Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/4e66a2-a372-48b4-90b4-82a3112f49c7/1/BQgIr9QK549Gh-t8XQa2kJXJbXM.roa
File:                     BQgIr9QK549Gh-t8XQa2kJXJbXM.roa (raw, json)
Hash identifier:          FyMx4NmgioW+v5IwQi287SWwxmKQZhpDHBnVgYBPbds=
Subject key identifier:   05:08:08:AF:D4:0A:E7:8F:46:87:EB:7C:5D:06:B6:90:95:C9:6D:73
Certificate issuer:       /CN=93f25b72758da58f0f3ec0f0727353ebd2b44774
Certificate serial:       019421B1DE8F66DC7AC7A1DE845A42403674
Authority key identifier: 93:F2:5B:72:75:8D:A5:8F:0F:3E:C0:F0:72:73:53:EB:D2:B4:47:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k_JbcnWNpY8PPsDwcnNT69K0R3Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/4e66a2-a372-48b4-90b4-82a3112f49c7/1/BQgIr9QK549Gh-t8XQa2kJXJbXM.roa
Signing time:             Wed 01 Jan 2025 11:48:12 +0000
ROA not before:           Wed 01 Jan 2025 11:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42487
IP address blocks:        185.230.8.0/22 maxlen: 22
                          2a0d:ee00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/4e66a2-a372-48b4-90b4-82a3112f49c7/1/k_JbcnWNpY8PPsDwcnNT69K0R3Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/4e66a2-a372-48b4-90b4-82a3112f49c7/1/k_JbcnWNpY8PPsDwcnNT69K0R3Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k_JbcnWNpY8PPsDwcnNT69K0R3Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:de:8f:66:dc:7a:c7:a1:de:84:5a:42:40:36:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93f25b72758da58f0f3ec0f0727353ebd2b44774
        Validity
            Not Before: Jan  1 11:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=050808afd40ae78f4687eb7c5d06b69095c96d73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e1:49:c8:ec:2b:71:76:36:8f:4c:a5:3b:cd:
                    1b:fd:3a:85:56:fc:72:8d:25:9f:8f:e9:6f:32:71:
                    9b:53:33:87:e2:d2:44:ce:be:9b:23:7e:99:6f:30:
                    b8:79:45:d2:e6:8d:a8:86:35:85:3e:29:32:02:bf:
                    5a:40:26:32:7a:34:ca:06:83:3c:2c:43:a8:11:0b:
                    f0:af:5a:cd:43:ea:51:63:8b:fb:82:09:d4:40:00:
                    09:d0:c2:65:22:b2:6a:e2:2a:be:03:91:a5:b6:26:
                    01:13:bb:6e:90:28:67:1c:55:4c:cf:ef:7a:28:70:
                    c4:a3:77:15:90:44:95:cd:66:46:b0:05:14:ba:0d:
                    a7:75:af:ff:09:17:a3:54:d3:8c:7d:0d:8e:c6:cb:
                    ff:a7:b9:d4:3d:dc:1a:c7:86:d0:64:2d:6b:4d:b9:
                    8e:47:3c:06:8f:e4:80:67:f9:05:8d:25:98:25:d6:
                    57:c3:58:b5:02:80:f2:2e:57:27:f6:4b:a9:cf:fa:
                    d6:61:76:84:9e:b3:ca:53:a8:9d:bf:dc:ab:92:a1:
                    7f:15:38:07:ce:b5:42:bf:ad:cc:61:f2:a4:12:85:
                    3a:fd:40:48:1b:b9:8d:35:99:26:ea:e9:40:46:36:
                    49:66:c3:e9:18:81:51:8e:2b:e2:57:99:76:d5:b4:
                    8e:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:08:08:AF:D4:0A:E7:8F:46:87:EB:7C:5D:06:B6:90:95:C9:6D:73
            X509v3 Authority Key Identifier:
                keyid:93:F2:5B:72:75:8D:A5:8F:0F:3E:C0:F0:72:73:53:EB:D2:B4:47:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k_JbcnWNpY8PPsDwcnNT69K0R3Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/4e66a2-a372-48b4-90b4-82a3112f49c7/1/BQgIr9QK549Gh-t8XQa2kJXJbXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/4e66a2-a372-48b4-90b4-82a3112f49c7/1/k_JbcnWNpY8PPsDwcnNT69K0R3Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.8.0/22
                IPv6:
                  2a0d:ee00::/32

    Signature Algorithm: sha256WithRSAEncryption
         55:89:00:04:5d:87:1e:ae:5d:bd:eb:54:70:90:25:73:3c:da:
         e3:7a:af:1c:53:86:81:df:ff:ff:a6:a3:9e:5e:da:d0:2c:83:
         6d:c7:62:f9:1f:b7:de:35:b3:96:f7:9f:cf:5c:b2:f4:89:15:
         34:1d:8e:7a:4b:e9:3b:89:a1:b8:9f:8c:74:ed:47:14:59:b2:
         98:63:c4:de:8a:3d:2d:c4:09:6c:f9:0c:b9:85:5f:a6:b6:db:
         c3:ab:25:57:84:3b:0d:54:f0:40:fb:2a:fa:9b:15:6c:77:f4:
         01:66:64:b6:8f:b5:35:60:24:bf:ab:47:22:7d:46:38:b8:3e:
         77:47:89:d3:5d:99:05:92:d3:d2:cb:e0:a7:81:0a:c3:f6:fa:
         be:92:0a:e0:74:76:23:58:eb:27:54:ba:f6:83:bb:02:09:77:
         d7:de:de:14:9f:bf:e1:8f:15:eb:d9:5d:6a:8f:89:5a:18:95:
         10:1e:6b:4e:62:c7:bf:56:6d:96:03:c4:82:62:aa:9a:f0:06:
         3d:78:c2:e9:eb:e8:37:51:63:e7:9f:6f:5a:d0:cb:62:1d:28:
         e7:87:27:d8:39:47:93:0c:c2:08:31:0a:7c:24:ea:51:a8:cf:
         91:d4:67:97:e7:c9:3f:13:07:99:b0:f7:c9:ef:ce:5e:25:0d:
         d6:a5:00:64
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhsd6PZtx6x6HehFpCQDZ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZjI1YjcyNzU4ZGE1OGYwZjNlYzBmMDcyNzM1M2ViZDJi
NDQ3NzQwHhcNMjUwMTAxMTE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTA4MDhhZmQ0MGFlNzhmNDY4N2ViN2M1ZDA2YjY5MDk1Yzk2ZDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+FJyOwrcXY2j0ylO80b/TqFVvxy
jSWfj+lvMnGbUzOH4tJEzr6bI36ZbzC4eUXS5o2ohjWFPikyAr9aQCYyejTKBoM8
LEOoEQvwr1rNQ+pRY4v7ggnUQAAJ0MJlIrJq4iq+A5GltiYBE7tukChnHFVMz+96
KHDEo3cVkESVzWZGsAUUug2nda//CRejVNOMfQ2Oxsv/p7nUPdwax4bQZC1rTbmO
RzwGj+SAZ/kFjSWYJdZXw1i1AoDyLlcn9kupz/rWYXaEnrPKU6idv9yrkqF/FTgH
zrVCv63MYfKkEoU6/UBIG7mNNZkm6ulARjZJZsPpGIFRjiviV5l21bSOOwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAUICK/UCuePRofrfF0GtpCVyW1zMB8GA1UdIwQY
MBaAFJPyW3J1jaWPDz7A8HJzU+vStEd0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva19KYmNuV05wWThQUHNEd2NuTlQ2OUswUjNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi80ZTY2YTItYTM3Mi00OGI0LTkwYjQt
ODJhMzExMmY0OWM3LzEvQlFnSXI5UUs1NDlHaC10OFhRYTJrSlhKYlhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi80ZTY2YTItYTM3Mi00OGI0LTkwYjQtODJhMzExMmY0OWM3
LzEva19KYmNuV05wWThQUHNEd2NuTlQ2OUswUjNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCueYIMA0E
AgACMAcDBQAqDe4AMA0GCSqGSIb3DQEBCwUAA4IBAQBViQAEXYcerl2961RwkCVz
PNrjeq8cU4aB3///pqOeXtrQLINtx2L5H7feNbOW95/PXLL0iRU0HY56S+k7iaG4
n4x07UcUWbKYY8Teij0txAls+Qy5hV+mttvDqyVXhDsNVPBA+yr6mxVsd/QBZmS2
j7U1YCS/q0cifUY4uD53R4nTXZkFktPSy+CngQrD9vq+kgrgdHYjWOsnVLr2g7sC
CXfX3t4Un7/hjxXr2V1qj4laGJUQHmtOYse/Vm2WA8SCYqqa8AY9eMLp6+g3UWPn
n29a0MtiHSjnhyfYOUeTDMIIMQp8JOpRqM+R1GeX58k/EweZsPfJ785eJQ3WpQBk
-----END CERTIFICATE-----