Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ed9c63-56be-471b-9bab-53ed82d33d84/1/BBzsBRL4I_ri_fk1fk1TZQPLW8o.roa
File:                     BBzsBRL4I_ri_fk1fk1TZQPLW8o.roa (raw, json)
Hash identifier:          wdrzqoIvinUddLOeL6vzf1Le3nYRGKCtQHUDF/0UOLg=
Subject key identifier:   04:1C:EC:05:12:F8:23:FA:E2:FD:F9:35:7E:4D:53:65:03:CB:5B:CA
Certificate issuer:       /CN=08561d0de62247e2085bf59a73c87d25a2438980
Certificate serial:       018CC6B8FECD55200F979EB65E8AD24FC362
Authority key identifier: 08:56:1D:0D:E6:22:47:E2:08:5B:F5:9A:73:C8:7D:25:A2:43:89:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CFYdDeYiR-IIW_Wac8h9JaJDiYA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ed9c63-56be-471b-9bab-53ed82d33d84/1/BBzsBRL4I_ri_fk1fk1TZQPLW8o.roa
Signing time:             Mon 01 Jan 2024 20:31:01 +0000
ROA not before:           Mon 01 Jan 2024 20:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48296
IP address blocks:        185.7.108.0/22 maxlen: 24
                          2a03:2640::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ed9c63-56be-471b-9bab-53ed82d33d84/1/CFYdDeYiR-IIW_Wac8h9JaJDiYA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ed9c63-56be-471b-9bab-53ed82d33d84/1/CFYdDeYiR-IIW_Wac8h9JaJDiYA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CFYdDeYiR-IIW_Wac8h9JaJDiYA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:fe:cd:55:20:0f:97:9e:b6:5e:8a:d2:4f:c3:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08561d0de62247e2085bf59a73c87d25a2438980
        Validity
            Not Before: Jan  1 20:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=041cec0512f823fae2fdf9357e4d536503cb5bca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:8b:7e:9c:87:15:76:ba:a8:37:c5:7e:bd:27:
                    4d:cb:d0:8a:ac:45:2f:83:fc:85:b8:6c:b2:fd:33:
                    1e:c3:9f:a4:6d:c1:ca:3b:76:20:60:3d:3f:47:4b:
                    d4:05:13:e1:a8:c1:9a:6f:3e:fe:45:0a:8c:48:db:
                    ee:91:43:3f:39:62:2c:57:da:9a:3b:c5:9d:ab:24:
                    b2:bf:06:77:20:a6:b7:2f:d3:85:42:f9:da:de:49:
                    cd:34:2a:88:73:aa:c4:1b:a0:0d:7e:51:74:f6:8a:
                    31:15:05:58:85:bb:9a:35:db:78:ff:01:bf:cd:82:
                    ce:b7:51:cd:d7:f8:21:00:f5:ca:22:7d:7f:53:c1:
                    52:7a:65:ef:33:04:25:4c:83:26:2c:f9:62:89:63:
                    6f:cb:6c:35:ee:5d:94:94:b4:fc:24:20:df:50:54:
                    97:1c:0a:ad:6b:f0:43:a5:94:d4:87:3b:1c:60:f4:
                    ea:d8:ae:c0:69:4d:d5:e9:f3:5f:d6:45:e3:44:29:
                    13:7c:7b:05:d5:54:bd:e3:4e:e9:f6:26:36:14:ee:
                    f2:c6:ad:02:39:06:a3:7e:97:83:c9:66:8c:0b:2b:
                    06:96:68:61:89:a2:5c:06:16:04:41:ea:83:9a:4f:
                    a8:7c:3b:c6:e3:cf:cc:59:d1:c9:1f:ee:29:71:04:
                    00:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:1C:EC:05:12:F8:23:FA:E2:FD:F9:35:7E:4D:53:65:03:CB:5B:CA
            X509v3 Authority Key Identifier:
                keyid:08:56:1D:0D:E6:22:47:E2:08:5B:F5:9A:73:C8:7D:25:A2:43:89:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CFYdDeYiR-IIW_Wac8h9JaJDiYA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ed9c63-56be-471b-9bab-53ed82d33d84/1/BBzsBRL4I_ri_fk1fk1TZQPLW8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ed9c63-56be-471b-9bab-53ed82d33d84/1/CFYdDeYiR-IIW_Wac8h9JaJDiYA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.108.0/22
                IPv6:
                  2a03:2640::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:04:c0:b5:c4:2f:78:e8:94:1c:c4:44:62:b4:d2:2d:a6:2c:
         61:71:bd:b4:10:90:7d:fe:2f:84:72:b0:00:b7:2c:51:fe:39:
         27:47:08:e4:ee:8d:f0:d5:fc:ee:ba:df:08:65:42:85:46:07:
         96:f5:6b:2e:22:69:7d:f0:4c:e9:41:f7:eb:0b:b5:6d:a8:24:
         56:29:e9:30:cf:e1:86:ed:5c:4c:03:b0:f1:6a:00:4e:1e:26:
         ea:ba:18:2f:8e:f4:dd:dd:50:f9:13:d2:46:30:3a:31:e5:46:
         1b:58:f4:6b:6d:ef:cd:db:a2:3d:b8:27:42:e7:67:f5:7c:4b:
         57:b3:6e:88:88:3b:0f:19:a1:29:4e:df:a0:db:09:1d:46:0c:
         7c:d7:6b:01:20:a1:a8:27:71:3e:ed:ad:cf:76:fe:0b:b7:c0:
         dd:85:92:36:1e:5f:e8:68:29:e8:09:f3:47:af:7e:71:fa:d2:
         a2:44:94:d9:f7:2f:2b:be:95:58:c7:1c:b2:66:44:d2:8f:a6:
         58:d6:8e:20:70:d4:28:7b:b2:32:07:af:a2:ce:3b:90:87:15:
         7a:5e:0d:04:23:70:23:5e:8b:d9:c3:21:1e:7b:f7:27:ff:e0:
         40:40:57:41:29:16:a2:fc:1d:67:46:fb:be:55:6c:9d:dc:ad:
         0c:83:db:d4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuP7NVSAPl562XorST8NiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NTYxZDBkZTYyMjQ3ZTIwODViZjU5YTczYzg3ZDI1YTI0
Mzg5ODAwHhcNMjQwMTAxMjAzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDFjZWMwNTEyZjgyM2ZhZTJmZGY5MzU3ZTRkNTM2NTAzY2I1YmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA74t+nIcVdrqoN8V+vSdNy9CKrEUv
g/yFuGyy/TMew5+kbcHKO3YgYD0/R0vUBRPhqMGabz7+RQqMSNvukUM/OWIsV9qa
O8WdqySyvwZ3IKa3L9OFQvna3knNNCqIc6rEG6ANflF09ooxFQVYhbuaNdt4/wG/
zYLOt1HN1/ghAPXKIn1/U8FSemXvMwQlTIMmLPliiWNvy2w17l2UlLT8JCDfUFSX
HAqta/BDpZTUhzscYPTq2K7AaU3V6fNf1kXjRCkTfHsF1VS9407p9iY2FO7yxq0C
OQajfpeDyWaMCysGlmhhiaJcBhYEQeqDmk+ofDvG48/MWdHJH+4pcQQAUwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAQc7AUS+CP64v35NX5NU2UDy1vKMB8GA1UdIwQY
MBaAFAhWHQ3mIkfiCFv1mnPIfSWiQ4mAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0ZZZERlWWlSLUlJV19XYWM4aDlKYUpEaVlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9lZDljNjMtNTZiZS00NzFiLTliYWIt
NTNlZDgyZDMzZDg0LzEvQkJ6c0JSTDRJX3JpX2ZrMWZrMVRaUVBMVzhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9lZDljNjMtNTZiZS00NzFiLTliYWItNTNlZDgyZDMzZDg0
LzEvQ0ZZZERlWWlSLUlJV19XYWM4aDlKYUpEaVlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQdsMA0E
AgACMAcDBQAqAyZAMA0GCSqGSIb3DQEBCwUAA4IBAQB9BMC1xC946JQcxERitNIt
pixhcb20EJB9/i+EcrAAtyxR/jknRwjk7o3w1fzuut8IZUKFRgeW9WsuIml98Ezp
QffrC7VtqCRWKekwz+GG7VxMA7DxagBOHibquhgvjvTd3VD5E9JGMDox5UYbWPRr
be/N26I9uCdC52f1fEtXs26IiDsPGaEpTt+g2wkdRgx812sBIKGoJ3E+7a3Pdv4L
t8DdhZI2Hl/oaCnoCfNHr35x+tKiRJTZ9y8rvpVYxxyyZkTSj6ZY1o4gcNQoe7Iy
B6+izjuQhxV6Xg0EI3AjXovZwyEee/cn/+BAQFdBKRai/B1nRvu+VWyd3K0Mg9vU
-----END CERTIFICATE-----