Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/bxfBr_MKFqXwGymyLJMmWomDqyU.roa
File:                     bxfBr_MKFqXwGymyLJMmWomDqyU.roa (raw, json)
Hash identifier:          rw/XILwDK3YMsLwZ8Yk8WRN3qjVkF4AFwFUkXO4r8S0=
Subject key identifier:   6F:17:C1:AF:F3:0A:16:A5:F0:1B:29:B2:2C:93:26:5A:89:83:AB:25
Certificate issuer:       /CN=aff6f85aad101c456c1ac9a01a7192fc5788e92c
Certificate serial:       018E6600B10A548D417BB6700A05D641913D
Authority key identifier: AF:F6:F8:5A:AD:10:1C:45:6C:1A:C9:A0:1A:71:92:FC:57:88:E9:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/bxfBr_MKFqXwGymyLJMmWomDqyU.roa
Signing time:             Fri 22 Mar 2024 11:51:45 +0000
ROA not before:           Fri 22 Mar 2024 11:51:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        45.13.30.0/23 maxlen: 23
                          77.83.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:66:00:b1:0a:54:8d:41:7b:b6:70:0a:05:d6:41:91:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aff6f85aad101c456c1ac9a01a7192fc5788e92c
        Validity
            Not Before: Mar 22 11:51:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f17c1aff30a16a5f01b29b22c93265a8983ab25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:6b:14:13:14:c2:b0:25:71:70:87:18:ac:b0:
                    95:74:cf:35:e8:63:db:46:44:e3:09:30:dd:b7:79:
                    5f:fc:28:7b:03:03:c0:fe:7e:99:af:f8:94:76:23:
                    c4:e9:33:da:a8:a0:fe:7b:9d:a1:2a:4b:1b:0f:52:
                    cb:c8:a3:59:8c:cf:f7:1a:fa:a7:83:76:51:4a:99:
                    8f:44:3c:d3:23:8a:2b:23:c8:47:50:5a:dc:3d:d2:
                    ea:4c:61:d9:e0:97:0f:f1:02:70:f4:0d:c9:13:57:
                    8e:a4:f1:4f:88:ac:e3:02:7b:97:60:e8:c7:ff:e1:
                    b4:ba:8c:2a:82:03:f1:d0:0a:1a:bc:b7:ae:ed:0e:
                    cf:d6:29:24:9d:f4:9b:68:f4:64:a1:74:2b:92:79:
                    38:88:86:87:cc:40:94:a1:9b:32:50:3d:cf:01:cb:
                    59:cb:e2:52:57:11:a7:46:dd:0c:50:f5:ac:67:34:
                    50:d2:cf:ab:e3:9b:03:fe:61:a9:54:4c:21:2c:ef:
                    97:52:fc:97:d0:55:22:e9:52:37:30:d6:6d:d3:84:
                    18:40:62:9a:89:e9:33:02:18:14:ca:cd:e7:12:a8:
                    35:f0:8c:37:80:2a:8c:72:8e:ff:10:8e:7a:70:66:
                    42:eb:e3:5c:90:60:c7:22:22:94:b8:55:2d:a5:14:
                    f0:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:17:C1:AF:F3:0A:16:A5:F0:1B:29:B2:2C:93:26:5A:89:83:AB:25
            X509v3 Authority Key Identifier:
                keyid:AF:F6:F8:5A:AD:10:1C:45:6C:1A:C9:A0:1A:71:92:FC:57:88:E9:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/bxfBr_MKFqXwGymyLJMmWomDqyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.30.0/23
                  77.83.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:0f:3e:3e:6e:94:0c:f9:65:91:e7:ba:06:e0:47:1f:c1:84:
         50:67:90:f6:d3:f7:9b:ef:f6:66:0b:fa:ee:24:1c:a1:36:38:
         fd:d9:37:88:a9:c6:ab:9d:3c:8a:98:fc:33:63:83:b0:01:e6:
         c2:11:a2:15:0b:f2:7d:65:4e:d5:58:e5:47:fb:78:0d:22:6a:
         84:3b:25:32:24:30:4d:24:c8:ac:50:20:ff:75:b5:ff:ff:74:
         4c:b1:1b:8a:0b:60:83:e6:53:c2:89:13:e4:7f:1e:84:17:f7:
         4a:36:77:d6:d1:30:88:62:5f:e4:42:80:41:44:f4:4e:59:0a:
         fa:f9:01:fa:c6:a0:40:6a:02:c5:de:63:26:5e:3a:c2:f0:34:
         58:6e:95:c9:9e:42:26:58:08:23:d0:f2:44:6c:6b:c7:70:cd:
         3c:ae:4c:3f:c6:cd:23:e1:13:db:58:76:21:0b:c8:08:75:10:
         92:4b:33:e9:3a:9e:f0:4b:3a:e6:48:cb:97:ff:d5:a1:9c:b5:
         d5:c9:28:6b:6d:a4:bc:ed:bc:d6:1a:bf:ec:9b:e4:4e:c5:e7:
         48:af:b6:41:82:fc:b5:a2:c0:c8:db:bc:40:35:00:82:a5:73:
         5b:ce:77:7a:c9:53:66:77:8f:04:87:3a:41:e8:93:47:f0:67:
         aa:d2:70:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5mALEKVI1Be7ZwCgXWQZE9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZjZmODVhYWQxMDFjNDU2YzFhYzlhMDFhNzE5MmZjNTc4
OGU5MmMwHhcNMjQwMzIyMTE1MTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjE3YzFhZmYzMGExNmE1ZjAxYjI5YjIyYzkzMjY1YTg5ODNhYjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WsUExTCsCVxcIcYrLCVdM816GPb
RkTjCTDdt3lf/Ch7AwPA/n6Zr/iUdiPE6TPaqKD+e52hKksbD1LLyKNZjM/3Gvqn
g3ZRSpmPRDzTI4orI8hHUFrcPdLqTGHZ4JcP8QJw9A3JE1eOpPFPiKzjAnuXYOjH
/+G0uowqggPx0AoavLeu7Q7P1ikknfSbaPRkoXQrknk4iIaHzECUoZsyUD3PActZ
y+JSVxGnRt0MUPWsZzRQ0s+r45sD/mGpVEwhLO+XUvyX0FUi6VI3MNZt04QYQGKa
iekzAhgUys3nEqg18Iw3gCqMco7/EI56cGZC6+NckGDHIiKUuFUtpRTw+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG8Xwa/zChal8BspsiyTJlqJg6slMB8GA1UdIwQY
MBaAFK/2+FqtEBxFbBrJoBpxkvxXiOksMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcl9iNFdxMFFIRVZzR3NtZ0duR1NfRmVJNlN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9kZjcxOWEtNDkyZi00N2NiLTkyMTIt
NjQ0YmQwZmM3ZjgwLzEvYnhmQnJfTUtGcVh3R3lteUxKTW1Xb21EcXlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9kZjcxOWEtNDkyZi00N2NiLTkyMTItNjQ0YmQwZmM3Zjgw
LzEvcl9iNFdxMFFIRVZzR3NtZ0duR1NfRmVJNlN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLQ0eAwQA
TVPfMA0GCSqGSIb3DQEBCwUAA4IBAQAkDz4+bpQM+WWR57oG4EcfwYRQZ5D20/eb
7/ZmC/ruJByhNjj92TeIqcarnTyKmPwzY4OwAebCEaIVC/J9ZU7VWOVH+3gNImqE
OyUyJDBNJMisUCD/dbX//3RMsRuKC2CD5lPCiRPkfx6EF/dKNnfW0TCIYl/kQoBB
RPROWQr6+QH6xqBAagLF3mMmXjrC8DRYbpXJnkImWAgj0PJEbGvHcM08rkw/xs0j
4RPbWHYhC8gIdRCSSzPpOp7wSzrmSMuX/9WhnLXVyShrbaS87bzWGr/sm+ROxedI
r7ZBgvy1osDI27xANQCCpXNbznd6yVNmd48EhzpB6JNH8Geq0nAC
-----END CERTIFICATE-----