Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/51885b-5693-4892-a1d4-1a19792a1d26/1/zCyvUZCIyIoreLd80SNu5rZnlQo.roa
File:                     zCyvUZCIyIoreLd80SNu5rZnlQo.roa (raw, json)
Hash identifier:          svKW69jebNQVPlkXB0RTkaxSEokF1LzFm1ZVZjxX9IM=
Subject key identifier:   CC:2C:AF:51:90:88:C8:8A:2B:78:B7:7C:D1:23:6E:E6:B6:67:95:0A
Certificate issuer:       /CN=cd2d0e39d78fc6202255a5b4adb54583d9deddce
Certificate serial:       018CC500B82403F2536D8902D9DB184CC18A
Authority key identifier: CD:2D:0E:39:D7:8F:C6:20:22:55:A5:B4:AD:B5:45:83:D9:DE:DD:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zS0OOdePxiAiVaW0rbVFg9ne3c4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/51885b-5693-4892-a1d4-1a19792a1d26/1/zCyvUZCIyIoreLd80SNu5rZnlQo.roa
Signing time:             Mon 01 Jan 2024 12:30:07 +0000
ROA not before:           Mon 01 Jan 2024 12:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12611
IP address blocks:        193.23.119.0/24 maxlen: 24
                          194.150.226.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/51885b-5693-4892-a1d4-1a19792a1d26/1/zS0OOdePxiAiVaW0rbVFg9ne3c4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/51885b-5693-4892-a1d4-1a19792a1d26/1/zS0OOdePxiAiVaW0rbVFg9ne3c4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zS0OOdePxiAiVaW0rbVFg9ne3c4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 12:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:b8:24:03:f2:53:6d:89:02:d9:db:18:4c:c1:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd2d0e39d78fc6202255a5b4adb54583d9deddce
        Validity
            Not Before: Jan  1 12:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc2caf519088c88a2b78b77cd1236ee6b667950a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:bc:44:c9:89:e3:26:66:7f:55:87:44:b2:18:
                    42:55:be:32:dc:9f:40:2a:7d:0e:e5:0c:87:9d:99:
                    e7:a4:85:e5:3a:8f:96:05:11:d5:2d:ca:c7:c8:06:
                    06:d1:a7:a5:6e:3a:4b:0a:32:53:2b:2f:3d:1e:36:
                    31:14:71:d3:bf:46:8b:98:02:52:f5:0c:d0:94:29:
                    88:0a:06:c8:ad:a3:3f:13:77:47:62:e2:ea:ba:af:
                    da:9c:58:f7:b8:2b:08:fa:a0:84:ac:10:0c:dc:bf:
                    c1:84:fd:ac:8f:42:2c:55:97:65:cf:2e:12:ad:ce:
                    1e:5d:9b:f2:00:0a:8f:d4:e5:d2:5d:45:3e:33:78:
                    8a:08:a4:f7:4e:a1:bb:39:4f:a9:d6:0c:a4:71:f7:
                    a0:cf:d6:97:e7:69:f5:4f:b8:7c:5b:06:dd:b0:1d:
                    e7:e0:4c:e1:83:94:95:4c:3a:05:93:92:81:33:db:
                    e6:3e:a9:1c:32:fc:c7:fa:de:5b:13:f9:ac:96:eb:
                    6b:7e:96:5a:ee:af:aa:58:3d:49:88:b7:5e:ea:0a:
                    91:a7:d3:09:f9:a5:2a:d4:7b:97:79:37:35:a6:a6:
                    28:ae:0a:b1:6c:2b:21:69:4f:dc:4d:a9:e0:30:a7:
                    c2:d2:d9:15:3c:af:5f:a1:46:60:23:e4:b6:88:e9:
                    91:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:2C:AF:51:90:88:C8:8A:2B:78:B7:7C:D1:23:6E:E6:B6:67:95:0A
            X509v3 Authority Key Identifier:
                keyid:CD:2D:0E:39:D7:8F:C6:20:22:55:A5:B4:AD:B5:45:83:D9:DE:DD:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zS0OOdePxiAiVaW0rbVFg9ne3c4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/51885b-5693-4892-a1d4-1a19792a1d26/1/zCyvUZCIyIoreLd80SNu5rZnlQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/51885b-5693-4892-a1d4-1a19792a1d26/1/zS0OOdePxiAiVaW0rbVFg9ne3c4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.119.0/24
                  194.150.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:38:91:6d:d4:00:63:b5:39:6c:aa:20:ec:61:f1:94:93:d6:
         19:3b:36:04:53:27:97:4a:be:58:d9:af:a2:c9:b9:51:44:35:
         b5:c9:02:a6:6f:27:c3:3c:7b:61:95:66:43:d1:c0:5d:7c:98:
         d6:0b:63:36:91:0e:94:97:bd:65:09:c0:9e:98:c6:f8:a0:9d:
         83:ae:dc:e3:64:60:5c:aa:b6:71:fb:99:19:a6:2c:18:b2:b3:
         8a:69:c9:66:60:d3:b7:d5:1b:f8:a0:df:ea:0f:96:b9:81:84:
         8b:95:a5:18:fd:78:31:4c:1d:1f:17:4f:e7:5a:36:b6:5c:f8:
         07:37:d2:e9:0e:9e:6c:4f:31:6c:86:0a:85:1c:41:92:e2:d5:
         64:10:1a:12:11:8d:54:73:2c:89:96:74:1e:35:4e:de:4b:89:
         d8:13:76:c4:36:5f:6e:ed:f0:35:6a:c8:f3:44:b9:28:97:75:
         42:8b:f4:08:1c:78:c1:3b:f8:92:f3:84:dd:68:15:04:f3:98:
         99:b5:78:c4:b2:d0:25:ea:8f:a6:b4:aa:c2:c9:f7:9f:9e:63:
         9d:6d:f6:86:31:ef:2f:52:18:f2:23:df:f0:1f:b3:ef:54:d1:
         b7:37:34:7d:72:78:c9:e2:81:3f:a1:3b:82:ea:35:a5:55:e4:
         e8:fa:52:17
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFALgkA/JTbYkC2dsYTMGKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMmQwZTM5ZDc4ZmM2MjAyMjU1YTViNGFkYjU0NTgzZDlk
ZWRkY2UwHhcNMjQwMTAxMTIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzJjYWY1MTkwODhjODhhMmI3OGI3N2NkMTIzNmVlNmI2Njc5NTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7xEyYnjJmZ/VYdEshhCVb4y3J9A
Kn0O5QyHnZnnpIXlOo+WBRHVLcrHyAYG0aelbjpLCjJTKy89HjYxFHHTv0aLmAJS
9QzQlCmICgbIraM/E3dHYuLquq/anFj3uCsI+qCErBAM3L/BhP2sj0IsVZdlzy4S
rc4eXZvyAAqP1OXSXUU+M3iKCKT3TqG7OU+p1gykcfegz9aX52n1T7h8WwbdsB3n
4Ezhg5SVTDoFk5KBM9vmPqkcMvzH+t5bE/mslutrfpZa7q+qWD1JiLde6gqRp9MJ
+aUq1HuXeTc1pqYorgqxbCshaU/cTangMKfC0tkVPK9foUZgI+S2iOmR7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMwsr1GQiMiKK3i3fNEjbua2Z5UKMB8GA1UdIwQY
MBaAFM0tDjnXj8YgIlWltK21RYPZ3t3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelMwT09kZVB4aUFpVmFXMHJiVkZnOW5lM2M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS81MTg4NWItNTY5My00ODkyLWExZDQt
MWExOTc5MmExZDI2LzEvekN5dlVaQ0l5SW9yZUxkODBTTnU1clpubFFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS81MTg4NWItNTY5My00ODkyLWExZDQtMWExOTc5MmExZDI2
LzEvelMwT09kZVB4aUFpVmFXMHJiVkZnOW5lM2M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRd3AwQB
wpbiMA0GCSqGSIb3DQEBCwUAA4IBAQB8OJFt1ABjtTlsqiDsYfGUk9YZOzYEUyeX
Sr5Y2a+iyblRRDW1yQKmbyfDPHthlWZD0cBdfJjWC2M2kQ6Ul71lCcCemMb4oJ2D
rtzjZGBcqrZx+5kZpiwYsrOKaclmYNO31Rv4oN/qD5a5gYSLlaUY/XgxTB0fF0/n
Wja2XPgHN9LpDp5sTzFshgqFHEGS4tVkEBoSEY1UcyyJlnQeNU7eS4nYE3bENl9u
7fA1asjzRLkol3VCi/QIHHjBO/iS84TdaBUE85iZtXjEstAl6o+mtKrCyfefnmOd
bfaGMe8vUhjyI9/wH7PvVNG3NzR9cnjJ4oE/oTuC6jWlVeTo+lIX
-----END CERTIFICATE-----