Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/BXP5Wu-bLUc0y2FMLMyRQNbPRGA.roa
File:                     BXP5Wu-bLUc0y2FMLMyRQNbPRGA.roa (raw, json)
Hash identifier:          V1wFUqvuIn7QYbEzUD09Tk67SxkJ3YWGrBtC9Pr6aX0=
Subject key identifier:   05:73:F9:5A:EF:9B:2D:47:34:CB:61:4C:2C:CC:91:40:D6:CF:44:60
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019422202C75421982BCBA3A0F1A9BE203D3
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/BXP5Wu-bLUc0y2FMLMyRQNbPRGA.roa
Signing time:             Wed 01 Jan 2025 13:48:41 +0000
ROA not before:           Wed 01 Jan 2025 13:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60781
IP address blocks:        185.223.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:2c:75:42:19:82:bc:ba:3a:0f:1a:9b:e2:03:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0573f95aef9b2d4734cb614c2ccc9140d6cf4460
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:a8:7c:30:9a:b5:09:7c:08:6b:da:a3:c7:6e:
                    07:ee:e1:42:32:4b:4a:d5:35:80:fb:71:db:44:09:
                    0b:19:41:8a:52:7b:00:1d:a2:a9:a6:0c:cb:24:a0:
                    90:af:76:fc:bc:dd:5e:9b:b7:6d:b9:93:b3:b1:22:
                    40:66:15:27:85:5c:6b:b6:41:6c:b2:cd:6c:0c:64:
                    77:b6:05:57:28:1a:1b:a4:6d:0d:7d:a4:61:17:81:
                    6c:6b:4a:c6:74:f2:3e:00:3b:6b:58:a1:5a:39:31:
                    c1:89:6b:fd:8d:dc:d6:c1:7b:64:6e:ce:78:66:f1:
                    a9:28:a8:6c:cf:78:cb:d7:d5:d5:2b:64:fa:18:31:
                    13:23:dc:e3:96:3a:af:36:5b:26:3a:08:90:5a:1c:
                    71:1d:e0:aa:7b:33:2e:c2:6a:79:19:9e:45:12:29:
                    76:5a:0a:48:f9:c2:06:07:ef:5d:87:48:1f:cc:12:
                    f7:ed:81:29:d7:bd:8d:e7:b7:4d:5e:99:c7:ed:44:
                    f1:31:cb:8c:00:14:05:c6:f0:3c:e7:dc:2f:52:59:
                    a7:29:82:bb:50:1b:56:1a:15:65:ea:d1:1c:1a:8e:
                    3c:6c:8e:61:a3:35:08:32:77:a3:95:87:4f:22:99:
                    17:67:8b:0d:ae:f4:64:3f:ca:7f:cd:b9:3b:8e:bb:
                    0b:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:73:F9:5A:EF:9B:2D:47:34:CB:61:4C:2C:CC:91:40:D6:CF:44:60
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/BXP5Wu-bLUc0y2FMLMyRQNbPRGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:59:25:0f:40:be:57:40:40:11:bd:0f:08:7b:c7:70:e5:3e:
         11:fb:5c:d2:5e:e5:a5:7a:e8:a8:e0:cd:76:c6:3d:34:b5:2b:
         99:e4:32:5b:08:f3:d2:92:ba:9b:25:70:03:66:87:39:a2:78:
         87:90:76:af:7f:0c:17:01:2f:81:8b:e6:1d:b5:18:df:d0:23:
         37:9c:9c:31:7f:f7:fe:b1:29:ee:d4:65:1c:d6:c2:f7:f1:5e:
         59:a5:d6:a6:c4:4e:d0:b7:05:1b:0b:c3:e3:38:79:75:b4:40:
         ff:01:a5:32:12:09:2e:37:90:b7:11:0a:d7:df:11:24:c1:55:
         9f:3a:26:81:06:ca:33:b4:00:6c:bd:48:00:17:00:2d:96:25:
         24:42:38:36:1f:a1:4f:9f:61:12:18:84:c2:9e:1c:74:82:2c:
         c0:c4:59:85:4e:c6:fc:29:3d:0b:52:32:c3:eb:aa:66:e9:20:
         28:27:b1:52:38:27:6f:71:9f:51:0d:36:04:2b:22:a1:ac:2e:
         84:57:25:0e:e1:47:a9:92:53:bb:6b:fc:00:ba:d0:e9:6d:cb:
         7c:69:9b:94:49:7d:be:24:9d:ec:35:cc:33:90:ee:37:30:ba:
         38:b5:42:01:78:95:61:10:f0:8c:bc:0b:5d:de:a2:5a:34:61:
         bd:66:5d:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiICx1QhmCvLo6Dxqb4gPTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTczZjk1YWVmOWIyZDQ3MzRjYjYxNGMyY2NjOTE0MGQ2Y2Y0NDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqh8MJq1CXwIa9qjx24H7uFCMktK
1TWA+3HbRAkLGUGKUnsAHaKppgzLJKCQr3b8vN1em7dtuZOzsSJAZhUnhVxrtkFs
ss1sDGR3tgVXKBobpG0NfaRhF4Fsa0rGdPI+ADtrWKFaOTHBiWv9jdzWwXtkbs54
ZvGpKKhsz3jL19XVK2T6GDETI9zjljqvNlsmOgiQWhxxHeCqezMuwmp5GZ5FEil2
WgpI+cIGB+9dh0gfzBL37YEp172N57dNXpnH7UTxMcuMABQFxvA859wvUlmnKYK7
UBtWGhVl6tEcGo48bI5hozUIMnejlYdPIpkXZ4sNrvRkP8p/zbk7jrsLdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAVz+Vrvmy1HNMthTCzMkUDWz0RgMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvQlhQNVd1LWJMVWMweTJGTUxNeVJRTmJQUkdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud+YMA0G
CSqGSIb3DQEBCwUAA4IBAQBcWSUPQL5XQEARvQ8Ie8dw5T4R+1zSXuWleuio4M12
xj00tSuZ5DJbCPPSkrqbJXADZoc5oniHkHavfwwXAS+Bi+YdtRjf0CM3nJwxf/f+
sSnu1GUc1sL38V5ZpdamxE7QtwUbC8PjOHl1tED/AaUyEgkuN5C3EQrX3xEkwVWf
OiaBBsoztABsvUgAFwAtliUkQjg2H6FPn2ESGITCnhx0gizAxFmFTsb8KT0LUjLD
66pm6SAoJ7FSOCdvcZ9RDTYEKyKhrC6EVyUO4UepklO7a/wAutDpbct8aZuUSX2+
JJ3sNcwzkO43MLo4tUIBeJVhEPCMvAtd3qJaNGG9Zl39
-----END CERTIFICATE-----