Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/6a7032-e80e-4ba7-b724-cd9eccf93b31/1/btlaSjPIsD0Mr8SoCJxYYDAZ-XI.roa
File:                     btlaSjPIsD0Mr8SoCJxYYDAZ-XI.roa (raw, json)
Hash identifier:          UBfC3g36JlN6UTwZic/dNDaMq5sdG52eDM9GEqPB7q4=
Subject key identifier:   6E:D9:5A:4A:33:C8:B0:3D:0C:AF:C4:A8:08:9C:58:60:30:19:F9:72
Certificate issuer:       /CN=08759158de234b754b7150f21933096c1094aac4
Certificate serial:       018CC9BCB6FF9BAAD237DF39C3E9E23B8DF7
Authority key identifier: 08:75:91:58:DE:23:4B:75:4B:71:50:F2:19:33:09:6C:10:94:AA:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CHWRWN4jS3VLcVDyGTMJbBCUqsQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/6a7032-e80e-4ba7-b724-cd9eccf93b31/1/btlaSjPIsD0Mr8SoCJxYYDAZ-XI.roa
Signing time:             Tue 02 Jan 2024 10:33:57 +0000
ROA not before:           Tue 02 Jan 2024 10:33:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12906
IP address blocks:        188.65.0.0/21 maxlen: 24
                          2a00:eea0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/6a7032-e80e-4ba7-b724-cd9eccf93b31/1/CHWRWN4jS3VLcVDyGTMJbBCUqsQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/6a7032-e80e-4ba7-b724-cd9eccf93b31/1/CHWRWN4jS3VLcVDyGTMJbBCUqsQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CHWRWN4jS3VLcVDyGTMJbBCUqsQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:b6:ff:9b:aa:d2:37:df:39:c3:e9:e2:3b:8d:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08759158de234b754b7150f21933096c1094aac4
        Validity
            Not Before: Jan  2 10:33:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ed95a4a33c8b03d0cafc4a8089c58603019f972
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:6c:40:fd:bd:b0:88:ad:a0:80:12:33:16:fd:
                    5c:b2:67:b1:62:1a:4c:3a:39:4e:af:35:2e:28:59:
                    fb:d2:d8:b3:66:bc:d0:66:b9:10:35:ef:fb:4d:ad:
                    d6:e5:93:7f:ea:8a:f9:1f:9d:98:a3:b4:35:1a:df:
                    c5:36:9e:13:f1:77:65:5f:ac:fd:b3:fa:a9:b2:ff:
                    43:3e:4e:91:5f:f0:5b:32:b9:74:1b:37:dd:49:db:
                    b6:c4:52:00:b6:cf:f0:42:ba:46:3e:fc:b2:73:e1:
                    c3:4e:2b:52:68:ff:51:02:93:08:17:94:a7:d8:8a:
                    24:02:65:8f:e4:6e:bb:25:9f:94:43:4c:13:51:31:
                    17:b6:7c:e4:2a:6d:b3:4e:d4:49:67:5d:87:6a:5a:
                    a9:15:9a:a6:ac:da:55:2a:d9:32:d7:34:2a:80:74:
                    7d:d5:da:cc:5b:f5:26:2d:a7:38:2d:15:95:a7:61:
                    62:81:f6:dd:7c:f8:cd:e1:8d:13:1a:cd:99:69:c5:
                    5d:ba:08:7f:4c:37:f6:02:75:6f:0c:8b:af:64:bb:
                    a4:c3:d8:4b:e0:f7:51:3a:a6:ac:47:7b:56:1c:cd:
                    05:76:08:c1:f3:f4:46:db:7b:69:33:57:56:72:0f:
                    b5:e9:f5:9e:e6:29:80:c6:0e:7a:f8:2b:37:82:2a:
                    32:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:D9:5A:4A:33:C8:B0:3D:0C:AF:C4:A8:08:9C:58:60:30:19:F9:72
            X509v3 Authority Key Identifier:
                keyid:08:75:91:58:DE:23:4B:75:4B:71:50:F2:19:33:09:6C:10:94:AA:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CHWRWN4jS3VLcVDyGTMJbBCUqsQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/6a7032-e80e-4ba7-b724-cd9eccf93b31/1/btlaSjPIsD0Mr8SoCJxYYDAZ-XI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/6a7032-e80e-4ba7-b724-cd9eccf93b31/1/CHWRWN4jS3VLcVDyGTMJbBCUqsQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.65.0.0/21
                IPv6:
                  2a00:eea0::/29

    Signature Algorithm: sha256WithRSAEncryption
         40:b0:b8:53:62:f9:82:dd:8a:f4:6b:ce:06:6c:63:5a:97:76:
         e6:0b:9e:83:5a:54:11:17:32:7b:8c:e6:92:83:69:81:69:97:
         c7:fa:6a:8d:f8:18:85:0c:8e:a4:79:8d:6b:7e:e3:82:08:c4:
         4d:e6:85:5d:85:9b:5b:10:ae:a4:c6:05:66:e3:04:5a:a5:ae:
         36:5f:c2:86:92:e7:a3:e8:3e:37:67:e1:3a:52:16:61:80:03:
         66:10:10:5c:9b:ab:00:c9:0a:ac:2f:5d:15:4b:08:7f:ed:2e:
         15:1b:4d:ff:9f:24:de:16:d5:02:0c:af:d5:3a:27:6d:b7:70:
         36:17:0d:32:51:e9:c3:5e:56:69:64:45:f9:e5:45:b1:8a:30:
         e3:0e:3c:3d:54:e7:c4:b0:8f:a1:21:e7:a6:e2:e5:8a:ab:72:
         d8:23:1f:60:83:b3:57:74:2b:58:38:a7:55:b0:25:4a:08:a5:
         7c:0a:a2:10:4c:20:a1:53:30:70:9c:07:6c:5c:ce:94:f6:f8:
         8d:c2:1b:6a:88:24:23:d2:62:d8:7a:22:37:c0:d1:5f:b1:74:
         77:60:22:3d:4f:02:21:d2:8d:97:56:1b:45:53:dc:c1:73:56:
         67:21:db:4c:89:f2:21:b0:f5:4f:c8:8a:66:50:dd:14:5d:7b:
         41:ac:d8:ba
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvLb/m6rSN985w+niO433MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NzU5MTU4ZGUyMzRiNzU0YjcxNTBmMjE5MzMwOTZjMTA5
NGFhYzQwHhcNMjQwMTAyMTAzMzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWQ5NWE0YTMzYzhiMDNkMGNhZmM0YTgwODljNTg2MDMwMTlmOTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGxA/b2wiK2ggBIzFv1csmexYhpM
OjlOrzUuKFn70tizZrzQZrkQNe/7Ta3W5ZN/6or5H52Yo7Q1Gt/FNp4T8XdlX6z9
s/qpsv9DPk6RX/BbMrl0GzfdSdu2xFIAts/wQrpGPvyyc+HDTitSaP9RApMIF5Sn
2IokAmWP5G67JZ+UQ0wTUTEXtnzkKm2zTtRJZ12HalqpFZqmrNpVKtky1zQqgHR9
1drMW/UmLac4LRWVp2FigfbdfPjN4Y0TGs2ZacVdugh/TDf2AnVvDIuvZLukw9hL
4PdROqasR3tWHM0FdgjB8/RG23tpM1dWcg+16fWe5imAxg56+Cs3gioy/QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG7ZWkozyLA9DK/EqAicWGAwGflyMB8GA1UdIwQY
MBaAFAh1kVjeI0t1S3FQ8hkzCWwQlKrEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0hXUldONGpTM1ZMY1ZEeUdUTUpiQkNVcXNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS82YTcwMzItZTgwZS00YmE3LWI3MjQt
Y2Q5ZWNjZjkzYjMxLzEvYnRsYVNqUElzRDBNcjhTb0NKeFlZREFaLVhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS82YTcwMzItZTgwZS00YmE3LWI3MjQtY2Q5ZWNjZjkzYjMx
LzEvQ0hXUldONGpTM1ZMY1ZEeUdUTUpiQkNVcXNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDvEEAMA0E
AgACMAcDBQMqAO6gMA0GCSqGSIb3DQEBCwUAA4IBAQBAsLhTYvmC3Yr0a84GbGNa
l3bmC56DWlQRFzJ7jOaSg2mBaZfH+mqN+BiFDI6keY1rfuOCCMRN5oVdhZtbEK6k
xgVm4wRapa42X8KGkuej6D43Z+E6UhZhgANmEBBcm6sAyQqsL10VSwh/7S4VG03/
nyTeFtUCDK/VOidtt3A2Fw0yUenDXlZpZEX55UWxijDjDjw9VOfEsI+hIeem4uWK
q3LYIx9gg7NXdCtYOKdVsCVKCKV8CqIQTCChUzBwnAdsXM6U9viNwhtqiCQj0mLY
eiI3wNFfsXR3YCI9TwIh0o2XVhtFU9zBc1ZnIdtMifIhsPVPyIpmUN0UXXtBrNi6
-----END CERTIFICATE-----