Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/bUZJCM-6nzH1DvWWHD5e2xmdH5M.roa
File:                     bUZJCM-6nzH1DvWWHD5e2xmdH5M.roa (raw, json)
Hash identifier:          s0Aq5BrjWlLZZSeKyD05pXyMVee0dySAmUBlY5zxnQ0=
Subject key identifier:   6D:46:49:08:CF:BA:9F:31:F5:0E:F5:96:1C:3E:5E:DB:19:9D:1F:93
Certificate issuer:       /CN=b7e34f57d007166def4dd881d8f7d5b6ed95e656
Certificate serial:       018CC6B7B07E4E7307C8C26ED518F88A56F7
Authority key identifier: B7:E3:4F:57:D0:07:16:6D:EF:4D:D8:81:D8:F7:D5:B6:ED:95:E6:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t-NPV9AHFm3vTdiB2PfVtu2V5lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/bUZJCM-6nzH1DvWWHD5e2xmdH5M.roa
Signing time:             Mon 01 Jan 2024 20:29:36 +0000
ROA not before:           Mon 01 Jan 2024 20:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24961
IP address blocks:        185.171.218.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/t-NPV9AHFm3vTdiB2PfVtu2V5lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/t-NPV9AHFm3vTdiB2PfVtu2V5lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t-NPV9AHFm3vTdiB2PfVtu2V5lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b0:7e:4e:73:07:c8:c2:6e:d5:18:f8:8a:56:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7e34f57d007166def4dd881d8f7d5b6ed95e656
        Validity
            Not Before: Jan  1 20:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d464908cfba9f31f50ef5961c3e5edb199d1f93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:79:81:26:8c:c6:69:80:27:23:c1:52:22:12:
                    f3:a6:a0:21:50:a7:a8:2f:6d:10:1a:3d:fb:78:4f:
                    d7:b7:fa:1b:cc:e9:6a:f2:d5:cb:aa:06:06:e9:7c:
                    e1:b4:6a:72:bc:b1:05:b0:d2:44:06:58:aa:62:ae:
                    c7:54:da:99:10:80:b5:0a:bf:74:cc:b5:9d:d1:9e:
                    49:c4:8f:91:6d:71:6a:cc:15:cd:fd:03:b8:73:57:
                    10:30:b3:98:b3:fe:38:41:22:7e:57:32:6b:ed:2e:
                    0a:04:05:3a:fc:5d:75:6e:62:71:f9:c9:99:9a:05:
                    c2:07:a5:dc:9f:c0:e8:ec:48:d7:2a:f5:a7:84:13:
                    a7:d9:20:f3:95:dc:29:36:da:f9:db:0b:39:ea:51:
                    33:fb:67:b7:f3:48:d4:7b:0d:52:f0:bd:5e:2f:c5:
                    8f:d9:b1:70:12:3e:91:46:fc:fa:c4:b3:31:ab:ba:
                    31:a1:ed:e9:aa:a8:9a:37:8b:6b:4b:e1:07:d7:4c:
                    7e:44:03:b7:b3:31:44:13:f2:47:66:ff:28:0b:af:
                    77:08:4a:6c:bf:dc:4b:ed:6d:43:6e:24:fb:c9:73:
                    84:ef:5d:11:83:2a:59:d4:17:ce:1c:18:13:ac:14:
                    5d:22:9e:6c:59:ad:3f:e2:68:b3:13:17:f2:28:9f:
                    96:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:46:49:08:CF:BA:9F:31:F5:0E:F5:96:1C:3E:5E:DB:19:9D:1F:93
            X509v3 Authority Key Identifier:
                keyid:B7:E3:4F:57:D0:07:16:6D:EF:4D:D8:81:D8:F7:D5:B6:ED:95:E6:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t-NPV9AHFm3vTdiB2PfVtu2V5lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/bUZJCM-6nzH1DvWWHD5e2xmdH5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/t-NPV9AHFm3vTdiB2PfVtu2V5lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:30:b4:6d:7a:12:0e:22:b7:d6:cc:81:9d:a7:85:be:ad:05:
         9b:2c:7c:2f:ac:c9:1c:bd:61:74:53:9e:c3:b1:45:a7:76:fc:
         c0:0e:8d:70:d2:bd:12:20:ac:6e:6f:51:04:9c:9f:95:e1:63:
         f2:76:12:21:53:f3:64:18:19:90:b9:78:d4:d4:ef:6e:a4:eb:
         01:93:b6:da:10:63:4d:40:66:a6:94:65:13:24:92:5b:cf:61:
         6f:51:14:84:55:23:d5:ec:0d:d5:17:37:10:46:df:77:ed:84:
         2f:4a:51:3f:54:8c:79:24:17:e0:0d:28:14:e3:c4:4e:77:5d:
         94:3e:f6:69:36:de:91:a7:1f:f9:03:31:00:77:af:e2:1c:47:
         c3:d7:b1:d9:40:d3:dd:43:c9:85:57:5d:b0:cb:2d:1e:55:0d:
         e7:b0:8c:2a:c1:ec:ec:38:70:25:d4:77:52:67:3a:ce:20:23:
         81:5d:48:61:2d:51:de:bb:46:e4:8b:9f:03:19:8a:5e:3b:96:
         89:4d:d1:0a:14:e1:fb:65:55:a4:1b:1c:ba:68:7e:64:40:62:
         fb:8e:10:a6:3c:47:75:3e:6d:ec:cf:0b:9b:fa:05:e4:8b:81:
         7f:b5:79:fd:59:93:b7:84:14:fe:e4:f4:9b:38:72:88:70:f5:
         94:34:30:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt7B+TnMHyMJu1Rj4ilb3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3ZTM0ZjU3ZDAwNzE2NmRlZjRkZDg4MWQ4ZjdkNWI2ZWQ5
NWU2NTYwHhcNMjQwMTAxMjAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDQ2NDkwOGNmYmE5ZjMxZjUwZWY1OTYxYzNlNWVkYjE5OWQxZjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3mBJozGaYAnI8FSIhLzpqAhUKeo
L20QGj37eE/Xt/obzOlq8tXLqgYG6XzhtGpyvLEFsNJEBliqYq7HVNqZEIC1Cr90
zLWd0Z5JxI+RbXFqzBXN/QO4c1cQMLOYs/44QSJ+VzJr7S4KBAU6/F11bmJx+cmZ
mgXCB6Xcn8Do7EjXKvWnhBOn2SDzldwpNtr52ws56lEz+2e380jUew1S8L1eL8WP
2bFwEj6RRvz6xLMxq7oxoe3pqqiaN4trS+EH10x+RAO3szFEE/JHZv8oC693CEps
v9xL7W1DbiT7yXOE710RgypZ1BfOHBgTrBRdIp5sWa0/4mizExfyKJ+WIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG1GSQjPup8x9Q71lhw+XtsZnR+TMB8GA1UdIwQY
MBaAFLfjT1fQBxZt703Ygdj31bbtleZWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdC1OUFY5QUhGbTN2VGRpQjJQZlZ0dTJWNWxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lNWQ1ODAtZWVlOC00NjNlLTg0YTgt
ZWFjY2I4YjQyZGM5LzEvYlVaSkNNLTZuekgxRHZXV0hENWUyeG1kSDVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lNWQ1ODAtZWVlOC00NjNlLTg0YTgtZWFjY2I4YjQyZGM5
LzEvdC1OUFY5QUhGbTN2VGRpQjJQZlZ0dTJWNWxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuavaMA0G
CSqGSIb3DQEBCwUAA4IBAQB4MLRtehIOIrfWzIGdp4W+rQWbLHwvrMkcvWF0U57D
sUWndvzADo1w0r0SIKxub1EEnJ+V4WPydhIhU/NkGBmQuXjU1O9upOsBk7baEGNN
QGamlGUTJJJbz2FvURSEVSPV7A3VFzcQRt937YQvSlE/VIx5JBfgDSgU48ROd12U
PvZpNt6Rpx/5AzEAd6/iHEfD17HZQNPdQ8mFV12wyy0eVQ3nsIwqwezsOHAl1HdS
ZzrOICOBXUhhLVHeu0bki58DGYpeO5aJTdEKFOH7ZVWkGxy6aH5kQGL7jhCmPEd1
Pm3szwub+gXki4F/tXn9WZO3hBT+5PSbOHKIcPWUNDCy
-----END CERTIFICATE-----