Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/3f15c6-ff66-4726-afc9-45756a330545/1/bzGZ7UeMifr3Zz0omW9BaL6_rtg.roa
File:                     bzGZ7UeMifr3Zz0omW9BaL6_rtg.roa (raw, json)
Hash identifier:          iwF2Jyk3RyXdQRqLrbLsrwtdMu4ZSFXPTqbHOxVkCzk=
Subject key identifier:   6F:31:99:ED:47:8C:89:FA:F7:67:3D:28:99:6F:41:68:BE:BF:AE:D8
Certificate issuer:       /CN=52fd49cf2093015efa9eb70ae781434117171101
Certificate serial:       018ED795787C490F316ECB6A55C8704A0562
Authority key identifier: 52:FD:49:CF:20:93:01:5E:FA:9E:B7:0A:E7:81:43:41:17:17:11:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Uv1JzyCTAV76nrcK54FDQRcXEQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/3f15c6-ff66-4726-afc9-45756a330545/1/bzGZ7UeMifr3Zz0omW9BaL6_rtg.roa
Signing time:             Sat 13 Apr 2024 13:11:20 +0000
ROA not before:           Sat 13 Apr 2024 13:11:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20668
IP address blocks:        193.164.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/3f15c6-ff66-4726-afc9-45756a330545/1/Uv1JzyCTAV76nrcK54FDQRcXEQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/3f15c6-ff66-4726-afc9-45756a330545/1/Uv1JzyCTAV76nrcK54FDQRcXEQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Uv1JzyCTAV76nrcK54FDQRcXEQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d7:95:78:7c:49:0f:31:6e:cb:6a:55:c8:70:4a:05:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52fd49cf2093015efa9eb70ae781434117171101
        Validity
            Not Before: Apr 13 13:11:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f3199ed478c89faf7673d28996f4168bebfaed8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:47:c0:d3:c1:45:13:da:96:b0:8a:0f:37:94:
                    c4:4b:13:87:69:f0:c8:f4:47:e7:3a:5f:15:93:4f:
                    73:2c:80:b0:1d:5c:ad:ba:4b:5d:72:4d:05:6d:ea:
                    e8:c7:44:37:f9:e2:5d:05:04:ee:84:cb:ad:7b:b3:
                    56:ab:db:29:e2:34:b0:cf:9e:5c:7e:85:99:09:fb:
                    ca:72:94:29:e8:56:7a:e2:75:08:9a:cb:11:aa:df:
                    63:e5:c5:5d:a2:f7:28:37:50:2a:fa:cf:47:37:a6:
                    45:2f:65:fc:66:7c:ad:d8:18:08:75:e4:90:ba:60:
                    3e:7e:c0:fb:e0:c9:39:06:44:4d:ee:9b:1c:60:ac:
                    14:cd:b4:4d:33:6a:73:bc:2a:57:83:fe:1f:8c:36:
                    44:6d:c7:5e:98:c3:fb:79:53:e1:11:58:6e:27:0a:
                    03:3e:f9:24:2f:35:28:c3:5b:50:cf:4c:a9:2f:99:
                    8f:f2:49:32:8b:0e:f3:b6:e9:07:bc:da:7d:80:bd:
                    f9:ea:bb:30:d6:77:1f:0d:50:91:a2:18:49:b2:dc:
                    27:89:fb:6e:d1:6f:9a:e0:bc:e8:f4:f7:a3:86:bd:
                    ed:d0:31:9b:7f:79:87:3a:3b:5a:1a:50:16:e1:87:
                    44:ab:84:65:5e:09:fe:b7:73:56:81:28:46:ae:dd:
                    e6:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:31:99:ED:47:8C:89:FA:F7:67:3D:28:99:6F:41:68:BE:BF:AE:D8
            X509v3 Authority Key Identifier:
                keyid:52:FD:49:CF:20:93:01:5E:FA:9E:B7:0A:E7:81:43:41:17:17:11:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uv1JzyCTAV76nrcK54FDQRcXEQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/3f15c6-ff66-4726-afc9-45756a330545/1/bzGZ7UeMifr3Zz0omW9BaL6_rtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/3f15c6-ff66-4726-afc9-45756a330545/1/Uv1JzyCTAV76nrcK54FDQRcXEQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.164.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:d2:e6:35:c6:bb:0d:87:d1:51:7b:b9:bd:f4:94:b3:23:11:
         bb:7a:13:51:8e:43:4b:75:48:ea:38:a5:49:a0:83:98:cb:16:
         64:b3:2a:52:d5:96:5b:64:52:12:80:fd:b4:bd:cc:e9:21:04:
         11:70:2c:ab:e2:af:9e:2f:fe:06:76:13:3c:fb:a6:58:ec:71:
         e0:1e:e9:0a:5d:c2:c3:28:ab:a2:da:95:93:67:3b:37:83:0e:
         11:00:b3:d7:b1:6d:3a:14:7c:ea:69:8a:26:84:f5:ed:a8:82:
         35:b5:82:fd:55:1a:af:a3:3d:4d:23:da:37:79:8b:9f:94:9b:
         fe:ff:2e:0b:31:21:02:8a:29:2f:f6:16:69:b6:ba:70:12:23:
         06:f5:97:de:1d:de:3f:7e:ed:54:7e:f4:fa:9a:76:b1:c7:70:
         4c:99:92:25:9b:d1:ff:65:be:4f:92:78:4d:94:a9:9c:4c:e0:
         49:5d:44:c3:63:5c:6b:d8:9a:f0:f5:61:e2:06:c4:c6:c0:e7:
         49:76:ff:09:6b:7e:fb:c5:7f:e1:15:35:65:fa:f7:cf:13:98:
         51:be:72:88:ce:e9:f1:99:12:9b:33:61:2a:11:0a:a0:ec:a9:
         d6:a4:da:6b:dc:22:39:81:c2:13:3c:15:f5:a8:05:0a:ae:35:
         7c:4f:da:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7XlXh8SQ8xbstqVchwSgViMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZmQ0OWNmMjA5MzAxNWVmYTllYjcwYWU3ODE0MzQxMTcx
NzExMDEwHhcNMjQwNDEzMTMxMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjMxOTllZDQ3OGM4OWZhZjc2NzNkMjg5OTZmNDE2OGJlYmZhZWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0fA08FFE9qWsIoPN5TESxOHafDI
9EfnOl8Vk09zLICwHVytuktdck0Fberox0Q3+eJdBQTuhMute7NWq9sp4jSwz55c
foWZCfvKcpQp6FZ64nUImssRqt9j5cVdovcoN1Aq+s9HN6ZFL2X8Znyt2BgIdeSQ
umA+fsD74Mk5BkRN7pscYKwUzbRNM2pzvCpXg/4fjDZEbcdemMP7eVPhEVhuJwoD
PvkkLzUow1tQz0ypL5mP8kkyiw7ztukHvNp9gL356rsw1ncfDVCRohhJstwniftu
0W+a4Lzo9Pejhr3t0DGbf3mHOjtaGlAW4YdEq4RlXgn+t3NWgShGrt3mPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8xme1HjIn692c9KJlvQWi+v67YMB8GA1UdIwQY
MBaAFFL9Sc8gkwFe+p63CueBQ0EXFxEBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXYxSnp5Q1RBVjc2bnJjSzU0RkRRUmNYRVFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8zZjE1YzYtZmY2Ni00NzI2LWFmYzkt
NDU3NTZhMzMwNTQ1LzEvYnpHWjdVZU1pZnIzWnowb21XOUJhTDZfcnRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8zZjE1YzYtZmY2Ni00NzI2LWFmYzktNDU3NTZhMzMwNTQ1
LzEvVXYxSnp5Q1RBVjc2bnJjSzU0RkRRUmNYRVFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaSPMA0G
CSqGSIb3DQEBCwUAA4IBAQDL0uY1xrsNh9FRe7m99JSzIxG7ehNRjkNLdUjqOKVJ
oIOYyxZksypS1ZZbZFISgP20vczpIQQRcCyr4q+eL/4GdhM8+6ZY7HHgHukKXcLD
KKui2pWTZzs3gw4RALPXsW06FHzqaYomhPXtqII1tYL9VRqvoz1NI9o3eYuflJv+
/y4LMSECiikv9hZptrpwEiMG9ZfeHd4/fu1UfvT6mnaxx3BMmZIlm9H/Zb5PknhN
lKmcTOBJXUTDY1xr2Jrw9WHiBsTGwOdJdv8Ja377xX/hFTVl+vfPE5hRvnKIzunx
mRKbM2EqEQqg7KnWpNpr3CI5gcITPBX1qAUKrjV8T9rY
-----END CERTIFICATE-----