Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/df1bcc-0200-46cb-a933-66340bbff0b9/1/0BICdqb5A9bNsYNyfblTmTRkwnw.roa
File:                     0BICdqb5A9bNsYNyfblTmTRkwnw.roa (raw, json)
Hash identifier:          PtABaGHDi334AqwnRLZfJcN8f3EkaEmqQ2GDuvQaa7Y=
Subject key identifier:   D0:12:02:76:A6:F9:03:D6:CD:B1:83:72:7D:B9:53:99:34:64:C2:7C
Certificate issuer:       /CN=1b646d42ce89d4093e4ac927a7f236f37a51abe2
Certificate serial:       018CC3B6F5A88379BCBE165B271AAF0B2915
Authority key identifier: 1B:64:6D:42:CE:89:D4:09:3E:4A:C9:27:A7:F2:36:F3:7A:51:AB:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G2RtQs6J1Ak-Ssknp_I283pRq-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/df1bcc-0200-46cb-a933-66340bbff0b9/1/0BICdqb5A9bNsYNyfblTmTRkwnw.roa
Signing time:             Mon 01 Jan 2024 06:29:56 +0000
ROA not before:           Mon 01 Jan 2024 06:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33843
IP address blocks:        91.206.46.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/df1bcc-0200-46cb-a933-66340bbff0b9/1/G2RtQs6J1Ak-Ssknp_I283pRq-I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/df1bcc-0200-46cb-a933-66340bbff0b9/1/G2RtQs6J1Ak-Ssknp_I283pRq-I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G2RtQs6J1Ak-Ssknp_I283pRq-I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 12:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f5:a8:83:79:bc:be:16:5b:27:1a:af:0b:29:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b646d42ce89d4093e4ac927a7f236f37a51abe2
        Validity
            Not Before: Jan  1 06:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0120276a6f903d6cdb183727db953993464c27c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:6b:98:2f:85:4c:cb:ed:15:17:58:69:a8:4d:
                    95:6a:70:6f:f1:6e:6a:fd:72:d8:5b:09:88:70:de:
                    bd:5a:75:0f:95:a4:78:ad:71:53:f4:e9:94:63:80:
                    35:73:4c:bf:32:29:7d:07:ef:de:5f:ee:6b:34:e9:
                    4a:dc:de:2f:c1:77:63:c2:cf:de:eb:91:28:5d:80:
                    57:2d:d2:89:25:89:1f:54:11:5b:43:56:cc:d0:53:
                    c4:18:61:ae:6b:1c:61:15:0d:da:68:59:2e:67:52:
                    0d:5a:ed:b8:b7:bf:0f:c7:b6:35:5a:97:e9:a5:9d:
                    08:c9:90:a2:9d:96:4d:be:37:c0:f7:74:af:41:12:
                    7c:18:c0:31:79:55:07:aa:7d:b1:9c:b1:48:6b:ef:
                    1e:21:73:b0:47:cc:52:ba:ae:3f:88:bb:6c:4a:5e:
                    e3:59:55:b1:c4:bc:73:14:1c:26:48:b0:a0:0d:e2:
                    3d:13:5b:2f:7b:70:6c:c1:45:13:11:b6:37:c6:81:
                    4f:19:e4:e0:81:34:aa:20:33:04:7e:b6:64:9d:ed:
                    cd:d3:c4:10:24:1b:13:86:26:79:6a:ba:37:cb:ee:
                    e9:0e:79:fb:af:51:4d:d6:8e:bc:50:29:70:37:12:
                    11:bf:61:cc:c2:08:f2:a2:86:b8:53:d5:2c:0d:99:
                    22:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:12:02:76:A6:F9:03:D6:CD:B1:83:72:7D:B9:53:99:34:64:C2:7C
            X509v3 Authority Key Identifier:
                keyid:1B:64:6D:42:CE:89:D4:09:3E:4A:C9:27:A7:F2:36:F3:7A:51:AB:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G2RtQs6J1Ak-Ssknp_I283pRq-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/df1bcc-0200-46cb-a933-66340bbff0b9/1/0BICdqb5A9bNsYNyfblTmTRkwnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/df1bcc-0200-46cb-a933-66340bbff0b9/1/G2RtQs6J1Ak-Ssknp_I283pRq-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:f5:fb:79:f0:c2:f3:2e:f3:93:33:2e:bf:c3:f0:96:e9:e1:
         d0:fc:6e:d5:47:05:66:b6:af:a2:81:68:3a:e5:e5:1d:7a:aa:
         b6:46:96:ce:15:f3:6c:7c:70:c8:df:f4:55:42:75:34:71:4f:
         81:82:0d:e4:ee:b8:b1:c1:f0:65:99:56:d2:15:1f:65:80:40:
         c2:3c:f6:2c:7a:51:07:60:ad:ba:68:58:5e:61:d7:5b:f3:a8:
         d6:99:b1:28:3b:9a:f8:d0:2d:16:14:e3:2e:1d:a0:8d:09:b4:
         e6:d4:2a:a8:0b:22:a3:be:fa:6a:10:6b:f8:7f:09:79:81:55:
         55:32:f8:a3:07:5e:4d:7d:c8:e9:ac:56:fc:af:d5:13:a5:36:
         40:77:cb:93:cb:43:cf:bf:3b:60:76:90:a7:00:dd:3b:8d:35:
         fc:da:55:ac:7e:49:2f:ce:03:4a:9f:c1:35:c6:7e:ca:73:4f:
         8c:e0:1f:41:1f:8c:fc:a6:d7:61:bc:ea:e1:dc:0c:d5:88:57:
         e5:ea:ca:fc:00:28:dd:6a:31:50:b1:8c:31:55:a0:6c:d4:b0:
         d2:4e:b1:9f:e3:62:2a:64:94:b3:9e:56:34:7b:6a:a1:9e:7d:
         fc:cc:67:c0:e9:c6:0f:98:72:90:e2:4e:10:a0:d8:96:12:fe:
         ff:2a:c2:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvWog3m8vhZbJxqvCykVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiNjQ2ZDQyY2U4OWQ0MDkzZTRhYzkyN2E3ZjIzNmYzN2E1
MWFiZTIwHhcNMjQwMTAxMDYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDEyMDI3NmE2ZjkwM2Q2Y2RiMTgzNzI3ZGI5NTM5OTM0NjRjMjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmuYL4VMy+0VF1hpqE2VanBv8W5q
/XLYWwmIcN69WnUPlaR4rXFT9OmUY4A1c0y/Mil9B+/eX+5rNOlK3N4vwXdjws/e
65EoXYBXLdKJJYkfVBFbQ1bM0FPEGGGuaxxhFQ3aaFkuZ1INWu24t78Px7Y1Wpfp
pZ0IyZCinZZNvjfA93SvQRJ8GMAxeVUHqn2xnLFIa+8eIXOwR8xSuq4/iLtsSl7j
WVWxxLxzFBwmSLCgDeI9E1sve3BswUUTEbY3xoFPGeTggTSqIDMEfrZkne3N08QQ
JBsThiZ5aro3y+7pDnn7r1FN1o68UClwNxIRv2HMwgjyooa4U9UsDZkiqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNASAnam+QPWzbGDcn25U5k0ZMJ8MB8GA1UdIwQY
MBaAFBtkbULOidQJPkrJJ6fyNvN6UaviMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzJSdFFzNkoxQWstU3NrbnBfSTI4M3BScS1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9kZjFiY2MtMDIwMC00NmNiLWE5MzMt
NjYzNDBiYmZmMGI5LzEvMEJJQ2RxYjVBOWJOc1lOeWZibFRtVFJrd253LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9kZjFiY2MtMDIwMC00NmNiLWE5MzMtNjYzNDBiYmZmMGI5
LzEvRzJSdFFzNkoxQWstU3NrbnBfSTI4M3BScS1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW84uMA0G
CSqGSIb3DQEBCwUAA4IBAQAu9ft58MLzLvOTMy6/w/CW6eHQ/G7VRwVmtq+igWg6
5eUdeqq2RpbOFfNsfHDI3/RVQnU0cU+Bgg3k7rixwfBlmVbSFR9lgEDCPPYselEH
YK26aFheYddb86jWmbEoO5r40C0WFOMuHaCNCbTm1CqoCyKjvvpqEGv4fwl5gVVV
MvijB15NfcjprFb8r9UTpTZAd8uTy0PPvztgdpCnAN07jTX82lWsfkkvzgNKn8E1
xn7Kc0+M4B9BH4z8ptdhvOrh3AzViFfl6sr8ACjdajFQsYwxVaBs1LDSTrGf42Iq
ZJSznlY0e2qhnn38zGfA6cYPmHKQ4k4QoNiWEv7/KsL/
-----END CERTIFICATE-----