Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/BzwR-NvLmzqIiIc56C_agmU-Vr0.roa
File:                     BzwR-NvLmzqIiIc56C_agmU-Vr0.roa (raw, json)
Hash identifier:          7ZHQjPC70z2RrAa8iC4oid+vFVjnqb7qdq8SKaaA05k=
Subject key identifier:   07:3C:11:F8:DB:CB:9B:3A:88:88:87:39:E8:2F:DA:82:65:3E:56:BD
Certificate issuer:       /CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
Certificate serial:       019515874B4C0EEE6D2A8ABEBD497DDD03B2
Authority key identifier: B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/BzwR-NvLmzqIiIc56C_agmU-Vr0.roa
Signing time:             Mon 17 Feb 2025 20:09:02 +0000
ROA not before:           Mon 17 Feb 2025 20:09:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208149
IP address blocks:        5.59.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:15:87:4b:4c:0e:ee:6d:2a:8a:be:bd:49:7d:dd:03:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
        Validity
            Not Before: Feb 17 20:09:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=073c11f8dbcb9b3a88888739e82fda82653e56bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b5:10:75:15:66:87:da:ef:f3:bd:b6:78:f5:
                    c1:d1:46:0b:0b:6e:8d:d4:24:20:95:4e:92:ee:06:
                    41:85:17:58:46:32:5b:c3:7c:0d:40:a5:00:36:b0:
                    a7:f0:3c:80:bb:08:d5:c6:a7:f0:b7:80:f4:7e:93:
                    ba:3b:af:c3:26:eb:d7:6e:e7:ec:27:74:94:b2:cc:
                    59:e0:21:11:85:66:b4:58:6d:2f:2c:a1:cc:3c:de:
                    79:fe:d7:99:a3:ec:7c:12:49:a7:e3:c8:49:45:00:
                    41:1a:8f:e0:98:3f:a9:d7:8a:88:e5:14:cd:10:f8:
                    19:d6:56:65:ef:60:05:ac:3d:ab:e8:81:1f:f1:ea:
                    3d:cf:b5:51:36:97:13:34:ea:5b:a2:ea:c7:e1:57:
                    9f:03:4d:c5:a6:ac:bd:5f:ea:aa:6d:83:69:fd:79:
                    a5:88:d9:93:3a:5f:d8:9d:4f:8c:8a:e3:13:b2:87:
                    60:e5:e6:a0:ab:5a:b5:7e:bd:5e:24:8e:3f:55:9f:
                    01:74:83:2f:80:c1:a9:8f:87:4a:60:8c:1b:45:eb:
                    63:b8:ef:f1:44:9e:a8:11:08:15:ca:ae:05:95:04:
                    23:de:6f:3d:dd:90:dc:8e:ff:31:75:8e:b5:15:2f:
                    11:e8:b3:2d:19:b0:81:93:12:e9:dd:67:e6:d0:db:
                    54:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:3C:11:F8:DB:CB:9B:3A:88:88:87:39:E8:2F:DA:82:65:3E:56:BD
            X509v3 Authority Key Identifier:
                keyid:B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/BzwR-NvLmzqIiIc56C_agmU-Vr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.59.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:15:2c:84:4e:f4:63:80:b5:6e:aa:a1:03:2b:be:1d:97:c3:
         ae:d4:96:c9:ad:a9:51:5e:3c:ef:35:ed:9f:89:1c:ab:22:98:
         2c:1e:88:6a:1b:84:34:5d:ab:d6:2c:d6:09:66:ca:e7:d0:c2:
         d2:55:c3:2f:5c:78:fd:ef:64:9e:69:93:5a:3f:cb:40:2c:e5:
         13:ee:2a:a6:cb:cf:85:8d:1e:f6:76:08:68:87:93:3f:da:8f:
         53:42:76:2a:3c:63:11:46:cc:30:53:c4:4c:5d:4e:42:6c:64:
         3c:61:e5:52:c3:93:a0:b8:0f:00:40:66:2d:a9:d7:e4:d2:08:
         0c:7b:3e:a7:64:9f:05:d0:32:28:b5:fa:ab:ff:54:bd:f1:45:
         d2:56:e4:1e:56:a4:b6:4e:0e:61:b9:7d:ca:29:a8:99:82:cc:
         75:66:92:01:5a:fb:71:a2:a8:09:51:93:91:15:ee:50:4b:ae:
         f5:5d:4c:c2:52:3f:32:c0:74:83:ed:83:aa:9f:71:bd:2e:7c:
         5a:53:2a:51:57:31:4e:6a:45:f6:73:26:7b:3f:e6:2b:ee:85:
         45:fc:99:c2:b1:6d:1a:07:41:32:a8:67:e7:96:3c:83:d4:88:
         ad:2a:36:bd:c0:8d:53:da:ea:70:ae:99:84:2d:69:64:14:c8:
         76:24:25:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUVh0tMDu5tKoq+vUl93QOyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDgxMTE5YWZlMWJmZjIyOWZhY2Q0ZWY5YzhjNjFiMGZh
YmVhZjIwHhcNMjUwMjE3MjAwOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzNjMTFmOGRiY2I5YjNhODg4ODg3MzllODJmZGE4MjY1M2U1NmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLUQdRVmh9rv8722ePXB0UYLC26N
1CQglU6S7gZBhRdYRjJbw3wNQKUANrCn8DyAuwjVxqfwt4D0fpO6O6/DJuvXbufs
J3SUssxZ4CERhWa0WG0vLKHMPN55/teZo+x8Ekmn48hJRQBBGo/gmD+p14qI5RTN
EPgZ1lZl72AFrD2r6IEf8eo9z7VRNpcTNOpbourH4VefA03Fpqy9X+qqbYNp/Xml
iNmTOl/YnU+MiuMTsodg5eagq1q1fr1eJI4/VZ8BdIMvgMGpj4dKYIwbRetjuO/x
RJ6oEQgVyq4FlQQj3m893ZDcjv8xdY61FS8R6LMtGbCBkxLp3Wfm0NtUCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAc8Efjby5s6iIiHOegv2oJlPla9MB8GA1UdIwQY
MBaAFLlIERmv4b/yKfrNTvnIxhsPq+ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAt
OWI5YmNlMTVlMGM2LzEvQnp3Ui1OdkxtenFJaUljNTZDX2FnbVUtVnIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAtOWI5YmNlMTVlMGM2
LzEvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABTvzMA0G
CSqGSIb3DQEBCwUAA4IBAQC0FSyETvRjgLVuqqEDK74dl8Ou1JbJralRXjzvNe2f
iRyrIpgsHohqG4Q0XavWLNYJZsrn0MLSVcMvXHj972SeaZNaP8tALOUT7iqmy8+F
jR72dghoh5M/2o9TQnYqPGMRRswwU8RMXU5CbGQ8YeVSw5OguA8AQGYtqdfk0ggM
ez6nZJ8F0DIotfqr/1S98UXSVuQeVqS2Tg5huX3KKaiZgsx1ZpIBWvtxoqgJUZOR
Fe5QS671XUzCUj8ywHSD7YOqn3G9LnxaUypRVzFOakX2cyZ7P+Yr7oVF/JnCsW0a
B0EyqGfnljyD1IitKja9wI1T2upwrpmELWlkFMh2JCWa
-----END CERTIFICATE-----