Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/4f8699-7b52-406e-82c0-b9e34a38f3a9/1/BZn3NEXBMWr6kmXOCtwLyIlwdjQ.roa
File:                     BZn3NEXBMWr6kmXOCtwLyIlwdjQ.roa (raw, json)
Hash identifier:          UCx7R5UHrj5GYllL3s0aeOGnMm+lkjlDGe14SSDqPEI=
Subject key identifier:   05:99:F7:34:45:C1:31:6A:FA:92:65:CE:0A:DC:0B:C8:89:70:76:34
Certificate issuer:       /CN=87a594e304b682183aa2359e40e1dcef93fe0570
Certificate serial:       018E8006FBB40CB0C612BB0D7735A19D50EF
Authority key identifier: 87:A5:94:E3:04:B6:82:18:3A:A2:35:9E:40:E1:DC:EF:93:FE:05:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h6WU4wS2ghg6ojWeQOHc75P-BXA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/4f8699-7b52-406e-82c0-b9e34a38f3a9/1/BZn3NEXBMWr6kmXOCtwLyIlwdjQ.roa
Signing time:             Wed 27 Mar 2024 13:08:45 +0000
ROA not before:           Wed 27 Mar 2024 13:08:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5531
IP address blocks:        91.224.2.0/23 maxlen: 24
                          194.165.24.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/4f8699-7b52-406e-82c0-b9e34a38f3a9/1/h6WU4wS2ghg6ojWeQOHc75P-BXA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/4f8699-7b52-406e-82c0-b9e34a38f3a9/1/h6WU4wS2ghg6ojWeQOHc75P-BXA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h6WU4wS2ghg6ojWeQOHc75P-BXA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:80:06:fb:b4:0c:b0:c6:12:bb:0d:77:35:a1:9d:50:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87a594e304b682183aa2359e40e1dcef93fe0570
        Validity
            Not Before: Mar 27 13:08:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0599f73445c1316afa9265ce0adc0bc889707634
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:6f:9a:9e:77:76:e3:e4:b5:58:5e:ba:1a:a2:
                    3e:f5:e8:ab:41:f0:7a:5e:48:27:82:61:5e:ba:23:
                    80:87:45:18:38:20:bb:13:ed:5f:ba:f0:46:11:bd:
                    49:8e:2e:58:74:ce:8f:60:f1:3d:b7:39:fc:d9:62:
                    03:06:a2:4a:1a:3a:c4:ea:0f:14:16:77:65:d6:c0:
                    7c:ee:c8:e4:e7:04:fc:f5:1e:1b:77:6a:c1:4c:9c:
                    48:f6:52:9d:36:41:b7:ca:3c:5f:f8:59:f1:65:9d:
                    72:a8:64:87:6c:87:11:ff:2b:f0:63:89:8b:1d:af:
                    0e:89:00:e9:03:6f:2b:d2:3b:48:b3:34:17:51:c4:
                    06:4e:44:50:ec:95:b0:bd:9b:aa:a4:22:dc:bb:99:
                    cf:b5:85:c6:17:80:95:d0:f7:60:cf:47:55:4b:49:
                    38:21:5f:1d:89:b5:00:a6:d8:6c:f9:eb:c9:d9:46:
                    ef:1d:07:7e:af:71:87:e6:43:36:61:a1:22:f4:c4:
                    59:88:0e:c2:ed:81:a2:46:e0:09:3f:58:81:ab:74:
                    42:ff:9e:a9:d0:3a:f8:c1:d1:7b:4d:57:00:4b:5d:
                    8d:e7:e9:b4:2c:b8:30:88:4b:9a:5b:5c:93:34:30:
                    f2:1a:54:47:aa:ab:b1:fe:94:69:15:7a:3c:55:e0:
                    c1:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:99:F7:34:45:C1:31:6A:FA:92:65:CE:0A:DC:0B:C8:89:70:76:34
            X509v3 Authority Key Identifier:
                keyid:87:A5:94:E3:04:B6:82:18:3A:A2:35:9E:40:E1:DC:EF:93:FE:05:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h6WU4wS2ghg6ojWeQOHc75P-BXA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4f8699-7b52-406e-82c0-b9e34a38f3a9/1/BZn3NEXBMWr6kmXOCtwLyIlwdjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4f8699-7b52-406e-82c0-b9e34a38f3a9/1/h6WU4wS2ghg6ojWeQOHc75P-BXA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.2.0/23
                  194.165.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:92:23:93:71:5b:45:76:f4:2e:8c:98:b8:4f:1b:bf:82:df:
         d1:40:a4:37:a5:8f:f8:f1:88:56:80:b4:2b:6b:f7:95:d6:b0:
         59:ba:eb:ea:33:97:b1:53:76:66:a8:aa:c8:a8:12:39:ac:0f:
         c4:d7:47:f4:0b:3b:ce:77:83:72:40:f7:d3:ef:fb:c9:11:01:
         8f:ce:52:b7:6e:ef:d8:07:4f:37:1e:75:47:24:be:17:82:5e:
         86:36:a1:f9:6c:e9:c4:81:a6:74:86:74:36:5f:1b:8e:9f:d0:
         f8:3a:a4:41:46:01:ca:74:78:e2:38:c4:55:4d:30:43:c7:7d:
         21:7b:eb:7c:20:33:09:0e:8a:a2:04:5d:42:82:90:8f:d8:d0:
         57:9e:ff:00:0a:f6:21:f0:8f:29:b3:de:d2:9b:37:31:ec:47:
         7f:a2:3a:88:a2:d8:f3:76:1d:33:df:53:0b:88:ed:7e:11:05:
         ff:59:1a:b2:43:8e:79:e6:f6:c7:76:1e:38:bb:5a:4e:a5:ba:
         8c:fe:9f:0e:86:ec:26:f7:66:44:12:55:0f:e2:88:8c:ca:b1:
         a6:28:d2:71:ca:c8:5a:d5:e9:b9:8c:81:80:2b:5a:f6:e0:dd:
         ae:00:63:db:2e:b9:3e:92:c5:d3:a2:08:74:2b:79:96:64:2b:
         0c:46:19:76
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6ABvu0DLDGErsNdzWhnVDvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3YTU5NGUzMDRiNjgyMTgzYWEyMzU5ZTQwZTFkY2VmOTNm
ZTA1NzAwHhcNMjQwMzI3MTMwODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTk5ZjczNDQ1YzEzMTZhZmE5MjY1Y2UwYWRjMGJjODg5NzA3NjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjW+annd24+S1WF66GqI+9eirQfB6
XkgngmFeuiOAh0UYOCC7E+1fuvBGEb1Jji5YdM6PYPE9tzn82WIDBqJKGjrE6g8U
Fndl1sB87sjk5wT89R4bd2rBTJxI9lKdNkG3yjxf+FnxZZ1yqGSHbIcR/yvwY4mL
Ha8OiQDpA28r0jtIszQXUcQGTkRQ7JWwvZuqpCLcu5nPtYXGF4CV0Pdgz0dVS0k4
IV8dibUApths+evJ2UbvHQd+r3GH5kM2YaEi9MRZiA7C7YGiRuAJP1iBq3RC/56p
0Dr4wdF7TVcAS12N5+m0LLgwiEuaW1yTNDDyGlRHqqux/pRpFXo8VeDB1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAWZ9zRFwTFq+pJlzgrcC8iJcHY0MB8GA1UdIwQY
MBaAFIellOMEtoIYOqI1nkDh3O+T/gVwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDZXVTR3UzJnaGc2b2pXZVFPSGM3NVAtQlhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC80Zjg2OTktN2I1Mi00MDZlLTgyYzAt
YjllMzRhMzhmM2E5LzEvQlpuM05FWEJNV3I2a21YT0N0d0x5SWx3ZGpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC80Zjg2OTktN2I1Mi00MDZlLTgyYzAtYjllMzRhMzhmM2E5
LzEvaDZXVTR3UzJnaGc2b2pXZVFPSGM3NVAtQlhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+ACAwQB
wqUYMA0GCSqGSIb3DQEBCwUAA4IBAQCZkiOTcVtFdvQujJi4Txu/gt/RQKQ3pY/4
8YhWgLQra/eV1rBZuuvqM5exU3ZmqKrIqBI5rA/E10f0CzvOd4NyQPfT7/vJEQGP
zlK3bu/YB083HnVHJL4Xgl6GNqH5bOnEgaZ0hnQ2XxuOn9D4OqRBRgHKdHjiOMRV
TTBDx30he+t8IDMJDoqiBF1CgpCP2NBXnv8ACvYh8I8ps97Smzcx7Ed/ojqIotjz
dh0z31MLiO1+EQX/WRqyQ4555vbHdh44u1pOpbqM/p8Ohuwm92ZEElUP4oiMyrGm
KNJxysha1em5jIGAK1r24N2uAGPbLrk+ksXTogh0K3mWZCsMRhl2
-----END CERTIFICATE-----