Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/d125fd-c39c-4272-8cad-6c2ffb4b61e6/1/BZoH1_MGfs62LzRMTExfqyAJjBo.roa
File:                     BZoH1_MGfs62LzRMTExfqyAJjBo.roa (raw, json)
Hash identifier:          +8k+okRmC+N3bG1eFNSapYERk1Ocfq1EBRJmM1qQSQQ=
Subject key identifier:   05:9A:07:D7:F3:06:7E:CE:B6:2F:34:4C:4C:4C:5F:AB:20:09:8C:1A
Certificate issuer:       /CN=e6dae3efe0a36797da43cbd58f6dff99c3bbdd8d
Certificate serial:       018CC3B6ABB7C30CB954DC3D3E1BDC231A87
Authority key identifier: E6:DA:E3:EF:E0:A3:67:97:DA:43:CB:D5:8F:6D:FF:99:C3:BB:DD:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5trj7-CjZ5faQ8vVj23_mcO73Y0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/d125fd-c39c-4272-8cad-6c2ffb4b61e6/1/BZoH1_MGfs62LzRMTExfqyAJjBo.roa
Signing time:             Mon 01 Jan 2024 06:29:37 +0000
ROA not before:           Mon 01 Jan 2024 06:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15474
IP address blocks:        130.208.0.0/16 maxlen: 16
                          2a00:c88::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/d125fd-c39c-4272-8cad-6c2ffb4b61e6/1/5trj7-CjZ5faQ8vVj23_mcO73Y0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/d125fd-c39c-4272-8cad-6c2ffb4b61e6/1/5trj7-CjZ5faQ8vVj23_mcO73Y0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5trj7-CjZ5faQ8vVj23_mcO73Y0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:ab:b7:c3:0c:b9:54:dc:3d:3e:1b:dc:23:1a:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6dae3efe0a36797da43cbd58f6dff99c3bbdd8d
        Validity
            Not Before: Jan  1 06:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=059a07d7f3067eceb62f344c4c4c5fab20098c1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:5a:94:41:57:2a:b4:9c:20:7e:7a:de:13:4a:
                    65:86:72:94:0b:0d:d7:b6:37:47:e2:a1:9d:3f:26:
                    3d:15:ca:cc:f5:11:2b:b6:ea:3c:31:2b:e9:60:d9:
                    9b:b8:15:b1:e0:4d:cb:3a:e4:07:f5:de:9d:48:69:
                    08:69:aa:7f:a7:e8:b1:e8:f2:4f:a1:ec:1e:3a:8e:
                    bf:74:fb:9c:81:1b:e5:fd:99:83:11:1b:e7:81:73:
                    25:8c:6f:0e:0f:b6:a0:64:b4:a2:a7:05:dc:33:cd:
                    fa:a3:7c:32:9a:95:8f:8b:8b:af:86:a7:5c:a5:7e:
                    72:23:fa:d7:e4:0b:5b:bb:2a:b8:63:81:bb:97:cf:
                    da:a4:59:c8:9f:a5:9b:53:88:9a:e7:3f:7b:2a:5b:
                    64:03:c3:65:06:89:b4:6e:af:6a:53:68:37:ed:a7:
                    73:40:a4:25:03:b8:66:e6:c7:70:92:74:96:43:60:
                    ea:9d:d0:34:16:af:98:7e:b0:68:4b:5a:52:dc:db:
                    64:e6:9a:4d:c8:dd:25:a0:8d:a2:ac:84:3d:45:d7:
                    10:85:79:c3:22:12:18:35:23:16:86:ae:77:00:2f:
                    aa:c8:9f:d6:d0:19:b0:3a:4d:bd:a4:16:47:ad:2f:
                    24:36:ba:00:fd:39:28:7a:17:24:a3:0a:3b:35:9f:
                    24:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:9A:07:D7:F3:06:7E:CE:B6:2F:34:4C:4C:4C:5F:AB:20:09:8C:1A
            X509v3 Authority Key Identifier:
                keyid:E6:DA:E3:EF:E0:A3:67:97:DA:43:CB:D5:8F:6D:FF:99:C3:BB:DD:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5trj7-CjZ5faQ8vVj23_mcO73Y0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/d125fd-c39c-4272-8cad-6c2ffb4b61e6/1/BZoH1_MGfs62LzRMTExfqyAJjBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/d125fd-c39c-4272-8cad-6c2ffb4b61e6/1/5trj7-CjZ5faQ8vVj23_mcO73Y0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.208.0.0/16
                IPv6:
                  2a00:c88::/32

    Signature Algorithm: sha256WithRSAEncryption
         13:d4:93:9d:3b:1d:2c:42:66:db:cd:6f:e3:8b:c6:dc:ef:04:
         88:84:72:1c:54:b7:d6:e1:2a:36:cc:8f:78:65:99:8f:45:28:
         fb:60:ae:b0:b1:20:3c:c9:f6:57:f0:f0:3f:8c:6d:06:11:f1:
         9c:7f:29:00:ac:16:0f:d6:cf:b2:f4:13:78:c9:19:51:53:01:
         88:6d:36:e7:30:06:6f:db:9f:20:4b:a7:a5:f0:08:66:d8:09:
         4a:ce:6b:94:b6:d2:bb:77:5a:3d:8d:2f:8e:1f:3c:0f:dc:29:
         58:21:f2:70:dc:b3:d3:10:73:61:03:db:dc:7d:af:81:7d:61:
         17:04:b3:12:84:00:62:02:b2:bb:f7:7a:c6:8c:03:e9:80:0a:
         1b:d1:74:4a:e6:4a:7c:c2:3b:ed:ad:55:c5:91:dc:e6:b2:e3:
         bc:2f:9f:aa:c5:f9:24:7c:75:16:57:02:0a:a2:1a:14:b5:77:
         77:11:fc:df:75:ad:5f:34:00:72:58:6e:90:fb:96:3b:ee:b8:
         ce:ee:62:d9:ac:e1:95:7a:fe:50:4b:b2:56:db:85:dc:0b:56:
         1b:aa:ad:f0:3c:69:a6:94:8e:36:96:53:27:18:f2:59:ce:5d:
         64:ce:c5:b9:d8:a7:69:69:dc:b7:37:e3:a1:1d:ce:26:f1:df:
         e4:da:91:01
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzDtqu3wwy5VNw9PhvcIxqHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2ZGFlM2VmZTBhMzY3OTdkYTQzY2JkNThmNmRmZjk5YzNi
YmRkOGQwHhcNMjQwMTAxMDYyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTlhMDdkN2YzMDY3ZWNlYjYyZjM0NGM0YzRjNWZhYjIwMDk4YzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1qUQVcqtJwgfnreE0plhnKUCw3X
tjdH4qGdPyY9FcrM9RErtuo8MSvpYNmbuBWx4E3LOuQH9d6dSGkIaap/p+ix6PJP
oeweOo6/dPucgRvl/ZmDERvngXMljG8OD7agZLSipwXcM836o3wympWPi4uvhqdc
pX5yI/rX5Atbuyq4Y4G7l8/apFnIn6WbU4ia5z97KltkA8NlBom0bq9qU2g37adz
QKQlA7hm5sdwknSWQ2DqndA0Fq+YfrBoS1pS3Ntk5ppNyN0loI2irIQ9RdcQhXnD
IhIYNSMWhq53AC+qyJ/W0BmwOk29pBZHrS8kNroA/Tkoehckowo7NZ8kLwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFAWaB9fzBn7Oti80TExMX6sgCYwaMB8GA1UdIwQY
MBaAFOba4+/go2eX2kPL1Y9t/5nDu92NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXRyajctQ2paNWZhUTh2VmoyM19tY083M1kwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9kMTI1ZmQtYzM5Yy00MjcyLThjYWQt
NmMyZmZiNGI2MWU2LzEvQlpvSDFfTUdmczYyTHpSTVRFeGZxeUFKakJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9kMTI1ZmQtYzM5Yy00MjcyLThjYWQtNmMyZmZiNGI2MWU2
LzEvNXRyajctQ2paNWZhUTh2VmoyM19tY083M1kwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDALBAIAATAFAwMAgtAwDQQC
AAIwBwMFACoADIgwDQYJKoZIhvcNAQELBQADggEBABPUk507HSxCZtvNb+OLxtzv
BIiEchxUt9bhKjbMj3hlmY9FKPtgrrCxIDzJ9lfw8D+MbQYR8Zx/KQCsFg/Wz7L0
E3jJGVFTAYhtNucwBm/bnyBLp6XwCGbYCUrOa5S20rt3Wj2NL44fPA/cKVgh8nDc
s9MQc2ED29x9r4F9YRcEsxKEAGICsrv3esaMA+mAChvRdErmSnzCO+2tVcWR3Oay
47wvn6rF+SR8dRZXAgqiGhS1d3cR/N91rV80AHJYbpD7ljvuuM7uYtms4ZV6/lBL
slbbhdwLVhuqrfA8aaaUjjaWUycY8lnOXWTOxbnYp2lp3Lc346Edzibx3+TakQE=
-----END CERTIFICATE-----