Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/bzy4CrEHfGlhPQSbOikdpkmfh64.roa
File:                     bzy4CrEHfGlhPQSbOikdpkmfh64.roa (raw, json)
Hash identifier:          83Rwtg91gItBZgusi8xY88Zwvn7WAyBlW5Cw6FLeKAY=
Subject key identifier:   6F:3C:B8:0A:B1:07:7C:69:61:3D:04:9B:3A:29:1D:A6:49:9F:87:AE
Certificate issuer:       /CN=330fe971b3e36b16a92be85f59985be45968b864
Certificate serial:       018CC9BC11686D44459B64075659247DF265
Authority key identifier: 33:0F:E9:71:B3:E3:6B:16:A9:2B:E8:5F:59:98:5B:E4:59:68:B8:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mw_pcbPjaxapK-hfWZhb5FlouGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/bzy4CrEHfGlhPQSbOikdpkmfh64.roa
Signing time:             Tue 02 Jan 2024 10:33:14 +0000
ROA not before:           Tue 02 Jan 2024 10:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21371
IP address blocks:        2a03:6980::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/Mw_pcbPjaxapK-hfWZhb5FlouGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/Mw_pcbPjaxapK-hfWZhb5FlouGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mw_pcbPjaxapK-hfWZhb5FlouGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:11:68:6d:44:45:9b:64:07:56:59:24:7d:f2:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=330fe971b3e36b16a92be85f59985be45968b864
        Validity
            Not Before: Jan  2 10:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f3cb80ab1077c69613d049b3a291da6499f87ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:c3:71:e0:e1:7b:51:0d:98:0f:1d:3f:bb:bf:
                    4a:5d:f0:79:08:27:a6:96:a2:e6:9f:76:65:ee:fa:
                    29:2e:cc:a3:f7:9b:2e:2f:e4:7e:7b:26:dd:76:f3:
                    e7:b4:79:0e:b1:30:69:56:68:20:09:c3:51:07:0b:
                    3e:20:38:cb:b4:7b:64:24:70:70:ac:b0:ee:ae:93:
                    af:23:39:5c:8c:9b:49:36:ed:5c:6f:97:c2:16:df:
                    55:d6:c0:6a:c9:28:e5:67:2a:c3:43:80:73:86:bd:
                    8f:71:06:cd:d2:4b:19:2c:52:b5:34:0e:ae:10:8f:
                    56:b1:b6:a2:fb:9c:2a:42:22:8d:ba:ea:35:e5:42:
                    8b:ef:d4:42:62:87:32:f2:96:f7:ba:10:b0:ce:4d:
                    80:2c:da:90:99:b7:7a:89:84:4c:5f:68:bd:bc:39:
                    e4:8d:e0:f9:04:ff:dc:35:02:e8:02:0a:c3:51:13:
                    be:64:5f:a9:96:58:0d:ab:21:1e:32:6f:87:fd:36:
                    19:1d:06:1d:f3:5a:8e:f1:7d:5c:08:20:9c:eb:f5:
                    7f:93:5a:08:19:38:60:2e:2f:1c:eb:67:0f:d0:f2:
                    76:1c:b9:f9:81:2d:c4:70:5d:ec:d1:a0:0c:da:86:
                    cc:06:24:d6:14:ae:da:2f:72:dd:c9:ee:d2:c7:8d:
                    d9:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:3C:B8:0A:B1:07:7C:69:61:3D:04:9B:3A:29:1D:A6:49:9F:87:AE
            X509v3 Authority Key Identifier:
                keyid:33:0F:E9:71:B3:E3:6B:16:A9:2B:E8:5F:59:98:5B:E4:59:68:B8:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mw_pcbPjaxapK-hfWZhb5FlouGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/bzy4CrEHfGlhPQSbOikdpkmfh64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/a38693-cfa0-43e8-a51b-11e9e9f01343/1/Mw_pcbPjaxapK-hfWZhb5FlouGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:6980::/32

    Signature Algorithm: sha256WithRSAEncryption
         34:80:04:9f:a3:ff:a0:56:b7:14:e9:a6:3c:ed:5e:9f:c8:57:
         c4:76:d0:86:cc:19:e3:70:8e:ba:e8:20:5c:04:7d:7d:cb:cb:
         45:b2:08:9e:b8:01:dd:78:b7:4a:82:37:aa:da:b2:c0:a4:42:
         22:e9:20:6a:f7:7c:d2:87:ea:c4:a5:f7:e6:94:99:1f:93:76:
         f6:7c:6d:49:9b:4c:05:a0:e8:dc:d3:e4:bf:77:94:f6:12:ed:
         0b:7a:bc:83:cd:4c:f8:51:c0:8d:d3:0e:d3:24:01:fe:27:40:
         54:84:d4:20:8c:f0:30:b7:73:ed:ca:2b:93:1e:f1:bc:ba:88:
         a2:ec:c2:6c:71:74:32:c6:66:66:44:57:9d:7d:24:60:81:36:
         81:7d:60:4d:20:d7:a8:31:0a:b6:ae:cd:8f:84:83:70:fa:a3:
         f1:2e:b2:e5:6a:d5:bf:69:51:02:7b:67:d0:4c:95:0b:e7:4c:
         01:59:54:53:1e:21:9a:ec:8c:63:2d:ea:99:8f:19:5e:b5:eb:
         06:02:2e:88:bc:5d:01:6d:49:e9:9e:1b:06:6a:21:bf:24:fa:
         eb:1f:dd:30:0f:66:8c:c8:e4:75:01:4c:48:50:b5:09:9f:cd:
         73:8f:86:43:07:34:05:54:4c:d2:91:10:37:43:2a:f2:e3:0a:
         c9:35:a7:31
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJvBFobURFm2QHVlkkffJlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMGZlOTcxYjNlMzZiMTZhOTJiZTg1ZjU5OTg1YmU0NTk2
OGI4NjQwHhcNMjQwMTAyMTAzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjNjYjgwYWIxMDc3YzY5NjEzZDA0OWIzYTI5MWRhNjQ5OWY4N2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgMNx4OF7UQ2YDx0/u79KXfB5CCem
lqLmn3Zl7vopLsyj95suL+R+eybddvPntHkOsTBpVmggCcNRBws+IDjLtHtkJHBw
rLDurpOvIzlcjJtJNu1cb5fCFt9V1sBqySjlZyrDQ4Bzhr2PcQbN0ksZLFK1NA6u
EI9Wsbai+5wqQiKNuuo15UKL79RCYocy8pb3uhCwzk2ALNqQmbd6iYRMX2i9vDnk
jeD5BP/cNQLoAgrDURO+ZF+pllgNqyEeMm+H/TYZHQYd81qO8X1cCCCc6/V/k1oI
GThgLi8c62cP0PJ2HLn5gS3EcF3s0aAM2obMBiTWFK7aL3Ldye7Sx43ZBQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFG88uAqxB3xpYT0EmzopHaZJn4euMB8GA1UdIwQY
MBaAFDMP6XGz42sWqSvoX1mYW+RZaLhkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXdfcGNiUGpheGFwSy1oZldaaGI1RmxvdUdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9hMzg2OTMtY2ZhMC00M2U4LWE1MWIt
MTFlOWU5ZjAxMzQzLzEvYnp5NENyRUhmR2xoUFFTYk9pa2Rwa21maDY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9hMzg2OTMtY2ZhMC00M2U4LWE1MWItMTFlOWU5ZjAxMzQz
LzEvTXdfcGNiUGpheGFwSy1oZldaaGI1RmxvdUdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgNpgDAN
BgkqhkiG9w0BAQsFAAOCAQEANIAEn6P/oFa3FOmmPO1en8hXxHbQhswZ43COuugg
XAR9fcvLRbIInrgB3Xi3SoI3qtqywKRCIukgavd80ofqxKX35pSZH5N29nxtSZtM
BaDo3NPkv3eU9hLtC3q8g81M+FHAjdMO0yQB/idAVITUIIzwMLdz7corkx7xvLqI
ouzCbHF0MsZmZkRXnX0kYIE2gX1gTSDXqDEKtq7Nj4SDcPqj8S6y5WrVv2lRAntn
0EyVC+dMAVlUUx4hmuyMYy3qmY8ZXrXrBgIuiLxdAW1J6Z4bBmohvyT66x/dMA9m
jMjkdQFMSFC1CZ/Nc4+GQwc0BVRM0pEQN0Mq8uMKyTWnMQ==
-----END CERTIFICATE-----