Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bzPmXuaiTj37vHd0pjUBmFU1If4.roa
File:                     bzPmXuaiTj37vHd0pjUBmFU1If4.roa (raw, json)
Hash identifier:          D/7/XIJkILMvqhQzzfmhV4xY9bwiolycvClxmPfNvXQ=
Subject key identifier:   6F:33:E6:5E:E6:A2:4E:3D:FB:BC:77:74:A6:35:01:98:55:35:21:FE
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       018EF77DE2760EADD5D4E04ADFD47A3F24FB
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bzPmXuaiTj37vHd0pjUBmFU1If4.roa
Signing time:             Fri 19 Apr 2024 17:53:25 +0000
ROA not before:           Fri 19 Apr 2024 17:53:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        5.181.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f7:7d:e2:76:0e:ad:d5:d4:e0:4a:df:d4:7a:3f:24:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 19 17:53:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f33e65ee6a24e3dfbbc7774a6350198553521fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:f1:f8:e5:54:21:55:24:cd:3b:e6:cb:00:8e:
                    15:18:e2:5e:db:dc:e2:36:64:4f:54:74:09:b5:41:
                    99:17:64:ac:db:66:60:b1:40:f2:b3:79:52:d3:15:
                    2e:79:c6:7d:1f:97:60:2a:fb:ce:19:37:dd:f3:c4:
                    48:77:08:39:0c:b4:07:7c:d5:30:73:3b:7e:10:b3:
                    e6:26:f8:cf:11:81:59:a4:09:d9:c1:0d:5f:ce:fb:
                    6e:a2:64:d9:4e:e0:cd:e3:84:65:58:2e:7d:e6:26:
                    52:a1:13:82:fe:83:bc:59:9c:ef:ce:25:d5:f9:14:
                    d6:1f:40:da:3a:2f:50:0f:ac:02:88:49:60:19:1d:
                    0f:8c:c5:5c:73:75:e9:e3:80:0d:91:55:c8:d4:27:
                    58:eb:5c:a1:39:06:53:6f:ff:05:0c:7a:fc:c0:4f:
                    12:fa:ab:69:c6:d5:e8:38:62:0e:0b:8e:c8:27:30:
                    dd:de:c9:16:92:5d:91:bc:e8:c2:92:14:1e:ed:dd:
                    c4:c9:8b:81:87:a2:1a:8f:34:f9:cb:fa:b3:1b:19:
                    2b:27:14:ee:ec:35:31:f6:92:a4:45:74:9b:3a:10:
                    07:05:a6:e7:41:0c:18:27:a8:91:04:c7:b5:34:e3:
                    83:26:d3:54:8f:b1:da:bd:7a:2c:5e:af:5b:62:f2:
                    57:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:33:E6:5E:E6:A2:4E:3D:FB:BC:77:74:A6:35:01:98:55:35:21:FE
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bzPmXuaiTj37vHd0pjUBmFU1If4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:0a:63:f1:1a:96:f5:6a:ae:20:08:28:ef:fc:b8:12:22:25:
         39:fe:3e:48:a0:7c:9b:ce:d1:d8:f6:45:e1:3f:86:df:e2:a6:
         51:ba:b5:c7:5d:4d:c0:49:60:71:61:b4:06:9b:a7:14:55:97:
         7f:f2:d1:6a:a9:37:5f:f5:7c:ea:37:71:a3:fe:29:b4:4b:cd:
         68:8a:dc:cc:d5:17:96:82:ea:22:b4:e7:58:d0:e5:c1:3f:d0:
         ea:bd:0a:08:96:ef:bf:fa:dc:f2:d5:88:3a:0f:39:ee:91:cb:
         03:7b:09:2e:98:c0:16:46:ee:11:49:6e:cf:fd:4a:06:e8:a4:
         6f:e6:11:c4:5c:9d:79:97:72:e5:4e:56:a3:f8:65:6d:3e:71:
         71:90:1d:12:be:34:60:c3:0f:4f:a6:5c:1d:bf:4f:b0:53:49:
         3b:49:86:ab:3d:96:77:ef:6a:36:dd:95:13:7a:d5:39:ba:26:
         25:30:cf:f6:00:20:e1:ec:d0:04:27:d9:71:56:01:9c:30:87:
         2b:42:7b:c0:17:c5:b1:26:ea:f4:42:b3:e8:8a:b2:f0:2e:12:
         61:2c:c8:c7:5d:7b:9a:ca:6e:29:89:65:64:82:fb:af:c9:01:
         bf:29:34:7b:b6:10:69:4d:67:d5:69:30:51:95:29:3b:f0:21:
         56:c7:43:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY73feJ2Dq3V1OBK39R6PyT7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjQwNDE5MTc1MzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjMzZTY1ZWU2YTI0ZTNkZmJiYzc3NzRhNjM1MDE5ODU1MzUyMWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvH45VQhVSTNO+bLAI4VGOJe29zi
NmRPVHQJtUGZF2Ss22ZgsUDys3lS0xUuecZ9H5dgKvvOGTfd88RIdwg5DLQHfNUw
czt+ELPmJvjPEYFZpAnZwQ1fzvtuomTZTuDN44RlWC595iZSoROC/oO8WZzvziXV
+RTWH0DaOi9QD6wCiElgGR0PjMVcc3Xp44ANkVXI1CdY61yhOQZTb/8FDHr8wE8S
+qtpxtXoOGIOC47IJzDd3skWkl2RvOjCkhQe7d3EyYuBh6IajzT5y/qzGxkrJxTu
7DUx9pKkRXSbOhAHBabnQQwYJ6iRBMe1NOODJtNUj7HavXosXq9bYvJXTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8z5l7mok49+7x3dKY1AZhVNSH+MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvYnpQbVh1YWlUajM3dkhkMHBqVUJtRlUxSWY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbW3MA0G
CSqGSIb3DQEBCwUAA4IBAQBkCmPxGpb1aq4gCCjv/LgSIiU5/j5IoHybztHY9kXh
P4bf4qZRurXHXU3ASWBxYbQGm6cUVZd/8tFqqTdf9XzqN3Gj/im0S81oitzM1ReW
guoitOdY0OXBP9DqvQoIlu+/+tzy1Yg6DznukcsDewkumMAWRu4RSW7P/UoG6KRv
5hHEXJ15l3LlTlaj+GVtPnFxkB0SvjRgww9Pplwdv0+wU0k7SYarPZZ372o23ZUT
etU5uiYlMM/2ACDh7NAEJ9lxVgGcMIcrQnvAF8WxJur0QrPoirLwLhJhLMjHXXua
ym4piWVkgvuvyQG/KTR7thBpTWfVaTBRlSk78CFWx0PM
-----END CERTIFICATE-----