Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/Bc_mnRoGvRJFq-IcORWm-1oFkE0.roa
File:                     Bc_mnRoGvRJFq-IcORWm-1oFkE0.roa (raw, json)
Hash identifier:          OtQlbb24KK3bknRFaJCP2J1wSQFY9KhSSRFgNNdQXc0=
Subject key identifier:   05:CF:E6:9D:1A:06:BD:12:45:AB:E2:1C:39:15:A6:FB:5A:05:90:4D
Certificate issuer:       /CN=54b24d895bf9c0a5fd000a45a347510b2a087fb8
Certificate serial:       018CC2DB2C1E6B1506DBF81C90932804047A
Authority key identifier: 54:B2:4D:89:5B:F9:C0:A5:FD:00:0A:45:A3:47:51:0B:2A:08:7F:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VLJNiVv5wKX9AApFo0dRCyoIf7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/Bc_mnRoGvRJFq-IcORWm-1oFkE0.roa
Signing time:             Mon 01 Jan 2024 02:29:52 +0000
ROA not before:           Mon 01 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12552
IP address blocks:        147.78.229.0/24 maxlen: 32
                          147.78.231.0/24 maxlen: 32
                          147.78.230.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/VLJNiVv5wKX9AApFo0dRCyoIf7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/VLJNiVv5wKX9AApFo0dRCyoIf7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VLJNiVv5wKX9AApFo0dRCyoIf7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2c:1e:6b:15:06:db:f8:1c:90:93:28:04:04:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54b24d895bf9c0a5fd000a45a347510b2a087fb8
        Validity
            Not Before: Jan  1 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05cfe69d1a06bd1245abe21c3915a6fb5a05904d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:89:54:11:91:ad:4e:44:08:aa:aa:0f:a3:8f:
                    0d:66:8c:e2:d3:20:c8:e0:e8:d2:1d:52:b9:73:26:
                    2d:49:32:6a:7a:ab:52:07:1a:ed:b5:29:cf:ea:0c:
                    f0:27:54:6d:f7:c0:a0:8e:09:f9:f7:c3:90:78:a0:
                    7e:e5:91:56:01:e9:07:24:55:5b:62:1f:b9:52:49:
                    6f:5f:07:82:29:fb:58:a8:9e:61:c2:05:01:8d:20:
                    b6:4c:ff:81:63:05:ea:77:61:b2:87:f2:e3:8f:c2:
                    dd:32:5f:94:29:e0:7b:22:ad:39:5a:05:04:70:7c:
                    e4:78:0d:e1:26:75:b1:61:ba:9d:6c:2b:ae:2a:47:
                    5e:39:84:1c:c5:2a:43:42:dc:1a:63:3b:5a:d8:6a:
                    8a:21:54:10:9f:1b:2b:21:6b:2e:66:36:e3:75:75:
                    31:d5:19:80:55:dc:86:20:82:fc:13:60:fe:86:65:
                    20:7c:2e:bf:fd:d7:27:a6:7e:3b:88:2e:91:05:dc:
                    9f:99:67:1b:03:6e:87:45:a9:53:c6:26:63:b6:70:
                    93:a3:67:6e:76:4d:1f:05:d6:21:ed:96:47:e3:1b:
                    c1:44:23:23:2d:72:53:af:10:a7:b2:38:55:00:03:
                    b5:c2:66:98:5b:7a:bf:30:d5:84:78:cc:40:8c:dd:
                    2c:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:CF:E6:9D:1A:06:BD:12:45:AB:E2:1C:39:15:A6:FB:5A:05:90:4D
            X509v3 Authority Key Identifier:
                keyid:54:B2:4D:89:5B:F9:C0:A5:FD:00:0A:45:A3:47:51:0B:2A:08:7F:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VLJNiVv5wKX9AApFo0dRCyoIf7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/Bc_mnRoGvRJFq-IcORWm-1oFkE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d21679-2ad2-4df5-80b0-fcb9bd05b1ab/1/VLJNiVv5wKX9AApFo0dRCyoIf7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.229.0-147.78.231.255

    Signature Algorithm: sha256WithRSAEncryption
         ac:2f:91:97:d4:5b:1e:07:de:54:6f:4f:ab:56:47:36:37:cb:
         43:39:d1:b4:c0:06:48:50:56:4f:4b:70:a4:65:14:e9:c9:e9:
         7d:63:3c:9f:b4:dd:69:a6:81:f5:96:dc:7f:3e:a8:d9:9b:6b:
         97:fc:6d:c8:ac:98:99:b2:0d:0f:47:96:55:be:f1:b8:25:b6:
         6e:f6:77:65:76:d9:8e:1e:7e:24:15:2c:6e:43:6b:d9:b2:49:
         1c:8c:55:44:40:fb:97:5d:5e:1d:e5:09:61:5b:c7:10:2d:ca:
         3d:84:c9:85:98:16:b0:2f:45:f3:66:20:b4:61:ee:bf:15:ef:
         39:8e:e0:67:a3:d4:35:6b:37:1d:43:06:ee:24:3a:52:ea:71:
         d9:3c:8d:84:75:ad:34:f3:a7:f8:9a:39:01:3b:d8:df:0a:58:
         ba:63:09:eb:df:c1:7e:d2:fd:56:b1:65:6a:5a:fa:be:81:f0:
         e2:c0:14:b5:32:b0:10:20:83:a5:b2:e9:6c:80:68:a5:5c:9f:
         3c:fa:99:73:be:2a:8a:eb:ef:b1:bb:66:dd:c2:a7:3e:01:a4:
         7b:af:2c:7c:76:3c:a4:b5:b3:56:56:ba:3b:5e:f0:79:f3:51:
         e1:08:2d:51:75:43:7e:01:34:69:30:b1:36:32:24:3a:d9:fc:
         23:17:c4:87
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzC2yweaxUG2/gckJMoBAR6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0YjI0ZDg5NWJmOWMwYTVmZDAwMGE0NWEzNDc1MTBiMmEw
ODdmYjgwHhcNMjQwMTAxMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWNmZTY5ZDFhMDZiZDEyNDVhYmUyMWMzOTE1YTZmYjVhMDU5MDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhYlUEZGtTkQIqqoPo48NZozi0yDI
4OjSHVK5cyYtSTJqeqtSBxrttSnP6gzwJ1Rt98Cgjgn598OQeKB+5ZFWAekHJFVb
Yh+5UklvXweCKftYqJ5hwgUBjSC2TP+BYwXqd2Gyh/Ljj8LdMl+UKeB7Iq05WgUE
cHzkeA3hJnWxYbqdbCuuKkdeOYQcxSpDQtwaYzta2GqKIVQQnxsrIWsuZjbjdXUx
1RmAVdyGIIL8E2D+hmUgfC6//dcnpn47iC6RBdyfmWcbA26HRalTxiZjtnCTo2du
dk0fBdYh7ZZH4xvBRCMjLXJTrxCnsjhVAAO1wmaYW3q/MNWEeMxAjN0sMQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAXP5p0aBr0SRaviHDkVpvtaBZBNMB8GA1UdIwQY
MBaAFFSyTYlb+cCl/QAKRaNHUQsqCH+4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkxKTmlWdjV3S1g5QUFwRm8wZFJDeW9JZjdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9kMjE2NzktMmFkMi00ZGY1LTgwYjAt
ZmNiOWJkMDViMWFiLzEvQmNfbW5Sb0d2UkpGcS1JY09SV20tMW9Ga0UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9kMjE2NzktMmFkMi00ZGY1LTgwYjAtZmNiOWJkMDViMWFi
LzEvVkxKTmlWdjV3S1g5QUFwRm8wZFJDeW9JZjdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACTTuUD
BAOTTuAwDQYJKoZIhvcNAQELBQADggEBAKwvkZfUWx4H3lRvT6tWRzY3y0M50bTA
BkhQVk9LcKRlFOnJ6X1jPJ+03WmmgfWW3H8+qNmba5f8bcismJmyDQ9HllW+8bgl
tm72d2V22Y4efiQVLG5Da9mySRyMVURA+5ddXh3lCWFbxxAtyj2EyYWYFrAvRfNm
ILRh7r8V7zmO4Gej1DVrNx1DBu4kOlLqcdk8jYR1rTTzp/iaOQE72N8KWLpjCevf
wX7S/VaxZWpa+r6B8OLAFLUysBAgg6Wy6WyAaKVcnzz6mXO+Korr77G7Zt3Cpz4B
pHuvLHx2PKS1s1ZWujte8HnzUeEILVF1Q34BNGkwsTYyJDrZ/CMXxIc=
-----END CERTIFICATE-----