Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/b8bb1a-a88e-4b2f-987f-47015a6077b2/1/zndA9W6BAzjSlxXuY8I-8qkaf7I.roa
File:                     zndA9W6BAzjSlxXuY8I-8qkaf7I.roa (raw, json)
Hash identifier:          RPaLCkecV9u3TeZEtr3QUjAJukxahBGNQnxVGrKG6wY=
Subject key identifier:   CE:77:40:F5:6E:81:03:38:D2:97:15:EE:63:C2:3E:F2:A9:1A:7F:B2
Certificate issuer:       /CN=04248504b54555a9443b02a33d351a902863bb99
Certificate serial:       018CC4251A87202E129C7B9969719457DEB5
Authority key identifier: 04:24:85:04:B5:45:55:A9:44:3B:02:A3:3D:35:1A:90:28:63:BB:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BCSFBLVFValEOwKjPTUakChju5k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/b8bb1a-a88e-4b2f-987f-47015a6077b2/1/zndA9W6BAzjSlxXuY8I-8qkaf7I.roa
Signing time:             Mon 01 Jan 2024 08:30:15 +0000
ROA not before:           Mon 01 Jan 2024 08:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198063
IP address blocks:        194.116.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/b8bb1a-a88e-4b2f-987f-47015a6077b2/1/BCSFBLVFValEOwKjPTUakChju5k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/b8bb1a-a88e-4b2f-987f-47015a6077b2/1/BCSFBLVFValEOwKjPTUakChju5k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BCSFBLVFValEOwKjPTUakChju5k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 19:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:1a:87:20:2e:12:9c:7b:99:69:71:94:57:de:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04248504b54555a9443b02a33d351a902863bb99
        Validity
            Not Before: Jan  1 08:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce7740f56e810338d29715ee63c23ef2a91a7fb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:6d:d3:88:db:9c:86:aa:8b:c3:f7:f3:c7:4f:
                    c7:a7:ea:d2:1d:88:a6:00:99:2c:0d:b1:b5:57:61:
                    16:b9:22:fd:d4:03:9f:40:92:d6:1f:e5:cd:a3:c6:
                    ab:ff:26:3f:1d:87:60:8e:50:01:3f:f6:cd:f9:20:
                    33:03:77:59:0a:0e:92:d4:95:52:3b:c0:aa:ef:cb:
                    d1:86:2d:f2:ff:0a:d6:8b:d9:9e:20:d2:d1:ff:4f:
                    78:c3:bf:6e:5c:91:29:7c:5e:b7:2e:89:7c:c1:64:
                    a3:52:75:45:98:5d:e8:6b:d7:a7:75:07:6d:ee:f3:
                    aa:eb:91:6f:ae:b9:ed:1b:ef:6b:72:bc:8b:8d:fd:
                    5d:1e:1a:b9:82:ef:4f:ca:d4:fb:f8:24:6f:53:ae:
                    d7:89:05:b3:bf:03:7b:10:ca:d3:17:bb:cf:d6:f1:
                    6e:99:eb:f7:73:e4:bd:45:56:39:ef:45:46:0f:26:
                    15:39:95:dc:b2:57:5a:ee:d5:2f:0d:c7:8f:b1:8e:
                    b8:48:8c:62:a5:df:5f:41:a6:c1:85:54:a5:81:af:
                    70:d4:8b:56:78:ab:29:77:e1:74:66:e5:68:fb:b1:
                    e4:42:0b:ed:37:ba:27:cd:0c:e3:8a:c8:62:ff:e8:
                    34:05:3b:11:ac:ed:91:80:05:27:80:cc:2b:83:2e:
                    5a:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:77:40:F5:6E:81:03:38:D2:97:15:EE:63:C2:3E:F2:A9:1A:7F:B2
            X509v3 Authority Key Identifier:
                keyid:04:24:85:04:B5:45:55:A9:44:3B:02:A3:3D:35:1A:90:28:63:BB:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BCSFBLVFValEOwKjPTUakChju5k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/b8bb1a-a88e-4b2f-987f-47015a6077b2/1/zndA9W6BAzjSlxXuY8I-8qkaf7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/b8bb1a-a88e-4b2f-987f-47015a6077b2/1/BCSFBLVFValEOwKjPTUakChju5k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.116.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:68:e1:d9:4c:dc:07:e3:71:76:63:c6:f2:6f:04:52:14:eb:
         04:12:2d:fe:95:95:50:df:46:f1:51:5a:85:23:32:0a:a3:0a:
         24:4f:e8:be:4f:a4:e0:0e:21:79:0b:67:6b:c9:e0:18:e8:a0:
         67:8f:1e:a9:d5:a3:f2:b1:c6:6b:70:d6:72:74:62:16:db:5e:
         18:90:27:86:71:f3:27:b2:70:a5:11:ce:09:a4:77:35:20:a9:
         96:7c:6b:14:4e:ec:35:28:16:61:8f:f8:a8:95:58:2e:13:70:
         0f:d3:23:e4:bf:c5:2b:c9:f3:b4:77:e7:06:b6:1d:1d:3e:f8:
         3f:08:7a:d3:c7:c6:c4:f9:b8:99:c1:7d:40:65:c6:0c:e3:c9:
         65:86:8e:f3:49:b6:d4:a6:51:18:af:24:bc:1a:26:fc:81:3f:
         6b:a9:f2:62:14:57:2f:db:1d:7f:6a:80:7f:65:29:5c:c1:a2:
         f4:2b:19:7a:e2:11:b9:a3:78:1e:a2:28:08:c5:00:09:56:18:
         67:14:7d:b0:d1:19:9b:e0:2c:61:e2:b5:fc:a1:26:9a:52:7e:
         bb:4d:fc:17:2e:0f:80:28:07:86:b5:75:6f:7e:bb:aa:fa:ea:
         6a:01:fd:0e:ab:3c:20:eb:8e:0a:43:e1:55:65:d8:20:df:49:
         a5:82:58:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJRqHIC4SnHuZaXGUV961MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0MjQ4NTA0YjU0NTU1YTk0NDNiMDJhMzNkMzUxYTkwMjg2
M2JiOTkwHhcNMjQwMTAxMDgzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTc3NDBmNTZlODEwMzM4ZDI5NzE1ZWU2M2MyM2VmMmE5MWE3ZmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp23TiNuchqqLw/fzx0/Hp+rSHYim
AJksDbG1V2EWuSL91AOfQJLWH+XNo8ar/yY/HYdgjlABP/bN+SAzA3dZCg6S1JVS
O8Cq78vRhi3y/wrWi9meINLR/094w79uXJEpfF63Lol8wWSjUnVFmF3oa9endQdt
7vOq65FvrrntG+9rcryLjf1dHhq5gu9PytT7+CRvU67XiQWzvwN7EMrTF7vP1vFu
mev3c+S9RVY570VGDyYVOZXcslda7tUvDcePsY64SIxipd9fQabBhVSlga9w1ItW
eKspd+F0ZuVo+7HkQgvtN7onzQzjishi/+g0BTsRrO2RgAUngMwrgy5aBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM53QPVugQM40pcV7mPCPvKpGn+yMB8GA1UdIwQY
MBaAFAQkhQS1RVWpRDsCoz01GpAoY7uZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkNTRkJMVkZWYWxFT3dLalBUVWFrQ2hqdTVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9iOGJiMWEtYTg4ZS00YjJmLTk4N2Yt
NDcwMTVhNjA3N2IyLzEvem5kQTlXNkJBempTbHhYdVk4SS04cWthZjdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9iOGJiMWEtYTg4ZS00YjJmLTk4N2YtNDcwMTVhNjA3N2Iy
LzEvQkNTRkJMVkZWYWxFT3dLalBUVWFrQ2hqdTVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnSnMA0G
CSqGSIb3DQEBCwUAA4IBAQAYaOHZTNwH43F2Y8bybwRSFOsEEi3+lZVQ30bxUVqF
IzIKowokT+i+T6TgDiF5C2dryeAY6KBnjx6p1aPyscZrcNZydGIW214YkCeGcfMn
snClEc4JpHc1IKmWfGsUTuw1KBZhj/iolVguE3AP0yPkv8UryfO0d+cGth0dPvg/
CHrTx8bE+biZwX1AZcYM48llho7zSbbUplEYryS8Gib8gT9rqfJiFFcv2x1/aoB/
ZSlcwaL0Kxl64hG5o3geoigIxQAJVhhnFH2w0Rmb4Cxh4rX8oSaaUn67TfwXLg+A
KAeGtXVvfruq+upqAf0Oqzwg644KQ+FVZdgg30mlgljL
-----END CERTIFICATE-----