Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/BHnjuJooKvnA1jOSZl6vmXQjmDU.roa
File:                     BHnjuJooKvnA1jOSZl6vmXQjmDU.roa (raw, json)
Hash identifier:          tnPrnkcL3cEF67bKbiAWPkeVhWotGn0Z1zJLcwWJiKI=
Subject key identifier:   04:79:E3:B8:9A:28:2A:F9:C0:D6:33:92:66:5E:AF:99:74:23:98:35
Certificate issuer:       /CN=85dc9c55e1597e88564daf567e5a4665978c7b85
Certificate serial:       019329FCBE494A24366B87B27B92BC8387B7
Authority key identifier: 85:DC:9C:55:E1:59:7E:88:56:4D:AF:56:7E:5A:46:65:97:8C:7B:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hdycVeFZfohWTa9WflpGZZeMe4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/BHnjuJooKvnA1jOSZl6vmXQjmDU.roa
Signing time:             Thu 14 Nov 2024 09:24:09 +0000
ROA not before:           Thu 14 Nov 2024 09:24:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133210
IP address blocks:        194.15.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/hdycVeFZfohWTa9WflpGZZeMe4U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/hdycVeFZfohWTa9WflpGZZeMe4U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hdycVeFZfohWTa9WflpGZZeMe4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:29:fc:be:49:4a:24:36:6b:87:b2:7b:92:bc:83:87:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85dc9c55e1597e88564daf567e5a4665978c7b85
        Validity
            Not Before: Nov 14 09:24:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0479e3b89a282af9c0d63392665eaf9974239835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:31:5c:0e:09:1d:56:37:67:18:57:fa:d3:48:
                    68:95:d7:42:d8:c7:f3:95:8c:9d:c0:69:90:41:c3:
                    a0:0b:bc:4d:90:02:5d:a7:09:7c:dd:39:b3:5a:18:
                    05:6e:05:01:6c:d3:c6:8c:f9:0b:c7:27:b9:a1:86:
                    49:34:10:d9:a4:4d:b0:eb:20:48:f5:ff:9d:0e:0c:
                    08:52:b1:23:f0:79:37:1c:16:97:9c:4d:da:b2:27:
                    6d:15:3e:a4:0c:65:82:53:1f:d5:6e:7a:65:1d:a3:
                    44:62:4c:77:ec:70:76:4b:15:39:a4:fd:93:1f:87:
                    24:8c:4a:fb:d7:c8:70:c1:cf:58:f6:fa:82:e9:e6:
                    5e:4a:3b:ef:47:8b:21:04:40:39:dc:7d:1d:88:6d:
                    97:a4:ba:d7:9c:4b:ea:c9:c0:50:9d:df:d5:9a:b5:
                    f7:55:0f:a5:b7:c5:4d:e1:33:4f:80:92:d5:1c:5a:
                    3d:8c:e1:ea:69:76:55:e4:d7:13:c6:d5:56:b9:8b:
                    21:12:54:ea:c1:a1:10:c4:9d:36:cc:44:3c:c6:1e:
                    b7:aa:41:97:33:71:14:29:41:73:f4:65:d5:11:56:
                    72:a7:0d:87:98:b9:51:3a:88:f8:9e:d0:fb:24:49:
                    35:bb:c6:dd:89:e4:de:ac:54:ec:c4:06:10:21:c7:
                    e7:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:79:E3:B8:9A:28:2A:F9:C0:D6:33:92:66:5E:AF:99:74:23:98:35
            X509v3 Authority Key Identifier:
                keyid:85:DC:9C:55:E1:59:7E:88:56:4D:AF:56:7E:5A:46:65:97:8C:7B:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hdycVeFZfohWTa9WflpGZZeMe4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/BHnjuJooKvnA1jOSZl6vmXQjmDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/hdycVeFZfohWTa9WflpGZZeMe4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:b4:47:d6:e7:9c:3f:f9:de:41:14:29:83:12:f6:e7:78:38:
         ba:53:48:ac:11:a3:ea:e0:c2:b0:50:a2:99:a8:7e:07:13:60:
         be:f6:c3:49:f8:57:29:0e:b3:d1:ab:1e:ad:5a:3e:bc:00:4d:
         6f:a1:68:89:84:93:f5:e6:ab:c3:91:2e:fd:04:56:fb:61:d8:
         72:25:d9:ca:f0:a0:01:29:d8:ce:2c:58:0e:1e:f7:d0:9b:06:
         65:be:c9:f7:a1:90:cd:59:04:64:3c:5f:91:54:83:aa:64:27:
         0e:02:d5:a6:d6:e4:e3:aa:83:6c:ff:c3:cf:00:6d:d6:a0:50:
         09:62:11:91:bd:eb:a3:c7:34:05:f1:80:d9:8e:4f:23:83:4f:
         9e:bc:b9:da:db:8a:46:0d:42:9a:b6:89:39:e3:68:04:6a:d2:
         37:20:96:4b:ae:c3:70:21:6a:ab:43:21:5a:59:f5:60:3e:8b:
         89:90:6c:47:f9:20:3b:ad:f4:15:10:c5:57:5d:4b:ab:d3:11:
         d5:d6:d1:da:00:f4:1e:af:e3:48:36:97:f8:80:87:67:cd:06:
         6e:03:35:a6:9f:85:1a:d0:40:31:ed:a2:af:7b:65:ba:a3:59:
         4e:4c:13:56:5b:16:55:de:e0:8f:46:53:8c:4f:bd:8b:a5:bb:
         0e:fd:4f:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMp/L5JSiQ2a4eye5K8g4e3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZGM5YzU1ZTE1OTdlODg1NjRkYWY1NjdlNWE0NjY1OTc4
YzdiODUwHhcNMjQxMTE0MDkyNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDc5ZTNiODlhMjgyYWY5YzBkNjMzOTI2NjVlYWY5OTc0MjM5ODM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDFcDgkdVjdnGFf600holddC2Mfz
lYydwGmQQcOgC7xNkAJdpwl83TmzWhgFbgUBbNPGjPkLxye5oYZJNBDZpE2w6yBI
9f+dDgwIUrEj8Hk3HBaXnE3asidtFT6kDGWCUx/VbnplHaNEYkx37HB2SxU5pP2T
H4ckjEr718hwwc9Y9vqC6eZeSjvvR4shBEA53H0diG2XpLrXnEvqycBQnd/VmrX3
VQ+lt8VN4TNPgJLVHFo9jOHqaXZV5NcTxtVWuYshElTqwaEQxJ02zEQ8xh63qkGX
M3EUKUFz9GXVEVZypw2HmLlROoj4ntD7JEk1u8bdieTerFTsxAYQIcfnBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAR547iaKCr5wNYzkmZer5l0I5g1MB8GA1UdIwQY
MBaAFIXcnFXhWX6IVk2vVn5aRmWXjHuFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGR5Y1ZlRlpmb2hXVGE5V2ZscEdaWmVNZTRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mMDdmYmMtNGMzMi00ZDg3LWE0Mjkt
ODZlYTE5ZDI5MTYzLzEvQkhuanVKb29Ldm5BMWpPU1psNnZtWFFqbURVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mMDdmYmMtNGMzMi00ZDg3LWE0MjktODZlYTE5ZDI5MTYz
LzEvaGR5Y1ZlRlpmb2hXVGE5V2ZscEdaWmVNZTRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg9zMA0G
CSqGSIb3DQEBCwUAA4IBAQDMtEfW55w/+d5BFCmDEvbneDi6U0isEaPq4MKwUKKZ
qH4HE2C+9sNJ+FcpDrPRqx6tWj68AE1voWiJhJP15qvDkS79BFb7YdhyJdnK8KAB
KdjOLFgOHvfQmwZlvsn3oZDNWQRkPF+RVIOqZCcOAtWm1uTjqoNs/8PPAG3WoFAJ
YhGRveujxzQF8YDZjk8jg0+evLna24pGDUKatok542gEatI3IJZLrsNwIWqrQyFa
WfVgPouJkGxH+SA7rfQVEMVXXUur0xHV1tHaAPQer+NINpf4gIdnzQZuAzWmn4Ua
0EAx7aKve2W6o1lOTBNWWxZV3uCPRlOMT72LpbsO/U+p
-----END CERTIFICATE-----