Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/ZxkzV8VH0BPZbCsLMi7Ok3Tkuq4.roa
File:                     ZxkzV8VH0BPZbCsLMi7Ok3Tkuq4.roa (raw, json)
Hash identifier:          caIaejBpWNw3EikzqlA19Rno3NQhv+yf1Mo6PfQ99OY=
Subject key identifier:   67:19:33:57:C5:47:D0:13:D9:6C:2B:0B:32:2E:CE:93:74:E4:BA:AE
Certificate issuer:       /CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
Certificate serial:       018CC3B6F3957C5C5C4171B6D59DF358CDD0
Authority key identifier: 71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/ZxkzV8VH0BPZbCsLMi7Ok3Tkuq4.roa
Signing time:             Mon 01 Jan 2024 06:29:56 +0000
ROA not before:           Mon 01 Jan 2024 06:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200131
IP address blocks:        45.159.92.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f3:95:7c:5c:5c:41:71:b6:d5:9d:f3:58:cd:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
        Validity
            Not Before: Jan  1 06:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67193357c547d013d96c2b0b322ece9374e4baae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:21:24:3e:dd:68:4e:1c:b9:40:d4:f3:16:8e:
                    7d:10:d0:c2:73:6c:05:85:53:d9:8f:d7:39:5c:20:
                    7c:22:c2:76:f4:b5:05:38:d1:2c:73:d1:56:49:ab:
                    6f:58:3f:93:74:b7:d5:99:72:52:24:fc:ce:e0:2b:
                    77:19:6e:4f:0f:46:e1:9a:ed:0a:c0:45:b4:49:a1:
                    41:87:f9:23:63:31:52:a9:e3:29:80:b7:69:49:29:
                    41:48:b9:b6:cd:b9:b2:f2:dd:e5:47:5f:1e:e2:18:
                    9a:ff:23:15:5c:27:68:bc:a7:dc:c5:4a:47:39:73:
                    6d:ef:b7:29:43:19:a9:0e:24:b4:12:78:e3:7d:6a:
                    cd:34:4f:24:3d:4b:03:7b:2d:af:c1:10:9a:7b:02:
                    ee:64:92:1d:7a:08:9c:72:5e:12:0c:57:d7:c0:7f:
                    22:27:d1:24:c5:76:25:6e:fa:26:4c:58:8b:cc:83:
                    63:b0:6d:d2:01:15:ac:67:57:27:7b:57:8a:36:24:
                    64:77:20:19:b8:dd:64:a8:50:1c:13:c0:4d:d6:c3:
                    d9:5e:df:60:41:ed:ee:e4:96:aa:b0:89:1c:a9:e4:
                    b3:78:e4:1e:ec:30:b3:3e:6d:d6:bd:68:29:c6:3d:
                    7e:1e:86:15:8d:31:e8:57:4e:ae:f0:51:63:88:23:
                    cd:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:19:33:57:C5:47:D0:13:D9:6C:2B:0B:32:2E:CE:93:74:E4:BA:AE
            X509v3 Authority Key Identifier:
                keyid:71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/ZxkzV8VH0BPZbCsLMi7Ok3Tkuq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:6b:e2:79:ae:27:95:40:19:b6:de:65:00:c7:72:13:45:2b:
         81:94:e0:25:44:d6:e1:52:27:98:ea:ee:ea:11:ea:01:e9:bd:
         52:f7:13:e0:1a:d7:f7:47:89:4a:1d:40:9a:30:c2:31:51:0c:
         11:e6:9b:9c:56:7c:14:b4:f9:02:da:b3:8b:eb:04:80:70:65:
         aa:1e:3b:a4:45:ec:bf:9b:03:a3:7e:d8:89:ae:95:59:5c:15:
         68:f7:a7:a9:18:2d:f7:ae:94:df:d6:54:da:2f:39:0d:83:da:
         3d:43:77:ef:1b:41:a5:6e:ee:57:f6:26:d7:ee:e3:ca:ef:2d:
         5d:c0:7e:80:eb:a6:19:63:a5:79:61:8a:c5:74:27:dd:c8:bf:
         e5:57:19:94:e4:94:5a:a1:47:32:58:ac:7a:79:2c:af:c5:50:
         60:8d:15:d2:ad:da:9b:4d:b0:55:78:5e:f6:2b:ed:09:c7:8e:
         c2:c0:b3:51:c3:13:07:3e:a3:ea:c3:95:59:c0:6c:35:90:6f:
         7d:57:8b:d4:5a:48:01:c7:bb:e7:a6:28:bb:0f:92:e9:80:2d:
         14:a2:9f:9a:13:d6:60:2f:ba:5b:4b:b7:6c:3c:a3:c4:09:5e:
         ab:14:1d:c1:e3:2d:95:c6:70:b8:dd:ce:18:e8:01:ac:88:c4:
         0e:5b:4c:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvOVfFxcQXG21Z3zWM3QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxYmRkZWFmMGYzMGZiZGFmOWU3NWI5MmFjN2Q1YmQxM2Yy
ODVkZTcwHhcNMjQwMTAxMDYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzE5MzM1N2M1NDdkMDEzZDk2YzJiMGIzMjJlY2U5Mzc0ZTRiYWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSEkPt1oThy5QNTzFo59ENDCc2wF
hVPZj9c5XCB8IsJ29LUFONEsc9FWSatvWD+TdLfVmXJSJPzO4Ct3GW5PD0bhmu0K
wEW0SaFBh/kjYzFSqeMpgLdpSSlBSLm2zbmy8t3lR18e4hia/yMVXCdovKfcxUpH
OXNt77cpQxmpDiS0EnjjfWrNNE8kPUsDey2vwRCaewLuZJIdegiccl4SDFfXwH8i
J9EkxXYlbvomTFiLzINjsG3SARWsZ1cne1eKNiRkdyAZuN1kqFAcE8BN1sPZXt9g
Qe3u5JaqsIkcqeSzeOQe7DCzPm3WvWgpxj1+HoYVjTHoV06u8FFjiCPNOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcZM1fFR9AT2WwrCzIuzpN05LquMB8GA1UdIwQY
MBaAFHG93q8PMPva+edbkqx9W9E/KF3nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUt
NDc3MjMxMTkxYTM1LzEvWnhrelY4VkgwQlBaYkNzTE1pN09rM1RrdXE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUtNDc3MjMxMTkxYTM1
LzEvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ9cMA0G
CSqGSIb3DQEBCwUAA4IBAQCba+J5rieVQBm23mUAx3ITRSuBlOAlRNbhUieY6u7q
EeoB6b1S9xPgGtf3R4lKHUCaMMIxUQwR5pucVnwUtPkC2rOL6wSAcGWqHjukRey/
mwOjftiJrpVZXBVo96epGC33rpTf1lTaLzkNg9o9Q3fvG0Glbu5X9ibX7uPK7y1d
wH6A66YZY6V5YYrFdCfdyL/lVxmU5JRaoUcyWKx6eSyvxVBgjRXSrdqbTbBVeF72
K+0Jx47CwLNRwxMHPqPqw5VZwGw1kG99V4vUWkgBx7vnpii7D5LpgC0Uop+aE9Zg
L7pbS7dsPKPECV6rFB3B4y2VxnC43c4Y6AGsiMQOW0wx
-----END CERTIFICATE-----