Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/zsXRQz909G0nO9cd9sfJEA9vEU8.roa
File:                     zsXRQz909G0nO9cd9sfJEA9vEU8.roa (raw, json)
Hash identifier:          nOYuii3Y35XVJgsalBhQORGXSmSWUKrB+M4OdsnzP10=
Subject key identifier:   CE:C5:D1:43:3F:74:F4:6D:27:3B:D7:1D:F6:C7:C9:10:0F:6F:11:4F
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018D4F2BB0851616460EE8EB9A0AB3359A3F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/zsXRQz909G0nO9cd9sfJEA9vEU8.roa
Signing time:             Sun 28 Jan 2024 08:24:39 +0000
ROA not before:           Sun 28 Jan 2024 08:24:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203647
IP address blocks:        185.72.11.0/24 maxlen: 24
                          194.135.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:4f:2b:b0:85:16:16:46:0e:e8:eb:9a:0a:b3:35:9a:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan 28 08:24:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cec5d1433f74f46d273bd71df6c7c9100f6f114f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:f7:84:8c:8f:b3:41:58:e2:87:8a:96:d8:f5:
                    53:bb:20:60:bb:bd:24:14:06:05:0d:eb:77:02:49:
                    7e:3e:14:28:0e:c0:d1:eb:f4:20:8b:15:13:76:a4:
                    86:5f:2a:24:db:ae:39:61:b9:01:fa:a9:37:95:83:
                    ee:c9:d3:cd:79:4b:a9:9f:c1:06:cf:79:64:d9:39:
                    64:fe:a0:48:69:d6:53:71:07:b0:1e:fe:dc:9b:35:
                    d8:45:1d:8d:50:93:7d:f2:00:87:20:41:0c:b8:67:
                    33:e3:12:d7:63:03:44:ab:98:ba:56:09:4e:76:59:
                    44:79:93:2a:32:19:31:27:41:e5:61:f9:cd:67:dc:
                    f6:bc:0b:a1:a4:18:b8:8e:55:d6:3e:d4:e6:79:1a:
                    61:80:89:73:03:68:5f:5c:76:4b:66:35:bc:76:39:
                    c7:ed:9b:7c:d2:cb:18:43:9d:0c:57:cd:93:e4:57:
                    71:19:84:a0:04:c1:66:ae:00:a5:fc:8a:42:9b:24:
                    ff:9d:f8:96:df:9a:70:9a:97:4a:dd:34:41:f8:37:
                    de:32:7d:e5:e3:b0:12:40:bf:52:31:c9:20:28:16:
                    9f:45:03:95:37:a1:4e:12:a8:8b:a3:5f:10:6c:51:
                    7f:05:d5:f0:69:9a:63:98:28:dd:a6:a9:80:06:ab:
                    f1:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:C5:D1:43:3F:74:F4:6D:27:3B:D7:1D:F6:C7:C9:10:0F:6F:11:4F
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/zsXRQz909G0nO9cd9sfJEA9vEU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.11.0/24
                  194.135.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:98:48:35:07:ee:3c:63:1c:f4:7a:1b:b1:d4:2a:27:c5:a8:
         bd:21:e7:95:03:30:46:96:00:ad:a1:e5:1a:65:1b:88:3e:c2:
         30:0f:3e:ff:95:b3:dc:ff:99:07:31:c0:b7:d2:a4:86:63:0d:
         c5:a0:eb:7b:a5:51:34:f0:fb:2d:09:be:86:24:4c:5b:6a:25:
         3f:93:04:4e:cf:d3:09:58:ee:08:02:29:7a:a6:10:33:70:ea:
         b9:70:d9:21:08:9e:53:78:ef:8b:ce:e8:00:28:c7:49:30:e5:
         ab:7f:f8:f7:8a:7e:91:21:33:66:a5:26:14:9e:2e:39:79:31:
         c0:5b:8e:eb:db:71:4f:81:c3:fe:95:27:3a:54:77:79:1f:eb:
         1b:cc:dd:56:ff:57:51:69:ee:43:dc:d5:6e:d6:1b:27:ea:53:
         0c:64:34:49:93:35:96:62:7a:73:42:e3:5b:6e:95:a7:d4:41:
         f8:85:b0:73:3e:1e:f8:8a:bf:ad:99:99:63:67:ad:da:dc:2f:
         b3:6e:8d:b1:7b:e9:5d:0f:40:e2:bd:1d:66:4c:36:e0:31:3d:
         fc:4e:d4:95:82:9e:2a:f3:af:bf:50:d2:28:cb:fd:15:c3:92:
         1d:0a:3d:bf:4d:62:f1:28:c4:c9:0e:a7:82:d5:4a:1c:1c:d3:
         7b:a4:22:68
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1PK7CFFhZGDujrmgqzNZo/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTI4MDgyNDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWM1ZDE0MzNmNzRmNDZkMjczYmQ3MWRmNmM3YzkxMDBmNmYxMTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPeEjI+zQVjih4qW2PVTuyBgu70k
FAYFDet3Akl+PhQoDsDR6/QgixUTdqSGXyok2645YbkB+qk3lYPuydPNeUupn8EG
z3lk2Tlk/qBIadZTcQewHv7cmzXYRR2NUJN98gCHIEEMuGcz4xLXYwNEq5i6VglO
dllEeZMqMhkxJ0HlYfnNZ9z2vAuhpBi4jlXWPtTmeRphgIlzA2hfXHZLZjW8djnH
7Zt80ssYQ50MV82T5FdxGYSgBMFmrgCl/IpCmyT/nfiW35pwmpdK3TRB+DfeMn3l
47ASQL9SMckgKBafRQOVN6FOEqiLo18QbFF/BdXwaZpjmCjdpqmABqvxwwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM7F0UM/dPRtJzvXHfbHyRAPbxFPMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvenNYUlF6OTA5RzBuTzljZDlzZkpFQTl2RVU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuUgLAwQA
wod3MA0GCSqGSIb3DQEBCwUAA4IBAQBHmEg1B+48Yxz0ehux1Conxai9IeeVAzBG
lgCtoeUaZRuIPsIwDz7/lbPc/5kHMcC30qSGYw3FoOt7pVE08PstCb6GJExbaiU/
kwROz9MJWO4IAil6phAzcOq5cNkhCJ5TeO+LzugAKMdJMOWrf/j3in6RITNmpSYU
ni45eTHAW47r23FPgcP+lSc6VHd5H+sbzN1W/1dRae5D3NVu1hsn6lMMZDRJkzWW
YnpzQuNbbpWn1EH4hbBzPh74ir+tmZljZ63a3C+zbo2xe+ldD0DivR1mTDbgMT38
TtSVgp4q86+/UNIoy/0Vw5IdCj2/TWLxKMTJDqeC1UocHNN7pCJo
-----END CERTIFICATE-----