Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/bjzQ3crU5PcA96LY9dtw4NuDZis.roa
File:                     bjzQ3crU5PcA96LY9dtw4NuDZis.roa (raw, json)
Hash identifier:          c92ekc6E+hzq/irXhplbV3DQ1UOi7LGz/QcJM4z4KJg=
Subject key identifier:   6E:3C:D0:DD:CA:D4:E4:F7:00:F7:A2:D8:F5:DB:70:E0:DB:83:66:2B
Certificate issuer:       /CN=70f68cded39e3ec54cee2233252ef3937ba9828d
Certificate serial:       018CC8DEBD4C5B09678BC123E695E582CF1C
Authority key identifier: 70:F6:8C:DE:D3:9E:3E:C5:4C:EE:22:33:25:2E:F3:93:7B:A9:82:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPaM3tOePsVM7iIzJS7zk3upgo0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/bjzQ3crU5PcA96LY9dtw4NuDZis.roa
Signing time:             Tue 02 Jan 2024 06:31:29 +0000
ROA not before:           Tue 02 Jan 2024 06:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211201
IP address blocks:        193.33.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/cPaM3tOePsVM7iIzJS7zk3upgo0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/cPaM3tOePsVM7iIzJS7zk3upgo0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPaM3tOePsVM7iIzJS7zk3upgo0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:bd:4c:5b:09:67:8b:c1:23:e6:95:e5:82:cf:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f68cded39e3ec54cee2233252ef3937ba9828d
        Validity
            Not Before: Jan  2 06:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e3cd0ddcad4e4f700f7a2d8f5db70e0db83662b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:38:8f:0d:35:85:d5:ec:9e:6e:cd:57:a6:b2:
                    14:81:9a:44:31:94:e7:f6:9c:22:32:73:f4:3d:12:
                    4e:bb:ed:a6:d7:6b:c9:74:f9:d7:60:1e:62:ec:d6:
                    4b:00:e4:b3:cb:c0:c2:f6:c1:85:f1:d9:a2:d5:06:
                    c5:bb:d3:7a:3a:26:92:a2:32:0c:7d:ac:4c:ce:d2:
                    1c:2b:e5:4f:82:51:85:e9:b7:ed:0b:dd:d4:14:c4:
                    64:fb:cc:ef:71:cc:61:47:13:f1:af:ef:aa:e0:4d:
                    31:ec:32:74:12:52:03:1f:42:a9:96:22:fc:d6:04:
                    7b:6a:20:5c:71:e9:7b:ed:17:42:a0:c7:a5:83:00:
                    f0:fd:2c:43:30:49:73:70:b7:2c:e5:d8:30:f7:45:
                    ae:25:06:db:86:97:17:98:94:fb:4b:84:0d:9d:5a:
                    12:29:48:08:92:24:40:f8:53:5d:b7:1f:40:1d:ab:
                    fa:29:0e:48:ad:79:67:62:0f:5a:5b:56:40:42:bf:
                    8a:a0:c8:0a:14:0d:c2:e5:3a:58:33:ad:03:f5:e8:
                    76:79:d8:79:a6:b8:0f:4f:c6:00:62:0b:ee:9b:53:
                    06:4d:bd:55:a3:21:f0:94:95:83:c2:41:89:49:85:
                    e4:62:f0:8f:99:84:ef:2a:f5:b4:0e:6e:7c:01:5f:
                    c4:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:3C:D0:DD:CA:D4:E4:F7:00:F7:A2:D8:F5:DB:70:E0:DB:83:66:2B
            X509v3 Authority Key Identifier:
                keyid:70:F6:8C:DE:D3:9E:3E:C5:4C:EE:22:33:25:2E:F3:93:7B:A9:82:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPaM3tOePsVM7iIzJS7zk3upgo0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/bjzQ3crU5PcA96LY9dtw4NuDZis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/cPaM3tOePsVM7iIzJS7zk3upgo0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:73:31:df:86:20:56:32:f1:c7:66:cb:83:d0:2e:55:9d:fa:
         dc:42:08:49:99:f8:68:79:ee:0f:09:e2:9e:f8:70:a5:2e:7b:
         25:9c:a1:1d:de:bb:76:91:91:19:ec:44:2b:8d:3b:33:2f:27:
         fb:12:07:5d:cd:69:48:fd:9e:67:c3:c9:3e:ff:2f:6d:ea:4e:
         99:ab:2b:6a:e1:25:7a:9e:0d:f4:9c:df:a8:55:59:9a:23:a8:
         27:b8:fa:ab:7a:c9:a7:e6:60:d9:24:bb:38:96:71:f2:28:65:
         ff:93:3b:67:b6:56:05:ff:6d:4a:91:82:d1:3f:25:f1:66:ab:
         7f:9e:90:f7:1c:44:45:95:58:1c:cd:8e:8a:b1:0f:74:b5:b3:
         ce:cf:96:4f:9a:25:e6:8b:61:8c:91:f6:c5:cc:d2:4a:42:82:
         84:32:fc:f7:a9:ae:f7:f0:43:e3:e9:52:5c:75:6c:37:71:3d:
         27:04:84:da:eb:1b:48:87:39:9b:10:6d:9f:99:8b:4f:39:bf:
         7d:23:4d:59:2c:3c:63:d7:b9:b3:28:8f:18:8f:9d:e1:52:91:
         02:ad:7d:87:06:97:f7:a0:cd:11:c5:94:c3:76:76:7d:f8:b6:
         89:dd:8c:66:46:26:7d:00:9f:e4:57:3d:41:73:ac:51:ff:9b:
         bd:0f:20:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3r1MWwlni8Ej5pXlgs8cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjY4Y2RlZDM5ZTNlYzU0Y2VlMjIzMzI1MmVmMzkzN2Jh
OTgyOGQwHhcNMjQwMTAyMDYzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTNjZDBkZGNhZDRlNGY3MDBmN2EyZDhmNWRiNzBlMGRiODM2NjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDiPDTWF1eyebs1XprIUgZpEMZTn
9pwiMnP0PRJOu+2m12vJdPnXYB5i7NZLAOSzy8DC9sGF8dmi1QbFu9N6OiaSojIM
faxMztIcK+VPglGF6bftC93UFMRk+8zvccxhRxPxr++q4E0x7DJ0ElIDH0KpliL8
1gR7aiBccel77RdCoMelgwDw/SxDMElzcLcs5dgw90WuJQbbhpcXmJT7S4QNnVoS
KUgIkiRA+FNdtx9AHav6KQ5IrXlnYg9aW1ZAQr+KoMgKFA3C5TpYM60D9eh2edh5
prgPT8YAYgvum1MGTb1VoyHwlJWDwkGJSYXkYvCPmYTvKvW0Dm58AV/E2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG480N3K1OT3APei2PXbcODbg2YrMB8GA1UdIwQY
MBaAFHD2jN7Tnj7FTO4iMyUu85N7qYKNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BhTTN0T2VQc1ZNN2lJekpTN3prM3VwZ28wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9mMGNjNDEtYjNlNy00NmZmLWE5NzYt
MjlkZjRlMjYxMWYxLzEvYmp6UTNjclU1UGNBOTZMWTlkdHc0TnVEWmlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9mMGNjNDEtYjNlNy00NmZmLWE5NzYtMjlkZjRlMjYxMWYx
LzEvY1BhTTN0T2VQc1ZNN2lJekpTN3prM3VwZ28wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSFgMA0G
CSqGSIb3DQEBCwUAA4IBAQAoczHfhiBWMvHHZsuD0C5VnfrcQghJmfhoee4PCeKe
+HClLnslnKEd3rt2kZEZ7EQrjTszLyf7EgddzWlI/Z5nw8k+/y9t6k6Zqytq4SV6
ng30nN+oVVmaI6gnuPqresmn5mDZJLs4lnHyKGX/kztntlYF/21KkYLRPyXxZqt/
npD3HERFlVgczY6KsQ90tbPOz5ZPmiXmi2GMkfbFzNJKQoKEMvz3qa738EPj6VJc
dWw3cT0nBITa6xtIhzmbEG2fmYtPOb99I01ZLDxj17mzKI8Yj53hUpECrX2HBpf3
oM0RxZTDdnZ9+LaJ3YxmRiZ9AJ/kVz1Bc6xR/5u9DyCW
-----END CERTIFICATE-----