Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/a3_BFszAvia-9yDMR2mo_oz3iUQ.roa
File:                     a3_BFszAvia-9yDMR2mo_oz3iUQ.roa (raw, json)
Hash identifier:          GLw5LQvU9pm53TeCNj1uUR5mMhlL//uZLUSCQNUGRwg=
Subject key identifier:   6B:7F:C1:16:CC:C0:BE:26:BE:F7:20:CC:47:69:A8:FE:8C:F7:89:44
Certificate issuer:       /CN=5b698c4b612afee2cbb1cdd509e4f0246fbb80e1
Certificate serial:       018CCA2A26C20AF82454560D3F098D032904
Authority key identifier: 5B:69:8C:4B:61:2A:FE:E2:CB:B1:CD:D5:09:E4:F0:24:6F:BB:80:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/a3_BFszAvia-9yDMR2mo_oz3iUQ.roa
Signing time:             Tue 02 Jan 2024 12:33:29 +0000
ROA not before:           Tue 02 Jan 2024 12:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203558
IP address blocks:        188.75.71.0/24 maxlen: 24
                          188.75.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Oct 2024 05:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:26:c2:0a:f8:24:54:56:0d:3f:09:8d:03:29:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b698c4b612afee2cbb1cdd509e4f0246fbb80e1
        Validity
            Not Before: Jan  2 12:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b7fc116ccc0be26bef720cc4769a8fe8cf78944
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:b4:6d:76:47:bd:9d:f3:0a:52:e1:79:75:9f:
                    6c:6f:4d:e5:93:54:77:e2:45:ac:ee:68:86:04:17:
                    b7:8b:0f:47:ed:3f:b6:58:66:94:c6:98:de:8a:d9:
                    c0:6e:06:fe:aa:e1:c7:52:dd:44:26:f3:38:fc:99:
                    86:f3:cd:3f:78:be:dd:1e:9f:55:66:64:bc:43:6c:
                    0e:b2:15:e4:ec:aa:6d:e3:ed:e3:c7:82:93:8a:58:
                    9b:bc:ec:7a:75:19:32:68:9a:96:2f:f5:ac:18:68:
                    ef:b5:2e:c6:ae:d3:ac:f3:67:39:3e:39:00:d7:b9:
                    f3:4d:9c:ca:91:b3:09:00:44:c3:b2:76:c6:ed:90:
                    47:55:8a:b6:40:4d:25:95:25:6b:d4:db:ba:77:4f:
                    fd:a8:d4:89:23:fc:16:b8:75:59:22:53:93:a7:d4:
                    fe:74:1b:05:ba:13:d4:5f:47:b5:ab:19:a3:f7:69:
                    a2:7b:05:29:cd:e0:78:f5:d7:e1:53:28:b8:66:7d:
                    8e:52:db:84:c7:a3:e7:d2:9b:e3:d1:07:6f:1e:d8:
                    d6:6e:bf:a9:87:57:9e:d8:14:8c:db:93:ec:aa:09:
                    14:69:45:3c:bb:7c:f2:d8:9e:1e:fc:b8:b5:6f:49:
                    fa:1e:e0:3a:56:22:01:9b:e7:0b:d4:6e:89:de:36:
                    79:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:7F:C1:16:CC:C0:BE:26:BE:F7:20:CC:47:69:A8:FE:8C:F7:89:44
            X509v3 Authority Key Identifier:
                keyid:5B:69:8C:4B:61:2A:FE:E2:CB:B1:CD:D5:09:E4:F0:24:6F:BB:80:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/a3_BFszAvia-9yDMR2mo_oz3iUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.75.71.0/24
                  188.75.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:b9:de:b0:d9:39:2c:92:2c:d0:fb:71:b0:27:34:d2:2c:5e:
         99:00:51:6a:02:2e:f8:cf:1f:cf:54:be:45:c2:d3:12:88:9c:
         34:23:48:fd:9b:b4:a7:3d:e7:1a:c3:01:4b:93:33:3c:09:c0:
         97:e5:f6:c6:a8:7e:25:17:98:41:b5:10:09:cc:f1:80:bc:04:
         df:ae:46:35:56:53:a4:a1:ed:ad:75:64:71:4d:4c:ae:2d:b3:
         ba:56:00:f9:24:58:67:bf:d7:67:ba:37:2e:d5:00:8f:88:01:
         60:c0:b8:37:c1:86:78:2b:d9:ed:7a:4a:52:f8:77:09:7e:70:
         05:f3:61:32:45:41:bf:81:99:e7:e4:a7:d9:37:b1:eb:d1:95:
         2e:85:ab:86:9f:56:6b:cc:6d:56:5b:56:fd:fa:3e:f0:ff:73:
         88:ff:e8:c0:07:84:30:dc:76:59:3c:d6:20:25:5a:61:cc:bf:
         6e:8a:39:a6:05:92:8d:9f:a5:5b:24:13:38:1d:ea:49:83:4c:
         bb:ff:37:df:81:06:a6:eb:df:6d:99:ab:b9:d6:08:62:45:a6:
         a2:7c:1d:14:04:41:18:e1:8d:68:8d:3a:eb:59:8f:d3:3a:3c:
         0b:db:eb:28:a2:fd:ca:06:36:27:ad:0e:33:65:95:01:43:d7:
         1c:70:f0:86
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKibCCvgkVFYNPwmNAykEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNjk4YzRiNjEyYWZlZTJjYmIxY2RkNTA5ZTRmMDI0NmZi
YjgwZTEwHhcNMjQwMTAyMTIzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjdmYzExNmNjYzBiZTI2YmVmNzIwY2M0NzY5YThmZThjZjc4OTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7Rtdke9nfMKUuF5dZ9sb03lk1R3
4kWs7miGBBe3iw9H7T+2WGaUxpjeitnAbgb+quHHUt1EJvM4/JmG880/eL7dHp9V
ZmS8Q2wOshXk7Kpt4+3jx4KTilibvOx6dRkyaJqWL/WsGGjvtS7GrtOs82c5PjkA
17nzTZzKkbMJAETDsnbG7ZBHVYq2QE0llSVr1Nu6d0/9qNSJI/wWuHVZIlOTp9T+
dBsFuhPUX0e1qxmj92miewUpzeB49dfhUyi4Zn2OUtuEx6Pn0pvj0QdvHtjWbr+p
h1ee2BSM25PsqgkUaUU8u3zy2J4e/Li1b0n6HuA6ViIBm+cL1G6J3jZ5owIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGt/wRbMwL4mvvcgzEdpqP6M94lEMB8GA1UdIwQY
MBaAFFtpjEthKv7iy7HN1Qnk8CRvu4DhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzJtTVMyRXFfdUxMc2MzVkNlVHdKRy03Z09FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9jMTZmNTUtYjQ0ZC00MGMzLTlkYWMt
Y2MyZmFmZTNhOGI0LzEvYTNfQkZzekF2aWEtOXlETVIybW9fb3ozaVVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9jMTZmNTUtYjQ0ZC00MGMzLTlkYWMtY2MyZmFmZTNhOGI0
LzEvVzJtTVMyRXFfdUxMc2MzVkNlVHdKRy03Z09FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvEtHAwQA
vEttMA0GCSqGSIb3DQEBCwUAA4IBAQAYud6w2TkskizQ+3GwJzTSLF6ZAFFqAi74
zx/PVL5FwtMSiJw0I0j9m7SnPecawwFLkzM8CcCX5fbGqH4lF5hBtRAJzPGAvATf
rkY1VlOkoe2tdWRxTUyuLbO6VgD5JFhnv9dnujcu1QCPiAFgwLg3wYZ4K9ntekpS
+HcJfnAF82EyRUG/gZnn5KfZN7Hr0ZUuhauGn1ZrzG1WW1b9+j7w/3OI/+jAB4Qw
3HZZPNYgJVphzL9uijmmBZKNn6VbJBM4HepJg0y7/zffgQam699tmau51ghiRaai
fB0UBEEY4Y1ojTrrWY/TOjwL2+soov3KBjYnrQ4zZZUBQ9cccPCG
-----END CERTIFICATE-----