Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/b025bc-bc73-4d3c-a430-00394b610a34/1/BJvrWY-snVYEuGlSprfA7sh3aPc.roa
File:                     BJvrWY-snVYEuGlSprfA7sh3aPc.roa (raw, json)
Hash identifier:          VDDwIRMSPyJkfB9ywFfBu5InRtgL78y8F4YgCYn8eUU=
Subject key identifier:   04:9B:EB:59:8F:AC:9D:56:04:B8:69:52:A6:B7:C0:EE:C8:77:68:F7
Certificate issuer:       /CN=4940cf778dd9817657cd8d4feedd423d46d1a965
Certificate serial:       018CC870919EB4518E2DA262EC448C0F22E0
Authority key identifier: 49:40:CF:77:8D:D9:81:76:57:CD:8D:4F:EE:DD:42:3D:46:D1:A9:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SUDPd43ZgXZXzY1P7t1CPUbRqWU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/b025bc-bc73-4d3c-a430-00394b610a34/1/BJvrWY-snVYEuGlSprfA7sh3aPc.roa
Signing time:             Tue 02 Jan 2024 04:31:09 +0000
ROA not before:           Tue 02 Jan 2024 04:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50182
IP address blocks:        194.34.98.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/b025bc-bc73-4d3c-a430-00394b610a34/1/SUDPd43ZgXZXzY1P7t1CPUbRqWU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/b025bc-bc73-4d3c-a430-00394b610a34/1/SUDPd43ZgXZXzY1P7t1CPUbRqWU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SUDPd43ZgXZXzY1P7t1CPUbRqWU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:91:9e:b4:51:8e:2d:a2:62:ec:44:8c:0f:22:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4940cf778dd9817657cd8d4feedd423d46d1a965
        Validity
            Not Before: Jan  2 04:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=049beb598fac9d5604b86952a6b7c0eec87768f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:2b:81:db:28:78:fa:af:99:61:b1:ad:ee:bb:
                    47:c4:b6:ed:77:22:23:74:af:30:3d:71:94:b2:22:
                    5a:44:91:ef:4a:56:ed:2d:e7:3e:e9:fc:20:89:06:
                    7c:87:78:35:24:f4:63:51:46:59:42:f4:d2:6d:2c:
                    80:99:26:4d:27:71:20:f8:a3:2a:6a:30:dc:1b:62:
                    52:7c:c4:25:f5:e0:9c:ae:af:19:d8:31:2f:dc:a6:
                    05:e2:4e:03:27:b2:23:db:91:b9:9e:ea:66:74:7e:
                    13:a3:7a:1a:b1:e9:f1:54:13:66:74:6f:7c:06:cd:
                    10:da:7d:02:ca:f4:76:27:2b:25:d3:da:19:2b:ae:
                    02:f9:e2:f9:a6:a9:b8:da:e4:45:5a:4d:b2:83:1f:
                    bc:83:2e:87:7f:e4:f4:b6:c7:f0:94:bf:cd:77:3b:
                    03:7d:e0:45:cf:6e:95:10:71:83:2f:c1:a3:9e:53:
                    76:01:79:d1:f9:9d:b3:7d:6c:8e:62:48:4e:7e:9c:
                    7c:76:c0:b2:9e:1c:f7:24:58:fa:e8:57:e2:01:d8:
                    8b:98:f4:1b:ab:02:62:31:9a:14:ab:b5:e7:70:d4:
                    63:bc:c5:1d:28:53:4e:ed:78:76:7f:d1:a3:de:32:
                    10:df:78:ec:b9:45:c2:8b:a9:96:5f:21:ab:b9:0a:
                    d6:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:9B:EB:59:8F:AC:9D:56:04:B8:69:52:A6:B7:C0:EE:C8:77:68:F7
            X509v3 Authority Key Identifier:
                keyid:49:40:CF:77:8D:D9:81:76:57:CD:8D:4F:EE:DD:42:3D:46:D1:A9:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SUDPd43ZgXZXzY1P7t1CPUbRqWU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/b025bc-bc73-4d3c-a430-00394b610a34/1/BJvrWY-snVYEuGlSprfA7sh3aPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/b025bc-bc73-4d3c-a430-00394b610a34/1/SUDPd43ZgXZXzY1P7t1CPUbRqWU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         77:40:34:36:d0:dd:44:f5:9c:32:4f:36:a8:01:3d:20:58:a1:
         14:c2:87:12:34:17:07:e9:ff:ae:ac:e2:69:82:1b:c7:39:bd:
         60:de:3f:fa:51:57:e5:28:ee:37:d8:08:67:6d:5a:3d:e9:ea:
         6f:b9:a8:a8:7f:d6:9f:45:0b:52:d9:d1:a8:36:d1:14:23:7a:
         8f:d8:97:94:8a:65:c7:06:d0:d2:62:da:fd:2a:19:49:ea:e4:
         d6:dd:cf:e5:c3:57:d3:61:84:f8:bf:12:c3:82:6c:c0:28:de:
         68:7a:3c:69:7f:d6:3a:67:6c:49:0e:67:d6:ec:ab:67:6b:d3:
         a3:30:d8:b3:ef:06:ca:0a:1f:d5:0c:af:64:f6:bb:64:74:25:
         69:31:b2:30:9b:a2:5f:59:83:fd:50:f5:bb:63:6b:8b:8a:60:
         c9:ee:77:8e:f5:69:fe:82:f9:43:e8:33:32:9d:35:e1:c9:95:
         5e:a5:4b:8e:1f:a8:6d:e9:db:06:9b:0c:c7:dd:f6:64:31:0a:
         c4:a3:b6:c4:76:51:93:da:05:a8:49:92:64:ce:a2:e9:29:f2:
         1f:e3:a1:a6:f0:ae:7e:87:22:6c:7c:a3:9d:80:e3:37:5e:3f:
         0b:86:57:2a:6c:89:12:96:38:3b:86:00:2a:d9:88:30:dc:19:
         e3:04:fd:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcJGetFGOLaJi7ESMDyLgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NDBjZjc3OGRkOTgxNzY1N2NkOGQ0ZmVlZGQ0MjNkNDZk
MWE5NjUwHhcNMjQwMTAyMDQzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDliZWI1OThmYWM5ZDU2MDRiODY5NTJhNmI3YzBlZWM4Nzc2OGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyuB2yh4+q+ZYbGt7rtHxLbtdyIj
dK8wPXGUsiJaRJHvSlbtLec+6fwgiQZ8h3g1JPRjUUZZQvTSbSyAmSZNJ3Eg+KMq
ajDcG2JSfMQl9eCcrq8Z2DEv3KYF4k4DJ7Ij25G5nupmdH4To3oasenxVBNmdG98
Bs0Q2n0CyvR2Jysl09oZK64C+eL5pqm42uRFWk2ygx+8gy6Hf+T0tsfwlL/NdzsD
feBFz26VEHGDL8GjnlN2AXnR+Z2zfWyOYkhOfpx8dsCynhz3JFj66FfiAdiLmPQb
qwJiMZoUq7XncNRjvMUdKFNO7Xh2f9Gj3jIQ33jsuUXCi6mWXyGruQrWyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASb61mPrJ1WBLhpUqa3wO7Id2j3MB8GA1UdIwQY
MBaAFElAz3eN2YF2V82NT+7dQj1G0allMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1VEUGQ0M1pnWFpYelkxUDd0MUNQVWJScVdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9iMDI1YmMtYmM3My00ZDNjLWE0MzAt
MDAzOTRiNjEwYTM0LzEvQkp2cldZLXNuVllFdUdsU3ByZkE3c2gzYVBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9iMDI1YmMtYmM3My00ZDNjLWE0MzAtMDAzOTRiNjEwYTM0
LzEvU1VEUGQ0M1pnWFpYelkxUDd0MUNQVWJScVdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwiJiMA0G
CSqGSIb3DQEBCwUAA4IBAQB3QDQ20N1E9ZwyTzaoAT0gWKEUwocSNBcH6f+urOJp
ghvHOb1g3j/6UVflKO432AhnbVo96epvuaiof9afRQtS2dGoNtEUI3qP2JeUimXH
BtDSYtr9KhlJ6uTW3c/lw1fTYYT4vxLDgmzAKN5oejxpf9Y6Z2xJDmfW7Ktna9Oj
MNiz7wbKCh/VDK9k9rtkdCVpMbIwm6JfWYP9UPW7Y2uLimDJ7neO9Wn+gvlD6DMy
nTXhyZVepUuOH6ht6dsGmwzH3fZkMQrEo7bEdlGT2gWoSZJkzqLpKfIf46Gm8K5+
hyJsfKOdgOM3Xj8LhlcqbIkSljg7hgAq2Ygw3BnjBP2C
-----END CERTIFICATE-----