Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/Zn7JyPRua3Wdd0m60C4hHBDjZyA.roa
File:                     Zn7JyPRua3Wdd0m60C4hHBDjZyA.roa (raw, json)
Hash identifier:          uFXqh8pRxF2h+vAZsuZRvWLFtGWaj8YcZ3N2PRUm6AA=
Subject key identifier:   66:7E:C9:C8:F4:6E:6B:75:9D:77:49:BA:D0:2E:21:1C:10:E3:67:20
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       018CC94E0C852169766CC5A9B54C64A0AFCF
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/Zn7JyPRua3Wdd0m60C4hHBDjZyA.roa
Signing time:             Tue 02 Jan 2024 08:33:04 +0000
ROA not before:           Tue 02 Jan 2024 08:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213088
IP address blocks:        195.187.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:0c:85:21:69:76:6c:c5:a9:b5:4c:64:a0:af:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  2 08:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=667ec9c8f46e6b759d7749bad02e211c10e36720
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:95:1d:f4:41:a5:23:54:cb:88:22:ff:89:2d:
                    8c:5c:51:48:16:cc:3e:02:47:23:b3:92:fd:17:a8:
                    81:ca:4f:c7:ad:5f:ed:1e:07:3b:7a:a6:01:26:71:
                    8b:d7:06:af:bb:74:7b:dd:30:ce:22:2a:3e:fb:00:
                    ce:7e:49:52:e7:50:af:2f:60:dc:84:a2:d5:f3:2c:
                    ce:25:59:9f:ac:72:ec:c9:05:ef:1c:a2:5d:c0:86:
                    d2:05:fa:56:c4:f2:76:d0:0e:5d:76:63:bb:0d:dd:
                    82:74:3a:ca:f9:b0:d5:b3:58:d2:2a:6b:03:54:7f:
                    3b:d9:a5:42:c6:8d:09:83:29:49:a7:12:3d:41:b1:
                    ee:dd:a2:c5:b0:69:4b:f6:a3:e5:0b:a6:14:8a:33:
                    27:7e:7c:a2:0d:a1:ea:6e:5d:6d:cd:0e:9f:82:86:
                    f0:34:60:e0:68:ff:fb:f4:5a:74:56:bb:d9:ce:6a:
                    a2:e7:7d:e4:2f:2b:35:5b:6e:7e:b8:62:ad:60:85:
                    f2:59:33:68:04:93:89:11:ac:50:9f:35:89:aa:e5:
                    10:08:d4:ad:56:e7:4d:18:bb:78:71:1a:7e:f9:15:
                    4e:58:2d:5a:56:8a:43:f1:67:7b:a2:d8:34:f9:26:
                    a1:50:38:77:26:f0:54:b6:b9:71:28:6f:54:22:11:
                    3a:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:7E:C9:C8:F4:6E:6B:75:9D:77:49:BA:D0:2E:21:1C:10:E3:67:20
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/Zn7JyPRua3Wdd0m60C4hHBDjZyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.187.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:5f:29:46:ea:d1:2d:02:fe:80:93:84:85:15:d1:b8:2f:80:
         25:fd:ed:91:f1:9c:04:6b:67:03:37:59:ef:a6:05:55:36:7e:
         a8:b5:07:56:29:27:f5:ae:b8:04:1c:0d:b5:15:47:8a:6a:43:
         3c:ed:1e:8f:26:be:9a:27:4e:11:9e:6b:47:29:fc:8b:dd:22:
         b0:38:6d:88:96:03:61:72:c3:11:24:66:38:2f:50:4d:10:7c:
         9c:92:53:5c:ad:89:e7:af:be:4c:89:89:eb:d5:5c:bd:4c:f5:
         8f:15:99:2d:9e:a7:c5:fe:27:ba:09:1c:91:17:ea:54:e1:cd:
         7c:10:15:81:53:e0:57:c4:ef:1a:26:6f:62:b1:af:0b:eb:2e:
         bf:0c:6b:26:85:96:23:43:59:99:ac:76:6f:34:83:0f:dc:20:
         c9:cd:72:16:2d:8b:43:fd:71:e4:b0:1c:37:eb:da:7e:bb:0d:
         7f:10:a6:03:2d:77:e3:7b:ec:8c:ae:14:8d:af:8e:ed:1f:2b:
         db:d6:91:de:16:5e:d2:3e:36:ad:da:59:e6:ab:58:ef:7b:ff:
         5e:bf:de:cb:ee:2d:79:c6:e2:0c:c7:25:31:50:ac:8a:cb:6a:
         7a:e2:ea:6b:ed:88:af:7e:dd:09:e4:3a:4e:d5:70:3b:29:95:
         5c:63:a7:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTgyFIWl2bMWptUxkoK/PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjQwMTAyMDgzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjdlYzljOGY0NmU2Yjc1OWQ3NzQ5YmFkMDJlMjExYzEwZTM2NzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJUd9EGlI1TLiCL/iS2MXFFIFsw+
Akcjs5L9F6iByk/HrV/tHgc7eqYBJnGL1wavu3R73TDOIio++wDOfklS51CvL2Dc
hKLV8yzOJVmfrHLsyQXvHKJdwIbSBfpWxPJ20A5ddmO7Dd2CdDrK+bDVs1jSKmsD
VH872aVCxo0JgylJpxI9QbHu3aLFsGlL9qPlC6YUijMnfnyiDaHqbl1tzQ6fgobw
NGDgaP/79Fp0VrvZzmqi533kLys1W25+uGKtYIXyWTNoBJOJEaxQnzWJquUQCNSt
VudNGLt4cRp++RVOWC1aVopD8Wd7otg0+SahUDh3JvBUtrlxKG9UIhE6cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGZ+ycj0bmt1nXdJutAuIRwQ42cgMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvWm43SnlQUnVhM1dkZDBtNjBDNGhIQkRqWnlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7tMMA0G
CSqGSIb3DQEBCwUAA4IBAQB2XylG6tEtAv6Ak4SFFdG4L4Al/e2R8ZwEa2cDN1nv
pgVVNn6otQdWKSf1rrgEHA21FUeKakM87R6PJr6aJ04RnmtHKfyL3SKwOG2IlgNh
csMRJGY4L1BNEHycklNcrYnnr75MiYnr1Vy9TPWPFZktnqfF/ie6CRyRF+pU4c18
EBWBU+BXxO8aJm9isa8L6y6/DGsmhZYjQ1mZrHZvNIMP3CDJzXIWLYtD/XHksBw3
69p+uw1/EKYDLXfje+yMrhSNr47tHyvb1pHeFl7SPjat2lnmq1jve/9ev97L7i15
xuIMxyUxUKyKy2p64upr7Yivft0J5DpO1XA7KZVcY6dM
-----END CERTIFICATE-----