Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/b55c04-6d4a-4949-aaa8-6ee1a700b219/1/BQa_O0Gc-kFRg1jUoBOb1RI3veI.roa
File:                     BQa_O0Gc-kFRg1jUoBOb1RI3veI.roa (raw, json)
Hash identifier:          YaJeJnOqZSYFg4ZRTaYeLpjFHV9t0MLyCdAs3gOZOS8=
Subject key identifier:   05:06:BF:3B:41:9C:FA:41:51:83:58:D4:A0:13:9B:D5:12:37:BD:E2
Certificate issuer:       /CN=faa5ac5d22ad9078a72e136996287247e9f1e131
Certificate serial:       018CC94E23F114103E22E71170B482CA8780
Authority key identifier: FA:A5:AC:5D:22:AD:90:78:A7:2E:13:69:96:28:72:47:E9:F1:E1:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-qWsXSKtkHinLhNplihyR-nx4TE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/b55c04-6d4a-4949-aaa8-6ee1a700b219/1/BQa_O0Gc-kFRg1jUoBOb1RI3veI.roa
Signing time:             Tue 02 Jan 2024 08:33:10 +0000
ROA not before:           Tue 02 Jan 2024 08:33:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207729
IP address blocks:        185.15.139.0/24 maxlen: 24
                          2a0f:cfc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/b55c04-6d4a-4949-aaa8-6ee1a700b219/1/1-qWsXSKtkHinLhNplihyR-nx4TE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/b55c04-6d4a-4949-aaa8-6ee1a700b219/1/1-qWsXSKtkHinLhNplihyR-nx4TE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-qWsXSKtkHinLhNplihyR-nx4TE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 15:21:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:23:f1:14:10:3e:22:e7:11:70:b4:82:ca:87:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=faa5ac5d22ad9078a72e136996287247e9f1e131
        Validity
            Not Before: Jan  2 08:33:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0506bf3b419cfa41518358d4a0139bd51237bde2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:db:7f:25:81:34:d4:5e:c0:6b:7b:b7:15:7b:
                    20:f4:33:9d:f4:d8:74:74:a4:11:ee:2d:6f:6b:c7:
                    ca:aa:cb:5a:2e:eb:d6:5d:e6:b8:67:f2:c3:73:0f:
                    41:31:c4:35:6d:74:80:44:82:e8:65:4a:3a:79:a0:
                    01:90:9c:eb:ef:68:1a:d3:6e:b1:5a:8d:fa:d5:f4:
                    92:45:62:c9:45:d7:a1:17:65:55:3b:89:07:5a:51:
                    84:74:78:af:20:e8:ee:ee:0d:0c:7d:d7:4b:83:99:
                    67:1c:a1:42:48:b1:e2:51:87:3b:8d:c4:e3:d7:62:
                    ab:e0:be:57:f8:01:b2:3e:44:ca:45:21:e3:3c:71:
                    81:4f:d8:04:94:d6:cb:a7:12:dd:c9:4a:a0:e7:c3:
                    e1:c3:7c:fb:31:f5:ad:f1:20:5b:3f:5b:5f:54:22:
                    dc:f7:31:0e:99:cd:d8:33:d4:ac:ae:b6:08:ed:ba:
                    83:87:85:c9:c5:cf:0d:17:49:9a:e6:12:da:fd:cf:
                    05:ce:78:15:5d:40:18:38:7c:64:91:21:82:35:b7:
                    2d:3b:2f:5a:05:39:5e:9e:14:c8:44:f1:a1:36:be:
                    60:b1:77:16:73:e2:2f:63:54:8d:d0:89:cc:82:a6:
                    d0:f9:47:08:52:69:8e:87:fd:1c:17:d0:c0:d4:7a:
                    f2:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:06:BF:3B:41:9C:FA:41:51:83:58:D4:A0:13:9B:D5:12:37:BD:E2
            X509v3 Authority Key Identifier:
                keyid:FA:A5:AC:5D:22:AD:90:78:A7:2E:13:69:96:28:72:47:E9:F1:E1:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-qWsXSKtkHinLhNplihyR-nx4TE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/b55c04-6d4a-4949-aaa8-6ee1a700b219/1/BQa_O0Gc-kFRg1jUoBOb1RI3veI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/b55c04-6d4a-4949-aaa8-6ee1a700b219/1/1-qWsXSKtkHinLhNplihyR-nx4TE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.15.139.0/24
                IPv6:
                  2a0f:cfc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:6e:65:56:72:ab:52:d1:80:fb:96:b2:a3:f8:d6:a5:9a:b9:
         25:fd:d6:24:60:ce:cf:ff:d0:bc:64:10:f7:bd:de:93:98:06:
         6c:31:12:a6:63:50:36:e3:af:1a:dd:98:66:f1:b4:d4:99:82:
         4a:5d:13:b5:7c:f0:14:e3:51:7b:7a:aa:31:65:f5:fe:8b:35:
         62:92:00:26:3d:63:62:d8:90:dc:7b:98:51:1d:ee:c0:b7:11:
         ac:bf:0d:7b:a9:78:6e:bd:5b:07:81:c8:06:b0:86:2e:9a:e4:
         5a:1c:96:e4:09:a5:9f:67:cd:40:d2:bb:f4:f2:c4:c0:2d:38:
         03:5b:63:3a:21:8a:2f:3c:33:bf:f5:17:e2:e7:24:86:7f:ec:
         ef:5a:f7:99:c4:d8:cb:8b:e5:45:a5:4b:9f:5f:dc:14:28:36:
         f9:74:98:47:41:19:d2:df:67:4d:b6:de:42:ea:7e:fa:88:a5:
         96:7f:fc:30:72:e4:4f:12:79:d6:18:93:2b:db:21:30:e4:7e:
         35:5f:9a:39:19:f3:d5:2e:25:db:0e:77:b8:ed:e7:16:a2:2b:
         0d:11:e5:ec:54:05:d2:0d:cb:5c:c8:f1:06:0b:1f:fb:74:ff:
         fe:16:cb:67:59:55:cb:47:60:92:98:02:89:9a:e2:bb:53:f9:
         01:e1:63:8b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJTiPxFBA+IucRcLSCyoeAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhYTVhYzVkMjJhZDkwNzhhNzJlMTM2OTk2Mjg3MjQ3ZTlm
MWUxMzEwHhcNMjQwMTAyMDgzMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTA2YmYzYjQxOWNmYTQxNTE4MzU4ZDRhMDEzOWJkNTEyMzdiZGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9t/JYE01F7Aa3u3FXsg9DOd9Nh0
dKQR7i1va8fKqstaLuvWXea4Z/LDcw9BMcQ1bXSARILoZUo6eaABkJzr72ga026x
Wo361fSSRWLJRdehF2VVO4kHWlGEdHivIOju7g0MfddLg5lnHKFCSLHiUYc7jcTj
12Kr4L5X+AGyPkTKRSHjPHGBT9gElNbLpxLdyUqg58Phw3z7MfWt8SBbP1tfVCLc
9zEOmc3YM9SsrrYI7bqDh4XJxc8NF0ma5hLa/c8FzngVXUAYOHxkkSGCNbctOy9a
BTlenhTIRPGhNr5gsXcWc+IvY1SN0InMgqbQ+UcIUmmOh/0cF9DA1HrycQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAUGvztBnPpBUYNY1KATm9USN73iMB8GA1UdIwQY
MBaAFPqlrF0irZB4py4TaZYockfp8eExMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1xV3NYU0t0a0hpbkxoTnBsaWh5Ui1ueDRURS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjkvYjU1YzA0LTZkNGEtNDk0OS1hYWE4
LTZlZTFhNzAwYjIxOS8xL0JRYV9PMEdjLWtGUmcxalVvQk9iMVJJM3ZlSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjkvYjU1YzA0LTZkNGEtNDk0OS1hYWE4LTZlZTFhNzAwYjIx
OS8xLzEtcVdzWFNLdGtIaW5MaE5wbGloeVItbng0VEUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAC5D4sw
DQQCAAIwBwMFACoPz8AwDQYJKoZIhvcNAQELBQADggEBACluZVZyq1LRgPuWsqP4
1qWauSX91iRgzs//0LxkEPe93pOYBmwxEqZjUDbjrxrdmGbxtNSZgkpdE7V88BTj
UXt6qjFl9f6LNWKSACY9Y2LYkNx7mFEd7sC3Eay/DXupeG69WweByAawhi6a5Foc
luQJpZ9nzUDSu/TyxMAtOANbYzohii88M7/1F+LnJIZ/7O9a95nE2MuL5UWlS59f
3BQoNvl0mEdBGdLfZ0223kLqfvqIpZZ//DBy5E8SedYYkyvbITDkfjVfmjkZ89Uu
JdsOd7jt5xaiKw0R5exUBdINy1zI8QYLH/t0//4Wy2dZVctHYJKYAoma4rtT+QHh
Y4s=
-----END CERTIFICATE-----