Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/ZO5WAngxOFjjh8ffeK72awuOG40.roa
File:                     ZO5WAngxOFjjh8ffeK72awuOG40.roa (raw, json)
Hash identifier:          o1Lq0zR7+vTAYaclEorK9ppkvnu95lt+4vozeglOMcw=
Subject key identifier:   64:EE:56:02:78:31:38:58:E3:87:C7:DF:78:AE:F6:6B:0B:8E:1B:8D
Certificate issuer:       /CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
Certificate serial:       019286AD399191B03428F502A258C6969722
Authority key identifier: F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/ZO5WAngxOFjjh8ffeK72awuOG40.roa
Signing time:             Sun 13 Oct 2024 16:19:12 +0000
ROA not before:           Sun 13 Oct 2024 16:19:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30058
IP address blocks:        193.160.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:86:ad:39:91:91:b0:34:28:f5:02:a2:58:c6:96:97:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
        Validity
            Not Before: Oct 13 16:19:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64ee560278313858e387c7df78aef66b0b8e1b8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:34:43:a3:bc:b0:31:d3:40:51:2c:30:39:d9:
                    4a:d1:c4:61:8c:d7:3f:37:f7:fc:61:69:2d:3b:78:
                    6a:c3:91:89:ba:5f:d1:a7:22:af:32:c2:eb:c7:30:
                    dc:51:fd:eb:b3:35:c8:da:79:aa:1c:06:a4:f6:d7:
                    56:72:cf:fc:38:23:b1:57:75:b1:8d:ae:6d:f5:bb:
                    54:67:2e:67:48:6b:f8:a1:f9:26:ce:cc:0f:f5:46:
                    db:69:b3:15:d2:ca:2b:15:68:cb:f3:96:38:f3:8d:
                    bf:2e:30:02:4d:f2:13:3f:04:27:db:29:bb:b1:71:
                    9c:d2:14:b7:fe:94:eb:24:38:bb:82:9b:82:b3:8b:
                    ab:db:59:fa:ba:3f:f8:57:62:f2:89:3d:ad:56:f1:
                    a7:6e:e6:81:dc:8e:61:b7:68:67:a4:6b:86:f8:8c:
                    43:83:b0:d8:7c:03:09:37:4a:42:e7:55:02:90:1d:
                    e3:c0:92:af:f9:2f:69:0d:1c:56:af:30:d8:b8:08:
                    42:fb:b4:5a:e3:5c:76:54:56:c8:4a:69:3a:c9:4b:
                    a6:c0:a8:7b:17:3b:15:f1:f2:fb:ef:83:b0:f6:61:
                    0e:65:e7:39:69:fe:8b:c9:57:ac:30:26:00:98:96:
                    39:b7:35:6d:39:4f:1e:0d:fc:c0:77:23:65:16:0e:
                    c4:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:EE:56:02:78:31:38:58:E3:87:C7:DF:78:AE:F6:6B:0B:8E:1B:8D
            X509v3 Authority Key Identifier:
                keyid:F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/ZO5WAngxOFjjh8ffeK72awuOG40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:b6:00:b9:3f:16:c7:a7:4a:b4:a3:97:ff:32:08:69:67:3f:
         d2:46:f5:31:dc:55:0e:b9:c1:e6:e3:02:23:30:0f:8e:3c:98:
         ae:f9:76:18:6a:a9:73:9a:cc:46:f5:b3:1c:82:4b:ac:f3:85:
         78:6c:4e:df:b2:7e:5f:a8:2e:be:63:55:5a:7d:86:99:c5:e9:
         35:5e:6d:5a:83:73:c9:a2:3c:8f:e9:be:f6:8d:81:8a:bd:e4:
         22:c6:9c:32:b3:22:c2:09:02:71:2b:79:20:73:40:23:06:2d:
         50:c4:a4:aa:31:d6:be:6b:86:e6:f3:0a:0c:19:54:81:5b:15:
         c7:7d:3b:9a:6c:67:6b:47:e6:b5:5c:f2:9c:68:e2:a8:81:59:
         d2:cb:13:46:b6:75:44:7d:4b:11:14:96:a8:eb:6f:30:1f:d0:
         41:11:f9:f2:8c:40:5a:4f:46:16:87:6a:92:b2:4d:15:c5:36:
         97:f8:f4:75:66:66:3f:b2:69:08:9c:23:e3:d5:9d:b2:ab:f9:
         63:69:97:5c:3d:c3:91:d9:5a:a4:51:ed:7c:3e:6a:ba:ed:c1:
         94:64:cd:65:d4:07:aa:29:92:41:1e:90:9c:93:e6:af:37:6a:
         cf:4d:33:53:c0:e8:27:05:02:bd:24:9e:28:22:2a:71:d9:c0:
         5b:5e:bd:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKGrTmRkbA0KPUColjGlpciMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZDA4YTFlMWNiYzkwOTI1NGU5ZTZiOWM5MzlmZDg1YTI2
OGIxZTEwHhcNMjQxMDEzMTYxOTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGVlNTYwMjc4MzEzODU4ZTM4N2M3ZGY3OGFlZjY2YjBiOGUxYjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzRDo7ywMdNAUSwwOdlK0cRhjNc/
N/f8YWktO3hqw5GJul/RpyKvMsLrxzDcUf3rszXI2nmqHAak9tdWcs/8OCOxV3Wx
ja5t9btUZy5nSGv4ofkmzswP9UbbabMV0sorFWjL85Y4842/LjACTfITPwQn2ym7
sXGc0hS3/pTrJDi7gpuCs4ur21n6uj/4V2LyiT2tVvGnbuaB3I5ht2hnpGuG+IxD
g7DYfAMJN0pC51UCkB3jwJKv+S9pDRxWrzDYuAhC+7Ra41x2VFbISmk6yUumwKh7
FzsV8fL774Ow9mEOZec5af6LyVesMCYAmJY5tzVtOU8eDfzAdyNlFg7EGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGTuVgJ4MThY44fH33iu9msLjhuNMB8GA1UdIwQY
MBaAFPTQih4cvJCSVOnmuck5/YWiaLHhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2Ut
ZGNlOTQ3ZTI5NGI2LzEvWk81V0FuZ3hPRmpqaDhmZmVLNzJhd3VPRzQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2UtZGNlOTQ3ZTI5NGI2
LzEvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaAVMA0G
CSqGSIb3DQEBCwUAA4IBAQCftgC5PxbHp0q0o5f/MghpZz/SRvUx3FUOucHm4wIj
MA+OPJiu+XYYaqlzmsxG9bMcgkus84V4bE7fsn5fqC6+Y1VafYaZxek1Xm1ag3PJ
ojyP6b72jYGKveQixpwysyLCCQJxK3kgc0AjBi1QxKSqMda+a4bm8woMGVSBWxXH
fTuabGdrR+a1XPKcaOKogVnSyxNGtnVEfUsRFJao628wH9BBEfnyjEBaT0YWh2qS
sk0VxTaX+PR1ZmY/smkInCPj1Z2yq/ljaZdcPcOR2VqkUe18Pmq67cGUZM1l1Aeq
KZJBHpCck+avN2rPTTNTwOgnBQK9JJ4oIipx2cBbXr39
-----END CERTIFICATE-----