Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/5bab79-afaa-4cdd-bc23-40314fc3d874/1/BC6Zt5o2PyKK37VtN6xzOxgt7Ys.roa
File:                     BC6Zt5o2PyKK37VtN6xzOxgt7Ys.roa (raw, json)
Hash identifier:          E5URjVfvNbY/fPLSW6KGfslqMS6PGTqt1tDnz+q9nB8=
Subject key identifier:   04:2E:99:B7:9A:36:3F:22:8A:DF:B5:6D:37:AC:73:3B:18:2D:ED:8B
Certificate issuer:       /CN=8f0064c6f80e0967fbe4e4b8fb24a4143c4857c6
Certificate serial:       018CC72764FDBCFB843D1779F27187533AC3
Authority key identifier: 8F:00:64:C6:F8:0E:09:67:FB:E4:E4:B8:FB:24:A4:14:3C:48:57:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jwBkxvgOCWf75OS4-ySkFDxIV8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/5bab79-afaa-4cdd-bc23-40314fc3d874/1/BC6Zt5o2PyKK37VtN6xzOxgt7Ys.roa
Signing time:             Mon 01 Jan 2024 22:31:36 +0000
ROA not before:           Mon 01 Jan 2024 22:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31252
IP address blocks:        193.57.52.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/5bab79-afaa-4cdd-bc23-40314fc3d874/1/jwBkxvgOCWf75OS4-ySkFDxIV8Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/5bab79-afaa-4cdd-bc23-40314fc3d874/1/jwBkxvgOCWf75OS4-ySkFDxIV8Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jwBkxvgOCWf75OS4-ySkFDxIV8Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:64:fd:bc:fb:84:3d:17:79:f2:71:87:53:3a:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f0064c6f80e0967fbe4e4b8fb24a4143c4857c6
        Validity
            Not Before: Jan  1 22:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=042e99b79a363f228adfb56d37ac733b182ded8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:65:01:d2:a7:15:58:c2:8a:dd:86:51:90:65:
                    8f:b8:16:bc:7d:50:07:7a:34:94:18:91:90:f9:b2:
                    15:71:ee:10:c5:33:50:b0:73:bd:cb:4f:06:ee:6b:
                    a3:bf:e5:08:ac:3c:11:7b:06:18:66:06:28:34:d2:
                    f7:6f:ac:78:2a:75:5b:c7:26:e2:0d:eb:47:57:ef:
                    0c:70:ff:f3:82:53:5d:53:0c:8b:f1:ed:23:7e:53:
                    63:97:27:91:23:74:5c:b6:68:00:70:0b:83:3d:14:
                    0f:76:f6:14:60:e2:af:48:70:d1:55:f9:9d:a2:a2:
                    64:d4:c4:cd:c6:68:49:b0:fa:f8:f4:7f:fb:4c:b0:
                    81:e5:8c:98:fa:5b:83:fd:79:c8:fd:7e:8d:f6:11:
                    57:bc:49:a4:ae:a3:39:e4:ff:ed:a3:55:3a:6a:1d:
                    0d:5f:09:76:34:64:6b:c6:6f:2e:cf:f7:4f:3c:c2:
                    e1:5b:be:c6:6f:e6:56:df:6e:9a:d3:94:80:63:1c:
                    90:e3:1a:87:4d:ef:87:42:be:a7:6c:4f:a3:0d:6b:
                    08:c5:80:ef:54:6c:22:2e:e6:0a:b9:6e:97:15:cd:
                    f9:5c:7f:f6:b2:cb:99:17:3e:5e:7a:a7:10:56:63:
                    8a:f3:9a:05:7b:54:50:de:c5:53:a7:7c:a3:c4:f2:
                    6a:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:2E:99:B7:9A:36:3F:22:8A:DF:B5:6D:37:AC:73:3B:18:2D:ED:8B
            X509v3 Authority Key Identifier:
                keyid:8F:00:64:C6:F8:0E:09:67:FB:E4:E4:B8:FB:24:A4:14:3C:48:57:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jwBkxvgOCWf75OS4-ySkFDxIV8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/5bab79-afaa-4cdd-bc23-40314fc3d874/1/BC6Zt5o2PyKK37VtN6xzOxgt7Ys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/5bab79-afaa-4cdd-bc23-40314fc3d874/1/jwBkxvgOCWf75OS4-ySkFDxIV8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a5:14:35:20:74:2b:d3:bf:49:15:82:f6:2a:86:c5:4c:10:cf:
         cf:4e:67:06:1c:4c:aa:a8:6f:ea:88:59:fa:bb:dd:82:4c:54:
         89:0b:14:8e:f5:55:50:68:5c:6d:c2:e6:3c:ea:29:11:8d:ea:
         e5:b0:e0:8b:ae:3c:9d:b3:02:12:a3:00:fd:f4:31:d1:b5:1d:
         fb:cc:26:e3:46:b2:6b:80:1a:ef:7b:70:3f:f0:3d:ca:59:99:
         44:17:e7:bf:64:ef:96:c5:88:ce:e5:a9:19:5d:72:fd:2d:b5:
         4c:93:c1:d9:e1:ba:59:b5:6c:b5:fa:26:0a:00:6f:05:ce:aa:
         b4:ff:ea:a6:79:22:ff:08:2e:94:2c:91:b2:44:eb:94:bf:59:
         c8:e2:cd:c5:d0:53:29:4d:f2:1e:84:72:5e:a9:56:a3:fb:e8:
         86:e2:97:60:a5:6d:e9:90:b2:12:51:e5:ca:c5:25:65:90:85:
         a5:a8:bf:0d:cc:b4:ac:eb:9d:9e:ed:64:5e:7a:fb:d8:c4:e1:
         51:c2:ae:4d:56:5e:bc:bc:86:41:1a:2f:8e:0f:fa:4b:56:2e:
         8e:b2:0a:3a:4d:cf:2c:6d:91:61:24:82:90:b2:79:66:a8:84:
         4a:98:f5:37:64:fa:c4:55:4b:0a:bf:4e:5a:62:cc:b4:1f:e9:
         53:e2:02:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2T9vPuEPRd58nGHUzrDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMDA2NGM2ZjgwZTA5NjdmYmU0ZTRiOGZiMjRhNDE0M2M0
ODU3YzYwHhcNMjQwMTAxMjIzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDJlOTliNzlhMzYzZjIyOGFkZmI1NmQzN2FjNzMzYjE4MmRlZDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWUB0qcVWMKK3YZRkGWPuBa8fVAH
ejSUGJGQ+bIVce4QxTNQsHO9y08G7mujv+UIrDwRewYYZgYoNNL3b6x4KnVbxybi
DetHV+8McP/zglNdUwyL8e0jflNjlyeRI3RctmgAcAuDPRQPdvYUYOKvSHDRVfmd
oqJk1MTNxmhJsPr49H/7TLCB5YyY+luD/XnI/X6N9hFXvEmkrqM55P/to1U6ah0N
Xwl2NGRrxm8uz/dPPMLhW77Gb+ZW326a05SAYxyQ4xqHTe+HQr6nbE+jDWsIxYDv
VGwiLuYKuW6XFc35XH/2ssuZFz5eeqcQVmOK85oFe1RQ3sVTp3yjxPJq3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQumbeaNj8iit+1bTesczsYLe2LMB8GA1UdIwQY
MBaAFI8AZMb4Dgln++TkuPskpBQ8SFfGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvandCa3h2Z09DV2Y3NU9TNC15U2tGRHhJVjhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy81YmFiNzktYWZhYS00Y2RkLWJjMjMt
NDAzMTRmYzNkODc0LzEvQkM2WnQ1bzJQeUtLMzdWdE42eHpPeGd0N1lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy81YmFiNzktYWZhYS00Y2RkLWJjMjMtNDAzMTRmYzNkODc0
LzEvandCa3h2Z09DV2Y3NU9TNC15U2tGRHhJVjhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwTk0MA0G
CSqGSIb3DQEBCwUAA4IBAQClFDUgdCvTv0kVgvYqhsVMEM/PTmcGHEyqqG/qiFn6
u92CTFSJCxSO9VVQaFxtwuY86ikRjerlsOCLrjydswISowD99DHRtR37zCbjRrJr
gBrve3A/8D3KWZlEF+e/ZO+WxYjO5akZXXL9LbVMk8HZ4bpZtWy1+iYKAG8Fzqq0
/+qmeSL/CC6ULJGyROuUv1nI4s3F0FMpTfIehHJeqVaj++iG4pdgpW3pkLISUeXK
xSVlkIWlqL8NzLSs652e7WReevvYxOFRwq5NVl68vIZBGi+OD/pLVi6Osgo6Tc8s
bZFhJIKQsnlmqIRKmPU3ZPrEVUsKv05aYsy0H+lT4gKd
-----END CERTIFICATE-----