Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/536374-dc66-48ac-8a1c-e0eab2f39637/1/BgSd_th75yOqmVMCEXJLTgjzrck.roa
File:                     BgSd_th75yOqmVMCEXJLTgjzrck.roa (raw, json)
Hash identifier:          yWnAltwvCKCXhq5/1NBELmG8/NwjUQtRWQQdjBzGPCI=
Subject key identifier:   06:04:9D:FE:D8:7B:E7:23:AA:99:53:02:11:72:4B:4E:08:F3:AD:C9
Certificate issuer:       /CN=b846e854187f9332954c60e08c3351afcdf1085b
Certificate serial:       018CC50133E78338368D6ED7E0F6C3C88665
Authority key identifier: B8:46:E8:54:18:7F:93:32:95:4C:60:E0:8C:33:51:AF:CD:F1:08:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uEboVBh_kzKVTGDgjDNRr83xCFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/536374-dc66-48ac-8a1c-e0eab2f39637/1/BgSd_th75yOqmVMCEXJLTgjzrck.roa
Signing time:             Mon 01 Jan 2024 12:30:39 +0000
ROA not before:           Mon 01 Jan 2024 12:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200780
IP address blocks:        94.231.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/536374-dc66-48ac-8a1c-e0eab2f39637/1/uEboVBh_kzKVTGDgjDNRr83xCFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/536374-dc66-48ac-8a1c-e0eab2f39637/1/uEboVBh_kzKVTGDgjDNRr83xCFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uEboVBh_kzKVTGDgjDNRr83xCFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:33:e7:83:38:36:8d:6e:d7:e0:f6:c3:c8:86:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b846e854187f9332954c60e08c3351afcdf1085b
        Validity
            Not Before: Jan  1 12:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06049dfed87be723aa99530211724b4e08f3adc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:62:d5:a6:d9:83:f7:7a:97:e9:ff:92:01:32:
                    81:11:be:db:a9:7d:55:c8:c2:de:87:e4:37:fc:2a:
                    13:d8:b7:c8:87:43:35:d9:14:89:4e:30:c5:53:6c:
                    04:c2:f1:83:bc:bf:6c:a9:d3:20:76:67:f0:4f:59:
                    c4:a5:15:ed:70:80:cb:bd:32:43:6d:35:4b:8e:7d:
                    29:68:73:fa:e0:8c:23:6f:c5:57:a2:86:49:d8:59:
                    50:dd:f3:95:94:37:ee:23:5a:e4:a2:b7:87:b7:45:
                    ef:b3:68:8f:79:58:81:93:ba:6e:ea:6f:be:2e:fd:
                    7a:a7:72:30:18:63:43:37:22:85:6f:db:77:ed:bb:
                    af:f1:b8:39:a3:80:86:87:c3:38:7c:2d:ea:a8:fd:
                    da:79:a4:6c:11:0d:14:a6:57:e7:f3:db:01:c2:c5:
                    3b:23:df:23:24:f6:fa:9f:b0:ef:76:f7:25:4c:f1:
                    1f:17:c4:7e:9e:e3:a3:62:9c:e3:66:cc:e9:eb:36:
                    de:1c:f2:bf:fc:0c:af:b9:4d:c0:a2:5f:f1:44:2d:
                    e4:10:38:02:b4:53:75:c4:2b:06:b8:f7:87:e3:06:
                    90:ed:c3:bb:de:41:da:57:fa:8c:9a:db:cf:46:50:
                    9d:56:a4:b4:e7:c3:6d:e7:22:3e:2e:bd:53:1b:7e:
                    d9:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:04:9D:FE:D8:7B:E7:23:AA:99:53:02:11:72:4B:4E:08:F3:AD:C9
            X509v3 Authority Key Identifier:
                keyid:B8:46:E8:54:18:7F:93:32:95:4C:60:E0:8C:33:51:AF:CD:F1:08:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uEboVBh_kzKVTGDgjDNRr83xCFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/536374-dc66-48ac-8a1c-e0eab2f39637/1/BgSd_th75yOqmVMCEXJLTgjzrck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/536374-dc66-48ac-8a1c-e0eab2f39637/1/uEboVBh_kzKVTGDgjDNRr83xCFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.231.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:d4:43:b4:70:1b:4a:e9:3e:67:e5:65:09:39:1e:78:bb:93:
         43:10:8a:d3:e7:72:f9:5a:8c:46:dd:09:f5:80:d0:6a:83:b6:
         82:b9:1c:d3:6a:fc:1d:d4:26:08:ca:fe:43:fb:fc:a4:1f:14:
         69:5d:f1:72:cc:bc:c3:ac:87:d6:68:16:c2:cd:c9:3d:df:46:
         85:9c:9a:c0:69:13:d7:70:80:ff:e7:4d:19:12:51:ca:54:29:
         a9:c0:2b:97:5d:a0:17:94:8a:e1:ff:8a:ae:85:d5:25:ff:25:
         8b:3f:07:8a:56:ea:b0:c4:57:91:40:a9:b7:e4:15:a2:33:9a:
         02:ca:54:22:ce:56:fd:28:b7:8f:36:36:ac:4c:1d:91:09:bb:
         02:5b:c9:a6:e8:c3:9e:b5:e1:a5:e8:66:cd:ef:d9:b3:cb:c0:
         a5:e9:8c:63:77:0c:e7:14:e7:44:11:92:3b:94:bc:fc:af:5a:
         bc:ae:d8:04:88:cc:d3:3c:d6:b3:0e:38:c6:6c:08:5f:32:0b:
         c9:cd:13:dd:a6:62:0d:7f:48:5e:9a:3f:d0:d4:b3:cc:83:65:
         ab:4a:11:d4:b4:f3:04:ad:dd:30:9b:4f:d5:f3:e9:e0:31:4d:
         cd:5b:c4:fd:56:ac:aa:52:74:2d:9a:3f:63:28:68:1b:a2:de:
         d7:85:93:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATPngzg2jW7X4PbDyIZlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NDZlODU0MTg3ZjkzMzI5NTRjNjBlMDhjMzM1MWFmY2Rm
MTA4NWIwHhcNMjQwMTAxMTIzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjA0OWRmZWQ4N2JlNzIzYWE5OTUzMDIxMTcyNGI0ZTA4ZjNhZGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGLVptmD93qX6f+SATKBEb7bqX1V
yMLeh+Q3/CoT2LfIh0M12RSJTjDFU2wEwvGDvL9sqdMgdmfwT1nEpRXtcIDLvTJD
bTVLjn0paHP64Iwjb8VXooZJ2FlQ3fOVlDfuI1rkoreHt0Xvs2iPeViBk7pu6m++
Lv16p3IwGGNDNyKFb9t37buv8bg5o4CGh8M4fC3qqP3aeaRsEQ0Uplfn89sBwsU7
I98jJPb6n7DvdvclTPEfF8R+nuOjYpzjZszp6zbeHPK//AyvuU3Aol/xRC3kEDgC
tFN1xCsGuPeH4waQ7cO73kHaV/qMmtvPRlCdVqS058Nt5yI+Lr1TG37Z6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYEnf7Ye+cjqplTAhFyS04I863JMB8GA1UdIwQY
MBaAFLhG6FQYf5MylUxg4IwzUa/N8QhbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUVib1ZCaF9rektWVEdEZ2pETlJyODN4Q0ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS81MzYzNzQtZGM2Ni00OGFjLThhMWMt
ZTBlYWIyZjM5NjM3LzEvQmdTZF90aDc1eU9xbVZNQ0VYSkxUZ2p6cmNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS81MzYzNzQtZGM2Ni00OGFjLThhMWMtZTBlYWIyZjM5NjM3
LzEvdUVib1ZCaF9rektWVEdEZ2pETlJyODN4Q0ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXufLMA0G
CSqGSIb3DQEBCwUAA4IBAQAz1EO0cBtK6T5n5WUJOR54u5NDEIrT53L5WoxG3Qn1
gNBqg7aCuRzTavwd1CYIyv5D+/ykHxRpXfFyzLzDrIfWaBbCzck930aFnJrAaRPX
cID/500ZElHKVCmpwCuXXaAXlIrh/4quhdUl/yWLPweKVuqwxFeRQKm35BWiM5oC
ylQizlb9KLePNjasTB2RCbsCW8mm6MOeteGl6GbN79mzy8Cl6YxjdwznFOdEEZI7
lLz8r1q8rtgEiMzTPNazDjjGbAhfMgvJzRPdpmINf0hemj/Q1LPMg2WrShHUtPME
rd0wm0/V8+ngMU3NW8T9VqyqUnQtmj9jKGgbot7XhZNl
-----END CERTIFICATE-----