Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/acb956-e1b5-4682-80b8-e7232f8448b0/1/bBPgkMIZssGrR9hUcpHCWPah2uM.roa
File:                     bBPgkMIZssGrR9hUcpHCWPah2uM.roa (raw, json)
Hash identifier:          RYx5Cg805YlMh3PTmuS3nomvlUe6ovp7N9UvxYKxsMU=
Subject key identifier:   6C:13:E0:90:C2:19:B2:C1:AB:47:D8:54:72:91:C2:58:F6:A1:DA:E3
Certificate issuer:       /CN=877c20737116bc6d5e5b224931cf13dd7f79f95b
Certificate serial:       018CC34949DF43245668C70672363F7B4A7E
Authority key identifier: 87:7C:20:73:71:16:BC:6D:5E:5B:22:49:31:CF:13:DD:7F:79:F9:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3wgc3EWvG1eWyJJMc8T3X95-Vs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/acb956-e1b5-4682-80b8-e7232f8448b0/1/bBPgkMIZssGrR9hUcpHCWPah2uM.roa
Signing time:             Mon 01 Jan 2024 04:30:09 +0000
ROA not before:           Mon 01 Jan 2024 04:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25540
IP address blocks:        185.13.214.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/acb956-e1b5-4682-80b8-e7232f8448b0/1/h3wgc3EWvG1eWyJJMc8T3X95-Vs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/acb956-e1b5-4682-80b8-e7232f8448b0/1/h3wgc3EWvG1eWyJJMc8T3X95-Vs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h3wgc3EWvG1eWyJJMc8T3X95-Vs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:49:df:43:24:56:68:c7:06:72:36:3f:7b:4a:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=877c20737116bc6d5e5b224931cf13dd7f79f95b
        Validity
            Not Before: Jan  1 04:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c13e090c219b2c1ab47d8547291c258f6a1dae3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a5:f2:50:3e:ec:22:77:fe:ae:f0:f8:4e:6a:
                    44:2e:9d:65:38:5a:e8:55:db:eb:1d:76:3f:b9:fc:
                    77:a0:ab:9f:8b:9b:f5:88:b1:8c:86:f5:e9:26:a6:
                    fe:15:89:cb:e5:9c:aa:03:8f:1b:a6:95:ab:87:17:
                    a8:02:82:4e:0e:85:c8:0c:d9:f9:53:1b:a4:bc:b6:
                    ad:51:fb:33:81:ad:9b:93:10:84:d1:90:56:0a:12:
                    b6:f3:44:75:5c:82:94:96:ce:2f:25:c6:7d:8d:61:
                    c6:ba:e5:d1:b9:1e:55:13:a7:7a:e9:f5:1d:36:ad:
                    eb:f9:50:90:bc:f0:9a:a4:b7:70:ef:95:9f:f6:1d:
                    9d:05:24:e8:36:99:37:7e:61:2d:d4:a6:e6:27:0e:
                    e2:e4:f4:65:b7:f4:a5:d2:6a:84:b3:3f:ca:93:7d:
                    b8:a2:b9:a2:45:54:bb:4a:82:40:1f:97:15:6d:b3:
                    99:88:9e:cf:c3:39:e2:95:3f:a1:85:15:5a:b2:29:
                    bb:8f:86:4e:66:cf:d6:2e:29:70:2b:ff:d9:27:5d:
                    7a:96:05:c9:08:56:a9:a0:c6:5a:9d:cb:a3:d3:00:
                    af:a3:a9:5b:cd:43:4e:c5:64:4e:27:7f:74:72:ec:
                    d4:1d:6e:fb:5f:a2:be:87:2e:e0:e4:6b:4c:c7:54:
                    0d:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:13:E0:90:C2:19:B2:C1:AB:47:D8:54:72:91:C2:58:F6:A1:DA:E3
            X509v3 Authority Key Identifier:
                keyid:87:7C:20:73:71:16:BC:6D:5E:5B:22:49:31:CF:13:DD:7F:79:F9:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3wgc3EWvG1eWyJJMc8T3X95-Vs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/acb956-e1b5-4682-80b8-e7232f8448b0/1/bBPgkMIZssGrR9hUcpHCWPah2uM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/acb956-e1b5-4682-80b8-e7232f8448b0/1/h3wgc3EWvG1eWyJJMc8T3X95-Vs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.13.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b9:ac:8f:07:82:f0:62:97:5d:bf:79:1e:f6:e7:62:d7:70:8b:
         0f:0a:80:d1:30:43:72:9e:84:2c:16:49:27:bf:79:2b:6d:f4:
         0f:7d:40:44:19:b1:80:fe:8b:c0:18:25:6e:f4:94:bb:eb:cb:
         b3:6e:a6:c4:22:d1:58:e9:cb:d4:2e:c3:20:52:c0:5f:3d:fc:
         1f:43:04:c3:e4:84:9f:0b:ef:a0:e8:98:cb:a3:d2:4a:0c:a4:
         84:29:68:3d:19:14:7b:b4:34:1a:a4:05:05:75:19:d2:3a:49:
         a0:5d:03:68:cd:23:0e:74:a2:d5:67:06:2f:5e:c2:85:3a:67:
         6a:d2:45:b6:8a:4e:81:99:07:76:1e:24:6a:0f:28:67:14:8a:
         21:de:be:96:bc:19:8e:e1:55:9c:37:19:59:10:b2:9c:ee:2c:
         b7:22:f7:33:a6:bc:35:10:b9:c1:95:d9:ce:bb:14:19:03:23:
         b8:b1:4b:16:34:61:e8:e5:a5:61:71:d5:4f:60:32:e4:85:56:
         37:cc:73:98:84:eb:0c:a3:e0:45:0d:6d:c8:59:8e:8c:71:49:
         83:9d:c5:df:6e:15:02:70:b5:74:73:a7:c9:a0:ac:f9:01:78:
         41:98:e1:0a:5c:3b:4c:d0:2d:8d:66:1a:0d:ae:43:62:1e:23:
         76:f1:00:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSUnfQyRWaMcGcjY/e0p+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3N2MyMDczNzExNmJjNmQ1ZTViMjI0OTMxY2YxM2RkN2Y3
OWY5NWIwHhcNMjQwMTAxMDQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzEzZTA5MGMyMTliMmMxYWI0N2Q4NTQ3MjkxYzI1OGY2YTFkYWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKXyUD7sInf+rvD4TmpELp1lOFro
VdvrHXY/ufx3oKufi5v1iLGMhvXpJqb+FYnL5ZyqA48bppWrhxeoAoJODoXIDNn5
UxukvLatUfszga2bkxCE0ZBWChK280R1XIKUls4vJcZ9jWHGuuXRuR5VE6d66fUd
Nq3r+VCQvPCapLdw75Wf9h2dBSToNpk3fmEt1KbmJw7i5PRlt/Sl0mqEsz/Kk324
ormiRVS7SoJAH5cVbbOZiJ7PwznilT+hhRVasim7j4ZOZs/WLilwK//ZJ116lgXJ
CFapoMZancuj0wCvo6lbzUNOxWROJ390cuzUHW77X6K+hy7g5GtMx1QNuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGwT4JDCGbLBq0fYVHKRwlj2odrjMB8GA1UdIwQY
MBaAFId8IHNxFrxtXlsiSTHPE91/eflbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDN3Z2MzRVd2RzFlV3lKSk1jOFQzWDk1LVZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hY2I5NTYtZTFiNS00NjgyLTgwYjgt
ZTcyMzJmODQ0OGIwLzEvYkJQZ2tNSVpzc0dyUjloVWNwSENXUGFoMnVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hY2I5NTYtZTFiNS00NjgyLTgwYjgtZTcyMzJmODQ0OGIw
LzEvaDN3Z2MzRVd2RzFlV3lKSk1jOFQzWDk1LVZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQ3WMA0G
CSqGSIb3DQEBCwUAA4IBAQC5rI8HgvBil12/eR7252LXcIsPCoDRMENynoQsFkkn
v3krbfQPfUBEGbGA/ovAGCVu9JS768uzbqbEItFY6cvULsMgUsBfPfwfQwTD5ISf
C++g6JjLo9JKDKSEKWg9GRR7tDQapAUFdRnSOkmgXQNozSMOdKLVZwYvXsKFOmdq
0kW2ik6BmQd2HiRqDyhnFIoh3r6WvBmO4VWcNxlZELKc7iy3Ivczprw1ELnBldnO
uxQZAyO4sUsWNGHo5aVhcdVPYDLkhVY3zHOYhOsMo+BFDW3IWY6McUmDncXfbhUC
cLV0c6fJoKz5AXhBmOEKXDtM0C2NZhoNrkNiHiN28QD5
-----END CERTIFICATE-----