Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/BzjN_NXMpQxZV9AAHHOK1-1-qIk.roa
File:                     BzjN_NXMpQxZV9AAHHOK1-1-qIk.roa (raw, json)
Hash identifier:          obMCIwHKB8LwCPwCtIflrCvgOhMkq2r8Uq3agqBz0F8=
Subject key identifier:   07:38:CD:FC:D5:CC:A5:0C:59:57:D0:00:1C:73:8A:D7:ED:7E:A8:89
Certificate issuer:       /CN=5f0fd90d987297cb5dd4e07be840d280d1e2cc4a
Certificate serial:       018CC4922F9B24CC434EDA501E16E54CA1E0
Authority key identifier: 5F:0F:D9:0D:98:72:97:CB:5D:D4:E0:7B:E8:40:D2:80:D1:E2:CC:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xw_ZDZhyl8td1OB76EDSgNHizEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/BzjN_NXMpQxZV9AAHHOK1-1-qIk.roa
Signing time:             Mon 01 Jan 2024 10:29:23 +0000
ROA not before:           Mon 01 Jan 2024 10:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        2001:67c:1980::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/Xw_ZDZhyl8td1OB76EDSgNHizEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/Xw_ZDZhyl8td1OB76EDSgNHizEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xw_ZDZhyl8td1OB76EDSgNHizEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 19:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:2f:9b:24:cc:43:4e:da:50:1e:16:e5:4c:a1:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f0fd90d987297cb5dd4e07be840d280d1e2cc4a
        Validity
            Not Before: Jan  1 10:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0738cdfcd5cca50c5957d0001c738ad7ed7ea889
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:05:49:14:07:49:eb:53:76:d1:00:6d:e9:1c:
                    d6:ec:cb:fb:99:cd:7e:25:73:6e:0c:b9:c2:7d:b2:
                    e1:cd:da:23:bd:d0:21:bc:c2:7f:b9:4f:e2:3f:25:
                    ee:e2:40:d4:0a:60:31:43:32:22:ad:c1:73:de:3f:
                    43:e8:67:60:b2:79:8e:86:40:0a:c3:ad:e6:95:3d:
                    21:9d:4c:aa:9a:5f:2d:e3:38:93:49:9d:b2:35:fe:
                    39:55:06:b5:ed:3b:e7:c2:0b:74:00:ca:fc:72:d8:
                    5f:65:e9:8a:36:ea:2b:cf:d6:1c:8e:da:43:73:64:
                    8f:52:57:4b:99:d5:2b:73:dc:e3:27:af:3c:ff:4e:
                    79:f1:92:84:83:ad:90:4a:a8:e0:58:d4:94:f2:1d:
                    57:01:ea:be:66:d4:a6:7f:0a:d9:01:da:34:92:17:
                    b4:15:26:85:36:b7:6a:48:ee:14:36:e3:a9:04:fb:
                    58:3e:74:76:e0:b1:67:5a:e0:ca:17:6f:39:0c:ac:
                    7b:66:36:ea:7d:b2:6f:ae:97:9a:0a:1f:34:ac:84:
                    d2:1b:c9:ba:b6:ab:97:06:1a:a0:b0:43:7b:22:5f:
                    f9:cf:e1:d7:ee:68:82:04:a7:3e:1a:57:b2:dd:5d:
                    c1:d6:31:cc:3e:4d:22:ca:85:94:f4:6c:22:22:f7:
                    6e:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:38:CD:FC:D5:CC:A5:0C:59:57:D0:00:1C:73:8A:D7:ED:7E:A8:89
            X509v3 Authority Key Identifier:
                keyid:5F:0F:D9:0D:98:72:97:CB:5D:D4:E0:7B:E8:40:D2:80:D1:E2:CC:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xw_ZDZhyl8td1OB76EDSgNHizEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/BzjN_NXMpQxZV9AAHHOK1-1-qIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f66ca9-3bdc-4294-ad62-7bcefa9f59e8/1/Xw_ZDZhyl8td1OB76EDSgNHizEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1980::/48

    Signature Algorithm: sha256WithRSAEncryption
         ac:69:0e:91:74:97:c2:1f:e3:d4:3d:34:54:c0:2a:bc:9f:42:
         9e:cd:90:19:8b:8d:2b:42:00:10:72:7f:3b:05:c4:0e:59:f6:
         80:63:9e:8e:20:09:e9:06:95:c2:96:d0:7f:fa:81:bd:46:dd:
         0b:c0:b6:e8:c0:a6:90:11:dd:dc:b7:6a:fd:ce:98:e7:9f:5e:
         20:ca:f2:70:37:1d:29:10:67:a9:b2:dc:de:51:01:3a:d3:27:
         07:8e:6b:68:11:92:45:b4:8d:67:75:29:99:d8:b7:a1:97:eb:
         a2:6b:50:a5:e2:9f:fd:45:69:2a:57:18:f2:86:8c:71:13:90:
         0b:6a:ab:23:22:ae:77:66:e8:82:8f:a0:ca:52:04:7a:f7:f5:
         8b:1d:b7:d9:c1:bf:ad:cd:82:1d:fe:22:7b:04:69:88:c0:4e:
         86:dc:46:49:65:6e:a3:5d:02:ea:b3:e2:62:9c:f1:17:20:59:
         df:9f:ae:00:ff:86:ed:58:1b:1b:f0:0c:2e:17:0f:4a:54:61:
         7c:1d:b4:1c:49:f1:9c:78:94:ec:38:84:b4:95:a3:43:34:3c:
         c8:89:3f:13:20:ab:03:be:cf:45:49:1c:80:3b:24:f6:70:0f:
         5b:7a:37:42:ec:7e:6b:9d:71:90:bf:bf:3c:8f:29:95:b7:d2:
         11:af:68:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEki+bJMxDTtpQHhblTKHgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMGZkOTBkOTg3Mjk3Y2I1ZGQ0ZTA3YmU4NDBkMjgwZDFl
MmNjNGEwHhcNMjQwMTAxMTAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzM4Y2RmY2Q1Y2NhNTBjNTk1N2QwMDAxYzczOGFkN2VkN2VhODg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQVJFAdJ61N20QBt6RzW7Mv7mc1+
JXNuDLnCfbLhzdojvdAhvMJ/uU/iPyXu4kDUCmAxQzIircFz3j9D6GdgsnmOhkAK
w63mlT0hnUyqml8t4ziTSZ2yNf45VQa17Tvnwgt0AMr8cthfZemKNuorz9YcjtpD
c2SPUldLmdUrc9zjJ688/0558ZKEg62QSqjgWNSU8h1XAeq+ZtSmfwrZAdo0khe0
FSaFNrdqSO4UNuOpBPtYPnR24LFnWuDKF285DKx7ZjbqfbJvrpeaCh80rITSG8m6
tquXBhqgsEN7Il/5z+HX7miCBKc+Gley3V3B1jHMPk0iyoWU9GwiIvduMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAc4zfzVzKUMWVfQABxzitftfqiJMB8GA1UdIwQY
MBaAFF8P2Q2YcpfLXdTge+hA0oDR4sxKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHdfWkRaaHlsOHRkMU9CNzZFRFNnTkhpekVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9mNjZjYTktM2JkYy00Mjk0LWFkNjIt
N2JjZWZhOWY1OWU4LzEvQnpqTl9OWE1wUXhaVjlBQUhIT0sxLTEtcUlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9mNjZjYTktM2JkYy00Mjk0LWFkNjItN2JjZWZhOWY1OWU4
LzEvWHdfWkRaaHlsOHRkMU9CNzZFRFNnTkhpekVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBmA
MA0GCSqGSIb3DQEBCwUAA4IBAQCsaQ6RdJfCH+PUPTRUwCq8n0KezZAZi40rQgAQ
cn87BcQOWfaAY56OIAnpBpXCltB/+oG9Rt0LwLbowKaQEd3ct2r9zpjnn14gyvJw
Nx0pEGepstzeUQE60ycHjmtoEZJFtI1ndSmZ2Lehl+uia1Cl4p/9RWkqVxjyhoxx
E5ALaqsjIq53ZuiCj6DKUgR69/WLHbfZwb+tzYId/iJ7BGmIwE6G3EZJZW6jXQLq
s+JinPEXIFnfn64A/4btWBsb8AwuFw9KVGF8HbQcSfGceJTsOIS0laNDNDzIiT8T
IKsDvs9FSRyAOyT2cA9bejdC7H5rnXGQv788jymVt9IRr2ib
-----END CERTIFICATE-----