Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/BzPL20-RQqQNHl3mvkdVpKFKztY.roa
File:                     BzPL20-RQqQNHl3mvkdVpKFKztY.roa (raw, json)
Hash identifier:          gTyTIxCJ7Tq2dyD7acXbF9IOdSKDSh9RVHjGEQoNM98=
Subject key identifier:   07:33:CB:DB:4F:91:42:A4:0D:1E:5D:E6:BE:47:55:A4:A1:4A:CE:D6
Certificate issuer:       /CN=f3b90781dbbebdb8ec42baf66488059ea5866aac
Certificate serial:       018CC42484C2BF52A42C79AFBE29019DB379
Authority key identifier: F3:B9:07:81:DB:BE:BD:B8:EC:42:BA:F6:64:88:05:9E:A5:86:6A:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/87kHgdu-vbjsQrr2ZIgFnqWGaqw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/BzPL20-RQqQNHl3mvkdVpKFKztY.roa
Signing time:             Mon 01 Jan 2024 08:29:36 +0000
ROA not before:           Mon 01 Jan 2024 08:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49800
IP address blocks:        2a03:6947:200::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/87kHgdu-vbjsQrr2ZIgFnqWGaqw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/87kHgdu-vbjsQrr2ZIgFnqWGaqw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/87kHgdu-vbjsQrr2ZIgFnqWGaqw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 17:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:84:c2:bf:52:a4:2c:79:af:be:29:01:9d:b3:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3b90781dbbebdb8ec42baf66488059ea5866aac
        Validity
            Not Before: Jan  1 08:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0733cbdb4f9142a40d1e5de6be4755a4a14aced6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:73:86:26:25:9f:51:2c:81:fb:47:cc:e9:fa:
                    45:ac:f8:bd:22:e6:83:7a:ef:ea:b1:87:48:0d:78:
                    83:b7:3e:9d:89:80:a8:b5:b9:5f:30:bd:92:35:3f:
                    ed:db:62:2a:c1:3a:7f:ea:b3:a3:81:8d:c7:e5:cc:
                    f3:ee:47:ad:25:7e:1e:af:97:15:c6:69:46:25:b8:
                    f9:40:ac:7e:72:f1:b4:c6:2b:4a:20:b1:ce:96:d1:
                    ee:81:8b:73:49:5f:22:a0:09:0a:2a:a2:2b:64:37:
                    f7:82:e1:32:71:64:f3:2a:e3:6a:16:10:2e:2d:a5:
                    cd:09:5a:75:e7:06:d0:34:79:7d:92:b7:ce:47:5a:
                    9b:0c:8e:da:d4:10:f6:12:bb:83:6e:fa:3b:45:10:
                    19:97:a7:17:d3:2e:ae:cf:78:82:1e:f8:6c:10:fb:
                    e9:76:19:da:f8:d9:7d:10:11:dc:1a:77:66:7b:b6:
                    ae:e4:21:89:35:26:20:21:12:f8:b5:83:61:f8:db:
                    b8:9c:bb:9f:6a:57:0b:4b:7b:54:0e:f5:84:c6:5e:
                    e8:b8:96:3a:a6:b3:29:b6:f5:5e:83:18:08:a7:e2:
                    ab:bf:a1:1d:87:54:a0:fb:ac:68:a7:4f:08:a2:35:
                    f1:e8:7f:05:2e:22:ea:0f:82:5c:35:6b:43:2f:dd:
                    db:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:33:CB:DB:4F:91:42:A4:0D:1E:5D:E6:BE:47:55:A4:A1:4A:CE:D6
            X509v3 Authority Key Identifier:
                keyid:F3:B9:07:81:DB:BE:BD:B8:EC:42:BA:F6:64:88:05:9E:A5:86:6A:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/87kHgdu-vbjsQrr2ZIgFnqWGaqw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/BzPL20-RQqQNHl3mvkdVpKFKztY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/8c5808-3165-41dc-90a0-3ef5eb7c8598/1/87kHgdu-vbjsQrr2ZIgFnqWGaqw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:6947:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         89:cc:d7:c3:74:83:f7:ef:9b:ec:83:88:8a:39:33:d5:d8:04:
         0a:27:2f:b5:7e:b2:3c:71:46:c5:b8:3a:57:90:98:c9:10:40:
         37:04:6f:3a:87:fb:a1:12:29:74:d5:d0:7c:5f:f2:b6:85:50:
         5a:e2:a3:36:2a:46:59:10:ef:7f:aa:c3:19:ed:82:da:be:db:
         d4:d2:08:45:57:76:90:63:ca:b1:1b:e6:01:db:63:84:31:bb:
         f2:4e:27:6c:6b:03:ad:87:07:24:ec:8e:49:3b:13:d1:a8:c4:
         5f:6c:e3:91:56:e5:81:ce:f0:6f:49:67:cf:c2:ca:c8:97:0a:
         a2:bf:4d:94:f7:08:99:c0:04:5b:60:ff:73:91:29:8d:f7:ed:
         b5:94:6a:05:ed:84:ea:8e:dc:a8:c4:bc:c1:81:53:04:36:5d:
         b1:7f:26:19:59:d0:e7:3d:6d:94:7f:33:71:0a:e5:2a:74:50:
         c9:25:38:67:ff:4f:7c:9b:0b:5f:0c:9d:33:65:f8:5f:d3:ca:
         8b:1c:28:0a:07:90:69:c3:10:8a:6c:8a:b7:27:fc:50:92:d1:
         c0:9e:18:d4:18:9d:1a:58:7f:29:3d:fc:23:a5:75:fc:30:ef:
         26:ee:3b:80:05:0f:50:99:ac:07:cc:d2:65:74:de:c4:80:a2:
         f0:67:b5:b8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEJITCv1KkLHmvvikBnbN5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYjkwNzgxZGJiZWJkYjhlYzQyYmFmNjY0ODgwNTllYTU4
NjZhYWMwHhcNMjQwMTAxMDgyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzMzY2JkYjRmOTE0MmE0MGQxZTVkZTZiZTQ3NTVhNGExNGFjZWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnnOGJiWfUSyB+0fM6fpFrPi9IuaD
eu/qsYdIDXiDtz6diYCotblfML2SNT/t22IqwTp/6rOjgY3H5czz7ketJX4er5cV
xmlGJbj5QKx+cvG0xitKILHOltHugYtzSV8ioAkKKqIrZDf3guEycWTzKuNqFhAu
LaXNCVp15wbQNHl9krfOR1qbDI7a1BD2EruDbvo7RRAZl6cX0y6uz3iCHvhsEPvp
dhna+Nl9EBHcGndme7au5CGJNSYgIRL4tYNh+Nu4nLufalcLS3tUDvWExl7ouJY6
prMptvVegxgIp+Krv6Edh1Sg+6xop08IojXx6H8FLiLqD4JcNWtDL93bMwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAczy9tPkUKkDR5d5r5HVaShSs7WMB8GA1UdIwQY
MBaAFPO5B4Hbvr247EK69mSIBZ6lhmqsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODdrSGdkdS12YmpzUXJyMlpJZ0ZucVdHYXF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi84YzU4MDgtMzE2NS00MWRjLTkwYTAt
M2VmNWViN2M4NTk4LzEvQnpQTDIwLVJRcVFOSGwzbXZrZFZwS0ZLenRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi84YzU4MDgtMzE2NS00MWRjLTkwYTAtM2VmNWViN2M4NTk4
LzEvODdrSGdkdS12YmpzUXJyMlpJZ0ZucVdHYXF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgNpRwIw
DQYJKoZIhvcNAQELBQADggEBAInM18N0g/fvm+yDiIo5M9XYBAonL7V+sjxxRsW4
OleQmMkQQDcEbzqH+6ESKXTV0Hxf8raFUFriozYqRlkQ73+qwxntgtq+29TSCEVX
dpBjyrEb5gHbY4Qxu/JOJ2xrA62HByTsjkk7E9GoxF9s45FW5YHO8G9JZ8/CysiX
CqK/TZT3CJnABFtg/3ORKY337bWUagXthOqO3KjEvMGBUwQ2XbF/JhlZ0Oc9bZR/
M3EK5Sp0UMklOGf/T3ybC18MnTNl+F/TyoscKAoHkGnDEIpsircn/FCS0cCeGNQY
nRpYfyk9/COldfww7ybuO4AFD1CZrAfM0mV03sSAovBntbg=
-----END CERTIFICATE-----