Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/BXDe_Az_ihUHdG_dhks3640Kmiw.roa
File:                     BXDe_Az_ihUHdG_dhks3640Kmiw.roa (raw, json)
Hash identifier:          SrSdiisioBvyKKXREmeKmGHqpKkEj2kdd9r1s4N6/yI=
Subject key identifier:   05:70:DE:FC:0C:FF:8A:15:07:74:6F:DD:86:4B:37:EB:8D:0A:9A:2C
Certificate issuer:       /CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
Certificate serial:       018CCA2B515A60E2DC68C28A3D5C25EAB2D0
Authority key identifier: 5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/BXDe_Az_ihUHdG_dhks3640Kmiw.roa
Signing time:             Tue 02 Jan 2024 12:34:45 +0000
ROA not before:           Tue 02 Jan 2024 12:34:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58224
IP address blocks:        37.156.12.0/22 maxlen: 32
                          77.238.108.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:51:5a:60:e2:dc:68:c2:8a:3d:5c:25:ea:b2:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
        Validity
            Not Before: Jan  2 12:34:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0570defc0cff8a1507746fdd864b37eb8d0a9a2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ee:47:fb:e8:b9:18:32:c2:d1:5c:39:3a:21:
                    c1:1b:16:4f:cb:4a:e5:16:34:6e:8b:69:56:69:71:
                    63:bc:b6:ca:6b:ab:09:85:1c:b2:24:77:38:69:24:
                    5e:68:fc:73:6d:e5:58:52:ae:f4:99:84:c1:b9:59:
                    49:02:90:2b:d6:2d:26:69:e0:cf:31:53:2d:83:db:
                    ba:ef:ad:5f:27:e3:f1:77:d0:7f:eb:42:80:75:26:
                    0c:f0:02:e4:f3:a7:e4:94:dd:ab:4f:06:8f:10:20:
                    23:7d:c2:8d:b8:6c:40:a6:53:e5:5b:2b:49:48:dc:
                    03:d9:f5:33:4c:09:7d:a5:22:a7:70:91:07:f4:79:
                    11:1b:c9:e0:21:bd:69:6d:52:c4:bd:e3:18:45:71:
                    47:68:13:ce:f6:44:fc:d6:7a:42:6e:11:e8:de:16:
                    86:6e:23:a6:1d:72:e4:58:6a:18:c0:f5:50:e4:67:
                    cb:9e:69:17:4d:1a:75:1c:5e:53:f4:bb:58:d5:24:
                    4a:d0:da:b0:9a:f8:9a:e9:17:64:41:cd:de:b8:0c:
                    db:00:3e:80:d6:0c:55:b9:2f:00:8f:dc:35:6d:ad:
                    98:0d:49:d0:bd:3b:7e:4f:3d:ac:16:e4:9d:44:db:
                    cb:72:b3:b3:18:c5:25:d6:1c:2a:b5:d4:a5:06:5f:
                    e2:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:70:DE:FC:0C:FF:8A:15:07:74:6F:DD:86:4B:37:EB:8D:0A:9A:2C
            X509v3 Authority Key Identifier:
                keyid:5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/BXDe_Az_ihUHdG_dhks3640Kmiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.156.12.0/22
                  77.238.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:03:b3:dd:f4:d9:09:b2:0b:cf:26:69:91:50:d0:14:93:9a:
         91:ed:00:ee:39:a8:29:b4:66:21:34:66:af:e5:f6:5c:69:67:
         7b:7e:fb:28:ed:21:ce:03:35:78:af:2d:dd:d0:00:61:dc:22:
         a5:1a:b3:fc:62:b5:b9:21:c4:7f:e1:ae:79:b5:a4:c4:e4:fe:
         68:6e:2d:2f:aa:88:1d:a8:6b:e4:4e:1b:92:99:8c:7f:6f:8a:
         c8:a6:87:2a:b6:ab:a0:aa:52:96:6b:92:3b:f6:d9:7e:a3:6f:
         f0:6d:2e:66:d0:50:91:3b:19:96:e2:f9:10:9b:95:e2:78:47:
         2d:62:8c:26:51:f0:85:b6:69:2a:9e:b9:81:52:07:db:7e:5a:
         6a:7b:91:6f:1b:76:f3:6d:a0:bc:c0:93:3e:31:a7:40:99:fa:
         35:85:09:a0:80:72:bb:4f:1f:d7:fc:f9:c6:eb:d5:9d:63:7e:
         77:28:c8:a1:90:b3:00:5d:42:e8:a4:e8:6c:62:76:71:50:86:
         92:05:f6:eb:9d:ef:aa:50:e8:a3:a0:bf:bb:54:fd:e2:d0:8c:
         9b:15:b1:1d:07:a4:44:fd:1d:de:5b:45:b0:ab:9f:7f:f2:fd:
         e8:20:0d:a2:5c:3f:2e:64:47:f8:e4:d7:0c:00:a2:f2:7e:f9:
         96:27:90:cd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKK1FaYOLcaMKKPVwl6rLQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNTI2MzRhMmViMDNmODU2NWI1ZTMzZGMyYjlmNDkwNDFm
N2NmYjAwHhcNMjQwMTAyMTIzNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTcwZGVmYzBjZmY4YTE1MDc3NDZmZGQ4NjRiMzdlYjhkMGE5YTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAne5H++i5GDLC0Vw5OiHBGxZPy0rl
FjRui2lWaXFjvLbKa6sJhRyyJHc4aSReaPxzbeVYUq70mYTBuVlJApAr1i0maeDP
MVMtg9u6761fJ+Pxd9B/60KAdSYM8ALk86fklN2rTwaPECAjfcKNuGxAplPlWytJ
SNwD2fUzTAl9pSKncJEH9HkRG8ngIb1pbVLEveMYRXFHaBPO9kT81npCbhHo3haG
biOmHXLkWGoYwPVQ5GfLnmkXTRp1HF5T9LtY1SRK0Nqwmvia6RdkQc3euAzbAD6A
1gxVuS8Aj9w1ba2YDUnQvTt+Tz2sFuSdRNvLcrOzGMUl1hwqtdSlBl/igwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAVw3vwM/4oVB3Rv3YZLN+uNCposMB8GA1UdIwQY
MBaAFFtSY0ousD+FZbXjPcK59JBB98+wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUt
ZGM2NTU0ZmQxMjM1LzEvQlhEZV9Bel9paFVIZEdfZGhrczM2NDBLbWl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUtZGM2NTU0ZmQxMjM1
LzEvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCJZwMAwQC
Te5sMA0GCSqGSIb3DQEBCwUAA4IBAQAmA7Pd9NkJsgvPJmmRUNAUk5qR7QDuOagp
tGYhNGav5fZcaWd7fvso7SHOAzV4ry3d0ABh3CKlGrP8YrW5IcR/4a55taTE5P5o
bi0vqogdqGvkThuSmYx/b4rIpocqtqugqlKWa5I79tl+o2/wbS5m0FCROxmW4vkQ
m5XieEctYowmUfCFtmkqnrmBUgfbflpqe5FvG3bzbaC8wJM+MadAmfo1hQmggHK7
Tx/X/PnG69WdY353KMihkLMAXULopOhsYnZxUIaSBfbrne+qUOijoL+7VP3i0Iyb
FbEdB6RE/R3eW0Wwq59/8v3oIA2iXD8uZEf45NcMAKLyfvmWJ5DN
-----END CERTIFICATE-----