Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/7bb038-01bc-4d85-9f04-d22274bba713/1/_bzSgmxYhVEpIb-uxZWmp84UBTs.roa
File:                     _bzSgmxYhVEpIb-uxZWmp84UBTs.roa (raw, json)
Hash identifier:          p6o1uNKVqS33HZqbdvJuPL4+4dCacE5Ky4nTUrBByNU=
Subject key identifier:   FD:BC:D2:82:6C:58:85:51:29:21:BF:AE:C5:95:A6:A7:CE:14:05:3B
Certificate issuer:       /CN=aa4943183b611be3a0775382509490048b0ad738
Certificate serial:       018CC6B7789357D0FE937E8769ABDE6A4ED4
Authority key identifier: AA:49:43:18:3B:61:1B:E3:A0:77:53:82:50:94:90:04:8B:0A:D7:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qklDGDthG-Ogd1OCUJSQBIsK1zg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/7bb038-01bc-4d85-9f04-d22274bba713/1/_bzSgmxYhVEpIb-uxZWmp84UBTs.roa
Signing time:             Mon 01 Jan 2024 20:29:21 +0000
ROA not before:           Mon 01 Jan 2024 20:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34509
IP address blocks:        84.205.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/7bb038-01bc-4d85-9f04-d22274bba713/1/qklDGDthG-Ogd1OCUJSQBIsK1zg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/7bb038-01bc-4d85-9f04-d22274bba713/1/qklDGDthG-Ogd1OCUJSQBIsK1zg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qklDGDthG-Ogd1OCUJSQBIsK1zg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:78:93:57:d0:fe:93:7e:87:69:ab:de:6a:4e:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa4943183b611be3a0775382509490048b0ad738
        Validity
            Not Before: Jan  1 20:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdbcd2826c5885512921bfaec595a6a7ce14053b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:31:5e:46:9a:2b:96:f0:b9:df:ca:0a:02:e0:
                    fa:78:ae:6e:c4:01:b4:0d:47:64:37:fc:ef:ab:fe:
                    43:cf:a8:f8:33:12:60:a6:ac:fc:df:20:1f:04:3b:
                    2f:0a:b4:2c:f5:9d:21:9d:81:54:29:05:2c:cb:2b:
                    ab:f8:ae:c3:dd:4f:84:e8:bf:9b:75:36:01:81:42:
                    ac:69:42:26:6b:fb:7e:bb:ea:b1:90:37:35:c1:a0:
                    71:05:12:f0:f5:f7:9f:e1:18:be:22:1f:6e:90:d1:
                    29:23:76:ee:95:30:b8:15:5f:43:f5:7a:92:71:3d:
                    00:96:bc:af:fd:27:20:84:4e:41:6c:06:ee:30:32:
                    c8:bd:31:62:1a:00:df:5d:5f:48:bb:26:06:45:50:
                    ad:2a:88:8b:7d:82:5c:5f:40:48:d2:21:57:02:56:
                    84:a4:32:ef:29:f0:8b:75:77:6e:25:ed:16:44:21:
                    5a:97:7a:69:72:81:e7:88:a3:01:ac:74:0b:1e:dc:
                    b1:8b:87:b8:6c:b3:0b:45:7f:77:02:ac:b0:31:56:
                    0b:8c:d7:be:ea:04:ce:f8:99:a8:62:de:34:6d:e9:
                    95:89:09:c0:2a:12:88:d0:69:3c:68:00:29:4c:03:
                    89:88:fc:a7:fc:f3:f5:2e:18:7e:24:2b:09:eb:34:
                    7f:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:BC:D2:82:6C:58:85:51:29:21:BF:AE:C5:95:A6:A7:CE:14:05:3B
            X509v3 Authority Key Identifier:
                keyid:AA:49:43:18:3B:61:1B:E3:A0:77:53:82:50:94:90:04:8B:0A:D7:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qklDGDthG-Ogd1OCUJSQBIsK1zg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/7bb038-01bc-4d85-9f04-d22274bba713/1/_bzSgmxYhVEpIb-uxZWmp84UBTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/7bb038-01bc-4d85-9f04-d22274bba713/1/qklDGDthG-Ogd1OCUJSQBIsK1zg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.205.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:3e:c9:95:45:a1:8b:c1:ec:9d:9b:ba:09:ee:c7:37:f4:81:
         47:46:38:5a:a5:75:72:17:58:bd:5e:51:77:ad:79:5a:5c:5e:
         79:18:31:d3:9f:4c:16:ab:86:c7:33:e3:90:88:81:c1:d2:f7:
         c9:19:0c:3a:91:0d:94:81:1f:e6:7a:5e:26:1b:63:26:5c:c5:
         5e:c9:71:13:0d:de:1c:e3:5c:96:3a:f7:4a:ee:70:9b:26:e2:
         41:6b:f9:ce:78:77:7c:11:92:f6:db:59:dd:54:15:06:3c:2c:
         58:a5:81:17:cb:e9:25:18:88:ec:ea:2d:8a:6c:4a:1b:e7:93:
         18:10:9c:40:ed:7b:66:4b:34:0d:4a:6f:a1:c8:02:bb:fc:cc:
         26:47:e3:a3:3b:66:56:78:10:43:f1:ca:c5:f3:7a:1f:b3:9d:
         7d:e1:29:ad:59:4f:7e:79:87:f7:f2:f5:2a:88:d8:da:6f:58:
         7e:41:2d:ce:62:10:e3:81:db:11:3a:c6:58:a5:fa:21:a6:63:
         b1:ff:9b:16:5c:c6:72:79:7f:de:49:c4:b3:9d:88:49:9b:8e:
         de:81:45:09:84:1e:2c:b3:da:ba:e7:86:6d:91:1d:7e:3c:06:
         5d:e0:d0:fd:e2:28:49:df:5d:0d:f1:de:38:cd:14:55:b3:99:
         5a:c9:11:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt3iTV9D+k36Haaveak7UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNDk0MzE4M2I2MTFiZTNhMDc3NTM4MjUwOTQ5MDA0OGIw
YWQ3MzgwHhcNMjQwMTAxMjAyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGJjZDI4MjZjNTg4NTUxMjkyMWJmYWVjNTk1YTZhN2NlMTQwNTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTFeRporlvC538oKAuD6eK5uxAG0
DUdkN/zvq/5Dz6j4MxJgpqz83yAfBDsvCrQs9Z0hnYFUKQUsyyur+K7D3U+E6L+b
dTYBgUKsaUIma/t+u+qxkDc1waBxBRLw9fef4Ri+Ih9ukNEpI3bulTC4FV9D9XqS
cT0Alryv/ScghE5BbAbuMDLIvTFiGgDfXV9IuyYGRVCtKoiLfYJcX0BI0iFXAlaE
pDLvKfCLdXduJe0WRCFal3ppcoHniKMBrHQLHtyxi4e4bLMLRX93AqywMVYLjNe+
6gTO+JmoYt40bemViQnAKhKI0Gk8aAApTAOJiPyn/PP1Lhh+JCsJ6zR/EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP280oJsWIVRKSG/rsWVpqfOFAU7MB8GA1UdIwQY
MBaAFKpJQxg7YRvjoHdTglCUkASLCtc4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWtsREdEdGhHLU9nZDFPQ1VKU1FCSXNLMXpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS83YmIwMzgtMDFiYy00ZDg1LTlmMDQt
ZDIyMjc0YmJhNzEzLzEvX2J6U2dteFloVkVwSWItdXhaV21wODRVQlRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS83YmIwMzgtMDFiYy00ZDg1LTlmMDQtZDIyMjc0YmJhNzEz
LzEvcWtsREdEdGhHLU9nZDFPQ1VKU1FCSXNLMXpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVM2gMA0G
CSqGSIb3DQEBCwUAA4IBAQCoPsmVRaGLweydm7oJ7sc39IFHRjhapXVyF1i9XlF3
rXlaXF55GDHTn0wWq4bHM+OQiIHB0vfJGQw6kQ2UgR/mel4mG2MmXMVeyXETDd4c
41yWOvdK7nCbJuJBa/nOeHd8EZL221ndVBUGPCxYpYEXy+klGIjs6i2KbEob55MY
EJxA7XtmSzQNSm+hyAK7/MwmR+OjO2ZWeBBD8crF83ofs5194SmtWU9+eYf38vUq
iNjab1h+QS3OYhDjgdsROsZYpfohpmOx/5sWXMZyeX/eScSznYhJm47egUUJhB4s
s9q654ZtkR1+PAZd4ND94ihJ310N8d44zRRVs5layRHq
-----END CERTIFICATE-----