Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/BHjZS92KAV4UEoHv84k2RbU6H8A.roa
File:                     BHjZS92KAV4UEoHv84k2RbU6H8A.roa (raw, json)
Hash identifier:          RIJRpfrOTBqxwoCSZfBpesJ5WrdzQmc87uKigCHzdZg=
Subject key identifier:   04:78:D9:4B:DD:8A:01:5E:14:12:81:EF:F3:89:36:45:B5:3A:1F:C0
Certificate issuer:       /CN=76670236cd0e038684a33194bde7d4b95adc66f7
Certificate serial:       018CC5005EAEBE5A5ABC18F0882B3AE3E5A7
Authority key identifier: 76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/BHjZS92KAV4UEoHv84k2RbU6H8A.roa
Signing time:             Mon 01 Jan 2024 12:29:44 +0000
ROA not before:           Mon 01 Jan 2024 12:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50321
IP address blocks:        2a05:541:130::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:5e:ae:be:5a:5a:bc:18:f0:88:2b:3a:e3:e5:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76670236cd0e038684a33194bde7d4b95adc66f7
        Validity
            Not Before: Jan  1 12:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0478d94bdd8a015e141281eff3893645b53a1fc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:b8:9f:4c:47:ab:0b:4a:ff:e3:94:1b:92:ed:
                    40:d0:8e:bb:dd:70:08:56:88:41:73:ba:17:40:f9:
                    88:6e:ff:b4:3b:33:ad:b4:c0:e8:d5:5f:cf:39:1d:
                    92:27:0b:0d:63:b9:5d:18:87:6d:87:04:e9:41:3b:
                    c0:72:a1:10:56:4b:dd:f4:7a:01:96:ad:01:ec:26:
                    96:80:7d:34:2b:7c:40:c6:1f:bd:90:60:63:0f:c8:
                    ec:c4:8a:4f:17:1a:83:27:f8:a5:0a:76:ed:f2:65:
                    3f:04:3a:8f:e4:76:be:cd:07:1e:a5:bd:7f:29:c3:
                    1f:83:ad:9e:20:6f:5c:d1:3e:0f:c8:cc:bb:f6:bd:
                    08:7e:30:43:9d:d6:80:72:db:26:b3:31:f4:a7:be:
                    b4:7b:4c:54:df:04:6b:9a:6f:8b:33:d5:48:84:2c:
                    16:26:05:f9:c0:35:e1:10:70:12:c2:0b:97:61:be:
                    35:4e:10:e8:6d:6a:68:ae:92:2e:18:94:ad:a0:89:
                    19:85:50:8f:0b:74:9c:23:2a:24:be:75:31:3b:b6:
                    38:47:f3:59:d3:58:86:78:71:2b:83:a4:9c:c5:f9:
                    30:e6:38:ea:8c:56:95:ec:96:70:db:89:5f:b5:f3:
                    ef:83:4d:ad:50:78:90:65:64:a5:d1:41:f7:23:7c:
                    63:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:78:D9:4B:DD:8A:01:5E:14:12:81:EF:F3:89:36:45:B5:3A:1F:C0
            X509v3 Authority Key Identifier:
                keyid:76:67:02:36:CD:0E:03:86:84:A3:31:94:BD:E7:D4:B9:5A:DC:66:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dmcCNs0OA4aEozGUvefUuVrcZvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/BHjZS92KAV4UEoHv84k2RbU6H8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/1809da-1c6f-44db-aa28-ba4fc234683e/1/dmcCNs0OA4aEozGUvefUuVrcZvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:541:130::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:d7:62:fc:ce:33:3e:83:57:82:10:50:f1:6c:b8:21:50:70:
         ff:14:00:c1:78:c6:40:98:38:0d:6a:2f:6f:45:e5:9e:bb:6c:
         d6:bd:55:c5:39:93:69:d0:e1:13:fc:97:3e:42:c0:56:e1:1a:
         d3:0f:1c:b0:34:a9:10:35:6a:ce:9c:06:11:92:e9:d0:55:00:
         56:41:51:1a:2c:6a:44:24:0c:89:01:52:35:b6:3a:ea:a9:47:
         3b:4d:d4:b7:87:58:4d:ee:31:a7:12:bf:a5:fc:64:b7:c7:9b:
         27:90:7d:35:d4:14:6e:96:7f:ab:e3:14:c1:31:47:0d:3a:6d:
         ff:ae:d6:48:d2:66:23:55:d7:33:d4:0d:31:a4:78:b2:e4:ca:
         8b:47:39:9d:79:45:63:be:79:5a:e6:37:97:9b:65:18:30:06:
         6b:0c:67:b3:59:15:6f:40:70:de:9f:93:f0:eb:39:49:b5:1b:
         f8:ca:f4:61:de:b1:ec:38:f9:6f:bd:bf:56:6a:b9:e4:b1:8e:
         46:bf:37:4a:3a:ce:17:29:de:c8:fe:18:fa:a7:0a:6e:11:33:
         f3:4e:60:1e:cd:66:7e:26:1a:41:e8:b5:11:d0:2e:ec:8f:18:
         de:ea:ef:4e:22:5c:19:d4:69:81:f4:1b:13:96:f7:43:22:41:
         bb:5d:89:2e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzFAF6uvlpavBjwiCs64+WnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NjcwMjM2Y2QwZTAzODY4NGEzMzE5NGJkZTdkNGI5NWFk
YzY2ZjcwHhcNMjQwMTAxMTIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDc4ZDk0YmRkOGEwMTVlMTQxMjgxZWZmMzg5MzY0NWI1M2ExZmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7ifTEerC0r/45Qbku1A0I673XAI
VohBc7oXQPmIbv+0OzOttMDo1V/POR2SJwsNY7ldGIdthwTpQTvAcqEQVkvd9HoB
lq0B7CaWgH00K3xAxh+9kGBjD8jsxIpPFxqDJ/ilCnbt8mU/BDqP5Ha+zQcepb1/
KcMfg62eIG9c0T4PyMy79r0IfjBDndaActsmszH0p760e0xU3wRrmm+LM9VIhCwW
JgX5wDXhEHASwguXYb41ThDobWporpIuGJStoIkZhVCPC3ScIyokvnUxO7Y4R/NZ
01iGeHErg6Scxfkw5jjqjFaV7JZw24lftfPvg02tUHiQZWSl0UH3I3xj0wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAR42UvdigFeFBKB7/OJNkW1Oh/AMB8GA1UdIwQY
MBaAFHZnAjbNDgOGhKMxlL3n1Lla3Gb3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgt
YmE0ZmMyMzQ2ODNlLzEvQkhqWlM5MktBVjRVRW9Idjg0azJSYlU2SDhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8xODA5ZGEtMWM2Zi00NGRiLWFhMjgtYmE0ZmMyMzQ2ODNl
LzEvZG1jQ05zME9BNGFFb3pHVXZlZlV1VnJjWnZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgUFQQEw
MA0GCSqGSIb3DQEBCwUAA4IBAQAx12L8zjM+g1eCEFDxbLghUHD/FADBeMZAmDgN
ai9vReWeu2zWvVXFOZNp0OET/Jc+QsBW4RrTDxywNKkQNWrOnAYRkunQVQBWQVEa
LGpEJAyJAVI1tjrqqUc7TdS3h1hN7jGnEr+l/GS3x5snkH011BRuln+r4xTBMUcN
Om3/rtZI0mYjVdcz1A0xpHiy5MqLRzmdeUVjvnla5jeXm2UYMAZrDGezWRVvQHDe
n5Pw6zlJtRv4yvRh3rHsOPlvvb9WarnksY5GvzdKOs4XKd7I/hj6pwpuETPzTmAe
zWZ+JhpB6LUR0C7sjxje6u9OIlwZ1GmB9BsTlvdDIkG7XYku
-----END CERTIFICATE-----