Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/PzzwV1Irn8awfg0deJCEYTlDERs.roa
File:                     PzzwV1Irn8awfg0deJCEYTlDERs.roa (raw, json)
Hash identifier:          Q2keIUvBIK3Hmhtk5p1Mcf9cV93nHkoCBhO0R1ZMegg=
Subject key identifier:   3F:3C:F0:57:52:2B:9F:C6:B0:7E:0D:1D:78:90:84:61:39:43:11:1B
Certificate issuer:       /CN=aecd64c97837d7bfac06637dd952bdede0c25d85
Certificate serial:       018CC4247FDC7BC8D7F33D6593BEB33E7A33
Authority key identifier: AE:CD:64:C9:78:37:D7:BF:AC:06:63:7D:D9:52:BD:ED:E0:C2:5D:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rs1kyXg317-sBmN92VK97eDCXYU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/PzzwV1Irn8awfg0deJCEYTlDERs.roa
Signing time:             Mon 01 Jan 2024 08:29:35 +0000
ROA not before:           Mon 01 Jan 2024 08:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24982
IP address blocks:        85.112.68.0/24 maxlen: 24
                          5.57.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/rs1kyXg317-sBmN92VK97eDCXYU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/rs1kyXg317-sBmN92VK97eDCXYU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rs1kyXg317-sBmN92VK97eDCXYU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:7f:dc:7b:c8:d7:f3:3d:65:93:be:b3:3e:7a:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aecd64c97837d7bfac06637dd952bdede0c25d85
        Validity
            Not Before: Jan  1 08:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f3cf057522b9fc6b07e0d1d789084613943111b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ce:96:0e:86:42:10:24:d7:39:0f:8f:f9:cd:
                    c1:dd:50:35:ee:ad:aa:12:76:80:b5:63:2e:b8:a7:
                    b0:ca:35:33:cd:86:0c:06:8d:d7:c6:6e:58:cc:f6:
                    dd:c6:57:0a:c1:8c:86:53:df:d0:e2:50:e9:69:3c:
                    34:1f:e7:a3:11:92:71:5e:6f:82:03:ba:43:ac:79:
                    7d:c4:e6:b8:9e:0e:14:1e:6e:d0:b2:39:03:8e:c0:
                    7a:22:09:3d:24:12:bd:0e:01:5a:72:9c:eb:44:54:
                    00:c5:b0:f4:9d:3c:6f:12:12:60:0f:82:95:25:b7:
                    18:4b:07:22:3c:cf:6e:7c:61:b6:dc:aa:6f:30:c8:
                    25:06:9f:b7:cb:6f:87:37:c5:69:c6:95:3b:00:9c:
                    2f:61:36:62:7d:2e:20:0f:b6:36:7f:01:d0:ad:a6:
                    bc:be:fb:ef:3c:fa:4c:50:fc:66:e7:d7:b2:bc:da:
                    97:b5:46:dc:3f:34:ed:19:2e:1e:32:92:13:ad:6e:
                    8b:72:39:74:ff:d1:1d:07:ba:7f:b6:17:45:75:2a:
                    92:10:d7:20:ae:82:a8:45:48:17:4a:2b:e3:25:37:
                    fb:a6:67:6a:21:17:ef:3d:ff:ca:b4:2e:7c:fe:1c:
                    57:55:d2:e4:14:ab:29:fb:5e:88:6f:af:f9:fe:23:
                    8d:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:3C:F0:57:52:2B:9F:C6:B0:7E:0D:1D:78:90:84:61:39:43:11:1B
            X509v3 Authority Key Identifier:
                keyid:AE:CD:64:C9:78:37:D7:BF:AC:06:63:7D:D9:52:BD:ED:E0:C2:5D:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rs1kyXg317-sBmN92VK97eDCXYU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/PzzwV1Irn8awfg0deJCEYTlDERs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/592d4f-d71e-4e8b-a632-1ecde1791511/1/rs1kyXg317-sBmN92VK97eDCXYU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.57.2.0/24
                  85.112.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:b7:9b:a1:9c:66:a4:c5:b0:82:bf:4e:33:e5:28:cd:44:65:
         df:d9:c1:3b:c6:0d:59:ec:74:9f:08:16:75:e1:f3:fc:84:56:
         47:b7:78:c8:5c:dd:2e:f0:a5:02:8e:ab:03:5e:28:b8:f3:aa:
         15:70:3f:02:3d:ce:0a:d9:3d:41:3c:6e:77:63:bb:83:09:27:
         3a:75:71:ff:e9:0f:e4:9e:53:62:4e:0c:fe:a3:0a:37:f5:b1:
         aa:ae:6a:21:0d:91:c8:5d:57:c1:b2:ec:47:ea:30:a8:b9:ab:
         70:62:85:fc:23:cd:ef:44:02:e0:e2:00:40:a2:69:b2:92:cf:
         a1:bd:ff:8c:5f:69:9f:64:10:d2:83:4e:91:cd:40:4e:02:79:
         40:d8:55:fa:36:10:03:85:81:af:72:cb:d3:10:d0:c7:cc:0e:
         5e:5d:5d:10:ac:b2:75:6f:e9:28:9f:c3:52:58:da:9f:c1:ca:
         21:c2:2b:05:f6:be:ad:75:6a:63:ef:18:27:42:f1:3f:17:bd:
         a0:87:22:95:0b:7b:fc:22:18:84:83:ff:39:e0:30:1c:1f:29:
         5b:47:58:48:6b:cf:4f:c6:9b:24:4b:1d:44:f1:90:2c:5e:3c:
         5a:3c:26:25:24:28:49:d5:82:73:cc:94:1c:85:9b:78:bd:8a:
         b3:e3:7c:b2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJH/ce8jX8z1lk76zPnozMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlY2Q2NGM5NzgzN2Q3YmZhYzA2NjM3ZGQ5NTJiZGVkZTBj
MjVkODUwHhcNMjQwMTAxMDgyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjNjZjA1NzUyMmI5ZmM2YjA3ZTBkMWQ3ODkwODQ2MTM5NDMxMTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwc6WDoZCECTXOQ+P+c3B3VA17q2q
EnaAtWMuuKewyjUzzYYMBo3Xxm5YzPbdxlcKwYyGU9/Q4lDpaTw0H+ejEZJxXm+C
A7pDrHl9xOa4ng4UHm7QsjkDjsB6Igk9JBK9DgFacpzrRFQAxbD0nTxvEhJgD4KV
JbcYSwciPM9ufGG23KpvMMglBp+3y2+HN8VpxpU7AJwvYTZifS4gD7Y2fwHQraa8
vvvvPPpMUPxm59eyvNqXtUbcPzTtGS4eMpITrW6Lcjl0/9EdB7p/thdFdSqSENcg
roKoRUgXSivjJTf7pmdqIRfvPf/KtC58/hxXVdLkFKsp+16Ib6/5/iON2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD888FdSK5/GsH4NHXiQhGE5QxEbMB8GA1UdIwQY
MBaAFK7NZMl4N9e/rAZjfdlSve3gwl2FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnMxa3lYZzMxNy1zQm1OOTJWSzk3ZURDWFlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi81OTJkNGYtZDcxZS00ZThiLWE2MzIt
MWVjZGUxNzkxNTExLzEvUHp6d1YxSXJuOGF3ZmcwZGVKQ0VZVGxERVJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi81OTJkNGYtZDcxZS00ZThiLWE2MzItMWVjZGUxNzkxNTEx
LzEvcnMxa3lYZzMxNy1zQm1OOTJWSzk3ZURDWFlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABTkCAwQA
VXBEMA0GCSqGSIb3DQEBCwUAA4IBAQBmt5uhnGakxbCCv04z5SjNRGXf2cE7xg1Z
7HSfCBZ14fP8hFZHt3jIXN0u8KUCjqsDXii486oVcD8CPc4K2T1BPG53Y7uDCSc6
dXH/6Q/knlNiTgz+owo39bGqrmohDZHIXVfBsuxH6jCouatwYoX8I83vRALg4gBA
ommyks+hvf+MX2mfZBDSg06RzUBOAnlA2FX6NhADhYGvcsvTENDHzA5eXV0QrLJ1
b+kon8NSWNqfwcohwisF9r6tdWpj7xgnQvE/F72ghyKVC3v8IhiEg/854DAcHylb
R1hIa89PxpskSx1E8ZAsXjxaPCYlJChJ1YJzzJQchZt4vYqz43yy
-----END CERTIFICATE-----