Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/z30mmAakad7KGUdc6lXg1rISWEU.roa
File:                     z30mmAakad7KGUdc6lXg1rISWEU.roa (raw, json)
Hash identifier:          cUpZExmFjHnCOmSnxWi+5dEqTain1jvFEq5UpeK2ESg=
Subject key identifier:   CF:7D:26:98:06:A4:69:DE:CA:19:47:5C:EA:55:E0:D6:B2:12:58:45
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       018E9D4BA943F7F5B2EF7395502B5A21CF16
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/z30mmAakad7KGUdc6lXg1rISWEU.roa
Signing time:             Tue 02 Apr 2024 05:32:45 +0000
ROA not before:           Tue 02 Apr 2024 05:32:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.126.156.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9d:4b:a9:43:f7:f5:b2:ef:73:95:50:2b:5a:21:cf:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Apr  2 05:32:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf7d269806a469deca19475cea55e0d6b2125845
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:20:76:d2:6d:ad:0b:f1:9d:c6:9b:6b:ce:6a:
                    f7:e1:17:4c:66:9e:ec:3d:c9:f3:7a:b6:29:e6:a4:
                    2b:30:47:90:3c:f5:0f:ea:a4:cb:5d:31:f3:0d:a5:
                    e3:7d:36:87:b0:5c:41:5b:66:c5:f4:fd:25:5d:0e:
                    98:44:96:3d:9f:76:14:df:34:ce:df:03:54:41:01:
                    8e:2c:2c:a5:20:05:ea:b4:7f:cc:dd:f2:4d:3e:1d:
                    f8:7b:17:8f:fa:01:48:cd:11:1e:cd:8b:e2:f8:12:
                    c0:7f:e2:02:a8:f6:e7:fb:05:d8:69:f7:5a:f3:f1:
                    cd:66:e1:42:87:7a:13:7d:03:84:c5:aa:61:53:39:
                    e9:0e:4a:d1:70:28:7e:23:7c:1c:b0:ab:9e:bd:6a:
                    83:e7:ad:81:0f:bb:72:c3:56:8c:50:a1:b2:9b:a9:
                    1c:65:f3:53:7d:d1:1c:0e:b1:2f:34:28:c8:d1:64:
                    ca:28:a4:04:93:f7:7b:56:59:5a:ad:e9:9b:03:97:
                    5f:36:43:0d:df:e8:5a:78:80:02:bf:ec:70:37:a1:
                    03:eb:44:8e:e9:4c:06:04:2d:1c:25:a3:a0:02:02:
                    25:89:ea:ed:4d:e3:61:51:39:be:a7:c4:2e:28:2b:
                    d7:57:15:6f:25:85:00:03:83:4b:13:5b:f7:42:a8:
                    e4:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:7D:26:98:06:A4:69:DE:CA:19:47:5C:EA:55:E0:D6:B2:12:58:45
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/z30mmAakad7KGUdc6lXg1rISWEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4f:0f:71:cb:eb:68:33:b5:11:00:e5:de:13:68:73:b6:e3:a7:
         19:08:42:45:92:da:a7:33:34:9f:52:75:39:cb:6c:83:64:3b:
         cd:96:97:8f:9a:ff:8d:b5:3d:38:09:35:5d:a9:9d:9b:b1:45:
         f3:ec:ee:4d:66:4e:83:ac:1a:67:c7:d9:31:23:4d:10:62:b3:
         84:55:92:90:9b:c9:7d:f3:f9:de:73:4f:4a:21:bb:b8:43:6c:
         d7:bf:6b:ad:7e:43:0a:99:b0:d1:cd:94:0a:77:67:0f:7c:93:
         34:82:09:76:0b:cd:ff:96:89:60:d0:7c:0e:83:43:29:34:cc:
         37:81:49:88:2f:40:c4:41:51:1d:38:83:d6:a2:12:c3:3f:6a:
         d7:ff:41:5e:15:5c:52:f1:ee:e4:fa:5a:dc:8e:22:5b:54:16:
         af:fa:ee:33:8e:71:68:51:8d:39:c9:aa:6e:e4:97:0e:cc:1c:
         97:53:dd:bc:38:30:05:94:93:69:44:48:5c:08:a0:46:6d:fd:
         3b:f5:dc:99:1c:54:c0:6e:a0:e8:f0:0d:d5:b4:63:bd:17:61:
         63:71:17:78:0e:93:6d:0e:d4:06:71:9f:86:7e:58:b2:93:3e:
         ad:7d:9c:b4:f3:ec:ff:2f:19:e4:44:75:81:2b:ec:13:e3:6f:
         21:8d:04:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6dS6lD9/Wy73OVUCtaIc8WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjQwNDAyMDUzMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjdkMjY5ODA2YTQ2OWRlY2ExOTQ3NWNlYTU1ZTBkNmIyMTI1ODQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCB20m2tC/Gdxptrzmr34RdMZp7s
PcnzerYp5qQrMEeQPPUP6qTLXTHzDaXjfTaHsFxBW2bF9P0lXQ6YRJY9n3YU3zTO
3wNUQQGOLCylIAXqtH/M3fJNPh34exeP+gFIzREezYvi+BLAf+ICqPbn+wXYafda
8/HNZuFCh3oTfQOExaphUznpDkrRcCh+I3wcsKuevWqD562BD7tyw1aMUKGym6kc
ZfNTfdEcDrEvNCjI0WTKKKQEk/d7VllarembA5dfNkMN3+haeIACv+xwN6ED60SO
6UwGBC0cJaOgAgIliertTeNhUTm+p8QuKCvXVxVvJYUAA4NLE1v3QqjkDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM99JpgGpGneyhlHXOpV4NayElhFMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvejMwbW1BYWthZDdLR1VkYzZsWGcxcklTV0VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuX6cMA0G
CSqGSIb3DQEBCwUAA4IBAQBPD3HL62gztREA5d4TaHO246cZCEJFktqnMzSfUnU5
y2yDZDvNlpePmv+NtT04CTVdqZ2bsUXz7O5NZk6DrBpnx9kxI00QYrOEVZKQm8l9
8/nec09KIbu4Q2zXv2utfkMKmbDRzZQKd2cPfJM0ggl2C83/lolg0HwOg0MpNMw3
gUmIL0DEQVEdOIPWohLDP2rX/0FeFVxS8e7k+lrcjiJbVBav+u4zjnFoUY05yapu
5JcOzByXU928ODAFlJNpREhcCKBGbf079dyZHFTAbqDo8A3VtGO9F2FjcRd4DpNt
DtQGcZ+Gfliykz6tfZy08+z/LxnkRHWBK+wT428hjQSF
-----END CERTIFICATE-----