Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/3a08c3-edb0-475d-b870-730c4d472a8a/1/BzfxKszNEFKXzGmZCuwaCyQEd4s.roa
File:                     BzfxKszNEFKXzGmZCuwaCyQEd4s.roa (raw, json)
Hash identifier:          5Gk/RsaGdLFpMNKHdYQfXDBPahLxDhNiHUVU6T2iFg4=
Subject key identifier:   07:37:F1:2A:CC:CD:10:52:97:CC:69:99:0A:EC:1A:0B:24:04:77:8B
Certificate issuer:       /CN=39c51b9131f6e3c259af9dd0adbf54f71a2498ef
Certificate serial:       019107C916D263E5D1EE1511B657D4EE071D
Authority key identifier: 39:C5:1B:91:31:F6:E3:C2:59:AF:9D:D0:AD:BF:54:F7:1A:24:98:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OcUbkTH248JZr53Qrb9U9xokmO8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/3a08c3-edb0-475d-b870-730c4d472a8a/1/BzfxKszNEFKXzGmZCuwaCyQEd4s.roa
Signing time:             Wed 31 Jul 2024 07:55:04 +0000
ROA not before:           Wed 31 Jul 2024 07:55:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15401
IP address blocks:        2.56.156.0/23 maxlen: 23
                          2.56.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/3a08c3-edb0-475d-b870-730c4d472a8a/1/OcUbkTH248JZr53Qrb9U9xokmO8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/3a08c3-edb0-475d-b870-730c4d472a8a/1/OcUbkTH248JZr53Qrb9U9xokmO8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OcUbkTH248JZr53Qrb9U9xokmO8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:07:c9:16:d2:63:e5:d1:ee:15:11:b6:57:d4:ee:07:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39c51b9131f6e3c259af9dd0adbf54f71a2498ef
        Validity
            Not Before: Jul 31 07:55:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0737f12acccd105297cc69990aec1a0b2404778b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:d3:c9:3b:76:01:d0:e5:cb:02:84:de:d7:06:
                    5c:bc:25:b3:78:fe:fe:d9:0c:c5:eb:88:5a:38:b9:
                    55:8a:2f:9b:75:df:ee:64:a8:6d:56:39:cd:bf:25:
                    54:c3:26:3c:aa:b0:13:a6:a3:f7:9d:c9:b5:e3:ae:
                    61:eb:4b:ba:61:a8:f4:ee:7b:31:af:09:59:77:65:
                    32:8f:48:7e:31:e9:1c:03:99:c8:bb:09:38:a9:4a:
                    e1:b8:c6:01:8d:31:09:c1:40:cd:44:a3:69:33:c1:
                    25:c1:55:e9:62:c5:55:18:71:6e:e6:cb:1d:ff:d5:
                    a0:96:2b:70:ae:b2:8f:f8:15:d4:2c:b7:17:2a:d0:
                    b3:c9:b0:8a:36:9e:55:89:0f:21:84:6d:4a:86:bb:
                    75:94:23:dd:6b:39:4c:57:e7:54:b9:60:99:b0:bc:
                    5a:6d:ee:7f:4d:64:0b:df:f3:ed:fa:41:5b:10:d3:
                    ac:5f:6f:26:fb:ff:fe:15:4a:d2:dc:81:28:52:0d:
                    1d:90:32:46:c7:3f:d6:a5:06:16:48:18:5c:66:46:
                    3b:d4:8e:8e:f6:1a:91:8a:2c:26:1a:58:ea:78:14:
                    c0:72:75:c5:cf:f5:90:0b:02:da:31:ac:f1:07:b2:
                    ab:41:c7:cd:3e:b4:6e:d8:17:ec:05:f5:22:b0:68:
                    4c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:37:F1:2A:CC:CD:10:52:97:CC:69:99:0A:EC:1A:0B:24:04:77:8B
            X509v3 Authority Key Identifier:
                keyid:39:C5:1B:91:31:F6:E3:C2:59:AF:9D:D0:AD:BF:54:F7:1A:24:98:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OcUbkTH248JZr53Qrb9U9xokmO8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/3a08c3-edb0-475d-b870-730c4d472a8a/1/BzfxKszNEFKXzGmZCuwaCyQEd4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/3a08c3-edb0-475d-b870-730c4d472a8a/1/OcUbkTH248JZr53Qrb9U9xokmO8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.156.0-2.56.158.255

    Signature Algorithm: sha256WithRSAEncryption
         11:8c:b4:2e:76:cc:72:4f:a4:51:a7:f2:85:b2:7a:5f:1b:23:
         2e:14:39:33:ce:ec:fb:31:11:f6:14:f1:3b:ab:eb:88:6c:96:
         00:6f:e3:10:b0:97:4e:df:8e:c8:27:75:90:75:56:a9:80:3e:
         93:55:50:0b:31:76:46:17:53:15:02:2d:b7:19:09:85:42:fe:
         79:e2:fa:67:27:43:32:21:9f:fd:e4:60:3b:3a:f1:81:77:14:
         b0:91:39:fe:c0:07:ef:bb:41:88:7d:ad:0a:88:22:1c:26:d0:
         3b:db:7e:ec:3b:9d:bf:eb:e0:01:aa:5c:dd:fa:09:a8:1c:ec:
         60:fe:ae:ff:f3:33:27:1e:a8:b0:1c:36:62:78:18:65:37:9c:
         cd:c3:0b:1a:33:18:f0:88:53:6c:9b:90:54:80:58:07:de:df:
         5c:11:c5:86:53:75:5f:73:dd:06:94:de:60:f2:66:de:d2:59:
         c2:2b:85:5e:14:4d:8f:a0:f0:95:19:6c:f9:92:d4:e5:21:eb:
         4b:6a:7b:71:22:35:56:65:f3:56:57:e7:e5:1d:03:85:b1:c4:
         93:fe:0f:f1:0f:7e:8b:7d:42:20:81:3d:82:2a:81:2d:b3:1e:
         85:7a:43:fe:80:13:b7:9c:9d:db:1e:57:ab:33:e0:ee:31:cc:
         2b:9f:3f:fd
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZEHyRbSY+XR7hURtlfU7gcdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5YzUxYjkxMzFmNmUzYzI1OWFmOWRkMGFkYmY1NGY3MWEy
NDk4ZWYwHhcNMjQwNzMxMDc1NTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzM3ZjEyYWNjY2QxMDUyOTdjYzY5OTkwYWVjMWEwYjI0MDQ3NzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdPJO3YB0OXLAoTe1wZcvCWzeP7+
2QzF64haOLlVii+bdd/uZKhtVjnNvyVUwyY8qrATpqP3ncm1465h60u6Yaj07nsx
rwlZd2Uyj0h+MekcA5nIuwk4qUrhuMYBjTEJwUDNRKNpM8ElwVXpYsVVGHFu5ssd
/9WglitwrrKP+BXULLcXKtCzybCKNp5ViQ8hhG1Khrt1lCPdazlMV+dUuWCZsLxa
be5/TWQL3/Pt+kFbENOsX28m+//+FUrS3IEoUg0dkDJGxz/WpQYWSBhcZkY71I6O
9hqRiiwmGljqeBTAcnXFz/WQCwLaMazxB7KrQcfNPrRu2BfsBfUisGhMLQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAc38SrMzRBSl8xpmQrsGgskBHeLMB8GA1UdIwQY
MBaAFDnFG5Ex9uPCWa+d0K2/VPcaJJjvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2NVYmtUSDI0OEpacjUzUXJiOVU5eG9rbU84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8zYTA4YzMtZWRiMC00NzVkLWI4NzAt
NzMwYzRkNDcyYThhLzEvQnpmeEtzek5FRktYekdtWkN1d2FDeVFFZDRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8zYTA4YzMtZWRiMC00NzVkLWI4NzAtNzMwYzRkNDcyYThh
LzEvT2NVYmtUSDI0OEpacjUzUXJiOVU5eG9rbU84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAICOJwD
BAACOJ4wDQYJKoZIhvcNAQELBQADggEBABGMtC52zHJPpFGn8oWyel8bIy4UOTPO
7PsxEfYU8Tur64hslgBv4xCwl07fjsgndZB1VqmAPpNVUAsxdkYXUxUCLbcZCYVC
/nni+mcnQzIhn/3kYDs68YF3FLCROf7AB++7QYh9rQqIIhwm0Dvbfuw7nb/r4AGq
XN36Cagc7GD+rv/zMyceqLAcNmJ4GGU3nM3DCxozGPCIU2ybkFSAWAfe31wRxYZT
dV9z3QaU3mDyZt7SWcIrhV4UTY+g8JUZbPmS1OUh60tqe3EiNVZl81ZX5+UdA4Wx
xJP+D/EPfot9QiCBPYIqgS2zHoV6Q/6AE7ecndseV6sz4O4xzCufP/0=
-----END CERTIFICATE-----