Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/382597-0d50-400d-a71b-676e80dc1de6/1/BFbItzgMXh2yCZ227Kwfzi1k3ME.roa
File:                     BFbItzgMXh2yCZ227Kwfzi1k3ME.roa (raw, json)
Hash identifier:          3p3Z55QLOu2JV1kUetHwILYBWmwCeLPU+vcoZy0JMPg=
Subject key identifier:   04:56:C8:B7:38:0C:5E:1D:B2:09:9D:B6:EC:AC:1F:CE:2D:64:DC:C1
Certificate issuer:       /CN=9854da518232319f67a32fd8ad4c06536c41d5bf
Certificate serial:       019423D7359CD85737EEC684DBD09D23BFBE
Authority key identifier: 98:54:DA:51:82:32:31:9F:67:A3:2F:D8:AD:4C:06:53:6C:41:D5:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mFTaUYIyMZ9noy_YrUwGU2xB1b8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/382597-0d50-400d-a71b-676e80dc1de6/1/BFbItzgMXh2yCZ227Kwfzi1k3ME.roa
Signing time:             Wed 01 Jan 2025 21:48:14 +0000
ROA not before:           Wed 01 Jan 2025 21:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        141.75.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/382597-0d50-400d-a71b-676e80dc1de6/1/mFTaUYIyMZ9noy_YrUwGU2xB1b8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/382597-0d50-400d-a71b-676e80dc1de6/1/mFTaUYIyMZ9noy_YrUwGU2xB1b8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mFTaUYIyMZ9noy_YrUwGU2xB1b8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:35:9c:d8:57:37:ee:c6:84:db:d0:9d:23:bf:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9854da518232319f67a32fd8ad4c06536c41d5bf
        Validity
            Not Before: Jan  1 21:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0456c8b7380c5e1db2099db6ecac1fce2d64dcc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e9:ab:26:b5:05:f3:d4:cf:63:2b:4b:75:ab:
                    f4:8e:f4:58:15:89:87:2e:9c:88:1a:fb:28:62:e8:
                    7b:e9:15:3f:94:c7:6a:ae:7b:5f:59:23:6a:50:ba:
                    62:cb:5c:fc:c9:0d:4d:37:e0:0a:8c:30:65:57:dc:
                    0e:ff:66:36:a1:51:46:13:18:26:ee:25:2b:a6:a8:
                    90:da:49:c0:b5:b4:e6:2a:39:0f:1f:5e:4f:63:4a:
                    b6:02:0b:58:80:01:ac:86:df:3a:9e:7d:91:4c:54:
                    f6:64:cd:55:4c:d0:40:6a:64:35:22:4b:6e:cc:07:
                    8b:cb:b9:d8:ad:c8:df:87:4c:5a:7c:c0:4a:73:3c:
                    e7:61:85:c0:2c:be:f0:06:80:5b:3b:2b:6c:f1:10:
                    a0:5c:eb:8d:91:b3:ac:61:e6:44:ad:40:ae:63:f4:
                    0a:5b:f3:f2:2f:d6:94:08:46:a4:20:66:2f:8b:5a:
                    1a:76:c3:4a:53:bb:6e:6f:37:94:c8:3a:e7:ed:ff:
                    0a:df:77:b3:6e:8e:f9:9e:97:93:0a:33:05:dd:a9:
                    41:5e:c9:70:7b:6b:dd:1f:fd:02:5c:17:60:d8:ff:
                    22:a8:28:42:58:21:31:3b:84:ee:77:29:e9:85:8f:
                    95:cf:27:b3:6f:c3:06:28:c1:7a:70:f3:b1:be:a2:
                    aa:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:56:C8:B7:38:0C:5E:1D:B2:09:9D:B6:EC:AC:1F:CE:2D:64:DC:C1
            X509v3 Authority Key Identifier:
                keyid:98:54:DA:51:82:32:31:9F:67:A3:2F:D8:AD:4C:06:53:6C:41:D5:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mFTaUYIyMZ9noy_YrUwGU2xB1b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/382597-0d50-400d-a71b-676e80dc1de6/1/BFbItzgMXh2yCZ227Kwfzi1k3ME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/382597-0d50-400d-a71b-676e80dc1de6/1/mFTaUYIyMZ9noy_YrUwGU2xB1b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.75.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         11:df:38:66:8c:e4:f7:84:64:04:e8:fb:7b:68:21:78:44:28:
         f2:35:fd:08:eb:a5:14:f7:9d:80:a0:3b:c1:a9:2e:b2:ed:56:
         42:3b:a4:d9:30:2e:20:76:76:0f:48:e8:58:16:23:33:f7:07:
         89:b8:90:f3:1b:63:32:92:0a:02:86:8a:1b:e0:85:d6:f0:5d:
         19:c3:94:ab:26:16:21:7f:72:6a:e8:c1:84:8f:4c:ea:c7:b5:
         bd:75:59:aa:d6:86:61:ac:0e:0f:39:b5:30:8c:9b:41:4b:c9:
         44:f3:3d:e2:cd:be:4f:7d:14:ba:07:89:12:7a:07:c4:44:14:
         50:f8:a1:94:16:9e:f2:8f:6b:5d:be:24:b6:60:4f:45:09:87:
         4a:34:23:67:01:3d:19:5b:0d:0f:e7:02:a2:97:f9:b1:95:8c:
         21:c6:d6:1d:ca:11:48:8c:a5:92:9c:b2:42:76:f3:94:43:8a:
         cb:f3:19:d5:94:62:53:91:64:ec:86:4e:40:19:0c:72:00:25:
         3f:95:5d:97:02:7d:31:b8:54:8e:27:53:92:93:dd:ea:75:7d:
         f5:c4:35:af:0e:35:d4:63:c1:ad:81:4f:99:e7:d3:e5:a4:4a:
         37:f2:e2:80:4c:09:16:a5:c8:4b:59:24:6e:e1:ac:69:79:d6:
         af:9e:1f:e6
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQj1zWc2Fc37saE29CdI7++MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NTRkYTUxODIzMjMxOWY2N2EzMmZkOGFkNGMwNjUzNmM0
MWQ1YmYwHhcNMjUwMTAxMjE0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDU2YzhiNzM4MGM1ZTFkYjIwOTlkYjZlY2FjMWZjZTJkNjRkY2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOmrJrUF89TPYytLdav0jvRYFYmH
LpyIGvsoYuh76RU/lMdqrntfWSNqULpiy1z8yQ1NN+AKjDBlV9wO/2Y2oVFGExgm
7iUrpqiQ2knAtbTmKjkPH15PY0q2AgtYgAGsht86nn2RTFT2ZM1VTNBAamQ1Iktu
zAeLy7nYrcjfh0xafMBKczznYYXALL7wBoBbOyts8RCgXOuNkbOsYeZErUCuY/QK
W/PyL9aUCEakIGYvi1oadsNKU7tubzeUyDrn7f8K33ezbo75npeTCjMF3alBXslw
e2vdH/0CXBdg2P8iqChCWCExO4TudynphY+Vzyezb8MGKMF6cPOxvqKq8wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFARWyLc4DF4dsgmdtuysH84tZNzBMB8GA1UdIwQY
MBaAFJhU2lGCMjGfZ6Mv2K1MBlNsQdW/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUZUYVVZSXlNWjlub3lfWXJVd0dVMnhCMWI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8zODI1OTctMGQ1MC00MDBkLWE3MWIt
Njc2ZTgwZGMxZGU2LzEvQkZiSXR6Z01YaDJ5Q1oyMjdLd2Z6aTFrM01FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8zODI1OTctMGQ1MC00MDBkLWE3MWItNjc2ZTgwZGMxZGU2
LzEvbUZUYVVZSXlNWjlub3lfWXJVd0dVMnhCMWI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjUswDQYJ
KoZIhvcNAQELBQADggEBABHfOGaM5PeEZATo+3toIXhEKPI1/QjrpRT3nYCgO8Gp
LrLtVkI7pNkwLiB2dg9I6FgWIzP3B4m4kPMbYzKSCgKGihvghdbwXRnDlKsmFiF/
cmrowYSPTOrHtb11WarWhmGsDg85tTCMm0FLyUTzPeLNvk99FLoHiRJ6B8REFFD4
oZQWnvKPa12+JLZgT0UJh0o0I2cBPRlbDQ/nAqKX+bGVjCHG1h3KEUiMpZKcskJ2
85RDisvzGdWUYlORZOyGTkAZDHIAJT+VXZcCfTG4VI4nU5KT3ep1ffXENa8ONdRj
wa2BT5nn0+WkSjfy4oBMCRalyEtZJG7hrGl51q+eH+Y=
-----END CERTIFICATE-----