Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/5c3244-835d-472d-bf0e-0c7a87196c35/1/BHdWrr2izmNkRLRjh6CNPRyM9rQ.roa
File:                     BHdWrr2izmNkRLRjh6CNPRyM9rQ.roa (raw, json)
Hash identifier:          W7F3emTQnLNPV500PmD9MJh6w8Etr5nG416RyKLhGP4=
Subject key identifier:   04:77:56:AE:BD:A2:CE:63:64:44:B4:63:87:A0:8D:3D:1C:8C:F6:B4
Certificate issuer:       /CN=21506035b32cc33af0589c55be849775e92c4693
Certificate serial:       018CC6B8E36DCEE5637E0224AEAD9F4F64C7
Authority key identifier: 21:50:60:35:B3:2C:C3:3A:F0:58:9C:55:BE:84:97:75:E9:2C:46:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IVBgNbMswzrwWJxVvoSXdeksRpM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/5c3244-835d-472d-bf0e-0c7a87196c35/1/BHdWrr2izmNkRLRjh6CNPRyM9rQ.roa
Signing time:             Mon 01 Jan 2024 20:30:54 +0000
ROA not before:           Mon 01 Jan 2024 20:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44480
IP address blocks:        91.199.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/5c3244-835d-472d-bf0e-0c7a87196c35/1/IVBgNbMswzrwWJxVvoSXdeksRpM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/5c3244-835d-472d-bf0e-0c7a87196c35/1/IVBgNbMswzrwWJxVvoSXdeksRpM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IVBgNbMswzrwWJxVvoSXdeksRpM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:e3:6d:ce:e5:63:7e:02:24:ae:ad:9f:4f:64:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21506035b32cc33af0589c55be849775e92c4693
        Validity
            Not Before: Jan  1 20:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=047756aebda2ce636444b46387a08d3d1c8cf6b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:56:7a:a6:6e:b2:d2:3f:f6:5d:bf:85:bc:13:
                    82:8a:bc:23:01:64:58:57:d6:ee:b5:45:9c:a5:07:
                    6e:27:86:06:d5:a5:24:75:fe:da:ed:af:63:80:cd:
                    b2:1d:13:2b:a5:2c:13:f0:3d:af:da:8f:3f:97:14:
                    28:5a:9c:a3:df:9a:9d:e3:32:cf:7b:88:eb:0a:fa:
                    6f:7f:8e:88:b9:48:98:4c:f8:28:8c:4e:c6:a6:6c:
                    35:9a:d1:cb:65:ce:4a:45:b2:bb:aa:83:07:31:0a:
                    b9:aa:db:64:d5:1c:3d:3c:9f:0d:e5:3f:7e:b3:6e:
                    25:aa:98:5a:78:f4:45:e1:f9:09:44:6c:55:78:89:
                    16:57:00:2f:dc:a8:eb:46:bd:a9:9a:84:59:af:a1:
                    e5:a6:66:67:83:0c:f4:e4:7c:07:b8:58:58:37:f9:
                    b9:e4:0c:e5:dd:f6:0f:59:a8:f0:48:5e:b2:f0:ce:
                    aa:6d:15:28:33:51:47:6e:28:e8:5e:95:d1:5c:b8:
                    73:d1:3f:93:c1:09:dd:dc:96:bf:19:3d:c8:48:18:
                    6e:a8:32:ed:a9:4a:9d:9a:e0:4e:bb:d5:d9:99:4f:
                    ab:8d:f4:b0:2d:0e:6f:ca:6a:19:57:a8:3a:e5:d5:
                    d4:3c:b1:37:dc:16:92:14:74:a9:a9:93:4d:bd:71:
                    c5:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:77:56:AE:BD:A2:CE:63:64:44:B4:63:87:A0:8D:3D:1C:8C:F6:B4
            X509v3 Authority Key Identifier:
                keyid:21:50:60:35:B3:2C:C3:3A:F0:58:9C:55:BE:84:97:75:E9:2C:46:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVBgNbMswzrwWJxVvoSXdeksRpM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/5c3244-835d-472d-bf0e-0c7a87196c35/1/BHdWrr2izmNkRLRjh6CNPRyM9rQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/5c3244-835d-472d-bf0e-0c7a87196c35/1/IVBgNbMswzrwWJxVvoSXdeksRpM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:06:5f:54:56:a0:56:7c:e5:43:96:74:d5:5d:15:26:77:d2:
         82:5c:fe:c7:ab:2d:11:a4:75:b7:00:13:9e:73:7d:30:d3:ac:
         8a:33:93:c8:21:7f:1e:30:95:fe:07:28:1f:2a:fa:05:8a:90:
         fa:43:81:ae:af:21:57:e2:49:d1:67:ba:90:37:24:22:b0:86:
         26:98:d4:c9:da:08:36:c2:a5:a1:53:6d:16:e3:35:74:22:77:
         7a:24:a2:91:da:34:27:1d:6e:b4:ec:7b:c6:be:46:7c:b9:9d:
         3f:52:70:3f:54:01:86:ca:06:7f:d7:9c:cd:4e:3e:cc:7a:f9:
         7b:64:ca:ba:6e:02:66:d0:c8:3f:31:df:df:90:d4:f8:7c:d9:
         7f:25:25:ba:ea:f8:a7:2b:15:ea:2a:6a:71:a4:73:94:1e:38:
         84:b7:80:43:5a:ae:bd:27:32:73:a7:f4:5d:79:f1:b5:3d:cf:
         36:f7:e5:b9:9a:b8:e8:f0:87:fb:63:92:7c:5a:dd:7d:a3:03:
         9d:37:57:66:32:ce:05:af:b6:cf:33:12:14:e1:dc:ce:cf:d6:
         8f:de:2f:12:0f:a0:de:5f:6a:5b:17:14:13:85:6d:ff:23:5d:
         87:17:3d:8f:5c:64:9d:db:bf:4b:45:ab:79:80:0e:17:1f:e2:
         f8:a9:73:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuONtzuVjfgIkrq2fT2THMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTA2MDM1YjMyY2MzM2FmMDU4OWM1NWJlODQ5Nzc1ZTky
YzQ2OTMwHhcNMjQwMTAxMjAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDc3NTZhZWJkYTJjZTYzNjQ0NGI0NjM4N2EwOGQzZDFjOGNmNmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslZ6pm6y0j/2Xb+FvBOCirwjAWRY
V9butUWcpQduJ4YG1aUkdf7a7a9jgM2yHRMrpSwT8D2v2o8/lxQoWpyj35qd4zLP
e4jrCvpvf46IuUiYTPgojE7Gpmw1mtHLZc5KRbK7qoMHMQq5qttk1Rw9PJ8N5T9+
s24lqphaePRF4fkJRGxVeIkWVwAv3KjrRr2pmoRZr6HlpmZngwz05HwHuFhYN/m5
5Azl3fYPWajwSF6y8M6qbRUoM1FHbijoXpXRXLhz0T+TwQnd3Ja/GT3ISBhuqDLt
qUqdmuBOu9XZmU+rjfSwLQ5vymoZV6g65dXUPLE33BaSFHSpqZNNvXHFuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAR3Vq69os5jZES0Y4egjT0cjPa0MB8GA1UdIwQY
MBaAFCFQYDWzLMM68FicVb6El3XpLEaTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZCZ05iTXN3enJ3V0p4VnZvU1hkZWtzUnBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi81YzMyNDQtODM1ZC00NzJkLWJmMGUt
MGM3YTg3MTk2YzM1LzEvQkhkV3JyMml6bU5rUkxSamg2Q05QUnlNOXJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi81YzMyNDQtODM1ZC00NzJkLWJmMGUtMGM3YTg3MTk2YzM1
LzEvSVZCZ05iTXN3enJ3V0p4VnZvU1hkZWtzUnBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8eBMA0G
CSqGSIb3DQEBCwUAA4IBAQBABl9UVqBWfOVDlnTVXRUmd9KCXP7Hqy0RpHW3ABOe
c30w06yKM5PIIX8eMJX+BygfKvoFipD6Q4GuryFX4knRZ7qQNyQisIYmmNTJ2gg2
wqWhU20W4zV0Ind6JKKR2jQnHW607HvGvkZ8uZ0/UnA/VAGGygZ/15zNTj7Mevl7
ZMq6bgJm0Mg/Md/fkNT4fNl/JSW66vinKxXqKmpxpHOUHjiEt4BDWq69JzJzp/Rd
efG1Pc829+W5mrjo8If7Y5J8Wt19owOdN1dmMs4Fr7bPMxIU4dzOz9aP3i8SD6De
X2pbFxQThW3/I12HFz2PXGSd279LRat5gA4XH+L4qXPj
-----END CERTIFICATE-----