Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/BCBNGQjh7SPJ0NONs3nXGZtDwFI.roa
File:                     BCBNGQjh7SPJ0NONs3nXGZtDwFI.roa (raw, json)
Hash identifier:          ytC1qPeuKIvO2IvsfCqrwxHs0WSOkeaPD3zy9Bgk5nI=
Subject key identifier:   04:20:4D:19:08:E1:ED:23:C9:D0:D3:8D:B3:79:D7:19:9B:43:C0:52
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       018D32279632B8801090115DCD471B5A1162
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/BCBNGQjh7SPJ0NONs3nXGZtDwFI.roa
Signing time:             Mon 22 Jan 2024 17:11:11 +0000
ROA not before:           Mon 22 Jan 2024 17:11:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215678
IP address blocks:        91.237.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:32:27:96:32:b8:80:10:90:11:5d:cd:47:1b:5a:11:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Jan 22 17:11:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04204d1908e1ed23c9d0d38db379d7199b43c052
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:4f:11:0c:37:8a:6d:d1:44:7e:83:dc:64:ea:
                    61:1d:d4:1c:8a:ed:0b:d4:6c:d5:25:02:8c:f9:e4:
                    09:8a:c8:2b:ec:7a:23:03:6b:b1:90:34:dd:7c:de:
                    31:16:38:00:ed:02:6b:8b:f4:11:08:50:cf:66:5b:
                    98:7c:e7:a1:93:e7:a9:b6:27:20:b9:1e:e8:16:5f:
                    e2:92:ee:f1:3d:a4:0a:47:76:d6:02:60:db:5e:d8:
                    03:cd:7a:ee:b4:cc:bc:2c:05:a9:d1:99:2d:7c:fe:
                    9f:80:ed:4f:85:8d:4d:66:75:77:36:43:79:59:2e:
                    4e:1b:e6:f1:ac:e1:7e:09:9d:c5:56:9b:b7:42:42:
                    6e:79:a6:39:2f:d5:be:6e:fa:d4:4b:88:27:cf:22:
                    ce:50:24:b9:54:62:7d:60:32:1b:8d:0b:6d:95:db:
                    90:ef:d1:3a:a2:02:90:d0:65:41:6d:96:df:cc:d5:
                    8d:68:86:d6:a8:5a:47:5c:51:98:2e:21:a3:1a:85:
                    dd:63:29:89:49:98:61:45:de:2c:1e:29:61:f1:dc:
                    74:a6:bd:fb:85:d5:0c:a0:f0:55:27:35:8b:af:ff:
                    40:0f:cb:0b:20:05:44:d5:88:85:b7:79:92:24:37:
                    a3:8d:1b:23:49:21:5f:f9:cd:9a:b0:6d:24:8c:88:
                    6d:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:20:4D:19:08:E1:ED:23:C9:D0:D3:8D:B3:79:D7:19:9B:43:C0:52
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/BCBNGQjh7SPJ0NONs3nXGZtDwFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:1c:b1:5b:13:94:16:85:26:67:25:10:ff:d9:5d:cc:64:6f:
         d3:09:ba:ad:84:de:89:c6:d6:47:8a:56:e8:5b:2e:2b:af:40:
         1a:58:18:36:41:03:86:6d:0d:ab:69:14:1f:af:03:eb:2e:9c:
         b6:b2:e1:ef:cc:70:03:de:bb:62:7b:8a:b1:6e:11:b0:7b:21:
         65:df:46:95:5b:0d:2e:77:c2:4a:c8:20:5e:38:05:0a:05:54:
         5b:d4:87:d0:cc:0d:0b:04:97:50:b2:e2:b7:0b:23:0b:78:5b:
         94:51:42:6f:8c:cf:09:dc:b4:1b:00:5c:92:b1:f6:18:6c:a1:
         9c:80:a1:be:46:80:0a:6c:7f:2b:04:85:17:2d:c8:54:d7:3a:
         f3:94:ad:a7:2e:78:39:25:68:54:67:3b:e0:81:dc:2a:9d:c3:
         1f:e5:d6:60:54:44:71:c3:44:22:b4:f6:fb:81:4c:4d:2c:81:
         2c:06:71:5b:cf:31:3d:dc:9e:48:77:34:73:33:3b:2f:0f:30:
         e5:f0:98:42:75:b2:f5:56:bf:57:71:7a:c9:ac:f0:f2:42:38:
         b9:13:3c:ed:86:5b:4d:d7:d0:3a:df:9b:b4:0a:5a:22:99:c3:
         f6:e4:60:d5:33:9a:40:d7:8f:14:51:b8:76:52:6b:6e:8b:e9:
         f7:2f:40:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0yJ5YyuIAQkBFdzUcbWhFiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjQwMTIyMTcxMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDIwNGQxOTA4ZTFlZDIzYzlkMGQzOGRiMzc5ZDcxOTliNDNjMDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi08RDDeKbdFEfoPcZOphHdQciu0L
1GzVJQKM+eQJisgr7HojA2uxkDTdfN4xFjgA7QJri/QRCFDPZluYfOehk+epticg
uR7oFl/iku7xPaQKR3bWAmDbXtgDzXrutMy8LAWp0ZktfP6fgO1PhY1NZnV3NkN5
WS5OG+bxrOF+CZ3FVpu3QkJueaY5L9W+bvrUS4gnzyLOUCS5VGJ9YDIbjQttlduQ
79E6ogKQ0GVBbZbfzNWNaIbWqFpHXFGYLiGjGoXdYymJSZhhRd4sHilh8dx0pr37
hdUMoPBVJzWLr/9AD8sLIAVE1YiFt3mSJDejjRsjSSFf+c2asG0kjIhtUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQgTRkI4e0jydDTjbN51xmbQ8BSMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvQkNCTkdRamg3U1BKME5PTnMzblhHWnREd0ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+21MA0G
CSqGSIb3DQEBCwUAA4IBAQAHHLFbE5QWhSZnJRD/2V3MZG/TCbqthN6JxtZHilbo
Wy4rr0AaWBg2QQOGbQ2raRQfrwPrLpy2suHvzHAD3rtie4qxbhGweyFl30aVWw0u
d8JKyCBeOAUKBVRb1IfQzA0LBJdQsuK3CyMLeFuUUUJvjM8J3LQbAFySsfYYbKGc
gKG+RoAKbH8rBIUXLchU1zrzlK2nLng5JWhUZzvggdwqncMf5dZgVERxw0QitPb7
gUxNLIEsBnFbzzE93J5IdzRzMzsvDzDl8JhCdbL1Vr9XcXrJrPDyQji5EzzthltN
19A635u0CloimcP25GDVM5pA148UUbh2Umtui+n3L0BB
-----END CERTIFICATE-----