Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZGXEa1-9Z-rbdgVzfQZjSTosNh0.roa
File:                     ZGXEa1-9Z-rbdgVzfQZjSTosNh0.roa (raw, json)
Hash identifier:          QpqNm7Y0eh9bcNBfsk6S3rKqk8uzUYCBbLNHOV8LBKk=
Subject key identifier:   64:65:C4:6B:5F:BD:67:EA:DB:76:05:73:7D:06:63:49:3A:2C:36:1D
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018D8BDCC291FBE7945BEC80359F227C0EBB
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZGXEa1-9Z-rbdgVzfQZjSTosNh0.roa
Signing time:             Fri 09 Feb 2024 03:15:17 +0000
ROA not before:           Fri 09 Feb 2024 03:15:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213094
IP address blocks:        185.252.160.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8b:dc:c2:91:fb:e7:94:5b:ec:80:35:9f:22:7c:0e:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb  9 03:15:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6465c46b5fbd67eadb7605737d0663493a2c361d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:28:3e:2e:08:cd:27:59:28:b6:3b:d7:3a:84:
                    cc:34:82:cb:f2:85:32:76:f1:fe:f0:d1:e1:81:c5:
                    41:eb:bc:70:0a:1b:a4:bd:ba:25:77:f7:a2:49:30:
                    27:e5:f8:2b:e0:0a:db:eb:5d:d3:f6:92:b1:b7:93:
                    0c:fc:ad:c0:41:b8:1a:ce:a7:d2:9c:25:41:d9:85:
                    47:de:ba:47:19:fd:87:4c:e3:d1:ba:ba:21:7a:0f:
                    a4:a9:a1:41:fa:4a:ae:67:db:07:a8:3e:a6:df:c7:
                    37:00:ba:45:ef:d3:0d:c1:f9:04:a6:8e:3c:fd:3a:
                    d9:02:a8:23:72:48:b8:73:5e:2a:db:fe:6f:2d:87:
                    17:ed:d0:12:12:d3:63:c9:0c:dc:0d:fd:7f:34:28:
                    0c:69:cb:a5:70:03:e2:16:19:58:65:de:33:b5:69:
                    49:c9:fd:eb:42:e0:62:ca:79:3c:a4:d9:0a:7e:0b:
                    7f:5a:e6:51:a0:88:62:ec:b3:83:ad:63:f1:5f:ef:
                    47:c5:74:21:2e:af:d2:b5:23:03:62:34:a2:65:34:
                    1d:93:bd:c2:af:74:ec:08:d4:07:af:1c:24:30:97:
                    73:31:79:76:68:37:3b:25:35:0c:de:eb:a7:96:a9:
                    90:f9:55:34:df:5c:47:10:71:cb:a9:74:b1:99:77:
                    36:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:65:C4:6B:5F:BD:67:EA:DB:76:05:73:7D:06:63:49:3A:2C:36:1D
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZGXEa1-9Z-rbdgVzfQZjSTosNh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:ea:6b:0b:59:35:f7:0b:f2:82:63:00:6e:84:11:cb:9b:f9:
         d3:28:ab:ba:2e:9c:69:5f:4a:7b:14:3c:8f:8b:18:09:ae:0a:
         7b:18:5b:4b:4c:9c:c3:20:07:ed:57:33:29:3c:7b:de:c6:b1:
         c5:93:24:bf:7a:77:0c:a0:47:57:bc:c5:03:0c:0b:0d:ac:8c:
         27:0c:52:45:e9:19:75:66:d2:81:f7:e2:12:a2:5b:dd:4d:91:
         5b:40:16:73:46:a5:b0:8f:bf:63:29:39:0d:40:87:be:0e:15:
         5c:c9:75:50:c5:7f:d1:a3:21:67:6a:db:ee:00:f1:b8:d3:bd:
         ad:21:99:c4:a7:3f:d6:06:73:7a:e3:56:ea:95:cd:7d:30:a5:
         e5:9c:40:a5:c5:f0:3f:48:7f:69:6e:38:b6:af:b2:38:7d:b8:
         87:47:82:51:1d:ec:7e:72:12:95:65:5e:3e:ac:7b:1d:3f:d6:
         c3:7d:f9:56:92:9d:60:c8:7b:f4:78:f3:da:6a:6c:54:d4:4e:
         ce:48:39:2c:1b:18:82:e5:b5:67:9d:12:60:1f:88:e4:bf:7d:
         ef:93:f2:b2:e5:eb:6f:02:b5:dd:12:b3:bb:be:ba:33:11:f8:
         c8:df:7b:d9:77:93:2a:a7:ba:35:d4:9c:cc:da:0a:40:81:c2:
         d7:23:b0:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2L3MKR++eUW+yANZ8ifA67MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjA5MDMxNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDY1YzQ2YjVmYmQ2N2VhZGI3NjA1NzM3ZDA2NjM0OTNhMmMzNjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+ig+LgjNJ1kotjvXOoTMNILL8oUy
dvH+8NHhgcVB67xwChukvbold/eiSTAn5fgr4Arb613T9pKxt5MM/K3AQbgazqfS
nCVB2YVH3rpHGf2HTOPRuroheg+kqaFB+kquZ9sHqD6m38c3ALpF79MNwfkEpo48
/TrZAqgjcki4c14q2/5vLYcX7dASEtNjyQzcDf1/NCgMaculcAPiFhlYZd4ztWlJ
yf3rQuBiynk8pNkKfgt/WuZRoIhi7LODrWPxX+9HxXQhLq/StSMDYjSiZTQdk73C
r3TsCNQHrxwkMJdzMXl2aDc7JTUM3uunlqmQ+VU031xHEHHLqXSxmXc2rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGRlxGtfvWfq23YFc30GY0k6LDYdMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWkdYRWExLTlaLXJiZGdWemZRWmpTVG9zTmgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufygMA0G
CSqGSIb3DQEBCwUAA4IBAQAT6msLWTX3C/KCYwBuhBHLm/nTKKu6LpxpX0p7FDyP
ixgJrgp7GFtLTJzDIAftVzMpPHvexrHFkyS/encMoEdXvMUDDAsNrIwnDFJF6Rl1
ZtKB9+ISolvdTZFbQBZzRqWwj79jKTkNQIe+DhVcyXVQxX/RoyFnatvuAPG4072t
IZnEpz/WBnN641bqlc19MKXlnEClxfA/SH9pbji2r7I4fbiHR4JRHex+chKVZV4+
rHsdP9bDfflWkp1gyHv0ePPaamxU1E7OSDksGxiC5bVnnRJgH4jkv33vk/Ky5etv
ArXdErO7vrozEfjI33vZd5Mqp7o11JzM2gpAgcLXI7Dt
-----END CERTIFICATE-----