Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/741f06-c3d1-483b-b908-28a4953f0530/1/bm0UxrzMDeTf25Q-3xuAi0F5HTM.roa
File:                     bm0UxrzMDeTf25Q-3xuAi0F5HTM.roa (raw, json)
Hash identifier:          m09+bS2IkISgui2+QdsGs3thbcda4nxjmx4ytQ0KOBI=
Subject key identifier:   6E:6D:14:C6:BC:CC:0D:E4:DF:DB:94:3E:DF:1B:80:8B:41:79:1D:33
Certificate issuer:       /CN=f764eed15c52b4c8110a222963dc7b7d4ba2d146
Certificate serial:       018CC3495A5290635B6C9EB4B96A091E9C11
Authority key identifier: F7:64:EE:D1:5C:52:B4:C8:11:0A:22:29:63:DC:7B:7D:4B:A2:D1:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92Tu0VxStMgRCiIpY9x7fUui0UY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/741f06-c3d1-483b-b908-28a4953f0530/1/bm0UxrzMDeTf25Q-3xuAi0F5HTM.roa
Signing time:             Mon 01 Jan 2024 04:30:13 +0000
ROA not before:           Mon 01 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202920
IP address blocks:        84.38.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/741f06-c3d1-483b-b908-28a4953f0530/1/92Tu0VxStMgRCiIpY9x7fUui0UY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/741f06-c3d1-483b-b908-28a4953f0530/1/92Tu0VxStMgRCiIpY9x7fUui0UY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92Tu0VxStMgRCiIpY9x7fUui0UY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 19:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:5a:52:90:63:5b:6c:9e:b4:b9:6a:09:1e:9c:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f764eed15c52b4c8110a222963dc7b7d4ba2d146
        Validity
            Not Before: Jan  1 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e6d14c6bccc0de4dfdb943edf1b808b41791d33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:7d:d3:1b:c5:db:b0:97:1b:31:7a:ef:26:66:
                    c8:6b:32:ec:13:b1:7f:f0:1e:c2:65:c6:b6:b1:5f:
                    63:a7:c7:87:31:a1:e9:a1:6d:79:fb:78:73:48:2e:
                    be:92:c3:89:17:b0:42:a4:c9:84:3f:98:46:f3:77:
                    43:11:3c:9b:8f:de:60:32:92:a8:45:64:c4:a9:77:
                    68:4d:3c:08:04:87:f2:fb:a7:2b:32:20:22:2a:de:
                    c9:fa:ee:b7:93:e8:52:aa:0a:d6:7b:7e:8a:9c:c3:
                    8d:52:a7:46:2d:4b:cd:99:d4:09:7d:94:65:08:1c:
                    0b:5e:02:38:f7:89:6e:1f:83:4c:2b:57:bf:b9:dc:
                    9c:b3:e8:ab:8b:b1:19:dd:22:c5:94:c7:80:0e:33:
                    a7:3f:1b:46:5e:79:83:cd:cc:e0:8e:11:27:1e:ba:
                    dd:aa:74:d5:2e:fc:d3:ac:ec:45:d0:0d:99:99:c1:
                    3c:65:72:cd:01:3d:73:0c:14:fa:63:db:e1:aa:7d:
                    e6:e5:c1:85:d8:c0:f5:f5:e4:e5:a8:1b:56:77:71:
                    c9:ec:fe:1d:1c:be:bb:e8:da:37:3e:9f:3b:13:da:
                    ce:79:3e:25:79:b7:73:b8:91:7e:4c:cc:b1:fe:50:
                    d9:69:db:45:cc:02:ba:a6:01:4a:85:ac:a0:79:45:
                    ea:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:6D:14:C6:BC:CC:0D:E4:DF:DB:94:3E:DF:1B:80:8B:41:79:1D:33
            X509v3 Authority Key Identifier:
                keyid:F7:64:EE:D1:5C:52:B4:C8:11:0A:22:29:63:DC:7B:7D:4B:A2:D1:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92Tu0VxStMgRCiIpY9x7fUui0UY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/741f06-c3d1-483b-b908-28a4953f0530/1/bm0UxrzMDeTf25Q-3xuAi0F5HTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/741f06-c3d1-483b-b908-28a4953f0530/1/92Tu0VxStMgRCiIpY9x7fUui0UY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:29:32:f0:d5:4c:3a:69:f8:9c:ea:0f:75:42:1d:8d:2e:cb:
         f9:ee:b1:17:d3:ce:d5:3c:a8:a3:fa:81:08:0c:d5:5c:b0:a2:
         0b:42:49:c7:fe:2a:44:31:77:67:20:d1:ff:fc:29:63:63:cc:
         0a:f7:ee:22:57:10:0a:a9:b7:64:5f:65:76:10:82:c6:46:e3:
         72:af:b7:2d:70:85:39:22:02:c8:ec:cb:75:b1:e6:ce:76:a9:
         cf:ae:fe:34:c7:64:ee:03:b4:bc:65:ac:f6:d3:ff:cf:44:72:
         56:53:86:d4:03:28:36:5d:db:77:2f:aa:02:6d:56:0c:22:8c:
         9f:48:15:69:32:c3:cf:fd:74:d2:1a:41:59:a0:bb:33:85:04:
         42:79:83:eb:00:fd:a6:cd:63:78:19:fb:d9:de:de:52:06:47:
         9e:d9:13:4b:1d:8f:8d:2f:38:c4:dd:5f:f6:0c:79:e2:e5:18:
         46:7e:c4:30:27:14:55:f8:20:5f:6f:c7:07:77:96:3e:86:7a:
         f0:d3:ac:3d:14:bb:ae:d5:67:71:3c:cc:a1:0f:8b:9d:f8:74:
         a3:17:da:12:da:39:db:1b:5f:57:9f:57:24:08:22:d7:9b:d3:
         bd:71:d7:e2:55:53:a9:96:42:cb:1e:b7:cb:5f:24:e9:1d:bc:
         67:b8:7e:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVpSkGNbbJ60uWoJHpwRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NjRlZWQxNWM1MmI0YzgxMTBhMjIyOTYzZGM3YjdkNGJh
MmQxNDYwHhcNMjQwMTAxMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTZkMTRjNmJjY2MwZGU0ZGZkYjk0M2VkZjFiODA4YjQxNzkxZDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy33TG8XbsJcbMXrvJmbIazLsE7F/
8B7CZca2sV9jp8eHMaHpoW15+3hzSC6+ksOJF7BCpMmEP5hG83dDETybj95gMpKo
RWTEqXdoTTwIBIfy+6crMiAiKt7J+u63k+hSqgrWe36KnMONUqdGLUvNmdQJfZRl
CBwLXgI494luH4NMK1e/udycs+iri7EZ3SLFlMeADjOnPxtGXnmDzczgjhEnHrrd
qnTVLvzTrOxF0A2ZmcE8ZXLNAT1zDBT6Y9vhqn3m5cGF2MD19eTlqBtWd3HJ7P4d
HL676No3Pp87E9rOeT4lebdzuJF+TMyx/lDZadtFzAK6pgFKhaygeUXqowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5tFMa8zA3k39uUPt8bgItBeR0zMB8GA1UdIwQY
MBaAFPdk7tFcUrTIEQoiKWPce31LotFGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTJUdTBWeFN0TWdSQ2lJcFk5eDdmVXVpMFVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi83NDFmMDYtYzNkMS00ODNiLWI5MDgt
MjhhNDk1M2YwNTMwLzEvYm0wVXhyek1EZVRmMjVRLTN4dUFpMEY1SFRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi83NDFmMDYtYzNkMS00ODNiLWI5MDgtMjhhNDk1M2YwNTMw
LzEvOTJUdTBWeFN0TWdSQ2lJcFk5eDdmVXVpMFVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCaDMA0G
CSqGSIb3DQEBCwUAA4IBAQAYKTLw1Uw6afic6g91Qh2NLsv57rEX087VPKij+oEI
DNVcsKILQknH/ipEMXdnINH//CljY8wK9+4iVxAKqbdkX2V2EILGRuNyr7ctcIU5
IgLI7Mt1sebOdqnPrv40x2TuA7S8Zaz20//PRHJWU4bUAyg2Xdt3L6oCbVYMIoyf
SBVpMsPP/XTSGkFZoLszhQRCeYPrAP2mzWN4GfvZ3t5SBkee2RNLHY+NLzjE3V/2
DHni5RhGfsQwJxRV+CBfb8cHd5Y+hnrw06w9FLuu1WdxPMyhD4ud+HSjF9oS2jnb
G19Xn1ckCCLXm9O9cdfiVVOplkLLHrfLXyTpHbxnuH5o
-----END CERTIFICATE-----