Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BzgWWPMIpFLcrA-QSnB-U76EnJU.roa
File:                     BzgWWPMIpFLcrA-QSnB-U76EnJU.roa (raw, json)
Hash identifier:          MsH6sjZ5VzRAC3fd1Y+ywzaa6v+KQ3zGGnYtF4AkBTE=
Subject key identifier:   07:38:16:58:F3:08:A4:52:DC:AC:0F:90:4A:70:7E:53:BE:84:9C:95
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019428249F7A15800C73633F32FD5A801810
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BzgWWPMIpFLcrA-QSnB-U76EnJU.roa
Signing time:             Thu 02 Jan 2025 17:51:16 +0000
ROA not before:           Thu 02 Jan 2025 17:51:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197516
IP address blocks:        217.145.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:57:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:9f:7a:15:80:0c:73:63:3f:32:fd:5a:80:18:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 17:51:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07381658f308a452dcac0f904a707e53be849c95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e2:5d:26:d1:66:ff:f7:f2:c3:4c:ec:10:08:
                    19:08:bf:7e:4b:cc:61:58:bf:cc:20:b6:d2:2b:10:
                    97:b0:3c:00:a5:32:8d:3a:9a:94:ad:4c:8f:8d:7b:
                    c4:67:24:d1:47:98:05:55:2f:9d:ae:4d:c1:06:b1:
                    1b:09:01:01:80:24:99:ad:67:e4:74:0b:5b:fe:be:
                    0e:2a:3a:d9:9a:46:2f:43:a7:a4:66:8e:53:7c:6d:
                    c8:a4:65:4c:12:4f:b6:c0:3b:78:b4:8a:d6:76:b7:
                    59:fd:63:a3:82:0b:36:09:a4:4b:c3:03:a8:36:43:
                    7c:8e:55:e3:5e:a3:f4:1e:d8:cc:8a:f9:9c:9f:cf:
                    ba:7d:9c:ef:b6:53:07:21:cd:07:75:63:21:2d:8f:
                    f5:c3:cc:16:54:8c:80:4f:a4:87:aa:ad:87:4e:a1:
                    af:ac:1c:2e:b7:10:7d:f2:06:42:59:09:12:3c:8d:
                    08:ef:48:33:e6:6c:fd:8b:d0:69:93:56:4d:ff:3a:
                    34:23:c6:89:39:b1:f7:f4:0d:49:17:ae:a6:de:1b:
                    80:71:0b:ed:71:42:b0:99:d8:32:1b:37:0b:c8:8e:
                    b1:09:09:76:91:93:1f:97:b0:30:49:d2:c9:ba:b9:
                    fa:e1:6b:b0:a8:f4:b7:ee:56:56:d4:bd:ac:2b:99:
                    98:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:38:16:58:F3:08:A4:52:DC:AC:0F:90:4A:70:7E:53:BE:84:9C:95
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BzgWWPMIpFLcrA-QSnB-U76EnJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.145.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:74:16:e9:66:86:04:d9:c2:d0:b8:61:cf:d9:06:7f:da:ac:
         f7:69:66:3f:67:9a:39:75:8b:89:0e:20:95:16:1f:c6:7d:cd:
         1c:29:82:76:e4:f5:20:ed:56:0f:02:df:56:e5:8a:39:7b:ee:
         43:5a:b5:3b:5e:ba:7e:04:d6:77:f4:3d:3f:49:73:10:73:a4:
         57:22:3e:65:45:b2:9d:85:6b:35:76:22:ed:cc:88:40:d6:57:
         19:7a:06:4e:8d:e5:8d:c7:ba:f2:95:b4:c1:27:01:e2:f7:0b:
         fb:a3:52:83:29:76:54:7b:d2:f9:ae:ab:51:2f:69:b6:fe:8e:
         5b:ce:3e:d5:61:4b:b6:5d:50:08:04:6b:00:c8:b2:d2:4b:6d:
         6b:a5:7c:b8:60:6e:42:3e:d7:ba:1e:9c:8f:1a:be:06:00:57:
         d1:71:f8:fe:4d:c9:89:cd:f9:11:94:b8:86:83:b2:cf:d1:97:
         12:b7:30:a1:c9:15:c4:c4:44:fd:99:ad:35:9d:60:42:00:56:
         66:8d:3e:ee:59:dc:8b:68:eb:e0:d6:af:43:aa:6c:b6:d3:f0:
         88:97:f6:9a:93:a7:06:67:24:08:0b:e3:c1:9a:52:3f:3d:06:
         8b:73:ea:31:d5:7c:8c:26:ca:07:71:8a:98:44:79:dc:d6:0c:
         66:de:ec:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJJ96FYAMc2M/Mv1agBgQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzM4MTY1OGYzMDhhNDUyZGNhYzBmOTA0YTcwN2U1M2JlODQ5Yzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweJdJtFm//fyw0zsEAgZCL9+S8xh
WL/MILbSKxCXsDwApTKNOpqUrUyPjXvEZyTRR5gFVS+drk3BBrEbCQEBgCSZrWfk
dAtb/r4OKjrZmkYvQ6ekZo5TfG3IpGVMEk+2wDt4tIrWdrdZ/WOjggs2CaRLwwOo
NkN8jlXjXqP0HtjMivmcn8+6fZzvtlMHIc0HdWMhLY/1w8wWVIyAT6SHqq2HTqGv
rBwutxB98gZCWQkSPI0I70gz5mz9i9Bpk1ZN/zo0I8aJObH39A1JF66m3huAcQvt
cUKwmdgyGzcLyI6xCQl2kZMfl7AwSdLJurn64WuwqPS37lZW1L2sK5mYnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAc4FljzCKRS3KwPkEpwflO+hJyVMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQnpnV1dQTUlwRkxjckEtUVNuQi1VNzZFbkpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZFfMA0G
CSqGSIb3DQEBCwUAA4IBAQAtdBbpZoYE2cLQuGHP2QZ/2qz3aWY/Z5o5dYuJDiCV
Fh/Gfc0cKYJ25PUg7VYPAt9W5Yo5e+5DWrU7Xrp+BNZ39D0/SXMQc6RXIj5lRbKd
hWs1diLtzIhA1lcZegZOjeWNx7rylbTBJwHi9wv7o1KDKXZUe9L5rqtRL2m2/o5b
zj7VYUu2XVAIBGsAyLLSS21rpXy4YG5CPte6HpyPGr4GAFfRcfj+TcmJzfkRlLiG
g7LP0ZcStzChyRXExET9ma01nWBCAFZmjT7uWdyLaOvg1q9Dqmy20/CIl/aak6cG
ZyQIC+PBmlI/PQaLc+ox1XyMJsoHcYqYRHnc1gxm3uwh
-----END CERTIFICATE-----