Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/13a2cf-0f0d-4e44-aa92-8518ca4a5fca/1/BzoMhxi-sEKwjA36g4qeaTxL074.roa
File:                     BzoMhxi-sEKwjA36g4qeaTxL074.roa (raw, json)
Hash identifier:          ekpLVUjpkr3ylQwR7UUEWbO0urDpURJjYvh/Ehzspmg=
Subject key identifier:   07:3A:0C:87:18:BE:B0:42:B0:8C:0D:FA:83:8A:9E:69:3C:4B:D3:BE
Certificate issuer:       /CN=248b8cd2bb744c5720570465de57b4ca35a372f0
Certificate serial:       018CC493412E10BDB4897B3093B97429A03A
Authority key identifier: 24:8B:8C:D2:BB:74:4C:57:20:57:04:65:DE:57:B4:CA:35:A3:72:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JIuM0rt0TFcgVwRl3le0yjWjcvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/13a2cf-0f0d-4e44-aa92-8518ca4a5fca/1/BzoMhxi-sEKwjA36g4qeaTxL074.roa
Signing time:             Mon 01 Jan 2024 10:30:33 +0000
ROA not before:           Mon 01 Jan 2024 10:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21267
IP address blocks:        45.88.60.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/13a2cf-0f0d-4e44-aa92-8518ca4a5fca/1/JIuM0rt0TFcgVwRl3le0yjWjcvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/13a2cf-0f0d-4e44-aa92-8518ca4a5fca/1/JIuM0rt0TFcgVwRl3le0yjWjcvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JIuM0rt0TFcgVwRl3le0yjWjcvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:41:2e:10:bd:b4:89:7b:30:93:b9:74:29:a0:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=248b8cd2bb744c5720570465de57b4ca35a372f0
        Validity
            Not Before: Jan  1 10:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=073a0c8718beb042b08c0dfa838a9e693c4bd3be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:7c:46:9f:c4:72:d4:28:1c:80:76:24:30:77:
                    be:80:5a:c4:ea:d6:39:e5:48:eb:7e:3e:e1:68:60:
                    60:fa:52:26:6c:e9:31:c3:8e:36:a6:ab:f2:24:84:
                    f3:93:6b:fc:ca:8c:e2:79:9d:00:30:f4:20:bc:1a:
                    b1:b3:72:6d:60:3e:bd:9a:20:c4:50:04:82:dd:15:
                    32:98:4f:15:05:61:79:a4:82:8c:88:bc:bd:e6:b7:
                    96:04:3d:eb:c8:ac:80:88:d7:68:df:96:b7:e5:05:
                    af:fb:2d:df:b8:4b:bb:75:78:7a:a9:31:ac:0c:33:
                    0d:fd:d3:85:62:c3:03:51:39:3e:92:d8:7f:bc:27:
                    26:77:fe:4a:cc:ef:0e:91:56:f2:69:68:88:c8:08:
                    0a:04:0b:4e:2b:ce:c6:00:12:1c:0d:5d:d4:da:d6:
                    24:7e:97:c2:30:8f:09:82:97:d9:54:47:00:32:29:
                    a8:38:44:3e:57:69:ae:f6:68:4c:6f:51:ea:68:9b:
                    3f:bc:1d:0b:b8:7d:74:14:68:6c:66:b3:a9:18:ad:
                    ad:6e:ab:8f:1f:9b:86:72:f3:06:17:55:ff:d8:ee:
                    03:4a:14:53:65:65:f4:41:2d:37:da:ee:f9:9b:f8:
                    a3:10:29:29:9d:23:6c:c7:07:dd:d5:81:8e:3b:ea:
                    ed:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:3A:0C:87:18:BE:B0:42:B0:8C:0D:FA:83:8A:9E:69:3C:4B:D3:BE
            X509v3 Authority Key Identifier:
                keyid:24:8B:8C:D2:BB:74:4C:57:20:57:04:65:DE:57:B4:CA:35:A3:72:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JIuM0rt0TFcgVwRl3le0yjWjcvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/13a2cf-0f0d-4e44-aa92-8518ca4a5fca/1/BzoMhxi-sEKwjA36g4qeaTxL074.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/13a2cf-0f0d-4e44-aa92-8518ca4a5fca/1/JIuM0rt0TFcgVwRl3le0yjWjcvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:4a:34:f6:0a:47:8a:4c:3c:24:25:8b:f4:14:64:cf:c6:7b:
         43:f2:70:1f:99:29:57:ee:f0:23:7e:56:d1:85:a7:f3:5e:b1:
         5d:3f:59:ab:5b:17:94:c9:99:f0:5e:32:10:ec:2f:7f:0d:76:
         ca:07:58:ff:c4:31:87:ff:43:1f:8a:19:1b:6b:f3:cf:84:41:
         59:e9:5d:ec:f6:4f:eb:fb:fb:93:99:6d:6e:3a:91:c0:b7:a3:
         ed:97:53:11:21:b3:36:ad:46:45:f7:62:04:2d:9a:f3:5e:97:
         dc:c8:e7:d3:c3:23:7a:ad:c2:30:50:df:65:b4:ce:9b:8e:ca:
         fd:88:7d:21:db:b4:d9:be:19:18:09:7f:16:50:b8:55:56:11:
         ca:44:bd:30:45:dc:7c:f6:6f:75:43:86:df:65:fa:1d:fb:d6:
         fa:8e:a4:ef:d5:6a:4c:09:5d:27:2c:8e:c0:ce:0f:0f:f7:88:
         a9:75:38:5b:fa:e3:f5:d2:60:27:1a:48:4e:f7:0e:34:73:57:
         7e:19:92:13:47:df:39:86:11:3d:15:c5:0e:6d:ed:56:d7:3c:
         ea:60:de:b7:08:f4:f8:13:55:81:dd:b7:98:14:58:71:3d:e2:
         52:4d:51:26:82:e6:97:e1:38:66:5f:82:52:2f:5b:34:65:01:
         af:12:f1:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk0EuEL20iXswk7l0KaA6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0OGI4Y2QyYmI3NDRjNTcyMDU3MDQ2NWRlNTdiNGNhMzVh
MzcyZjAwHhcNMjQwMTAxMTAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzNhMGM4NzE4YmViMDQyYjA4YzBkZmE4MzhhOWU2OTNjNGJkM2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnxGn8Ry1CgcgHYkMHe+gFrE6tY5
5Ujrfj7haGBg+lImbOkxw442pqvyJITzk2v8yozieZ0AMPQgvBqxs3JtYD69miDE
UASC3RUymE8VBWF5pIKMiLy95reWBD3ryKyAiNdo35a35QWv+y3fuEu7dXh6qTGs
DDMN/dOFYsMDUTk+kth/vCcmd/5KzO8OkVbyaWiIyAgKBAtOK87GABIcDV3U2tYk
fpfCMI8JgpfZVEcAMimoOEQ+V2mu9mhMb1HqaJs/vB0LuH10FGhsZrOpGK2tbquP
H5uGcvMGF1X/2O4DShRTZWX0QS032u75m/ijECkpnSNsxwfd1YGOO+rtwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAc6DIcYvrBCsIwN+oOKnmk8S9O+MB8GA1UdIwQY
MBaAFCSLjNK7dExXIFcEZd5XtMo1o3LwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkl1TTBydDBURmNnVndSbDNsZTB5aldqY3ZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8xM2EyY2YtMGYwZC00ZTQ0LWFhOTIt
ODUxOGNhNGE1ZmNhLzEvQnpvTWh4aS1zRUt3akEzNmc0cWVhVHhMMDc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8xM2EyY2YtMGYwZC00ZTQ0LWFhOTItODUxOGNhNGE1ZmNh
LzEvSkl1TTBydDBURmNnVndSbDNsZTB5aldqY3ZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVg8MA0G
CSqGSIb3DQEBCwUAA4IBAQBESjT2CkeKTDwkJYv0FGTPxntD8nAfmSlX7vAjflbR
hafzXrFdP1mrWxeUyZnwXjIQ7C9/DXbKB1j/xDGH/0Mfihkba/PPhEFZ6V3s9k/r
+/uTmW1uOpHAt6Ptl1MRIbM2rUZF92IELZrzXpfcyOfTwyN6rcIwUN9ltM6bjsr9
iH0h27TZvhkYCX8WULhVVhHKRL0wRdx89m91Q4bfZfod+9b6jqTv1WpMCV0nLI7A
zg8P94ipdThb+uP10mAnGkhO9w40c1d+GZITR985hhE9FcUObe1W1zzqYN63CPT4
E1WB3beYFFhxPeJSTVEmguaX4ThmX4JSL1s0ZQGvEvFc
-----END CERTIFICATE-----