Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/6a64ea-9f1e-4b43-bf2a-7e0340ec9667/1/BKO9_ka076C-tXU0qbN-UGwmJGI.roa
File:                     BKO9_ka076C-tXU0qbN-UGwmJGI.roa (raw, json)
Hash identifier:          XdjBZ6slflGj5L2hVm6yPejyKM1/cZtcRCLImvpU8/c=
Subject key identifier:   04:A3:BD:FE:46:B4:EF:A0:BE:B5:75:34:A9:B3:7E:50:6C:26:24:62
Certificate issuer:       /CN=a3e2161d7f01fa6fd0842c211080633f3ed36ba5
Certificate serial:       01942444F016C0C87169BD8DB2098DB88F09
Authority key identifier: A3:E2:16:1D:7F:01:FA:6F:D0:84:2C:21:10:80:63:3F:3E:D3:6B:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o-IWHX8B-m_QhCwhEIBjPz7Ta6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/6a64ea-9f1e-4b43-bf2a-7e0340ec9667/1/BKO9_ka076C-tXU0qbN-UGwmJGI.roa
Signing time:             Wed 01 Jan 2025 23:48:05 +0000
ROA not before:           Wed 01 Jan 2025 23:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205192
IP address blocks:        185.241.138.0/24 maxlen: 24
                          185.241.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/6a64ea-9f1e-4b43-bf2a-7e0340ec9667/1/o-IWHX8B-m_QhCwhEIBjPz7Ta6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/6a64ea-9f1e-4b43-bf2a-7e0340ec9667/1/o-IWHX8B-m_QhCwhEIBjPz7Ta6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o-IWHX8B-m_QhCwhEIBjPz7Ta6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:f0:16:c0:c8:71:69:bd:8d:b2:09:8d:b8:8f:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3e2161d7f01fa6fd0842c211080633f3ed36ba5
        Validity
            Not Before: Jan  1 23:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=04a3bdfe46b4efa0beb57534a9b37e506c262462
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:bc:8c:3e:a2:de:5e:c2:c9:0a:d5:dc:e1:52:
                    32:22:b8:16:3c:82:8e:6e:05:65:07:07:a5:66:96:
                    16:bf:32:bb:26:62:ab:86:92:5e:e1:2a:b6:de:a0:
                    cc:49:07:a3:79:5b:d3:5b:da:38:ec:1a:03:c9:2f:
                    e2:b4:d8:eb:98:3c:31:a3:03:a8:e2:05:ab:91:d6:
                    61:e8:3b:48:6e:1b:4b:cf:22:ec:7f:b5:f5:5e:be:
                    91:15:80:8f:a5:68:3b:99:29:b6:2c:94:5f:1a:7a:
                    a6:10:69:8e:eb:2f:c7:32:24:78:11:02:1a:82:b8:
                    e4:c3:db:0e:d2:f2:10:4c:c1:a1:48:30:75:50:a4:
                    bf:1f:1b:11:f5:ae:a3:df:07:18:b6:62:6f:4c:ec:
                    ab:d3:48:a3:d3:c3:08:37:42:40:1d:ff:7b:75:22:
                    63:08:f7:44:5d:68:01:fb:51:67:f5:27:7d:3f:ac:
                    13:b8:28:43:03:42:f7:74:d6:8a:3b:99:54:1b:a8:
                    de:b3:50:08:b5:5e:5f:7c:e5:cf:2a:d0:c2:1d:21:
                    64:f2:37:a9:02:58:1c:6d:24:28:ec:a1:2f:43:c9:
                    e3:a2:42:60:8b:9c:53:99:9a:a3:cd:be:63:40:da:
                    18:37:62:ad:d1:18:69:9b:ad:5b:2d:d0:8d:5e:80:
                    78:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:A3:BD:FE:46:B4:EF:A0:BE:B5:75:34:A9:B3:7E:50:6C:26:24:62
            X509v3 Authority Key Identifier:
                keyid:A3:E2:16:1D:7F:01:FA:6F:D0:84:2C:21:10:80:63:3F:3E:D3:6B:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o-IWHX8B-m_QhCwhEIBjPz7Ta6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6a64ea-9f1e-4b43-bf2a-7e0340ec9667/1/BKO9_ka076C-tXU0qbN-UGwmJGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6a64ea-9f1e-4b43-bf2a-7e0340ec9667/1/o-IWHX8B-m_QhCwhEIBjPz7Ta6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:c7:86:76:cf:a9:09:e2:b9:e6:de:e8:a0:8a:9b:13:0d:e4:
         25:e0:c5:11:0d:57:8e:b7:84:64:9b:98:25:0e:4a:66:86:7b:
         71:f8:73:0d:44:01:0a:85:8f:ce:04:4b:bc:e6:11:eb:c9:b2:
         e7:b7:39:e9:ee:83:ca:58:b2:0c:ee:9d:e0:19:26:dd:6d:23:
         0b:e1:0d:20:fb:ff:f2:60:20:51:e5:b9:7e:6e:71:5b:16:03:
         c9:d3:41:ff:35:7e:3d:57:ac:3b:b3:1a:2e:07:25:a4:01:a8:
         d1:7c:9e:96:db:7c:e7:04:c4:a3:46:fe:69:67:e7:ff:1c:e9:
         27:92:cb:6e:92:83:27:2e:65:66:ea:84:e3:df:9f:12:87:c6:
         03:d4:08:ff:4c:41:ca:ac:0e:f5:63:c7:20:24:d0:58:54:b9:
         cf:f0:cf:a5:dc:a3:43:af:19:b3:85:d3:d0:e8:62:24:86:d4:
         88:c5:13:9e:bb:82:7e:26:90:89:05:ac:b0:08:e2:98:27:2c:
         4a:bb:69:71:6f:c9:6b:30:21:20:2b:a5:29:74:a3:72:cb:9d:
         a7:2e:cc:7b:66:f5:d9:bf:48:6c:db:8e:aa:62:c7:37:3d:cc:
         31:1f:15:a0:f6:74:a4:1e:8c:77:f5:49:24:39:21:8e:37:66:
         53:57:10:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRPAWwMhxab2NsgmNuI8JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzZTIxNjFkN2YwMWZhNmZkMDg0MmMyMTEwODA2MzNmM2Vk
MzZiYTUwHhcNMjUwMTAxMjM0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGEzYmRmZTQ2YjRlZmEwYmViNTc1MzRhOWIzN2U1MDZjMjYyNDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmryMPqLeXsLJCtXc4VIyIrgWPIKO
bgVlBwelZpYWvzK7JmKrhpJe4Sq23qDMSQejeVvTW9o47BoDyS/itNjrmDwxowOo
4gWrkdZh6DtIbhtLzyLsf7X1Xr6RFYCPpWg7mSm2LJRfGnqmEGmO6y/HMiR4EQIa
grjkw9sO0vIQTMGhSDB1UKS/HxsR9a6j3wcYtmJvTOyr00ij08MIN0JAHf97dSJj
CPdEXWgB+1Fn9Sd9P6wTuChDA0L3dNaKO5lUG6jes1AItV5ffOXPKtDCHSFk8jep
AlgcbSQo7KEvQ8njokJgi5xTmZqjzb5jQNoYN2Kt0Rhpm61bLdCNXoB4yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASjvf5GtO+gvrV1NKmzflBsJiRiMB8GA1UdIwQY
MBaAFKPiFh1/Afpv0IQsIRCAYz8+02ulMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvby1JV0hYOEItbV9RaEN3aEVJQmpQejdUYTZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi82YTY0ZWEtOWYxZS00YjQzLWJmMmEt
N2UwMzQwZWM5NjY3LzEvQktPOV9rYTA3NkMtdFhVMHFiTi1VR3dtSkdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi82YTY0ZWEtOWYxZS00YjQzLWJmMmEtN2UwMzQwZWM5NjY3
LzEvby1JV0hYOEItbV9RaEN3aEVJQmpQejdUYTZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufGKMA0G
CSqGSIb3DQEBCwUAA4IBAQCFx4Z2z6kJ4rnm3uigipsTDeQl4MURDVeOt4Rkm5gl
Dkpmhntx+HMNRAEKhY/OBEu85hHrybLntznp7oPKWLIM7p3gGSbdbSML4Q0g+//y
YCBR5bl+bnFbFgPJ00H/NX49V6w7sxouByWkAajRfJ6W23znBMSjRv5pZ+f/HOkn
kstukoMnLmVm6oTj358Sh8YD1Aj/TEHKrA71Y8cgJNBYVLnP8M+l3KNDrxmzhdPQ
6GIkhtSIxROeu4J+JpCJBaywCOKYJyxKu2lxb8lrMCEgK6UpdKNyy52nLsx7ZvXZ
v0hs246qYsc3PcwxHxWg9nSkHox39UkkOSGON2ZTVxC7
-----END CERTIFICATE-----