Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/839b34-3529-438b-87d0-ce5019264895/1/ZDJzzdDoB0Kb1X6QKVYfLNQlUFU.roa
File:                     ZDJzzdDoB0Kb1X6QKVYfLNQlUFU.roa (raw, json)
Hash identifier:          46/OQXhtFqOFwfcyfYCQT298UYlGhWYRm1zHLhW1iTU=
Subject key identifier:   64:32:73:CD:D0:E8:07:42:9B:D5:7E:90:29:56:1F:2C:D4:25:50:55
Certificate issuer:       /CN=b04b1cdf506ce5e9937e77f8263ecf6ddb255b05
Certificate serial:       018CC94BF43869608B40377E9E548C3A2CD1
Authority key identifier: B0:4B:1C:DF:50:6C:E5:E9:93:7E:77:F8:26:3E:CF:6D:DB:25:5B:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sEsc31Bs5emTfnf4Jj7PbdslWwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/839b34-3529-438b-87d0-ce5019264895/1/ZDJzzdDoB0Kb1X6QKVYfLNQlUFU.roa
Signing time:             Tue 02 Jan 2024 08:30:47 +0000
ROA not before:           Tue 02 Jan 2024 08:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35258
IP address blocks:        5.183.72.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/839b34-3529-438b-87d0-ce5019264895/1/sEsc31Bs5emTfnf4Jj7PbdslWwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/839b34-3529-438b-87d0-ce5019264895/1/sEsc31Bs5emTfnf4Jj7PbdslWwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sEsc31Bs5emTfnf4Jj7PbdslWwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 05:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:f4:38:69:60:8b:40:37:7e:9e:54:8c:3a:2c:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b04b1cdf506ce5e9937e77f8263ecf6ddb255b05
        Validity
            Not Before: Jan  2 08:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=643273cdd0e807429bd57e9029561f2cd4255055
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e6:f5:0c:9b:48:3d:2d:f0:a8:e4:d8:66:46:
                    59:30:0b:c5:c0:1f:a6:e9:e4:7c:3e:fb:cc:96:80:
                    20:55:09:0d:29:49:18:08:3d:6e:5d:41:75:83:e5:
                    3e:18:cc:90:34:94:27:5e:01:e8:43:f8:9f:43:ea:
                    86:c2:9e:4c:36:28:06:fa:53:58:14:9c:fa:0f:9b:
                    81:b4:0d:48:c6:c0:3a:0e:b0:ca:cb:e5:93:43:7b:
                    a4:a9:45:d7:59:8c:44:35:fd:de:2e:7e:c1:f1:a3:
                    e2:4e:f2:a3:e7:39:80:24:b5:39:54:c5:98:3c:06:
                    07:29:6b:1a:96:0e:cc:74:84:f5:47:a0:30:b2:9f:
                    14:f2:81:20:7d:3e:fe:80:90:0b:f8:c1:e4:6e:5e:
                    3b:82:a1:8a:f2:b2:de:dc:e8:0d:06:cd:c4:4c:86:
                    13:e3:f5:21:a5:be:52:cb:24:b6:1a:19:9b:09:bc:
                    25:14:b2:97:ae:63:03:b3:e8:ac:d6:a2:41:44:98:
                    4c:81:46:d6:69:52:f3:c8:43:18:30:ff:04:dc:62:
                    ee:a9:60:bb:c3:b6:c9:73:5e:f6:4b:bc:36:a2:85:
                    04:dd:c8:60:98:c1:30:91:0e:35:2f:6f:d0:b0:f5:
                    63:1c:66:3e:e0:96:15:42:a4:dd:42:51:47:ae:47:
                    c8:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:32:73:CD:D0:E8:07:42:9B:D5:7E:90:29:56:1F:2C:D4:25:50:55
            X509v3 Authority Key Identifier:
                keyid:B0:4B:1C:DF:50:6C:E5:E9:93:7E:77:F8:26:3E:CF:6D:DB:25:5B:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sEsc31Bs5emTfnf4Jj7PbdslWwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/839b34-3529-438b-87d0-ce5019264895/1/ZDJzzdDoB0Kb1X6QKVYfLNQlUFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/839b34-3529-438b-87d0-ce5019264895/1/sEsc31Bs5emTfnf4Jj7PbdslWwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:19:dc:dd:9b:1d:c3:27:94:0c:8d:37:7b:3b:d9:dd:af:5e:
         26:db:97:56:e7:f0:17:b3:09:6b:30:08:0f:57:49:f7:2a:e1:
         0b:f6:d7:79:91:53:5c:65:76:6f:98:29:af:c1:e2:c8:1c:0c:
         7b:ab:60:0e:1a:5b:37:67:91:d8:07:81:83:8e:04:6d:5e:bb:
         5c:b2:ae:d0:1e:88:78:32:01:75:b0:e5:5d:31:b9:43:0a:5d:
         bf:98:b5:f6:97:94:4a:45:da:07:29:92:55:14:c5:e2:0d:d7:
         d5:4b:07:89:3f:9f:35:ea:3a:7a:33:a6:ae:b2:56:14:9d:d5:
         26:db:3c:63:4b:2c:31:3d:4e:3f:08:d4:37:a0:3e:7d:11:0b:
         db:9a:0b:9b:91:28:19:69:e1:fe:d4:8a:fc:95:0f:14:d7:2a:
         05:77:03:22:58:2e:48:e2:60:e2:49:f3:eb:79:c5:62:f6:ee:
         54:3e:f7:fc:6b:2c:c2:ee:8e:cf:c3:63:59:cc:5f:21:b3:40:
         84:3e:7f:b9:c4:d0:62:94:39:ea:2d:48:2b:33:65:b8:66:64:
         45:b0:4c:19:5b:f0:17:64:cf:d4:b6:0d:fa:e5:51:96:12:86:
         9c:e5:48:18:f3:ee:0d:8b:eb:07:ee:d0:d8:3c:f6:ca:68:fe:
         44:a4:0c:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJS/Q4aWCLQDd+nlSMOizRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNGIxY2RmNTA2Y2U1ZTk5MzdlNzdmODI2M2VjZjZkZGIy
NTViMDUwHhcNMjQwMTAyMDgzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDMyNzNjZGQwZTgwNzQyOWJkNTdlOTAyOTU2MWYyY2Q0MjU1MDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOb1DJtIPS3wqOTYZkZZMAvFwB+m
6eR8PvvMloAgVQkNKUkYCD1uXUF1g+U+GMyQNJQnXgHoQ/ifQ+qGwp5MNigG+lNY
FJz6D5uBtA1IxsA6DrDKy+WTQ3ukqUXXWYxENf3eLn7B8aPiTvKj5zmAJLU5VMWY
PAYHKWsalg7MdIT1R6Awsp8U8oEgfT7+gJAL+MHkbl47gqGK8rLe3OgNBs3ETIYT
4/Uhpb5SyyS2GhmbCbwlFLKXrmMDs+is1qJBRJhMgUbWaVLzyEMYMP8E3GLuqWC7
w7bJc172S7w2ooUE3chgmMEwkQ41L2/QsPVjHGY+4JYVQqTdQlFHrkfI/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQyc83Q6AdCm9V+kClWHyzUJVBVMB8GA1UdIwQY
MBaAFLBLHN9QbOXpk353+CY+z23bJVsFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0VzYzMxQnM1ZW1UZm5mNEpqN1BiZHNsV3dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi84MzliMzQtMzUyOS00MzhiLTg3ZDAt
Y2U1MDE5MjY0ODk1LzEvWkRKenpkRG9CMEtiMVg2UUtWWWZMTlFsVUZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi84MzliMzQtMzUyOS00MzhiLTg3ZDAtY2U1MDE5MjY0ODk1
LzEvc0VzYzMxQnM1ZW1UZm5mNEpqN1BiZHNsV3dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbdIMA0G
CSqGSIb3DQEBCwUAA4IBAQAkGdzdmx3DJ5QMjTd7O9ndr14m25dW5/AXswlrMAgP
V0n3KuEL9td5kVNcZXZvmCmvweLIHAx7q2AOGls3Z5HYB4GDjgRtXrtcsq7QHoh4
MgF1sOVdMblDCl2/mLX2l5RKRdoHKZJVFMXiDdfVSweJP5816jp6M6auslYUndUm
2zxjSywxPU4/CNQ3oD59EQvbmgubkSgZaeH+1Ir8lQ8U1yoFdwMiWC5I4mDiSfPr
ecVi9u5UPvf8ayzC7o7Pw2NZzF8hs0CEPn+5xNBilDnqLUgrM2W4ZmRFsEwZW/AX
ZM/Utg365VGWEoac5UgY8+4Ni+sH7tDYPPbKaP5EpAxR
-----END CERTIFICATE-----