Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/bzRVZzwxJy5dYKFSWsSjSmSpVsE.roa
File:                     bzRVZzwxJy5dYKFSWsSjSmSpVsE.roa (raw, json)
Hash identifier:          Dsg6c4WKp0zrzcb4oQ19HmyIZUTzPjHyVURfsWD40SM=
Subject key identifier:   6F:34:55:67:3C:31:27:2E:5D:60:A1:52:5A:C4:A3:4A:64:A9:56:C1
Certificate issuer:       /CN=17b5042fc20d9bab1676e09af7ff1ba5bfadae75
Certificate serial:       018CC56E797CADAA558FD1540AF0E7F31C6C
Authority key identifier: 17:B5:04:2F:C2:0D:9B:AB:16:76:E0:9A:F7:FF:1B:A5:BF:AD:AE:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/bzRVZzwxJy5dYKFSWsSjSmSpVsE.roa
Signing time:             Mon 01 Jan 2024 14:30:00 +0000
ROA not before:           Mon 01 Jan 2024 14:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        185.249.53.0/24 maxlen: 24
                          87.236.148.0/24 maxlen: 24
                          185.184.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:79:7c:ad:aa:55:8f:d1:54:0a:f0:e7:f3:1c:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17b5042fc20d9bab1676e09af7ff1ba5bfadae75
        Validity
            Not Before: Jan  1 14:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f3455673c31272e5d60a1525ac4a34a64a956c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:c7:f5:f7:a8:05:b3:6e:be:d5:d4:de:f4:fa:
                    0e:4d:08:5d:e3:34:07:ea:3a:33:ed:94:76:46:21:
                    78:44:4e:33:8b:d2:a9:ad:ea:b2:db:b0:a8:f5:78:
                    e5:cc:74:ad:34:ba:6c:8e:c2:46:20:0e:3a:97:db:
                    f3:a1:e1:d0:63:0a:83:a9:98:b2:e8:b9:3d:0b:06:
                    bf:17:fb:e9:5c:ac:d9:ab:af:e9:da:e4:00:f0:cd:
                    36:d3:cb:e5:88:b4:c9:b2:00:0e:08:0e:9e:66:58:
                    ab:e1:62:a9:6b:40:e4:c8:91:a7:4d:52:f2:91:ac:
                    83:4e:cb:37:bc:cc:3e:ee:ff:cc:00:4e:9d:43:bd:
                    86:bc:6f:ac:bd:65:68:28:5b:5f:fb:bf:11:2b:59:
                    a0:6d:31:24:e7:1c:68:8b:44:8e:68:a9:f6:6f:07:
                    98:e3:a5:58:ca:c5:cd:9f:e3:64:e9:6f:c3:b6:2d:
                    f8:27:52:b2:f1:9a:d5:b6:fe:2d:68:44:6f:9e:2d:
                    fe:ce:06:8d:95:91:fc:30:ae:a1:4d:ee:33:2b:8f:
                    9f:27:0c:25:55:3d:3f:33:4e:6a:a9:58:1e:0f:8c:
                    c6:62:42:95:9e:3f:f6:ba:84:08:ff:2e:d7:02:0b:
                    e9:bd:c6:fa:74:b5:2e:f5:8a:bb:1e:05:61:92:6e:
                    89:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:34:55:67:3C:31:27:2E:5D:60:A1:52:5A:C4:A3:4A:64:A9:56:C1
            X509v3 Authority Key Identifier:
                keyid:17:B5:04:2F:C2:0D:9B:AB:16:76:E0:9A:F7:FF:1B:A5:BF:AD:AE:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/bzRVZzwxJy5dYKFSWsSjSmSpVsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.148.0/24
                  185.184.219.0/24
                  185.249.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:42:57:b3:1a:17:af:8d:48:17:52:85:42:a0:fd:dc:2e:50:
         1c:85:1f:5e:99:01:0c:50:0e:dd:c8:dd:b3:ed:13:01:e3:84:
         d9:6b:d5:ac:73:0e:e3:ee:23:f0:5b:6d:a9:4e:f5:fa:33:5a:
         15:c7:81:d1:60:ea:9b:41:95:d8:d8:21:bf:6f:f4:55:39:14:
         23:d2:c3:93:fb:81:53:66:ad:8a:2f:42:5b:19:ee:50:a5:c7:
         ad:08:61:2a:df:dd:11:6a:47:62:ba:7d:b0:69:6e:5e:e6:69:
         86:d0:cd:93:b1:06:3d:c4:08:e3:88:b2:17:29:d9:5b:11:a1:
         d7:09:20:17:64:ad:6e:39:6c:f5:58:d7:b7:bf:73:f9:f4:4d:
         e8:68:3f:a8:d5:35:58:1b:4d:69:6d:a1:4a:a0:15:7c:54:98:
         b0:96:d9:c9:71:f6:94:eb:57:45:bc:f9:58:6e:4c:07:e8:7b:
         30:95:83:6a:c1:d3:b0:1f:d3:a6:6e:57:78:bd:a0:75:c1:4e:
         b3:c6:a7:3b:9b:c9:65:d7:91:7d:12:6a:9b:24:be:ad:16:37:
         e1:bc:b6:19:97:bb:61:09:93:be:45:ba:8b:5b:ce:a6:0f:c0:
         01:93:ab:3e:9f:f7:f5:b2:d1:92:95:a3:fe:33:ba:71:b8:07:
         eb:88:4b:2f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFbnl8rapVj9FUCvDn8xxsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YjUwNDJmYzIwZDliYWIxNjc2ZTA5YWY3ZmYxYmE1YmZh
ZGFlNzUwHhcNMjQwMTAxMTQzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjM0NTU2NzNjMzEyNzJlNWQ2MGExNTI1YWM0YTM0YTY0YTk1NmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgsf196gFs26+1dTe9PoOTQhd4zQH
6joz7ZR2RiF4RE4zi9Kpreqy27Co9XjlzHStNLpsjsJGIA46l9vzoeHQYwqDqZiy
6Lk9Cwa/F/vpXKzZq6/p2uQA8M0208vliLTJsgAOCA6eZlir4WKpa0DkyJGnTVLy
kayDTss3vMw+7v/MAE6dQ72GvG+svWVoKFtf+78RK1mgbTEk5xxoi0SOaKn2bweY
46VYysXNn+Nk6W/Dti34J1Ky8ZrVtv4taERvni3+zgaNlZH8MK6hTe4zK4+fJwwl
VT0/M05qqVgeD4zGYkKVnj/2uoQI/y7XAgvpvcb6dLUu9Yq7HgVhkm6JEQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG80VWc8MScuXWChUlrEo0pkqVbBMB8GA1UdIwQY
MBaAFBe1BC/CDZurFnbgmvf/G6W/ra51MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjdVRUw4SU5tNnNXZHVDYTlfOGJwYi10cm5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS82NWU1NDMtN2U3YS00YWFiLWFjNzQt
YmM2Nzk0ZTk1ZTVhLzEvYnpSVlp6d3hKeTVkWUtGU1dzU2pTbVNwVnNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS82NWU1NDMtN2U3YS00YWFiLWFjNzQtYmM2Nzk0ZTk1ZTVh
LzEvRjdVRUw4SU5tNnNXZHVDYTlfOGJwYi10cm5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAV+yUAwQA
ubjbAwQAufk1MA0GCSqGSIb3DQEBCwUAA4IBAQBuQlezGhevjUgXUoVCoP3cLlAc
hR9emQEMUA7dyN2z7RMB44TZa9Wscw7j7iPwW22pTvX6M1oVx4HRYOqbQZXY2CG/
b/RVORQj0sOT+4FTZq2KL0JbGe5QpcetCGEq390Rakdiun2waW5e5mmG0M2TsQY9
xAjjiLIXKdlbEaHXCSAXZK1uOWz1WNe3v3P59E3oaD+o1TVYG01pbaFKoBV8VJiw
ltnJcfaU61dFvPlYbkwH6HswlYNqwdOwH9Ombld4vaB1wU6zxqc7m8ll15F9Emqb
JL6tFjfhvLYZl7thCZO+RbqLW86mD8ABk6s+n/f1stGSlaP+M7pxuAfriEsv
-----END CERTIFICATE-----