Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/bf426a-3a8f-4252-a17f-ba02c960b8f4/1/BJR7OJMV8vL-C9jNWzX3xRkhXfs.roa
File:                     BJR7OJMV8vL-C9jNWzX3xRkhXfs.roa (raw, json)
Hash identifier:          98rnOPi5nkLPd0ZRZ5kaMyd5vtAKBFC0rEffdIZu/eo=
Subject key identifier:   04:94:7B:38:93:15:F2:F2:FE:0B:D8:CD:5B:35:F7:C5:19:21:5D:FB
Certificate issuer:       /CN=4516e53b32caa761906f0fcdea275b720e1742c8
Certificate serial:       018CC3B6C41442A30F67D4339FC1FED76234
Authority key identifier: 45:16:E5:3B:32:CA:A7:61:90:6F:0F:CD:EA:27:5B:72:0E:17:42:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RRblOzLKp2GQbw_N6idbcg4XQsg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/bf426a-3a8f-4252-a17f-ba02c960b8f4/1/BJR7OJMV8vL-C9jNWzX3xRkhXfs.roa
Signing time:             Mon 01 Jan 2024 06:29:43 +0000
ROA not before:           Mon 01 Jan 2024 06:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1103
IP address blocks:        193.177.176.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/bf426a-3a8f-4252-a17f-ba02c960b8f4/1/RRblOzLKp2GQbw_N6idbcg4XQsg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/bf426a-3a8f-4252-a17f-ba02c960b8f4/1/RRblOzLKp2GQbw_N6idbcg4XQsg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RRblOzLKp2GQbw_N6idbcg4XQsg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c4:14:42:a3:0f:67:d4:33:9f:c1:fe:d7:62:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4516e53b32caa761906f0fcdea275b720e1742c8
        Validity
            Not Before: Jan  1 06:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04947b389315f2f2fe0bd8cd5b35f7c519215dfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:6e:7e:cd:b8:90:4e:ab:84:da:ee:2d:d6:69:
                    bf:9c:a0:c4:60:b2:25:b5:08:7f:1c:05:e2:c8:67:
                    d9:42:5a:0b:ee:2f:a2:29:2c:61:8a:c6:5a:87:ed:
                    cf:65:e5:85:8d:31:e9:34:91:de:02:ed:69:75:89:
                    52:69:9a:33:b8:02:de:ab:e7:21:1d:f0:65:c6:af:
                    e7:dd:63:ac:00:bc:68:6d:4b:9c:ac:6c:c0:2b:f8:
                    d8:6b:cf:37:75:f6:fb:ec:5f:e6:88:c4:46:a3:97:
                    12:b4:03:23:70:c7:69:97:a7:01:cf:97:8d:ee:c6:
                    65:d7:8f:a3:1d:e7:ac:25:24:93:2b:18:4a:9b:d1:
                    b3:2b:bf:47:1e:3c:7e:8d:8a:60:6a:1d:11:94:2f:
                    90:1d:c6:16:6e:ae:1c:6f:7e:5f:60:ca:06:43:91:
                    2f:44:7d:29:5a:0a:4b:9b:38:c5:08:ba:99:7c:d2:
                    7b:d0:a5:df:de:0a:05:c9:9b:bf:ba:47:78:be:40:
                    7c:59:25:0f:80:20:9e:fd:ad:54:7b:15:13:11:e8:
                    d8:1d:b5:f2:b3:e7:9b:7e:7b:9f:74:22:94:d9:ea:
                    0d:e5:36:eb:6e:3d:b4:1a:1a:a8:b6:a6:16:de:b6:
                    df:89:fd:0b:99:6e:3b:52:70:a9:47:1d:66:3e:60:
                    c9:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:94:7B:38:93:15:F2:F2:FE:0B:D8:CD:5B:35:F7:C5:19:21:5D:FB
            X509v3 Authority Key Identifier:
                keyid:45:16:E5:3B:32:CA:A7:61:90:6F:0F:CD:EA:27:5B:72:0E:17:42:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RRblOzLKp2GQbw_N6idbcg4XQsg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/bf426a-3a8f-4252-a17f-ba02c960b8f4/1/BJR7OJMV8vL-C9jNWzX3xRkhXfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/bf426a-3a8f-4252-a17f-ba02c960b8f4/1/RRblOzLKp2GQbw_N6idbcg4XQsg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.177.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:13:45:85:36:06:77:3e:f3:4e:80:22:d1:09:85:df:52:26:
         a4:8a:53:2c:b6:e2:db:cf:95:86:35:1e:0d:e6:78:36:2e:8f:
         82:c6:ef:d6:73:6a:9c:12:24:76:15:68:90:44:f7:ab:fc:a6:
         92:9d:53:02:69:a3:ee:84:b8:b5:79:4d:0d:ef:f6:a7:30:ed:
         3e:87:f5:20:43:de:e2:74:7e:e0:aa:84:fa:1d:12:37:8c:cc:
         86:b0:1f:07:a0:c3:d9:62:a1:20:71:b9:2d:78:d7:2d:69:10:
         c4:bf:f5:92:9b:c7:42:90:d1:c4:0f:1d:ed:cc:51:b6:6d:38:
         72:91:31:4b:08:98:da:89:1b:39:23:03:fc:7d:c0:1a:e6:35:
         4a:39:a1:10:0d:98:e6:37:13:f3:c9:72:42:a3:25:60:b8:76:
         f5:3e:3b:cb:b0:09:23:8e:ab:45:4d:88:b4:24:50:c9:0d:c2:
         f5:ce:c4:06:5f:af:a4:c7:bb:e3:d4:30:ec:e6:0b:e5:85:09:
         0a:99:c8:5f:bb:d9:c1:48:92:fa:e8:36:05:8e:50:b1:b3:8c:
         a7:0d:0c:72:2a:8b:e3:09:7e:a5:8c:6f:0d:6e:72:28:72:ce:
         39:ea:f1:ef:47:d8:9c:41:a3:08:15:87:68:0f:65:77:17:30:
         e3:fa:96:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtsQUQqMPZ9Qzn8H+12I0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1MTZlNTNiMzJjYWE3NjE5MDZmMGZjZGVhMjc1YjcyMGUx
NzQyYzgwHhcNMjQwMTAxMDYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDk0N2IzODkzMTVmMmYyZmUwYmQ4Y2Q1YjM1ZjdjNTE5MjE1ZGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs25+zbiQTquE2u4t1mm/nKDEYLIl
tQh/HAXiyGfZQloL7i+iKSxhisZah+3PZeWFjTHpNJHeAu1pdYlSaZozuALeq+ch
HfBlxq/n3WOsALxobUucrGzAK/jYa883dfb77F/miMRGo5cStAMjcMdpl6cBz5eN
7sZl14+jHeesJSSTKxhKm9GzK79HHjx+jYpgah0RlC+QHcYWbq4cb35fYMoGQ5Ev
RH0pWgpLmzjFCLqZfNJ70KXf3goFyZu/ukd4vkB8WSUPgCCe/a1UexUTEejYHbXy
s+ebfnufdCKU2eoN5Tbrbj20GhqotqYW3rbfif0LmW47UnCpRx1mPmDJNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASUeziTFfLy/gvYzVs198UZIV37MB8GA1UdIwQY
MBaAFEUW5TsyyqdhkG8PzeonW3IOF0LIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlJibE96TEtwMkdRYndfTjZpZGJjZzRYUXNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9iZjQyNmEtM2E4Zi00MjUyLWExN2Yt
YmEwMmM5NjBiOGY0LzEvQkpSN09KTVY4dkwtQzlqTld6WDN4UmtoWGZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9iZjQyNmEtM2E4Zi00MjUyLWExN2YtYmEwMmM5NjBiOGY0
LzEvUlJibE96TEtwMkdRYndfTjZpZGJjZzRYUXNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwbGwMA0G
CSqGSIb3DQEBCwUAA4IBAQBqE0WFNgZ3PvNOgCLRCYXfUiakilMstuLbz5WGNR4N
5ng2Lo+Cxu/Wc2qcEiR2FWiQRPer/KaSnVMCaaPuhLi1eU0N7/anMO0+h/UgQ97i
dH7gqoT6HRI3jMyGsB8HoMPZYqEgcbkteNctaRDEv/WSm8dCkNHEDx3tzFG2bThy
kTFLCJjaiRs5IwP8fcAa5jVKOaEQDZjmNxPzyXJCoyVguHb1PjvLsAkjjqtFTYi0
JFDJDcL1zsQGX6+kx7vj1DDs5gvlhQkKmchfu9nBSJL66DYFjlCxs4ynDQxyKovj
CX6ljG8NbnIocs456vHvR9icQaMIFYdoD2V3FzDj+pa1
-----END CERTIFICATE-----