Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/Bznr5KOUJrVuR7aiMFfF4Zwzw1E.roa
File:                     Bznr5KOUJrVuR7aiMFfF4Zwzw1E.roa (raw, json)
Hash identifier:          Z3M5ZIoFGewg1F/Yi0d+EZLmt4bVSdsxUuaEtWTXgXY=
Subject key identifier:   07:39:EB:E4:A3:94:26:B5:6E:47:B6:A2:30:57:C5:E1:9C:33:C3:51
Certificate issuer:       /CN=bfb097a36c2325d1031ff4091ba00a86459d4288
Certificate serial:       018CC6B93EF5E1E47F2C8FDDF2F3177498AE
Authority key identifier: BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/Bznr5KOUJrVuR7aiMFfF4Zwzw1E.roa
Signing time:             Mon 01 Jan 2024 20:31:18 +0000
ROA not before:           Mon 01 Jan 2024 20:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197889
IP address blocks:        195.184.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3e:f5:e1:e4:7f:2c:8f:dd:f2:f3:17:74:98:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb097a36c2325d1031ff4091ba00a86459d4288
        Validity
            Not Before: Jan  1 20:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0739ebe4a39426b56e47b6a23057c5e19c33c351
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:2c:02:be:df:46:5a:d1:6f:34:cf:da:77:4c:
                    6d:77:b1:69:6e:7e:0e:9b:2d:bd:06:e1:32:54:b0:
                    29:90:46:db:bc:d2:6f:bd:13:5c:9d:f2:62:d0:7d:
                    fa:6d:fb:e0:89:57:47:e2:e6:b2:2c:cb:d7:4b:39:
                    80:ed:22:41:80:b2:15:4b:66:e4:86:3f:9d:53:e4:
                    f1:85:3d:f5:fc:70:66:21:21:a5:41:6c:07:3c:a9:
                    40:87:44:91:f8:f9:15:09:42:23:b8:c0:00:25:b8:
                    e0:fb:46:55:57:c2:7e:97:a7:1b:e0:f4:a7:6e:74:
                    7c:f8:ac:f4:17:05:32:5d:43:5f:96:c6:21:3a:db:
                    f8:59:45:a5:02:e6:c3:42:18:40:4e:0d:7f:3e:cc:
                    92:f3:02:b0:58:d2:09:d6:4c:dd:bc:f4:08:f3:20:
                    ea:49:68:a7:73:43:90:04:bd:ae:3f:96:ab:2e:44:
                    c9:a0:bd:94:9b:3e:bf:d6:10:a8:89:c1:7a:4d:56:
                    36:5f:f4:bb:82:40:af:c6:1b:67:36:c7:f6:68:eb:
                    6d:9a:e6:c4:92:91:8a:43:ed:b8:7e:fd:cd:df:0e:
                    aa:44:5b:30:dc:b7:8f:52:86:bf:f7:15:e0:e8:90:
                    b2:4f:1f:ee:75:fb:2d:22:c1:df:6b:b3:e1:2f:c8:
                    48:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:39:EB:E4:A3:94:26:B5:6E:47:B6:A2:30:57:C5:E1:9C:33:C3:51
            X509v3 Authority Key Identifier:
                keyid:BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/Bznr5KOUJrVuR7aiMFfF4Zwzw1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.184.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:ca:74:c0:ee:32:16:c2:67:80:15:0a:cc:99:4d:bf:fd:ad:
         02:3c:3f:1c:ca:47:57:fe:f5:01:6b:3b:8a:58:fc:c7:6e:60:
         79:c1:ee:2d:60:26:0f:ab:94:41:55:ab:eb:b4:63:2d:c9:36:
         77:51:c1:83:f9:50:1d:90:df:37:4b:3b:eb:d5:d5:f7:99:bb:
         45:76:be:d9:05:51:de:aa:c9:a7:6b:8e:f1:a4:4c:8a:aa:50:
         50:f8:92:87:1d:ba:2a:7b:15:8b:d1:58:1c:ab:dd:72:b5:aa:
         ec:e3:20:aa:b4:47:ca:dc:49:66:4d:95:90:11:aa:2a:19:fc:
         d7:f2:bd:75:50:65:da:44:43:b6:90:38:bf:9b:ab:dc:4a:08:
         de:39:a4:b1:62:25:b5:93:40:79:cd:78:9a:20:04:76:84:91:
         1e:2a:86:cf:6c:77:89:20:95:bb:1f:0a:21:44:5a:e2:0a:84:
         c5:46:6f:14:4d:bf:c6:5d:84:84:c0:25:a3:30:58:3d:eb:2e:
         ec:95:e4:7d:ed:b8:61:d6:16:0b:47:94:1c:83:78:94:5e:df:
         ea:4d:3b:5f:ff:58:8e:d6:19:08:94:8a:28:c5:80:d7:b2:fe:
         61:8f:36:e0:3b:84:f7:54:0f:02:c1:7f:ea:6b:45:c7:f6:60:
         91:02:8a:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuT714eR/LI/d8vMXdJiuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjA5N2EzNmMyMzI1ZDEwMzFmZjQwOTFiYTAwYTg2NDU5
ZDQyODgwHhcNMjQwMTAxMjAzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzM5ZWJlNGEzOTQyNmI1NmU0N2I2YTIzMDU3YzVlMTljMzNjMzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqywCvt9GWtFvNM/ad0xtd7Fpbn4O
my29BuEyVLApkEbbvNJvvRNcnfJi0H36bfvgiVdH4uayLMvXSzmA7SJBgLIVS2bk
hj+dU+TxhT31/HBmISGlQWwHPKlAh0SR+PkVCUIjuMAAJbjg+0ZVV8J+l6cb4PSn
bnR8+Kz0FwUyXUNflsYhOtv4WUWlAubDQhhATg1/PsyS8wKwWNIJ1kzdvPQI8yDq
SWinc0OQBL2uP5arLkTJoL2Umz6/1hCoicF6TVY2X/S7gkCvxhtnNsf2aOttmubE
kpGKQ+24fv3N3w6qRFsw3LePUoa/9xXg6JCyTx/udfstIsHfa7PhL8hINQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAc56+SjlCa1bke2ojBXxeGcM8NRMB8GA1UdIwQY
MBaAFL+wl6NsIyXRAx/0CRugCoZFnUKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2It
ZWNjNDliZGMyYWQ4LzEvQnpucjVLT1VKclZ1UjdhaU1GZkY0Wnd6dzFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2ItZWNjNDliZGMyYWQ4
LzEvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7gEMA0G
CSqGSIb3DQEBCwUAA4IBAQBPynTA7jIWwmeAFQrMmU2//a0CPD8cykdX/vUBazuK
WPzHbmB5we4tYCYPq5RBVavrtGMtyTZ3UcGD+VAdkN83Szvr1dX3mbtFdr7ZBVHe
qsmna47xpEyKqlBQ+JKHHboqexWL0Vgcq91ytars4yCqtEfK3ElmTZWQEaoqGfzX
8r11UGXaREO2kDi/m6vcSgjeOaSxYiW1k0B5zXiaIAR2hJEeKobPbHeJIJW7Hwoh
RFriCoTFRm8UTb/GXYSEwCWjMFg96y7sleR97bhh1hYLR5Qcg3iUXt/qTTtf/1iO
1hkIlIooxYDXsv5hjzbgO4T3VA8CwX/qa0XH9mCRAoqX
-----END CERTIFICATE-----