Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/bfcBA_m7rGFWZUrLHbxdnwQav2M.roa
File:                     bfcBA_m7rGFWZUrLHbxdnwQav2M.roa (raw, json)
Hash identifier:          4dU7FEoFdtXhvQL59inDOPJXsvneQJU94I/fuz7sgSI=
Subject key identifier:   6D:F7:01:03:F9:BB:AC:61:56:65:4A:CB:1D:BC:5D:9F:04:1A:BF:63
Certificate issuer:       /CN=424feffb576e411de511871dc1e0bd7a20e2c4d7
Certificate serial:       0194258F696221EEC3473B4CA4413B976D3A
Authority key identifier: 42:4F:EF:FB:57:6E:41:1D:E5:11:87:1D:C1:E0:BD:7A:20:E2:C4:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/bfcBA_m7rGFWZUrLHbxdnwQav2M.roa
Signing time:             Thu 02 Jan 2025 05:49:03 +0000
ROA not before:           Thu 02 Jan 2025 05:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204866
IP address blocks:        194.99.44.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:69:62:21:ee:c3:47:3b:4c:a4:41:3b:97:6d:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=424feffb576e411de511871dc1e0bd7a20e2c4d7
        Validity
            Not Before: Jan  2 05:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6df70103f9bbac6156654acb1dbc5d9f041abf63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:93:b1:51:f2:d5:54:5e:bb:57:1f:63:e6:b0:
                    b5:a4:b5:a0:8e:f8:2c:f2:44:c7:aa:17:81:0e:a1:
                    5a:1a:2e:c7:49:46:d3:29:3d:15:f1:1a:c4:e6:11:
                    10:00:84:96:03:09:4a:05:7d:5e:1f:36:80:f1:3c:
                    ab:fe:3c:fa:27:7d:eb:0d:f4:6e:4c:dd:a1:73:0b:
                    66:93:d7:c5:40:73:b0:5f:20:c9:0a:19:20:40:22:
                    c9:31:65:8a:d8:18:1e:2d:f4:91:9c:98:92:65:8c:
                    3e:15:47:b6:fd:f7:69:b6:6a:d3:47:64:f1:3c:f3:
                    4f:99:6f:87:f7:63:72:a8:0a:86:43:6e:a2:46:2c:
                    cd:cb:76:fe:2d:54:b3:6c:24:91:c3:0f:27:a5:2a:
                    75:a0:dc:da:dd:c2:7d:af:56:89:67:6e:c0:b8:2c:
                    38:34:f6:6f:64:fd:1d:d5:8d:92:1b:07:3c:95:b3:
                    d8:c9:cd:f7:68:a4:bf:60:b4:9d:e2:c7:1f:2b:be:
                    61:95:7d:88:11:3e:4d:46:7d:0a:cd:00:59:76:36:
                    dd:e5:bb:f4:4e:0e:8e:99:60:9d:b3:cf:91:c8:d6:
                    25:24:f6:86:e8:fb:c7:30:9e:93:fd:55:56:2a:1e:
                    d3:0a:65:61:55:f9:de:83:48:63:93:58:4f:de:99:
                    8b:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:F7:01:03:F9:BB:AC:61:56:65:4A:CB:1D:BC:5D:9F:04:1A:BF:63
            X509v3 Authority Key Identifier:
                keyid:42:4F:EF:FB:57:6E:41:1D:E5:11:87:1D:C1:E0:BD:7A:20:E2:C4:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/bfcBA_m7rGFWZUrLHbxdnwQav2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.99.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9c:c2:38:0d:1f:2a:92:1a:70:2f:ee:91:55:de:6b:f2:50:fc:
         f7:38:b7:a9:6e:cb:b3:2a:64:1f:3b:b5:d2:3c:44:c4:11:e4:
         6a:9d:f1:f2:50:15:88:01:43:62:9f:4e:f3:83:3e:28:cf:ac:
         1b:e6:7b:79:a1:0d:a0:e3:e1:94:7f:95:cc:7a:31:07:5f:7c:
         8e:79:ce:d8:aa:2e:cf:51:37:77:d8:c6:59:e7:a7:db:6c:9c:
         f0:51:b4:9c:b6:7c:17:c3:b4:1d:4b:92:3d:70:25:5a:cb:d0:
         28:f7:e6:e8:ef:8a:62:a7:0c:02:b6:44:f6:99:56:73:66:b6:
         3f:01:a7:9c:a1:8a:78:22:90:37:d1:1a:e1:4c:4a:84:a9:74:
         78:7a:e8:22:fb:91:f6:0c:52:66:b9:02:76:58:c0:92:e8:40:
         4b:95:84:dd:65:01:3b:19:48:37:03:ac:5c:a8:23:04:2b:14:
         3c:ee:2a:c0:41:da:94:ce:b2:94:89:c6:b1:0f:6d:56:b7:03:
         68:2a:31:9b:91:f8:6f:1a:21:a6:a2:8a:1c:17:92:c4:74:79:
         dc:f6:b9:93:40:25:50:1f:b2:1b:c0:2d:43:b4:bf:64:6d:f4:
         85:b3:10:8e:a7:72:dd:3b:21:57:1f:61:65:34:66:1b:84:54:
         00:2a:8e:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj2liIe7DRztMpEE7l206MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyNGZlZmZiNTc2ZTQxMWRlNTExODcxZGMxZTBiZDdhMjBl
MmM0ZDcwHhcNMjUwMTAyMDU0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGY3MDEwM2Y5YmJhYzYxNTY2NTRhY2IxZGJjNWQ5ZjA0MWFiZjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8JOxUfLVVF67Vx9j5rC1pLWgjvgs
8kTHqheBDqFaGi7HSUbTKT0V8RrE5hEQAISWAwlKBX1eHzaA8Tyr/jz6J33rDfRu
TN2hcwtmk9fFQHOwXyDJChkgQCLJMWWK2BgeLfSRnJiSZYw+FUe2/fdptmrTR2Tx
PPNPmW+H92NyqAqGQ26iRizNy3b+LVSzbCSRww8npSp1oNza3cJ9r1aJZ27AuCw4
NPZvZP0d1Y2SGwc8lbPYyc33aKS/YLSd4scfK75hlX2IET5NRn0KzQBZdjbd5bv0
Tg6OmWCds8+RyNYlJPaG6PvHMJ6T/VVWKh7TCmVhVfneg0hjk1hP3pmLlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG33AQP5u6xhVmVKyx28XZ8EGr9jMB8GA1UdIwQY
MBaAFEJP7/tXbkEd5RGHHcHgvXog4sTXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWtfdi0xZHVRUjNsRVljZHdlQzllaURpeE5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy82MTM1MDgtMDgzMi00MWY2LWFjYjct
ODMxZjdlNmY1Y2NkLzEvYmZjQkFfbTdyR0ZXWlVyTEhieGRud1FhdjJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy82MTM1MDgtMDgzMi00MWY2LWFjYjctODMxZjdlNmY1Y2Nk
LzEvUWtfdi0xZHVRUjNsRVljZHdlQzllaURpeE5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwmMsMA0G
CSqGSIb3DQEBCwUAA4IBAQCcwjgNHyqSGnAv7pFV3mvyUPz3OLepbsuzKmQfO7XS
PETEEeRqnfHyUBWIAUNin07zgz4oz6wb5nt5oQ2g4+GUf5XMejEHX3yOec7Yqi7P
UTd32MZZ56fbbJzwUbSctnwXw7QdS5I9cCVay9Ao9+bo74pipwwCtkT2mVZzZrY/
AaecoYp4IpA30RrhTEqEqXR4eugi+5H2DFJmuQJ2WMCS6EBLlYTdZQE7GUg3A6xc
qCMEKxQ87irAQdqUzrKUicaxD21WtwNoKjGbkfhvGiGmooocF5LEdHnc9rmTQCVQ
H7IbwC1DtL9kbfSFsxCOp3LdOyFXH2FlNGYbhFQAKo5p
-----END CERTIFICATE-----