Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/d7e660-6912-4380-ab4f-718b9c40fd25/1/ZHNuON2tR0MdUcsPnsqA3NxWKzE.roa
File:                     ZHNuON2tR0MdUcsPnsqA3NxWKzE.roa (raw, json)
Hash identifier:          crZh1I2c9Idzn5Q+hoDLEi0jmWhjqfpMxaODiO32DLg=
Subject key identifier:   64:73:6E:38:DD:AD:47:43:1D:51:CB:0F:9E:CA:80:DC:DC:56:2B:31
Certificate issuer:       /CN=cf2eee78a0084d831de1a2500183e16489516ccf
Certificate serial:       018CC3491C3C1BE8223533F22C8C3DC430FF
Authority key identifier: CF:2E:EE:78:A0:08:4D:83:1D:E1:A2:50:01:83:E1:64:89:51:6C:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zy7ueKAITYMd4aJQAYPhZIlRbM8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/d7e660-6912-4380-ab4f-718b9c40fd25/1/ZHNuON2tR0MdUcsPnsqA3NxWKzE.roa
Signing time:             Mon 01 Jan 2024 04:29:57 +0000
ROA not before:           Mon 01 Jan 2024 04:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211215
IP address blocks:        45.95.8.0/24 maxlen: 24
                          2a0c:3300::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/d7e660-6912-4380-ab4f-718b9c40fd25/1/zy7ueKAITYMd4aJQAYPhZIlRbM8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/d7e660-6912-4380-ab4f-718b9c40fd25/1/zy7ueKAITYMd4aJQAYPhZIlRbM8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zy7ueKAITYMd4aJQAYPhZIlRbM8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:1c:3c:1b:e8:22:35:33:f2:2c:8c:3d:c4:30:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf2eee78a0084d831de1a2500183e16489516ccf
        Validity
            Not Before: Jan  1 04:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64736e38ddad47431d51cb0f9eca80dcdc562b31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:80:dd:e0:76:cb:c1:32:d9:3f:a7:57:74:64:
                    8f:a2:71:c7:7e:17:7c:44:63:2c:ee:9a:40:35:aa:
                    52:e3:1c:45:fa:7f:25:b0:e9:f4:d4:fb:32:b6:f0:
                    d0:b5:d9:25:7e:86:21:03:9c:0f:17:99:f9:90:4d:
                    4b:7c:67:24:c4:58:89:4f:a1:d6:53:52:d5:cb:c3:
                    eb:53:6c:65:1b:9f:7f:46:ad:ac:aa:e3:2c:ba:41:
                    d2:42:2b:71:f9:e8:43:f9:d1:31:52:eb:ed:23:e4:
                    87:88:17:e1:2a:06:2b:b6:d0:aa:f0:66:3f:48:25:
                    85:54:cc:c0:a5:de:6e:ce:43:c2:11:7c:93:0f:03:
                    d0:7c:70:8e:26:c2:9f:a1:e7:98:ae:56:90:3b:f1:
                    0d:2e:df:ae:42:f0:29:d6:0a:d4:78:29:0a:8c:e7:
                    5a:51:d7:72:fc:ff:99:8a:53:c5:b5:f0:9d:dc:40:
                    36:3a:35:1f:39:03:5d:6e:2e:dd:29:af:ee:32:98:
                    ab:67:64:ae:6f:a8:f5:67:bc:84:b3:80:97:16:f3:
                    f9:b9:c3:48:23:17:76:ee:f8:a9:9d:b1:37:68:e4:
                    14:f1:77:e1:53:01:eb:b9:13:ab:cf:0b:4e:90:99:
                    02:21:62:c4:33:ba:73:82:bb:fb:ba:b4:11:ce:32:
                    63:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:73:6E:38:DD:AD:47:43:1D:51:CB:0F:9E:CA:80:DC:DC:56:2B:31
            X509v3 Authority Key Identifier:
                keyid:CF:2E:EE:78:A0:08:4D:83:1D:E1:A2:50:01:83:E1:64:89:51:6C:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zy7ueKAITYMd4aJQAYPhZIlRbM8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d7e660-6912-4380-ab4f-718b9c40fd25/1/ZHNuON2tR0MdUcsPnsqA3NxWKzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d7e660-6912-4380-ab4f-718b9c40fd25/1/zy7ueKAITYMd4aJQAYPhZIlRbM8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.8.0/24
                IPv6:
                  2a0c:3300::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:5c:5c:d5:ef:c5:c5:14:4a:ae:9b:f7:92:dd:a0:8c:64:14:
         e2:1b:e6:3a:bd:03:66:20:1a:d3:4f:6f:b3:c8:2e:07:de:20:
         18:3f:dc:18:73:8c:39:6e:a7:36:b1:fe:24:6e:e6:d9:a6:df:
         1b:ed:f0:df:6c:11:b0:f4:e4:4a:5d:f9:34:97:51:37:aa:e0:
         1c:c5:5c:6a:20:ab:fe:a0:f5:41:e3:80:98:b1:3c:b5:18:7c:
         04:b7:26:b8:14:53:4d:4a:b0:4f:8d:17:67:50:b7:61:db:9e:
         50:db:8c:57:8a:c2:eb:10:37:e9:b8:14:c3:27:76:96:81:28:
         be:54:66:60:3f:86:84:9a:84:a2:dc:7a:13:3a:b6:13:96:be:
         0e:e0:fd:d9:fc:63:4b:36:4b:32:f4:e0:95:1f:b3:2c:26:92:
         22:d8:a4:5b:27:43:df:b1:23:4b:51:34:0b:36:ba:a0:7d:07:
         b5:c4:6b:cd:76:4b:79:aa:f0:f1:33:5a:f7:6c:51:48:f0:39:
         98:8b:10:6c:c3:5c:65:80:3b:cd:ed:a7:66:f9:84:0c:bc:61:
         a6:49:20:8e:54:50:ba:cd:87:b2:db:e0:db:cb:fe:15:76:53:
         b9:e7:60:01:e1:c8:00:8d:77:98:52:45:8c:d5:1b:59:22:36:
         a4:0e:88:b4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSRw8G+giNTPyLIw9xDD/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMmVlZTc4YTAwODRkODMxZGUxYTI1MDAxODNlMTY0ODk1
MTZjY2YwHhcNMjQwMTAxMDQyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDczNmUzOGRkYWQ0NzQzMWQ1MWNiMGY5ZWNhODBkY2RjNTYyYjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4Dd4HbLwTLZP6dXdGSPonHHfhd8
RGMs7ppANapS4xxF+n8lsOn01PsytvDQtdklfoYhA5wPF5n5kE1LfGckxFiJT6HW
U1LVy8PrU2xlG59/Rq2squMsukHSQitx+ehD+dExUuvtI+SHiBfhKgYrttCq8GY/
SCWFVMzApd5uzkPCEXyTDwPQfHCOJsKfoeeYrlaQO/ENLt+uQvAp1grUeCkKjOda
Uddy/P+ZilPFtfCd3EA2OjUfOQNdbi7dKa/uMpirZ2Sub6j1Z7yEs4CXFvP5ucNI
Ixd27vipnbE3aOQU8XfhUwHruROrzwtOkJkCIWLEM7pzgrv7urQRzjJjnQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGRzbjjdrUdDHVHLD57KgNzcVisxMB8GA1UdIwQY
MBaAFM8u7nigCE2DHeGiUAGD4WSJUWzPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenk3dWVLQUlUWU1kNGFKUUFZUGhaSWxSYk04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kN2U2NjAtNjkxMi00MzgwLWFiNGYt
NzE4YjljNDBmZDI1LzEvWkhOdU9OMnRSME1kVWNzUG5zcUEzTnhXS3pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kN2U2NjAtNjkxMi00MzgwLWFiNGYtNzE4YjljNDBmZDI1
LzEvenk3dWVLQUlUWU1kNGFKUUFZUGhaSWxSYk04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALV8IMA0E
AgACMAcDBQAqDDMAMA0GCSqGSIb3DQEBCwUAA4IBAQBTXFzV78XFFEqum/eS3aCM
ZBTiG+Y6vQNmIBrTT2+zyC4H3iAYP9wYc4w5bqc2sf4kbubZpt8b7fDfbBGw9ORK
Xfk0l1E3quAcxVxqIKv+oPVB44CYsTy1GHwEtya4FFNNSrBPjRdnULdh255Q24xX
isLrEDfpuBTDJ3aWgSi+VGZgP4aEmoSi3HoTOrYTlr4O4P3Z/GNLNksy9OCVH7Ms
JpIi2KRbJ0PfsSNLUTQLNrqgfQe1xGvNdkt5qvDxM1r3bFFI8DmYixBsw1xlgDvN
7adm+YQMvGGmSSCOVFC6zYey2+Dby/4VdlO552AB4cgAjXeYUkWM1RtZIjakDoi0
-----END CERTIFICATE-----