Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/btZ1LYBwDvIDTRfyR_bZBxuYxQE.roa
File:                     btZ1LYBwDvIDTRfyR_bZBxuYxQE.roa (raw, json)
Hash identifier:          BCLp7U+nuq4jqYS+XT7s0Q7cfRiMQZbBkI2L0/EZEWg=
Subject key identifier:   6E:D6:75:2D:80:70:0E:F2:03:4D:17:F2:47:F6:D9:07:1B:98:C5:01
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018E1878B5C68DB36AEA36CC1A6AA4871C96
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/btZ1LYBwDvIDTRfyR_bZBxuYxQE.roa
Signing time:             Thu 07 Mar 2024 10:32:27 +0000
ROA not before:           Thu 07 Mar 2024 10:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3561
IP address blocks:        45.95.88.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:18:78:b5:c6:8d:b3:6a:ea:36:cc:1a:6a:a4:87:1c:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Mar  7 10:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ed6752d80700ef2034d17f247f6d9071b98c501
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:1e:37:d5:a1:ef:18:f8:45:e4:f5:ed:00:54:
                    44:b7:24:ed:11:e7:44:78:a5:0b:65:dc:f2:43:f1:
                    11:97:ed:3b:02:44:b1:e9:3d:6c:30:8c:9e:35:ed:
                    13:95:2c:01:81:15:c2:d0:32:c1:40:55:e0:4e:19:
                    95:05:72:20:e5:24:bc:83:ee:2e:cd:20:0c:4c:4f:
                    c4:be:71:7f:4e:40:74:af:86:45:09:52:60:6a:0e:
                    40:fc:a2:58:68:1a:21:91:92:46:49:ca:30:ce:e9:
                    d3:2d:4f:5d:0f:92:75:8f:65:5b:86:7a:a2:be:0c:
                    3f:b4:28:c1:42:38:16:69:b9:77:3e:fa:e0:44:11:
                    ca:62:23:51:b4:6a:86:3c:79:a1:bf:d3:5f:90:56:
                    e6:ea:4e:b0:c2:55:37:5a:6a:36:03:2a:62:d3:f9:
                    37:c1:1b:ea:8a:64:02:d5:11:a5:bc:ae:9d:3a:45:
                    42:ca:f0:7c:f5:bf:32:90:99:d5:41:84:50:c2:c5:
                    5d:32:e3:ff:31:ed:83:7c:d6:8e:67:12:b2:93:56:
                    0d:86:77:7e:61:b4:93:36:b8:62:fc:27:f6:e4:c0:
                    39:18:51:cc:06:9e:90:7d:d5:3d:e0:9d:8b:f6:fb:
                    92:99:de:b7:b2:7c:e8:35:01:e9:35:e8:a9:13:9e:
                    8b:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:D6:75:2D:80:70:0E:F2:03:4D:17:F2:47:F6:D9:07:1B:98:C5:01
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/btZ1LYBwDvIDTRfyR_bZBxuYxQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:c6:04:d8:d6:6e:d8:ca:11:61:e1:e2:1e:0e:50:3d:80:98:
         d2:a1:fd:98:a7:4b:c1:c3:ac:a4:4a:39:ee:96:c9:10:f6:c3:
         b4:76:84:31:d3:01:da:37:37:1b:ee:ba:bd:1a:22:08:47:ed:
         c5:49:1e:64:48:f2:28:b1:2f:10:e9:2b:81:20:7d:a4:91:2a:
         a4:93:b0:52:24:0f:5b:01:20:41:dd:7b:8a:28:f9:be:3f:8f:
         d7:bd:8f:4f:1a:76:f7:34:21:10:e9:5c:89:68:37:f2:22:08:
         44:76:ac:28:23:c0:6d:e8:23:8e:cb:5f:cd:6a:85:95:0f:ab:
         b1:b1:3e:78:06:87:82:8f:1d:d5:d7:dd:ad:a3:45:56:f1:0c:
         24:6e:6b:02:01:b6:31:af:bc:4d:85:f8:33:7b:d1:bf:28:29:
         6f:1b:55:f4:9a:7f:41:fe:92:d3:fe:a3:d0:39:70:90:c2:52:
         f7:a8:7d:43:f9:0b:ee:67:00:9c:c6:bf:1b:ff:07:ea:ec:9e:
         cf:58:5f:55:0a:48:f1:e5:a7:ba:ad:93:f1:1a:05:0a:76:e2:
         db:e3:38:0a:06:e4:7f:2b:62:36:6d:b7:76:07:54:4a:d0:12:
         e4:3b:b4:83:32:ff:44:89:03:17:c8:48:e5:34:33:ca:75:77:
         de:a1:3f:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4YeLXGjbNq6jbMGmqkhxyWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMzA3MTAzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWQ2NzUyZDgwNzAwZWYyMDM0ZDE3ZjI0N2Y2ZDkwNzFiOThjNTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgB431aHvGPhF5PXtAFREtyTtEedE
eKULZdzyQ/ERl+07AkSx6T1sMIyeNe0TlSwBgRXC0DLBQFXgThmVBXIg5SS8g+4u
zSAMTE/EvnF/TkB0r4ZFCVJgag5A/KJYaBohkZJGScowzunTLU9dD5J1j2Vbhnqi
vgw/tCjBQjgWabl3PvrgRBHKYiNRtGqGPHmhv9NfkFbm6k6wwlU3Wmo2Aypi0/k3
wRvqimQC1RGlvK6dOkVCyvB89b8ykJnVQYRQwsVdMuP/Me2DfNaOZxKyk1YNhnd+
YbSTNrhi/Cf25MA5GFHMBp6QfdU94J2L9vuSmd63snzoNQHpNeipE56LrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG7WdS2AcA7yA00X8kf22QcbmMUBMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvYnRaMUxZQndEdklEVFJmeVJfYlpCeHVZeFFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLV9YMA0G
CSqGSIb3DQEBCwUAA4IBAQBrxgTY1m7YyhFh4eIeDlA9gJjSof2Yp0vBw6ykSjnu
lskQ9sO0doQx0wHaNzcb7rq9GiIIR+3FSR5kSPIosS8Q6SuBIH2kkSqkk7BSJA9b
ASBB3XuKKPm+P4/XvY9PGnb3NCEQ6VyJaDfyIghEdqwoI8Bt6COOy1/NaoWVD6ux
sT54BoeCjx3V192to0VW8QwkbmsCAbYxr7xNhfgze9G/KClvG1X0mn9B/pLT/qPQ
OXCQwlL3qH1D+QvuZwCcxr8b/wfq7J7PWF9VCkjx5ae6rZPxGgUKduLb4zgKBuR/
K2I2bbd2B1RK0BLkO7SDMv9EiQMXyEjlNDPKdXfeoT9x
-----END CERTIFICATE-----