Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/B1zx_UWm_PcBt5AbDZ2HD4SBcKw.roa
File:                     B1zx_UWm_PcBt5AbDZ2HD4SBcKw.roa (raw, json)
Hash identifier:          jrlhYATchvw8JktGPJsWssOvXUYR+g9p7Lj1fycV2o0=
Subject key identifier:   07:5C:F1:FD:45:A6:FC:F7:01:B7:90:1B:0D:9D:87:0F:84:81:70:AC
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018D275A64409E0F1793509AC4CB3FB7BDB3
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/B1zx_UWm_PcBt5AbDZ2HD4SBcKw.roa
Signing time:             Sat 20 Jan 2024 14:50:51 +0000
ROA not before:           Sat 20 Jan 2024 14:50:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400813
IP address blocks:        2a0d:6f80:38d2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:27:5a:64:40:9e:0f:17:93:50:9a:c4:cb:3f:b7:bd:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan 20 14:50:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=075cf1fd45a6fcf701b7901b0d9d870f848170ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:4a:19:b5:37:47:74:43:dd:c1:7c:d8:d0:02:
                    69:4d:3a:8b:37:01:6f:14:05:8c:f7:07:dc:7b:71:
                    3e:42:6b:cc:f7:0b:87:1e:2f:0f:5a:3a:c1:1c:83:
                    48:e2:22:d5:73:84:b8:a6:48:8e:4e:26:f5:9f:dd:
                    1b:7b:eb:61:7b:37:a7:c6:ac:f8:9f:eb:a7:45:53:
                    c1:21:9c:8d:53:ce:b9:71:4d:d2:5e:96:9f:13:f3:
                    67:ad:12:c6:dc:22:af:b5:0e:e3:16:fc:11:15:13:
                    c5:11:d0:00:88:66:f7:cb:ab:3c:df:89:3f:b6:ea:
                    33:99:03:07:db:30:9e:d9:a6:1c:8e:0f:bf:45:9a:
                    c7:6d:0f:60:03:47:d4:ee:eb:0f:8f:9e:83:eb:28:
                    11:16:53:43:e5:17:7e:62:a1:ba:98:29:3f:6a:4e:
                    51:05:53:28:ec:9a:89:f7:a3:05:11:ce:97:f7:75:
                    d8:bf:90:ce:b1:01:a6:32:5a:29:7a:4e:dc:0c:df:
                    fd:e1:12:0d:eb:c4:5e:c7:cf:b8:62:cb:5b:02:00:
                    a8:0e:7f:36:b1:c0:25:12:0f:d7:2f:5f:31:1a:b4:
                    6a:8f:95:d6:0c:0c:0c:fe:4c:f1:88:55:c5:07:c9:
                    f0:c0:5e:a0:00:14:52:56:fe:fd:ec:00:62:05:a4:
                    d1:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:5C:F1:FD:45:A6:FC:F7:01:B7:90:1B:0D:9D:87:0F:84:81:70:AC
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/B1zx_UWm_PcBt5AbDZ2HD4SBcKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:6f80:38d2::/48

    Signature Algorithm: sha256WithRSAEncryption
         c2:e8:a3:25:f2:a1:90:2c:0f:3b:0a:3f:3a:cc:5a:04:e7:73:
         f5:a2:bc:6b:ab:28:d3:dc:66:19:e3:e5:f8:dd:20:77:6a:3d:
         8d:d5:4e:48:35:3a:ad:0b:af:79:5c:ee:f1:2b:09:fa:bb:08:
         d2:e4:2a:06:dc:62:38:b2:57:9f:58:d3:c6:c6:59:eb:02:3b:
         5f:5e:e6:f7:2a:a6:02:ba:15:a5:b0:5e:de:01:dd:60:51:9b:
         73:f4:37:c7:7b:a4:e1:16:b5:81:b1:7c:24:a3:51:38:c2:3c:
         99:8a:58:d1:ba:47:ae:20:ae:d4:25:81:31:17:e9:55:58:15:
         dc:1c:49:fa:a2:6b:9f:75:31:23:e8:3d:b0:7f:12:ed:c0:4f:
         25:06:05:1e:f6:bd:e2:2c:7d:80:f9:bd:b2:56:eb:2b:40:1c:
         fb:35:cb:17:1b:a1:a4:46:00:2e:f1:41:fb:85:a9:b2:03:11:
         69:f0:04:53:e7:c2:27:af:fd:e9:b4:5f:47:ed:32:2f:76:ad:
         82:7f:6a:76:b4:d2:b7:e0:51:e0:e7:95:ea:d5:55:35:92:2a:
         4b:06:b4:cf:5e:5d:6e:c0:dd:92:5f:ed:f5:90:2f:fc:ef:3e:
         f6:44:2e:39:f2:4d:85:7d:ae:c0:88:49:9c:1d:99:e6:c5:2e:
         32:61:3b:79
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY0nWmRAng8Xk1CaxMs/t72zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwMTIwMTQ1MDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzVjZjFmZDQ1YTZmY2Y3MDFiNzkwMWIwZDlkODcwZjg0ODE3MGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0oZtTdHdEPdwXzY0AJpTTqLNwFv
FAWM9wfce3E+QmvM9wuHHi8PWjrBHINI4iLVc4S4pkiOTib1n90be+thezenxqz4
n+unRVPBIZyNU865cU3SXpafE/NnrRLG3CKvtQ7jFvwRFRPFEdAAiGb3y6s834k/
tuozmQMH2zCe2aYcjg+/RZrHbQ9gA0fU7usPj56D6ygRFlND5Rd+YqG6mCk/ak5R
BVMo7JqJ96MFEc6X93XYv5DOsQGmMlopek7cDN/94RIN68Rex8+4YstbAgCoDn82
scAlEg/XL18xGrRqj5XWDAwM/kzxiFXFB8nwwF6gABRSVv797ABiBaTRHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAdc8f1Fpvz3AbeQGw2dhw+EgXCsMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvQjF6eF9VV21fUGNCdDVBYkRaMkhENFNCY0t3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg1vgDjS
MA0GCSqGSIb3DQEBCwUAA4IBAQDC6KMl8qGQLA87Cj86zFoE53P1orxrqyjT3GYZ
4+X43SB3aj2N1U5INTqtC695XO7xKwn6uwjS5CoG3GI4slefWNPGxlnrAjtfXub3
KqYCuhWlsF7eAd1gUZtz9DfHe6ThFrWBsXwko1E4wjyZiljRukeuIK7UJYExF+lV
WBXcHEn6omufdTEj6D2wfxLtwE8lBgUe9r3iLH2A+b2yVusrQBz7NcsXG6GkRgAu
8UH7hamyAxFp8ART58Inr/3ptF9H7TIvdq2Cf2p2tNK34FHg55Xq1VU1kipLBrTP
Xl1uwN2SX+31kC/87z72RC458k2Ffa7AiEmcHZnmxS4yYTt5
-----END CERTIFICATE-----