Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/BZ-z77nqWkcL00x3ftzj30jZBXI.roa
File:                     BZ-z77nqWkcL00x3ftzj30jZBXI.roa (raw, json)
Hash identifier:          55Qr8IWBKB66f2KGjTq8RJ89L9q0x9xLYdITkz0MbAo=
Subject key identifier:   05:9F:B3:EF:B9:EA:5A:47:0B:D3:4C:77:7E:DC:E3:DF:48:D9:05:72
Certificate issuer:       /CN=66e92c341e769443fde1d27566044b4b65159060
Certificate serial:       018CC26D7D9E2D5AF14E99D6189FA956AF39
Authority key identifier: 66:E9:2C:34:1E:76:94:43:FD:E1:D2:75:66:04:4B:4B:65:15:90:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZuksNB52lEP94dJ1ZgRLS2UVkGA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/BZ-z77nqWkcL00x3ftzj30jZBXI.roa
Signing time:             Mon 01 Jan 2024 00:30:04 +0000
ROA not before:           Mon 01 Jan 2024 00:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208130
IP address blocks:        45.155.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/ZuksNB52lEP94dJ1ZgRLS2UVkGA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/ZuksNB52lEP94dJ1ZgRLS2UVkGA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZuksNB52lEP94dJ1ZgRLS2UVkGA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 20:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:7d:9e:2d:5a:f1:4e:99:d6:18:9f:a9:56:af:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66e92c341e769443fde1d27566044b4b65159060
        Validity
            Not Before: Jan  1 00:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=059fb3efb9ea5a470bd34c777edce3df48d90572
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:51:46:07:7a:8a:03:83:ac:42:15:a3:90:82:
                    85:59:3f:40:5d:9d:2f:bf:43:ea:b0:1c:bd:4a:96:
                    3b:1e:5b:2a:2a:7a:6c:ad:40:e8:94:53:f2:1d:d8:
                    00:fb:cf:9b:93:ad:51:5f:18:f2:42:1c:23:ec:2b:
                    93:7c:eb:3d:f8:65:9a:15:d3:30:21:93:18:9d:5b:
                    09:a1:67:70:9f:d4:c6:64:96:f4:b2:23:e4:80:f3:
                    dd:98:86:20:48:9d:ab:d4:9e:8f:7d:6d:5a:d1:61:
                    20:45:51:e4:e8:dd:1d:06:d6:c6:8b:a3:ee:2e:9a:
                    7d:18:1d:93:0a:78:3a:68:b5:48:2e:89:97:be:64:
                    f6:18:e4:bb:2a:52:57:60:01:7e:ac:9b:fa:08:62:
                    dd:29:a9:c6:04:8a:bc:b9:c7:83:aa:bd:6c:93:9e:
                    1f:82:6f:40:eb:04:68:d0:75:8b:e4:56:c1:74:13:
                    bc:33:db:fc:67:1a:8d:fd:73:1d:db:8c:b3:ae:55:
                    8c:b0:19:62:57:21:44:45:0c:0f:27:47:17:6e:8f:
                    e0:6b:c0:db:97:35:56:0b:3f:63:cf:12:da:94:ca:
                    d4:fc:64:15:23:2e:11:78:bb:01:d1:0f:23:f0:6e:
                    21:b7:a4:a8:8a:ce:7c:25:5b:06:28:89:bd:d6:da:
                    d4:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:9F:B3:EF:B9:EA:5A:47:0B:D3:4C:77:7E:DC:E3:DF:48:D9:05:72
            X509v3 Authority Key Identifier:
                keyid:66:E9:2C:34:1E:76:94:43:FD:E1:D2:75:66:04:4B:4B:65:15:90:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZuksNB52lEP94dJ1ZgRLS2UVkGA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/BZ-z77nqWkcL00x3ftzj30jZBXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/ZuksNB52lEP94dJ1ZgRLS2UVkGA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:43:90:c8:bf:d6:ce:6c:71:3e:45:ba:7e:6a:72:9d:62:70:
         93:4c:ac:35:09:82:37:06:5d:ae:c1:f1:b7:a7:bc:74:46:d6:
         db:5d:e1:a4:62:43:b6:b0:b2:fc:0e:c9:a7:a3:ce:d7:12:04:
         c7:9e:16:d1:03:68:1a:2b:04:b3:58:8e:33:c3:b4:56:30:11:
         bf:e3:b7:6f:bc:f1:32:9c:dd:1c:a8:14:00:aa:91:d7:64:22:
         ec:b6:69:50:a7:88:fe:f3:e1:0d:11:d0:15:5c:a2:16:e2:57:
         f7:d4:13:32:12:36:43:ca:35:00:7e:f4:1b:04:c3:b2:a1:70:
         1a:54:56:39:cd:50:57:73:54:c7:52:b4:be:36:61:c7:89:6a:
         ca:99:b7:9a:90:36:0f:d9:0b:af:91:ca:71:e7:99:81:c6:f8:
         0a:b2:4d:c2:bd:8a:df:f3:2e:2e:b4:40:3f:7e:73:cc:32:77:
         d8:10:8f:3d:2e:7a:e3:a7:f9:9c:67:61:b3:2b:e1:bc:ac:e8:
         96:59:67:e1:3c:30:79:e9:f3:df:40:36:66:a0:43:6e:45:a3:
         5e:ef:c3:40:5d:a6:bd:2e:0a:f0:79:79:8b:5c:70:d4:22:82:
         3e:b1:2b:8d:2c:74:31:a4:f1:11:f9:5b:ba:97:f1:e4:41:1f:
         6b:36:b2:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbX2eLVrxTpnWGJ+pVq85MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZTkyYzM0MWU3Njk0NDNmZGUxZDI3NTY2MDQ0YjRiNjUx
NTkwNjAwHhcNMjQwMTAxMDAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTlmYjNlZmI5ZWE1YTQ3MGJkMzRjNzc3ZWRjZTNkZjQ4ZDkwNTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4VFGB3qKA4OsQhWjkIKFWT9AXZ0v
v0PqsBy9SpY7HlsqKnpsrUDolFPyHdgA+8+bk61RXxjyQhwj7CuTfOs9+GWaFdMw
IZMYnVsJoWdwn9TGZJb0siPkgPPdmIYgSJ2r1J6PfW1a0WEgRVHk6N0dBtbGi6Pu
Lpp9GB2TCng6aLVILomXvmT2GOS7KlJXYAF+rJv6CGLdKanGBIq8uceDqr1sk54f
gm9A6wRo0HWL5FbBdBO8M9v8ZxqN/XMd24yzrlWMsBliVyFERQwPJ0cXbo/ga8Db
lzVWCz9jzxLalMrU/GQVIy4ReLsB0Q8j8G4ht6Sois58JVsGKIm91trUcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAWfs++56lpHC9NMd37c499I2QVyMB8GA1UdIwQY
MBaAFGbpLDQedpRD/eHSdWYES0tlFZBgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnVrc05CNTJsRVA5NGRKMVpnUkxTMlVWa0dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS84ZjE5NjgtYTc5YS00YTA3LWFjZTYt
YzFkMjk2ZjhmZDA3LzEvQlotejc3bnFXa2NMMDB4M2Z0emozMGpaQlhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS84ZjE5NjgtYTc5YS00YTA3LWFjZTYtYzFkMjk2ZjhmZDA3
LzEvWnVrc05CNTJsRVA5NGRKMVpnUkxTMlVWa0dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZsUMA0G
CSqGSIb3DQEBCwUAA4IBAQBeQ5DIv9bObHE+Rbp+anKdYnCTTKw1CYI3Bl2uwfG3
p7x0RtbbXeGkYkO2sLL8Dsmno87XEgTHnhbRA2gaKwSzWI4zw7RWMBG/47dvvPEy
nN0cqBQAqpHXZCLstmlQp4j+8+ENEdAVXKIW4lf31BMyEjZDyjUAfvQbBMOyoXAa
VFY5zVBXc1THUrS+NmHHiWrKmbeakDYP2Quvkcpx55mBxvgKsk3CvYrf8y4utEA/
fnPMMnfYEI89Lnrjp/mcZ2GzK+G8rOiWWWfhPDB56fPfQDZmoENuRaNe78NAXaa9
LgrweXmLXHDUIoI+sSuNLHQxpPER+Vu6l/HkQR9rNrJK
-----END CERTIFICATE-----