL9S4ZfB+LB0Gshx1LlORQzSMpJ/2EM38toZwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFAYR5ZAar4H1M5yiIbW9RRSX5U0nMB8GA1UdIwQY
MBaAFAnNIYq832bnlQCrkTzSHPBuQF1OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2MwaGlyemZadWVWQUt1UlBOSWM4RzVBWFU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi83N2ZlNDgtZDFmMS00NDlhLTgwN2Qt
NGMxOWVjNWI1N2NhLzEvQmhIbGtCcXZnZlV6bktJaHRiMUZGSmZsVFNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi83N2ZlNDgtZDFmMS00NDlhLTgwN2QtNGMxOWVjNWI1N2Nh
LzEvQ2MwaGlyemZadWVWQUt1UlBOSWM4RzVBWFU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDAwBSpwME
BFKnIDANBgkqhkiG9w0BAQsFAAOCAQEAame5tWGGiPfeRY2vj720tx1ZdYi22oXq
SEFuTmKKfDi4XFgCdr2y4dg4KR8YRPkjJ7uwFjFf92cFJBazh0vROLGBRD/cR/mW
ajFqdAVeVEVS2SgytSxhtEiJC5hJTQKywx0C99ik5LPVAYzEed7M9IXVKgkHRhmm
kBOq0UmSueg7UBtBQs2RH2TDqxHtnwEiADSfS6YopBEfWh5zX+iJxRsFGNs9stHh
fbHCq0rRLQWB0wjVc2hX8+9f6hW3QX3mwaV7RbtDr3T7DXps14vHwN8A3c8IUt+O
kBdnW/EKOVY1fXIomngbzzs6ejEayWViGix/Tk/orgsMj2nj+sJ68A==
-----END CERTIFICATE-----