Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/BzJ4qSJDGIdjlev2_kfyudbsnEs.roa
File:                     BzJ4qSJDGIdjlev2_kfyudbsnEs.roa (raw, json)
Hash identifier:          p9T1MtUo27IB1iEU/v7kTGckIckAlHNBbN8lfUBpctY=
Subject key identifier:   07:32:78:A9:22:43:18:87:63:95:EB:F6:FE:47:F2:B9:D6:EC:9C:4B
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A8C404D91D6DE6D4320EB518A90B9
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/BzJ4qSJDGIdjlev2_kfyudbsnEs.roa
Signing time:             Tue 02 Jan 2024 12:33:55 +0000
ROA not before:           Tue 02 Jan 2024 12:33:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210546
IP address blocks:        194.87.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:8c:40:4d:91:d6:de:6d:43:20:eb:51:8a:90:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=073278a9224318876395ebf6fe47f2b9d6ec9c4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:2c:f8:d0:29:13:15:46:e5:e1:c8:ed:31:ad:
                    43:6d:c9:de:7b:83:52:6e:d3:50:38:ee:d5:2b:cf:
                    fb:b5:eb:0f:cf:8a:50:ff:ba:c3:e9:5d:4f:a9:b6:
                    72:48:c3:b6:40:5b:7e:a3:3e:8b:0d:d1:21:e1:f2:
                    25:14:69:70:00:e9:a9:59:4b:c5:f7:08:63:9d:ba:
                    3b:39:fd:12:49:b3:b3:fc:3e:86:29:82:e4:ee:e1:
                    85:ac:58:0e:b3:b7:de:42:b9:38:cb:1c:46:4a:20:
                    de:03:a5:89:3e:d7:9f:54:2b:f7:70:b2:6b:0f:30:
                    85:ce:1b:7b:51:72:de:2d:3c:87:ea:28:ff:b2:69:
                    58:de:e4:a2:8d:b7:5e:c0:fb:6b:58:43:b6:7e:13:
                    3f:4e:d3:b8:50:bc:0e:7b:93:8f:4b:eb:76:ce:55:
                    61:2d:d6:d3:fc:6f:26:6a:36:4d:1a:fd:8d:b4:f5:
                    1b:e8:03:28:bb:7b:e7:c0:4d:8a:4c:d6:43:cc:ba:
                    bf:d2:aa:09:22:69:77:20:bc:e5:34:5a:87:b9:1f:
                    88:1b:97:ef:cb:e6:b0:e5:e6:aa:ca:0b:91:e7:96:
                    81:1e:c9:04:d3:8f:90:fd:b7:85:8e:67:d7:5e:f6:
                    40:cd:16:20:5b:4a:35:c1:1b:4b:37:76:f9:f9:93:
                    be:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:32:78:A9:22:43:18:87:63:95:EB:F6:FE:47:F2:B9:D6:EC:9C:4B
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/BzJ4qSJDGIdjlev2_kfyudbsnEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:4a:41:71:18:f7:a8:16:84:c0:f6:4f:aa:c0:f7:b2:cd:03:
         54:6c:65:46:60:a1:f6:d9:a5:b2:6e:b8:2e:42:6d:fd:c2:b0:
         9b:19:70:12:b1:4f:9d:14:4c:4e:f2:8c:3c:94:ec:0c:78:51:
         e6:39:58:d0:b7:11:df:d0:6f:a4:17:8d:ae:60:9e:d5:5c:76:
         cd:f7:b5:41:7b:21:72:f6:a4:2f:43:75:32:1d:1b:ae:0f:fb:
         36:82:72:ac:ce:dd:83:85:bf:84:a2:75:83:d6:36:86:9c:f0:
         62:08:94:9e:93:35:3e:17:2f:bd:e6:49:94:63:22:ba:ca:f6:
         76:53:54:c0:f1:2e:31:fa:54:2f:e8:c5:42:37:86:0c:d3:0b:
         88:bc:be:ca:92:1b:bd:6e:cc:31:c6:ea:47:c4:c3:fa:5f:10:
         98:91:c2:64:e3:f3:a5:a9:f0:61:c2:e4:09:18:c7:2f:f7:b4:
         6c:89:cd:6f:ca:61:50:e7:3d:47:ac:96:1a:5f:b3:ee:99:d0:
         70:55:37:de:f6:3a:0d:88:0a:7d:8b:30:ae:ca:b1:66:af:57:
         18:92:76:a0:d5:d2:17:9d:54:c8:2b:01:5a:8e:81:f8:9d:d7:
         d0:b4:08:ec:29:4d:80:7f:ad:70:72:b0:87:8a:57:96:10:08:
         8b:b8:81:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKoxATZHW3m1DIOtRipC5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzMyNzhhOTIyNDMxODg3NjM5NWViZjZmZTQ3ZjJiOWQ2ZWM5YzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhyz40CkTFUbl4cjtMa1Dbcnee4NS
btNQOO7VK8/7tesPz4pQ/7rD6V1PqbZySMO2QFt+oz6LDdEh4fIlFGlwAOmpWUvF
9whjnbo7Of0SSbOz/D6GKYLk7uGFrFgOs7feQrk4yxxGSiDeA6WJPtefVCv3cLJr
DzCFzht7UXLeLTyH6ij/smlY3uSijbdewPtrWEO2fhM/TtO4ULwOe5OPS+t2zlVh
LdbT/G8majZNGv2NtPUb6AMou3vnwE2KTNZDzLq/0qoJIml3ILzlNFqHuR+IG5fv
y+aw5eaqyguR55aBHskE04+Q/beFjmfXXvZAzRYgW0o1wRtLN3b5+ZO+RwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAcyeKkiQxiHY5Xr9v5H8rnW7JxLMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvQnpKNHFTSkRHSWRqbGV2Ml9rZnl1ZGJzbkVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlfHMA0G
CSqGSIb3DQEBCwUAA4IBAQA0SkFxGPeoFoTA9k+qwPeyzQNUbGVGYKH22aWybrgu
Qm39wrCbGXASsU+dFExO8ow8lOwMeFHmOVjQtxHf0G+kF42uYJ7VXHbN97VBeyFy
9qQvQ3UyHRuuD/s2gnKszt2Dhb+EonWD1jaGnPBiCJSekzU+Fy+95kmUYyK6yvZ2
U1TA8S4x+lQv6MVCN4YM0wuIvL7Kkhu9bswxxupHxMP6XxCYkcJk4/OlqfBhwuQJ
GMcv97Rsic1vymFQ5z1HrJYaX7PumdBwVTfe9joNiAp9izCuyrFmr1cYknag1dIX
nVTIKwFajoH4ndfQtAjsKU2Af61wcrCHileWEAiLuIGa
-----END CERTIFICATE-----