Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/BzLs_W5r3VcsYtOl4b-RkxbN-x0.roa
File:                     BzLs_W5r3VcsYtOl4b-RkxbN-x0.roa (raw, json)
Hash identifier:          KECUvNF7XiK2lqJZQeX9f7mjf2u0zFc5e/7onrNJpfs=
Subject key identifier:   07:32:EC:FD:6E:6B:DD:57:2C:62:D3:A5:E1:BF:91:93:16:CD:FB:1D
Certificate issuer:       /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial:       01902A72A4A8EE1455BA49AF2610F09B00FD
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/BzLs_W5r3VcsYtOl4b-RkxbN-x0.roa
Signing time:             Tue 18 Jun 2024 08:24:34 +0000
ROA not before:           Tue 18 Jun 2024 08:24:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        85.203.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2a:72:a4:a8:ee:14:55:ba:49:af:26:10:f0:9b:00:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
        Validity
            Not Before: Jun 18 08:24:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0732ecfd6e6bdd572c62d3a5e1bf919316cdfb1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:79:14:89:20:23:60:ff:24:8b:c3:1c:e4:14:
                    0f:7c:72:b9:f6:aa:54:07:4e:ad:84:e8:48:47:eb:
                    57:fd:6b:fc:fb:b1:f5:16:97:b4:91:a8:40:df:ba:
                    f4:af:eb:74:47:93:19:34:75:ee:e9:c7:7e:c6:24:
                    19:86:5c:ef:73:cd:1b:fb:4d:46:d7:9a:42:cf:60:
                    18:d0:51:ea:27:91:6a:ee:27:c7:71:84:e3:8b:0e:
                    62:41:a4:b7:38:c2:32:32:03:04:7c:2b:dc:be:f9:
                    b0:69:b4:4e:d7:4d:4b:5d:e3:f1:4d:1a:4d:53:5a:
                    e7:d2:3a:94:9c:b6:9e:62:55:83:2b:46:10:9e:2c:
                    cd:8c:b1:6c:e4:38:17:92:22:12:f7:a9:66:9c:76:
                    b7:7a:a2:0d:c5:1a:29:98:3d:71:84:ea:19:8e:2b:
                    0d:be:49:9a:53:48:05:57:76:f1:60:85:d6:ca:da:
                    46:47:c6:b0:88:df:6f:8a:ce:50:bf:1f:c4:e7:32:
                    40:c3:d4:ab:c8:2e:ca:92:ad:13:13:39:7d:b6:01:
                    3a:15:de:6a:65:32:ae:cf:31:b7:ae:f9:32:d6:05:
                    7d:62:45:57:d2:2d:2d:89:75:80:cf:30:15:ce:19:
                    4b:41:1a:1e:cc:05:78:72:6b:0a:6c:bd:81:db:c9:
                    50:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:32:EC:FD:6E:6B:DD:57:2C:62:D3:A5:E1:BF:91:93:16:CD:FB:1D
            X509v3 Authority Key Identifier:
                keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/BzLs_W5r3VcsYtOl4b-RkxbN-x0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:88:8b:5b:ef:bb:74:5a:0e:f4:6e:3e:fa:92:ac:61:0b:99:
         e7:b7:05:1c:b0:74:7b:65:d0:cc:73:f5:0a:0d:c9:c6:ca:8b:
         de:fb:ea:99:ee:4f:fe:28:36:96:64:eb:86:84:75:d9:32:98:
         8a:92:0b:7d:d8:e2:61:c4:57:33:42:22:b3:93:63:b1:b4:ea:
         0d:ee:07:2b:bc:18:3c:07:9d:d7:87:a2:af:74:49:a4:09:c7:
         af:46:a8:61:8e:b0:16:92:e7:6a:11:c9:77:1e:93:5a:c7:81:
         4e:ac:95:15:c6:41:08:55:33:2c:d5:19:d1:36:4e:f5:41:d5:
         e3:31:f7:3c:d9:53:14:5b:21:35:aa:17:58:39:54:4e:84:f7:
         d5:62:a2:34:0f:9e:1a:6b:71:0a:07:a7:5d:3e:bf:7e:ea:8a:
         ca:0a:00:8c:90:e3:53:06:c4:ae:f0:13:cc:22:a4:dc:e4:5a:
         a6:d3:dc:b3:90:6a:ea:42:2a:85:67:5c:b5:c1:1d:50:c3:94:
         a2:54:e1:91:5b:5a:37:6c:59:80:28:6b:be:78:01:30:6e:36:
         bb:a1:dd:40:dd:0f:28:9f:d4:e1:5e:8e:c7:0a:22:eb:36:d9:
         0f:c3:ad:fb:1c:a1:9b:d6:ca:37:3e:38:13:1f:65:bf:cb:98:
         63:32:66:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAqcqSo7hRVukmvJhDwmwD9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjQwNjE4MDgyNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzMyZWNmZDZlNmJkZDU3MmM2MmQzYTVlMWJmOTE5MzE2Y2RmYjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHkUiSAjYP8ki8Mc5BQPfHK59qpU
B06thOhIR+tX/Wv8+7H1Fpe0kahA37r0r+t0R5MZNHXu6cd+xiQZhlzvc80b+01G
15pCz2AY0FHqJ5Fq7ifHcYTjiw5iQaS3OMIyMgMEfCvcvvmwabRO101LXePxTRpN
U1rn0jqUnLaeYlWDK0YQnizNjLFs5DgXkiIS96lmnHa3eqINxRopmD1xhOoZjisN
vkmaU0gFV3bxYIXWytpGR8awiN9vis5Qvx/E5zJAw9SryC7Kkq0TEzl9tgE6Fd5q
ZTKuzzG3rvky1gV9YkVX0i0tiXWAzzAVzhlLQRoezAV4cmsKbL2B28lQ3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAcy7P1ua91XLGLTpeG/kZMWzfsdMB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEvQnpMc19XNXIzVmNzWXRPbDRiLVJreGJOLXgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcsUMA0G
CSqGSIb3DQEBCwUAA4IBAQBIiItb77t0Wg70bj76kqxhC5nntwUcsHR7ZdDMc/UK
DcnGyove++qZ7k/+KDaWZOuGhHXZMpiKkgt92OJhxFczQiKzk2OxtOoN7gcrvBg8
B53Xh6KvdEmkCcevRqhhjrAWkudqEcl3HpNax4FOrJUVxkEIVTMs1RnRNk71QdXj
Mfc82VMUWyE1qhdYOVROhPfVYqI0D54aa3EKB6ddPr9+6orKCgCMkONTBsSu8BPM
IqTc5Fqm09yzkGrqQiqFZ1y1wR1Qw5SiVOGRW1o3bFmAKGu+eAEwbja7od1A3Q8o
n9ThXo7HCiLrNtkPw637HKGb1so3PjgTH2W/y5hjMmYN
-----END CERTIFICATE-----