Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/ee5e47-4e29-4603-b962-0e0046c8a87b/1/z0ZTq5UmLetbF76I9y9vnkX4ez8.roa
File:                     z0ZTq5UmLetbF76I9y9vnkX4ez8.roa (raw, json)
Hash identifier:          j7aeW3iCCthYtnhIjU/T884xKgADzQXK5W95k92tp4Y=
Subject key identifier:   CF:46:53:AB:95:26:2D:EB:5B:17:BE:88:F7:2F:6F:9E:45:F8:7B:3F
Certificate issuer:       /CN=ca334850daf371220520199229ebde90ef28b018
Certificate serial:       018CC7269E12B68C6DCC46F65829B1F9D9BE
Authority key identifier: CA:33:48:50:DA:F3:71:22:05:20:19:92:29:EB:DE:90:EF:28:B0:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yjNIUNrzcSIFIBmSKevekO8osBg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/ee5e47-4e29-4603-b962-0e0046c8a87b/1/z0ZTq5UmLetbF76I9y9vnkX4ez8.roa
Signing time:             Mon 01 Jan 2024 22:30:45 +0000
ROA not before:           Mon 01 Jan 2024 22:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        195.160.162.0/24 maxlen: 32
                          195.160.163.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/ee5e47-4e29-4603-b962-0e0046c8a87b/1/yjNIUNrzcSIFIBmSKevekO8osBg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/ee5e47-4e29-4603-b962-0e0046c8a87b/1/yjNIUNrzcSIFIBmSKevekO8osBg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yjNIUNrzcSIFIBmSKevekO8osBg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 07:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:9e:12:b6:8c:6d:cc:46:f6:58:29:b1:f9:d9:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca334850daf371220520199229ebde90ef28b018
        Validity
            Not Before: Jan  1 22:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf4653ab95262deb5b17be88f72f6f9e45f87b3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b2:1c:5f:cb:17:56:c8:83:42:99:bc:c1:da:
                    6c:78:26:e2:83:2f:d1:55:82:b3:00:7a:e0:6b:32:
                    b0:8d:2d:40:59:a1:de:76:3d:9a:20:10:5b:cd:d4:
                    9c:d1:cb:5a:81:71:f4:2b:19:e9:1d:77:9f:90:47:
                    a1:cd:d8:c1:a2:5b:ff:7c:9e:d0:d2:40:7b:37:8b:
                    bd:a6:cc:c1:83:ac:29:ca:7a:9e:3c:f7:6e:95:19:
                    6b:77:97:77:21:7d:74:21:31:e6:1f:af:89:4b:89:
                    1e:23:fe:5a:95:89:6e:58:f1:dc:bb:1d:41:c5:66:
                    94:c4:4e:b1:74:54:a4:d1:b4:5b:98:d7:d1:28:65:
                    c0:fb:9c:00:b6:7b:a0:81:88:94:c6:d4:f9:27:a7:
                    ad:fd:00:46:b9:2e:7b:ff:04:7e:ad:a4:49:65:8f:
                    0f:98:98:d9:a7:09:b9:69:e4:59:9c:68:56:43:5d:
                    07:af:b8:05:16:09:ab:aa:20:f9:9a:0a:24:1f:a6:
                    34:39:e9:cc:d5:34:cb:3c:41:f5:12:63:3c:58:65:
                    4d:b9:48:9d:b2:fa:e4:13:f4:8f:01:e0:85:6a:9b:
                    2e:4b:02:7b:b5:44:79:cf:56:f9:01:0c:8d:78:f9:
                    88:11:c5:2e:21:75:4d:8e:b1:e9:60:5c:98:05:d6:
                    6d:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:46:53:AB:95:26:2D:EB:5B:17:BE:88:F7:2F:6F:9E:45:F8:7B:3F
            X509v3 Authority Key Identifier:
                keyid:CA:33:48:50:DA:F3:71:22:05:20:19:92:29:EB:DE:90:EF:28:B0:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yjNIUNrzcSIFIBmSKevekO8osBg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/ee5e47-4e29-4603-b962-0e0046c8a87b/1/z0ZTq5UmLetbF76I9y9vnkX4ez8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/ee5e47-4e29-4603-b962-0e0046c8a87b/1/yjNIUNrzcSIFIBmSKevekO8osBg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.160.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c4:04:3c:15:5e:8a:a5:7d:e0:13:47:2d:42:de:2a:13:7b:e1:
         e5:49:7c:2b:ce:b5:9e:e5:b1:4a:c2:81:3e:fc:73:82:7c:7d:
         8f:aa:6c:14:36:8a:5c:d8:7a:b1:28:26:6b:9d:a9:d0:dc:7a:
         a2:28:fb:07:43:20:82:f7:e6:9e:c2:b7:6d:10:e7:3a:0b:81:
         de:1f:1e:9a:8d:62:19:2c:d4:0a:00:a2:fc:da:87:99:75:fe:
         2b:79:bd:82:80:c5:4a:0b:7b:35:46:6c:be:fb:79:67:7d:b6:
         2c:e1:0f:eb:1c:7a:eb:b8:29:a7:2e:3b:15:9f:ce:76:01:43:
         f6:66:a5:19:f5:75:ca:ef:48:e0:41:12:65:57:05:6e:db:c4:
         2e:aa:e4:2c:4c:b4:9a:f3:5e:1a:c0:ff:43:b1:65:f6:b7:b4:
         09:90:3b:cf:ca:54:63:67:ce:91:28:4f:e9:8f:33:f5:43:57:
         32:89:fd:7a:8d:f1:5a:f6:84:c7:f6:4d:67:48:78:18:5f:56:
         3c:72:be:e0:fe:97:73:46:49:6d:3d:2a:c8:fb:04:98:04:7c:
         6c:5e:64:51:14:ea:01:02:3b:eb:55:07:6b:c8:4a:8c:cc:f8:
         e7:73:dd:fb:c8:fa:13:c5:7f:b8:4a:3a:ae:a2:26:93:b3:92:
         b0:aa:00:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJp4StoxtzEb2WCmx+dm+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhMzM0ODUwZGFmMzcxMjIwNTIwMTk5MjI5ZWJkZTkwZWYy
OGIwMTgwHhcNMjQwMTAxMjIzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjQ2NTNhYjk1MjYyZGViNWIxN2JlODhmNzJmNmY5ZTQ1Zjg3YjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbIcX8sXVsiDQpm8wdpseCbigy/R
VYKzAHrgazKwjS1AWaHedj2aIBBbzdSc0ctagXH0KxnpHXefkEehzdjBolv/fJ7Q
0kB7N4u9pszBg6wpynqePPdulRlrd5d3IX10ITHmH6+JS4keI/5alYluWPHcux1B
xWaUxE6xdFSk0bRbmNfRKGXA+5wAtnuggYiUxtT5J6et/QBGuS57/wR+raRJZY8P
mJjZpwm5aeRZnGhWQ10Hr7gFFgmrqiD5mgokH6Y0OenM1TTLPEH1EmM8WGVNuUid
svrkE/SPAeCFapsuSwJ7tUR5z1b5AQyNePmIEcUuIXVNjrHpYFyYBdZtrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM9GU6uVJi3rWxe+iPcvb55F+Hs/MB8GA1UdIwQY
MBaAFMozSFDa83EiBSAZkinr3pDvKLAYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWpOSVVOcnpjU0lGSUJtU0tldmVrTzhvc0JnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9lZTVlNDctNGUyOS00NjAzLWI5NjIt
MGUwMDQ2YzhhODdiLzEvejBaVHE1VW1MZXRiRjc2STl5OXZua1g0ZXo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9lZTVlNDctNGUyOS00NjAzLWI5NjItMGUwMDQ2YzhhODdi
LzEveWpOSVVOcnpjU0lGSUJtU0tldmVrTzhvc0JnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw6CiMA0G
CSqGSIb3DQEBCwUAA4IBAQDEBDwVXoqlfeATRy1C3ioTe+HlSXwrzrWe5bFKwoE+
/HOCfH2PqmwUNopc2HqxKCZrnanQ3HqiKPsHQyCC9+aewrdtEOc6C4HeHx6ajWIZ
LNQKAKL82oeZdf4reb2CgMVKC3s1Rmy++3lnfbYs4Q/rHHrruCmnLjsVn852AUP2
ZqUZ9XXK70jgQRJlVwVu28QuquQsTLSa814awP9DsWX2t7QJkDvPylRjZ86RKE/p
jzP1Q1cyif16jfFa9oTH9k1nSHgYX1Y8cr7g/pdzRkltPSrI+wSYBHxsXmRRFOoB
AjvrVQdryEqMzPjnc937yPoTxX+4SjquoiaTs5KwqgC1
-----END CERTIFICATE-----