Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/4bff72-ba5b-4528-8c42-7f6b9f1040fd/1/lzgQA6tumGrtl1J3R_5L-rMo5IA.roa
File:                     lzgQA6tumGrtl1J3R_5L-rMo5IA.roa (raw, json)
Hash identifier:          Rb5Dy+J3N7pxZEpcXafgYOYnpaHQnT4moddED/LjesI=
Subject key identifier:   97:38:10:03:AB:6E:98:6A:ED:97:52:77:47:FE:4B:FA:B3:28:E4:80
Certificate issuer:       /CN=3d9944e8f5651b1bd2f0a9e006865f3a6b81eb61
Certificate serial:       018CC5DC3E3FE94C3C7C96AD60C9467F87C1
Authority key identifier: 3D:99:44:E8:F5:65:1B:1B:D2:F0:A9:E0:06:86:5F:3A:6B:81:EB:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PZlE6PVlGxvS8KngBoZfOmuB62E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/4bff72-ba5b-4528-8c42-7f6b9f1040fd/1/lzgQA6tumGrtl1J3R_5L-rMo5IA.roa
Signing time:             Mon 01 Jan 2024 16:29:54 +0000
ROA not before:           Mon 01 Jan 2024 16:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57249
IP address blocks:        193.22.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/4bff72-ba5b-4528-8c42-7f6b9f1040fd/1/PZlE6PVlGxvS8KngBoZfOmuB62E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/4bff72-ba5b-4528-8c42-7f6b9f1040fd/1/PZlE6PVlGxvS8KngBoZfOmuB62E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PZlE6PVlGxvS8KngBoZfOmuB62E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:3e:3f:e9:4c:3c:7c:96:ad:60:c9:46:7f:87:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d9944e8f5651b1bd2f0a9e006865f3a6b81eb61
        Validity
            Not Before: Jan  1 16:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97381003ab6e986aed97527747fe4bfab328e480
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:dd:e2:57:27:3d:76:c5:1d:47:6c:6b:b7:1e:
                    b8:41:8f:b0:a4:8f:d6:64:e9:81:f9:47:54:69:e0:
                    ce:c5:c9:25:2e:0a:7e:70:ab:34:b7:12:b9:c3:37:
                    6a:53:62:26:f4:78:08:71:bd:af:9a:d9:f6:e8:ec:
                    c9:18:34:d9:fd:09:53:58:80:f1:19:35:56:d2:f3:
                    f7:78:e6:31:98:f2:b4:4c:09:c7:82:13:3d:be:53:
                    c3:9f:f6:17:c3:d3:97:d0:80:11:72:07:08:03:8a:
                    55:75:f5:d7:03:71:95:49:3a:ed:b9:b7:6d:d2:c0:
                    c3:f5:70:4d:8a:1e:d4:48:8e:3d:67:de:03:91:13:
                    70:5c:8b:bb:e2:ee:ea:a5:a4:ef:9c:f0:26:b7:b3:
                    4d:5a:a1:e5:f6:80:50:3e:cf:74:f4:b3:33:20:c3:
                    61:90:2a:41:11:1a:ba:0e:c7:8c:fb:6b:13:0c:59:
                    dd:59:29:ba:f4:bd:43:d3:d8:79:dc:3c:d7:5a:7e:
                    a1:9f:62:ec:5e:6b:89:bb:09:0a:0d:e6:ab:3f:5b:
                    84:37:b8:55:a1:1d:3d:43:c9:9d:00:d8:e0:f5:75:
                    0c:55:29:b6:c5:32:23:48:6a:04:c7:89:e8:6f:9b:
                    44:ce:11:ff:34:0f:57:69:53:ad:79:51:8d:4f:0a:
                    75:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:38:10:03:AB:6E:98:6A:ED:97:52:77:47:FE:4B:FA:B3:28:E4:80
            X509v3 Authority Key Identifier:
                keyid:3D:99:44:E8:F5:65:1B:1B:D2:F0:A9:E0:06:86:5F:3A:6B:81:EB:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PZlE6PVlGxvS8KngBoZfOmuB62E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4bff72-ba5b-4528-8c42-7f6b9f1040fd/1/lzgQA6tumGrtl1J3R_5L-rMo5IA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4bff72-ba5b-4528-8c42-7f6b9f1040fd/1/PZlE6PVlGxvS8KngBoZfOmuB62E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:9b:a1:12:26:64:db:ed:60:41:9d:73:a7:58:24:80:ee:05:
         70:6c:92:80:75:c3:ed:a7:96:ac:4c:9c:73:81:1b:e5:46:dc:
         54:6a:92:8e:26:23:d3:09:a7:57:01:cc:d0:5c:88:0c:f4:b8:
         bb:55:f8:93:1f:cc:5f:f0:18:14:fa:8f:16:11:96:6c:4e:cf:
         35:c9:2c:d6:9e:ff:82:25:02:82:28:2b:71:c2:d8:43:f1:cd:
         ac:8d:3f:08:e8:d7:ce:f5:19:d5:11:1d:5e:b1:5a:0d:42:15:
         f3:2d:e9:02:ca:a3:71:9a:72:48:a1:b7:da:db:f5:bf:fd:8b:
         67:8a:24:47:ff:5c:3a:90:09:f4:77:b8:ff:1f:5d:81:51:a4:
         64:55:65:ff:7a:23:37:02:59:b8:ca:7b:f3:21:2d:ad:c0:79:
         c4:48:a0:68:f3:6b:2d:9f:1b:4a:26:18:f9:58:a2:76:89:38:
         44:14:2a:24:ae:69:99:70:88:d8:d6:90:ee:c6:27:ab:00:be:
         b8:30:90:1e:3f:f8:b1:6e:f4:68:91:b0:7c:75:07:a4:79:33:
         79:4a:dd:46:ba:fd:94:91:90:8f:f4:98:36:1f:7a:e4:b6:13:
         29:0e:fe:e2:33:69:cd:01:b1:50:2a:16:d7:e3:9b:99:ce:92:
         f5:31:fe:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3D4/6Uw8fJatYMlGf4fBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkOTk0NGU4ZjU2NTFiMWJkMmYwYTllMDA2ODY1ZjNhNmI4
MWViNjEwHhcNMjQwMTAxMTYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzM4MTAwM2FiNmU5ODZhZWQ5NzUyNzc0N2ZlNGJmYWIzMjhlNDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn93iVyc9dsUdR2xrtx64QY+wpI/W
ZOmB+UdUaeDOxcklLgp+cKs0txK5wzdqU2Im9HgIcb2vmtn26OzJGDTZ/QlTWIDx
GTVW0vP3eOYxmPK0TAnHghM9vlPDn/YXw9OX0IARcgcIA4pVdfXXA3GVSTrtubdt
0sDD9XBNih7USI49Z94DkRNwXIu74u7qpaTvnPAmt7NNWqHl9oBQPs909LMzIMNh
kCpBERq6DseM+2sTDFndWSm69L1D09h53DzXWn6hn2LsXmuJuwkKDearP1uEN7hV
oR09Q8mdANjg9XUMVSm2xTIjSGoEx4nob5tEzhH/NA9XaVOteVGNTwp1lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJc4EAOrbphq7ZdSd0f+S/qzKOSAMB8GA1UdIwQY
MBaAFD2ZROj1ZRsb0vCp4AaGXzprgethMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFpsRTZQVmxHeHZTOEtuZ0JvWmZPbXVCNjJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC80YmZmNzItYmE1Yi00NTI4LThjNDIt
N2Y2YjlmMTA0MGZkLzEvbHpnUUE2dHVtR3J0bDFKM1JfNUwtck1vNUlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC80YmZmNzItYmE1Yi00NTI4LThjNDItN2Y2YjlmMTA0MGZk
LzEvUFpsRTZQVmxHeHZTOEtuZ0JvWmZPbXVCNjJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRZRMA0G
CSqGSIb3DQEBCwUAA4IBAQAHm6ESJmTb7WBBnXOnWCSA7gVwbJKAdcPtp5asTJxz
gRvlRtxUapKOJiPTCadXAczQXIgM9Li7VfiTH8xf8BgU+o8WEZZsTs81ySzWnv+C
JQKCKCtxwthD8c2sjT8I6NfO9RnVER1esVoNQhXzLekCyqNxmnJIobfa2/W//Ytn
iiRH/1w6kAn0d7j/H12BUaRkVWX/eiM3Alm4ynvzIS2twHnESKBo82stnxtKJhj5
WKJ2iThEFCokrmmZcIjY1pDuxierAL64MJAeP/ixbvRokbB8dQekeTN5St1Guv2U
kZCP9Jg2H3rkthMpDv7iM2nNAbFQKhbX45uZzpL1Mf7Y
-----END CERTIFICATE-----