Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/1-KZZjzaDCxsNzm98Jd8uouEBZ8A.roa
File:                     1-KZZjzaDCxsNzm98Jd8uouEBZ8A.roa (raw, json)
Hash identifier:          GV3GG/1Aa3yqxTTCumhBgT5MpqS5gdxJpXzmBOVOOEM=
Subject key identifier:   F8:A6:59:8F:36:83:0B:1B:0D:CE:6F:7C:25:DF:2E:A2:E1:01:67:C0
Certificate issuer:       /CN=9f0743496c7ff3effb870601139cad9d2f271e10
Certificate serial:       018E717260D6AEB9C3348751F04FA9003605
Authority key identifier: 9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/1-KZZjzaDCxsNzm98Jd8uouEBZ8A.roa
Signing time:             Sun 24 Mar 2024 17:11:45 +0000
ROA not before:           Sun 24 Mar 2024 17:11:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        157.97.122.0/24 maxlen: 24
                          185.89.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:71:72:60:d6:ae:b9:c3:34:87:51:f0:4f:a9:00:36:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0743496c7ff3effb870601139cad9d2f271e10
        Validity
            Not Before: Mar 24 17:11:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8a6598f36830b1b0dce6f7c25df2ea2e10167c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:38:7d:2e:41:05:fd:5b:56:9c:d1:36:7a:3a:
                    48:5e:36:96:4a:cb:be:1d:c3:26:cd:14:2b:87:0d:
                    ec:67:a1:ef:5f:b1:78:83:18:d9:7e:27:9d:d9:ab:
                    cd:3e:6d:40:56:06:9a:1c:3c:3b:00:71:e4:17:db:
                    50:5b:63:44:d2:1d:fa:bf:f6:e6:66:2c:f3:0c:72:
                    c1:4f:6b:ce:e6:cb:d7:f2:99:a0:7e:e5:17:16:ba:
                    a2:9c:80:95:f5:66:55:5f:58:a9:cc:9c:2d:83:31:
                    69:25:21:7c:c3:00:50:f1:c5:84:f5:b6:ea:07:ca:
                    1f:1b:13:c4:19:b6:0f:69:6e:e6:7d:e5:82:60:b9:
                    30:62:9c:77:f8:7f:98:d5:48:d5:67:9c:3c:0e:ce:
                    5c:cb:db:e2:c4:d7:f6:aa:00:19:ac:e2:34:01:75:
                    65:43:ea:00:6c:44:19:92:7e:37:94:2a:84:8d:b2:
                    d1:0c:b1:46:b0:8c:76:98:6a:c9:92:d8:99:79:d4:
                    19:ea:a8:ab:8f:0d:46:67:98:8e:dc:2e:34:d4:f9:
                    03:ab:d7:1e:d3:60:11:15:e5:95:e3:d1:bd:d5:70:
                    0b:78:d8:32:70:c5:ee:6d:7c:4f:45:b4:84:79:a1:
                    ba:bc:ac:ea:66:a4:55:55:aa:d1:cc:d8:9e:25:04:
                    13:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:A6:59:8F:36:83:0B:1B:0D:CE:6F:7C:25:DF:2E:A2:E1:01:67:C0
            X509v3 Authority Key Identifier:
                keyid:9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/1-KZZjzaDCxsNzm98Jd8uouEBZ8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.97.122.0/24
                  185.89.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:d9:40:1f:fb:61:cf:33:69:88:a5:7b:80:8c:3d:48:2c:bd:
         02:c1:79:9a:a7:39:7e:c8:c0:e3:64:eb:86:3d:38:b2:22:6e:
         13:9d:b7:d4:b9:90:45:78:b6:bf:38:4d:99:96:ab:45:75:d1:
         f7:6a:a8:92:b4:f0:12:00:f0:73:53:1b:b0:ef:03:bb:50:96:
         85:70:20:54:ae:80:87:4d:01:eb:95:0e:41:2a:26:b1:e0:61:
         aa:af:cd:bf:73:2b:c4:35:3d:cb:94:f7:52:e3:27:c3:d8:d9:
         a9:a6:76:65:a2:6c:3c:d8:23:c2:66:37:62:dd:35:b2:9c:00:
         25:6e:f8:db:ea:be:d4:6c:cb:42:d1:7b:eb:b1:64:8a:3b:78:
         69:6b:8f:a0:3d:0d:bb:de:55:8f:e4:6b:84:68:af:03:5a:71:
         a3:a8:0a:33:6d:e3:7d:2e:07:b8:8f:66:9e:b8:54:18:3d:5d:
         a1:da:89:66:bf:d9:85:fa:57:d3:df:77:61:d8:4b:3b:b2:3c:
         87:d7:7d:6b:c0:b0:5f:18:99:71:19:a6:f2:a5:5d:68:56:a6:
         1f:73:71:95:87:a0:98:ba:f6:fb:aa:e7:11:71:5f:a0:0c:62:
         88:e7:df:b2:da:b7:cc:75:b9:0c:2b:64:10:8c:be:1e:62:74:
         d7:46:7f:6e
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAY5xcmDWrrnDNIdR8E+pADYFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMDc0MzQ5NmM3ZmYzZWZmYjg3MDYwMTEzOWNhZDlkMmYy
NzFlMTAwHhcNMjQwMzI0MTcxMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGE2NTk4ZjM2ODMwYjFiMGRjZTZmN2MyNWRmMmVhMmUxMDE2N2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzh9LkEF/VtWnNE2ejpIXjaWSsu+
HcMmzRQrhw3sZ6HvX7F4gxjZfied2avNPm1AVgaaHDw7AHHkF9tQW2NE0h36v/bm
ZizzDHLBT2vO5svX8pmgfuUXFrqinICV9WZVX1ipzJwtgzFpJSF8wwBQ8cWE9bbq
B8ofGxPEGbYPaW7mfeWCYLkwYpx3+H+Y1UjVZ5w8Ds5cy9vixNf2qgAZrOI0AXVl
Q+oAbEQZkn43lCqEjbLRDLFGsIx2mGrJktiZedQZ6qirjw1GZ5iO3C401PkDq9ce
02ARFeWV49G91XALeNgycMXubXxPRbSEeaG6vKzqZqRVVarRzNieJQQTPQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPimWY82gwsbDc5vfCXfLqLhAWfAMB8GA1UdIwQY
MBaAFJ8HQ0lsf/Pv+4cGAROcrZ0vJx4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2Mt
NjM0MTEzNjdkOTBhLzEvMS1LWlpqemFEQ3hzTnptOThKZDh1b3VFQlo4QS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTUvMjJiN2FiLWZjMTEtNDA3YS1iZDNjLTYzNDExMzY3ZDkw
YS8xL253ZERTV3hfOC1fN2h3WUJFNXl0blM4bkhoQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAJ1hegME
ALlZ+jANBgkqhkiG9w0BAQsFAAOCAQEAc9lAH/thzzNpiKV7gIw9SCy9AsF5mqc5
fsjA42Trhj04siJuE5231LmQRXi2vzhNmZarRXXR92qokrTwEgDwc1MbsO8Du1CW
hXAgVK6Ah00B65UOQSomseBhqq/Nv3MrxDU9y5T3UuMnw9jZqaZ2ZaJsPNgjwmY3
Yt01spwAJW742+q+1GzLQtF767Fkijt4aWuPoD0Nu95Vj+RrhGivA1pxo6gKM23j
fS4HuI9mnrhUGD1dodqJZr/ZhfpX0993YdhLO7I8h9d9a8CwXxiZcRmm8qVdaFam
H3NxlYegmLr2+6rnEXFfoAxiiOffstq3zHW5DCtkEIy+HmJ010Z/bg==
-----END CERTIFICATE-----