Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/bziqkTd_8Kc3PM729w18HFFPPXc.roa
File:                     bziqkTd_8Kc3PM729w18HFFPPXc.roa (raw, json)
Hash identifier:          MGGc6IVe1NgTA3MKq2YwuEsD2dddpvnCAjmfZ1BvyE8=
Subject key identifier:   6F:38:AA:91:37:7F:F0:A7:37:3C:CE:F6:F7:0D:7C:1C:51:4F:3D:77
Certificate issuer:       /CN=c61953c08980adc94f2fa3a3c1ba95c40d21e7d3
Certificate serial:       0191E13F52C9512AB0F9D65680366DF6AC8D
Authority key identifier: C6:19:53:C0:89:80:AD:C9:4F:2F:A3:A3:C1:BA:95:C4:0D:21:E7:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhlTwImArclPL6OjwbqVxA0h59M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/bziqkTd_8Kc3PM729w18HFFPPXc.roa
Signing time:             Wed 11 Sep 2024 13:21:49 +0000
ROA not before:           Wed 11 Sep 2024 13:21:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35523
IP address blocks:        193.239.216.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/xhlTwImArclPL6OjwbqVxA0h59M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/xhlTwImArclPL6OjwbqVxA0h59M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhlTwImArclPL6OjwbqVxA0h59M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e1:3f:52:c9:51:2a:b0:f9:d6:56:80:36:6d:f6:ac:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c61953c08980adc94f2fa3a3c1ba95c40d21e7d3
        Validity
            Not Before: Sep 11 13:21:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f38aa91377ff0a7373ccef6f70d7c1c514f3d77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:85:4c:5d:f7:25:44:b4:32:5b:3d:50:c2:56:
                    d0:13:26:f4:51:50:9a:1c:7e:99:02:02:38:01:09:
                    a1:ac:2c:ec:8b:47:81:eb:3e:1a:b6:7c:c6:28:b6:
                    85:22:34:ec:93:b8:2e:c8:7a:49:ca:41:1b:28:ce:
                    90:ed:78:f0:87:8e:3e:5d:ac:17:11:5f:e0:6a:07:
                    0b:f4:6c:80:00:7d:a6:4a:e8:ed:8d:5b:9f:6d:f2:
                    bc:59:96:4c:1b:e7:53:31:58:ef:90:68:82:be:20:
                    38:14:9c:c5:9b:1b:57:ab:0e:9f:fc:92:3f:3e:52:
                    04:09:61:cb:ad:71:bf:0c:07:d6:ca:1f:28:68:99:
                    46:61:09:e0:b4:69:3b:e1:68:cb:24:a7:68:89:2e:
                    63:46:48:71:92:3b:89:73:fd:a2:bb:91:c0:81:1d:
                    a6:fb:47:ed:44:38:85:1a:a7:f3:6e:2c:d0:6a:56:
                    7d:38:85:31:e4:17:17:ab:0b:6a:36:cd:c3:20:1d:
                    97:d2:a7:71:a7:f5:c9:e5:29:1e:ca:51:a4:2f:cf:
                    77:16:e1:b4:3a:07:2f:02:b3:3d:ef:68:31:2b:a8:
                    21:85:54:51:cc:69:d3:39:d3:f2:63:26:6f:d9:69:
                    ac:e5:10:ac:34:6c:32:96:0d:f7:69:51:88:ad:b6:
                    c7:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:38:AA:91:37:7F:F0:A7:37:3C:CE:F6:F7:0D:7C:1C:51:4F:3D:77
            X509v3 Authority Key Identifier:
                keyid:C6:19:53:C0:89:80:AD:C9:4F:2F:A3:A3:C1:BA:95:C4:0D:21:E7:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhlTwImArclPL6OjwbqVxA0h59M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/bziqkTd_8Kc3PM729w18HFFPPXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/xhlTwImArclPL6OjwbqVxA0h59M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5f:53:0d:c9:cd:73:1b:67:d9:23:90:9e:cd:46:88:f2:3a:62:
         26:bc:4a:57:4a:dd:6c:3b:c6:cd:82:c7:a0:5a:d8:42:e3:b6:
         8b:ca:4c:da:f3:41:cf:57:20:f1:14:b6:ae:87:22:69:a5:28:
         7f:85:6e:f7:6f:d4:47:69:8f:cb:c8:fa:e3:2e:b5:9b:da:cb:
         59:5e:b7:14:86:1a:4a:fb:56:10:44:68:d0:a1:fd:d0:a7:62:
         30:bc:38:7e:81:a9:86:94:68:4e:f6:84:b7:0b:5b:75:1d:87:
         d4:fb:86:e9:a2:f2:34:f6:dc:12:a1:e1:43:99:ec:e9:b3:e8:
         e8:07:e8:c3:d6:6e:8e:54:5c:78:59:1b:14:7e:a1:a9:17:31:
         40:0e:44:d9:cb:d4:f6:e3:d9:0f:4d:cc:7d:f5:9f:78:62:37:
         2e:cd:e1:03:c8:79:94:7c:2d:7a:3e:3c:e4:f0:e5:74:ad:87:
         ce:d9:8d:19:82:40:1b:4f:7b:bd:71:18:c6:c6:f6:8f:ee:52:
         73:3a:01:b3:ed:a5:16:4e:4f:07:fa:7f:c5:a6:55:3c:66:e5:
         f6:b8:2c:83:48:63:36:28:74:99:1f:52:d9:8e:20:a4:74:4e:
         b1:46:2d:62:44:28:fa:3b:37:dc:1d:e1:74:fe:9a:d9:31:1d:
         cd:bb:b3:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHhP1LJUSqw+dZWgDZt9qyNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTk1M2MwODk4MGFkYzk0ZjJmYTNhM2MxYmE5NWM0MGQy
MWU3ZDMwHhcNMjQwOTExMTMyMTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjM4YWE5MTM3N2ZmMGE3MzczY2NlZjZmNzBkN2MxYzUxNGYzZDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYVMXfclRLQyWz1QwlbQEyb0UVCa
HH6ZAgI4AQmhrCzsi0eB6z4atnzGKLaFIjTsk7guyHpJykEbKM6Q7Xjwh44+XawX
EV/gagcL9GyAAH2mSujtjVufbfK8WZZMG+dTMVjvkGiCviA4FJzFmxtXqw6f/JI/
PlIECWHLrXG/DAfWyh8oaJlGYQngtGk74WjLJKdoiS5jRkhxkjuJc/2iu5HAgR2m
+0ftRDiFGqfzbizQalZ9OIUx5BcXqwtqNs3DIB2X0qdxp/XJ5SkeylGkL893FuG0
OgcvArM972gxK6ghhVRRzGnTOdPyYyZv2Wms5RCsNGwylg33aVGIrbbHbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG84qpE3f/CnNzzO9vcNfBxRTz13MB8GA1UdIwQY
MBaAFMYZU8CJgK3JTy+jo8G6lcQNIefTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhsVHdJbUFyY2xQTDZPandicVZ4QTBoNTlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9lMDEyODUtNjYwZC00Y2QyLWFkMWYt
NjI1MjQ1YTAwYWJmLzEvYnppcWtUZF84S2MzUE03Mjl3MThIRkZQUFhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9lMDEyODUtNjYwZC00Y2QyLWFkMWYtNjI1MjQ1YTAwYWJm
LzEveGhsVHdJbUFyY2xQTDZPandicVZ4QTBoNTlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwe/YMA0G
CSqGSIb3DQEBCwUAA4IBAQBfUw3JzXMbZ9kjkJ7NRojyOmImvEpXSt1sO8bNgseg
WthC47aLykza80HPVyDxFLauhyJppSh/hW73b9RHaY/LyPrjLrWb2stZXrcUhhpK
+1YQRGjQof3Qp2IwvDh+gamGlGhO9oS3C1t1HYfU+4bpovI09twSoeFDmezps+jo
B+jD1m6OVFx4WRsUfqGpFzFADkTZy9T249kPTcx99Z94YjcuzeEDyHmUfC16Pjzk
8OV0rYfO2Y0ZgkAbT3u9cRjGxvaP7lJzOgGz7aUWTk8H+n/FplU8ZuX2uCyDSGM2
KHSZH1LZjiCkdE6xRi1iRCj6OzfcHeF0/prZMR3Nu7No
-----END CERTIFICATE-----