Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/c07a7d-24e6-4610-b656-c47172d5d882/1/BnHPRpHVxUrrpd0IzvhYM9ZoVGA.roa
File:                     BnHPRpHVxUrrpd0IzvhYM9ZoVGA.roa (raw, json)
Hash identifier:          k46oPjmA0dBoUS914bzbaVVF+WxzasmMO4gdexQM14I=
Subject key identifier:   06:71:CF:46:91:D5:C5:4A:EB:A5:DD:08:CE:F8:58:33:D6:68:54:60
Certificate issuer:       /CN=59b3e0956a9d4817cd92852c27a27b7d2f1113db
Certificate serial:       0194221FBA6B4EF7E130E15053B03DD45F90
Authority key identifier: 59:B3:E0:95:6A:9D:48:17:CD:92:85:2C:27:A2:7B:7D:2F:11:13:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WbPglWqdSBfNkoUsJ6J7fS8RE9s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/c07a7d-24e6-4610-b656-c47172d5d882/1/BnHPRpHVxUrrpd0IzvhYM9ZoVGA.roa
Signing time:             Wed 01 Jan 2025 13:48:12 +0000
ROA not before:           Wed 01 Jan 2025 13:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43366
IP address blocks:        185.54.216.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/c07a7d-24e6-4610-b656-c47172d5d882/1/WbPglWqdSBfNkoUsJ6J7fS8RE9s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/c07a7d-24e6-4610-b656-c47172d5d882/1/WbPglWqdSBfNkoUsJ6J7fS8RE9s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WbPglWqdSBfNkoUsJ6J7fS8RE9s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:ba:6b:4e:f7:e1:30:e1:50:53:b0:3d:d4:5f:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59b3e0956a9d4817cd92852c27a27b7d2f1113db
        Validity
            Not Before: Jan  1 13:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0671cf4691d5c54aeba5dd08cef85833d6685460
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:03:de:a2:5b:6a:a5:d0:ee:eb:90:09:09:f8:
                    c4:11:c6:d6:5a:0f:5f:08:a1:11:6b:0b:99:5f:c4:
                    60:a3:51:7a:94:47:70:5b:65:66:c5:3d:a9:72:83:
                    47:c2:b0:f0:f7:dd:f7:20:5f:41:1c:a1:9b:bc:50:
                    a9:db:5a:32:f1:61:8a:c5:b6:f7:d8:6c:ea:6f:3b:
                    1a:54:4e:79:44:e6:c5:9c:89:7a:20:dc:d7:37:b0:
                    b4:d4:b6:16:36:af:0e:54:7f:b1:13:45:3f:e3:fd:
                    43:39:8d:48:41:0b:27:af:d0:96:f1:47:20:89:d5:
                    55:02:aa:dc:59:ef:f8:8e:06:03:61:17:af:b7:3c:
                    89:1a:f0:6b:14:eb:e1:80:3f:af:41:0e:1d:28:ce:
                    bd:91:86:96:c0:b7:a5:bb:1f:48:37:8e:fc:c9:88:
                    55:29:b1:a8:2a:f7:e1:b7:a1:23:35:13:cd:24:03:
                    10:cb:f6:a5:98:9b:30:59:d2:dc:c6:1f:19:dd:56:
                    49:9b:50:e0:d2:20:9e:55:f3:a3:bb:7c:89:cc:f1:
                    1f:b2:e8:b6:45:82:11:3e:32:de:f2:55:98:7d:22:
                    40:cf:9a:ce:c8:b3:d3:f1:2b:75:2b:eb:6d:b1:a3:
                    e6:ec:91:4c:cf:72:52:b9:54:02:c4:bb:2f:29:8c:
                    ed:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:71:CF:46:91:D5:C5:4A:EB:A5:DD:08:CE:F8:58:33:D6:68:54:60
            X509v3 Authority Key Identifier:
                keyid:59:B3:E0:95:6A:9D:48:17:CD:92:85:2C:27:A2:7B:7D:2F:11:13:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WbPglWqdSBfNkoUsJ6J7fS8RE9s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/c07a7d-24e6-4610-b656-c47172d5d882/1/BnHPRpHVxUrrpd0IzvhYM9ZoVGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/c07a7d-24e6-4610-b656-c47172d5d882/1/WbPglWqdSBfNkoUsJ6J7fS8RE9s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ad:b3:7a:d6:0e:4e:b9:b3:63:0e:dc:5f:8d:aa:16:ab:4e:30:
         63:90:70:68:f4:9c:e1:c0:de:3c:33:73:52:6a:07:c7:a8:a3:
         ca:b8:ca:81:c9:53:c7:0d:ae:e3:04:61:bc:44:7c:f1:3f:a9:
         a5:6e:32:9f:36:ae:a0:b0:93:f6:9f:b4:e9:0f:33:01:1b:45:
         a2:81:93:cf:27:37:cb:93:ac:e7:fc:c6:ae:85:33:9e:77:2b:
         c5:ab:b5:91:ad:30:92:16:c9:51:cb:df:31:ec:00:f6:ce:0b:
         8f:36:16:f1:11:16:77:09:1d:1d:7c:0f:72:43:b8:be:c7:2a:
         4a:52:e2:a5:aa:3b:16:b5:2b:3f:ef:1b:ef:79:cd:e8:b9:60:
         af:b1:0a:0d:98:4a:12:2e:39:b0:55:16:ed:18:4e:08:80:c3:
         8d:d1:15:6d:9e:51:54:5b:b8:95:9d:8d:72:70:a7:e9:14:88:
         80:6d:33:d4:0c:1f:04:39:dd:52:64:bf:4f:87:06:2c:30:f8:
         6d:58:04:10:66:ea:59:03:24:5d:09:87:a3:fd:06:b0:62:c0:
         57:11:bd:f1:35:bf:88:57:29:c8:27:57:6a:34:97:2a:96:ba:
         23:64:81:40:fe:2a:05:6a:74:dd:45:53:bf:cf:03:48:a5:f0:
         c0:fa:54:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH7prTvfhMOFQU7A91F+QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5YjNlMDk1NmE5ZDQ4MTdjZDkyODUyYzI3YTI3YjdkMmYx
MTEzZGIwHhcNMjUwMTAxMTM0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjcxY2Y0NjkxZDVjNTRhZWJhNWRkMDhjZWY4NTgzM2Q2Njg1NDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAPeoltqpdDu65AJCfjEEcbWWg9f
CKERawuZX8Rgo1F6lEdwW2VmxT2pcoNHwrDw9933IF9BHKGbvFCp21oy8WGKxbb3
2GzqbzsaVE55RObFnIl6INzXN7C01LYWNq8OVH+xE0U/4/1DOY1IQQsnr9CW8Ucg
idVVAqrcWe/4jgYDYRevtzyJGvBrFOvhgD+vQQ4dKM69kYaWwLelux9IN478yYhV
KbGoKvfht6EjNRPNJAMQy/almJswWdLcxh8Z3VZJm1Dg0iCeVfOju3yJzPEfsui2
RYIRPjLe8lWYfSJAz5rOyLPT8St1K+ttsaPm7JFMz3JSuVQCxLsvKYztPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZxz0aR1cVK66XdCM74WDPWaFRgMB8GA1UdIwQY
MBaAFFmz4JVqnUgXzZKFLCeie30vERPbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2JQZ2xXcWRTQmZOa29Vc0o2SjdmUzhSRTlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9jMDdhN2QtMjRlNi00NjEwLWI2NTYt
YzQ3MTcyZDVkODgyLzEvQm5IUFJwSFZ4VXJycGQwSXp2aFlNOVpvVkdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9jMDdhN2QtMjRlNi00NjEwLWI2NTYtYzQ3MTcyZDVkODgy
LzEvV2JQZ2xXcWRTQmZOa29Vc0o2SjdmUzhSRTlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuTbYMA0G
CSqGSIb3DQEBCwUAA4IBAQCts3rWDk65s2MO3F+NqharTjBjkHBo9JzhwN48M3NS
agfHqKPKuMqByVPHDa7jBGG8RHzxP6mlbjKfNq6gsJP2n7TpDzMBG0WigZPPJzfL
k6zn/MauhTOedyvFq7WRrTCSFslRy98x7AD2zguPNhbxERZ3CR0dfA9yQ7i+xypK
UuKlqjsWtSs/7xvvec3ouWCvsQoNmEoSLjmwVRbtGE4IgMON0RVtnlFUW7iVnY1y
cKfpFIiAbTPUDB8EOd1SZL9PhwYsMPhtWAQQZupZAyRdCYej/QawYsBXEb3xNb+I
VynIJ1dqNJcqlrojZIFA/ioFanTdRVO/zwNIpfDA+lSE
-----END CERTIFICATE-----