Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/9786da-1f4c-408c-b202-00d2fac5f010/1/ZJRZosDYC3cC_G8gCBZWZvgIhB4.roa
File:                     ZJRZosDYC3cC_G8gCBZWZvgIhB4.roa (raw, json)
Hash identifier:          Xr9KQrOcLlbYCphMxrllusjJzp/LvzgenWK27GvHZMI=
Subject key identifier:   64:94:59:A2:C0:D8:0B:77:02:FC:6F:20:08:16:56:66:F8:08:84:1E
Certificate issuer:       /CN=5e67660af7523c61b7f95d08488d583e9d514f6b
Certificate serial:       018CC5DC4E6A86C9C94B26189C001AEA979C
Authority key identifier: 5E:67:66:0A:F7:52:3C:61:B7:F9:5D:08:48:8D:58:3E:9D:51:4F:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XmdmCvdSPGG3-V0ISI1YPp1RT2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/9786da-1f4c-408c-b202-00d2fac5f010/1/ZJRZosDYC3cC_G8gCBZWZvgIhB4.roa
Signing time:             Mon 01 Jan 2024 16:29:58 +0000
ROA not before:           Mon 01 Jan 2024 16:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56971
IP address blocks:        185.31.200.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/9786da-1f4c-408c-b202-00d2fac5f010/1/XmdmCvdSPGG3-V0ISI1YPp1RT2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/9786da-1f4c-408c-b202-00d2fac5f010/1/XmdmCvdSPGG3-V0ISI1YPp1RT2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XmdmCvdSPGG3-V0ISI1YPp1RT2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:4e:6a:86:c9:c9:4b:26:18:9c:00:1a:ea:97:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e67660af7523c61b7f95d08488d583e9d514f6b
        Validity
            Not Before: Jan  1 16:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=649459a2c0d80b7702fc6f2008165666f808841e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d5:8a:2e:c2:fe:7e:3e:6c:6d:ce:8b:2b:48:
                    be:d6:70:e9:1c:00:f4:75:89:68:c7:5c:6f:0d:87:
                    0c:92:c8:ef:76:7a:bd:f9:36:86:4c:56:10:02:20:
                    1e:cb:04:e0:b8:e7:10:3a:c2:93:1e:85:e8:52:85:
                    c0:16:1a:80:5b:b4:fb:e6:04:ca:94:c9:1a:ce:04:
                    2b:01:5c:e1:43:39:ab:91:4f:d5:e1:14:33:81:e1:
                    d4:e5:b0:32:2e:27:f5:46:e0:5c:ec:84:e3:fb:a7:
                    70:93:91:41:a8:13:8a:f9:f0:22:c2:f2:14:ac:6c:
                    d5:71:f1:f8:74:e7:2d:f7:9f:09:dc:28:7b:4a:20:
                    ba:70:8b:be:d3:8b:72:0f:a6:24:96:8e:06:e4:fd:
                    e4:f5:03:7a:28:97:4f:97:41:dd:5d:ab:8f:72:5e:
                    39:91:23:65:4c:c4:f5:a4:57:8a:f4:5d:14:ad:62:
                    5b:bd:e0:50:8c:f6:0f:19:f2:86:02:d8:06:f4:ba:
                    70:bd:88:4c:7b:4b:43:58:2d:3d:23:86:dd:80:4c:
                    f4:12:c4:be:97:90:75:ab:1b:15:f8:db:96:28:df:
                    52:3f:57:3f:15:bb:b0:cd:0d:53:89:bb:15:ca:40:
                    07:f9:3f:0e:da:96:30:f9:ca:50:f7:d7:69:a6:d8:
                    a5:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:94:59:A2:C0:D8:0B:77:02:FC:6F:20:08:16:56:66:F8:08:84:1E
            X509v3 Authority Key Identifier:
                keyid:5E:67:66:0A:F7:52:3C:61:B7:F9:5D:08:48:8D:58:3E:9D:51:4F:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XmdmCvdSPGG3-V0ISI1YPp1RT2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9786da-1f4c-408c-b202-00d2fac5f010/1/ZJRZosDYC3cC_G8gCBZWZvgIhB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9786da-1f4c-408c-b202-00d2fac5f010/1/XmdmCvdSPGG3-V0ISI1YPp1RT2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.31.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:a8:04:4b:ee:0a:ef:92:f8:03:94:43:1e:30:62:6b:6d:7f:
         ef:20:df:04:77:32:6a:41:9f:d3:f3:a2:db:d8:e5:b9:ae:5f:
         f1:39:51:4d:f2:8d:7c:a9:da:e2:11:1b:8a:2b:22:fa:f4:6a:
         fe:d9:7c:7e:bd:c3:5c:e9:5d:08:f6:ef:93:52:bb:f5:d6:31:
         10:98:e7:83:19:ca:95:12:6d:e7:e9:39:c7:f4:20:af:a3:da:
         41:67:fb:44:de:1d:2f:d4:58:18:76:87:23:82:1e:76:62:7c:
         56:f4:4a:3c:5f:0d:d4:d6:52:56:dd:c7:b0:f8:f7:00:87:b1:
         91:1b:9c:a9:85:1a:ed:29:bc:31:e0:a7:29:51:d9:78:5e:6b:
         54:7a:ba:6d:de:01:45:72:0a:26:7c:b9:a5:1d:26:1f:44:56:
         30:54:fb:92:c4:89:f0:1e:a0:61:41:0a:75:e5:cc:b3:55:d8:
         3a:9b:3d:62:7a:c0:9f:c3:f8:c6:ee:e8:16:26:35:21:c4:a3:
         a0:7c:b9:c2:29:af:81:13:d2:69:e8:dc:80:b0:b4:72:d2:b0:
         52:65:fc:c7:cc:16:04:52:a7:1d:9f:0d:af:2c:d8:c9:0c:dc:
         d4:58:10:05:f9:ba:8a:ad:15:2d:84:20:78:0d:9a:63:b6:b4:
         b4:0c:b2:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3E5qhsnJSyYYnAAa6pecMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNjc2NjBhZjc1MjNjNjFiN2Y5NWQwODQ4OGQ1ODNlOWQ1
MTRmNmIwHhcNMjQwMTAxMTYyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDk0NTlhMmMwZDgwYjc3MDJmYzZmMjAwODE2NTY2NmY4MDg4NDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNWKLsL+fj5sbc6LK0i+1nDpHAD0
dYlox1xvDYcMksjvdnq9+TaGTFYQAiAeywTguOcQOsKTHoXoUoXAFhqAW7T75gTK
lMkazgQrAVzhQzmrkU/V4RQzgeHU5bAyLif1RuBc7ITj+6dwk5FBqBOK+fAiwvIU
rGzVcfH4dOct958J3Ch7SiC6cIu+04tyD6Yklo4G5P3k9QN6KJdPl0HdXauPcl45
kSNlTMT1pFeK9F0UrWJbveBQjPYPGfKGAtgG9LpwvYhMe0tDWC09I4bdgEz0EsS+
l5B1qxsV+NuWKN9SP1c/FbuwzQ1TibsVykAH+T8O2pYw+cpQ99dpptilmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGSUWaLA2At3AvxvIAgWVmb4CIQeMB8GA1UdIwQY
MBaAFF5nZgr3Ujxht/ldCEiNWD6dUU9rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG1kbUN2ZFNQR0czLVYwSVNJMVlQcDFSVDJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85Nzg2ZGEtMWY0Yy00MDhjLWIyMDIt
MDBkMmZhYzVmMDEwLzEvWkpSWm9zRFlDM2NDX0c4Z0NCWldadmdJaEI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85Nzg2ZGEtMWY0Yy00MDhjLWIyMDItMDBkMmZhYzVmMDEw
LzEvWG1kbUN2ZFNQR0czLVYwSVNJMVlQcDFSVDJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuR/IMA0G
CSqGSIb3DQEBCwUAA4IBAQAeqARL7grvkvgDlEMeMGJrbX/vIN8EdzJqQZ/T86Lb
2OW5rl/xOVFN8o18qdriERuKKyL69Gr+2Xx+vcNc6V0I9u+TUrv11jEQmOeDGcqV
Em3n6TnH9CCvo9pBZ/tE3h0v1FgYdocjgh52YnxW9Eo8Xw3U1lJW3cew+PcAh7GR
G5yphRrtKbwx4KcpUdl4XmtUerpt3gFFcgomfLmlHSYfRFYwVPuSxInwHqBhQQp1
5cyzVdg6mz1iesCfw/jG7ugWJjUhxKOgfLnCKa+BE9Jp6NyAsLRy0rBSZfzHzBYE
Uqcdnw2vLNjJDNzUWBAF+bqKrRUthCB4DZpjtrS0DLJV
-----END CERTIFICATE-----