Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/3f0f8b-af93-423b-bea5-d2e351609759/1/RZ4rnJkKJAIbqSF7wnvBgW-xuPA.roa
File:                     RZ4rnJkKJAIbqSF7wnvBgW-xuPA.roa (raw, json)
Hash identifier:          HvZCPJu6GKelZk0I+eP64Yf3iBt+ns6Wahobz/fAxkU=
Subject key identifier:   45:9E:2B:9C:99:0A:24:02:1B:A9:21:7B:C2:7B:C1:81:6F:B1:B8:F0
Certificate issuer:       /CN=c559d4693555b9f2ad6807bacedc4b5a2e701a48
Certificate serial:       018CC4935B58B3F2920CF993B8C480221E48
Authority key identifier: C5:59:D4:69:35:55:B9:F2:AD:68:07:BA:CE:DC:4B:5A:2E:70:1A:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xVnUaTVVufKtaAe6ztxLWi5wGkg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/3f0f8b-af93-423b-bea5-d2e351609759/1/RZ4rnJkKJAIbqSF7wnvBgW-xuPA.roa
Signing time:             Mon 01 Jan 2024 10:30:40 +0000
ROA not before:           Mon 01 Jan 2024 10:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56911
IP address blocks:        185.70.28.0/22 maxlen: 22
                          149.62.34.0/24 maxlen: 24
                          89.35.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/3f0f8b-af93-423b-bea5-d2e351609759/1/xVnUaTVVufKtaAe6ztxLWi5wGkg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/3f0f8b-af93-423b-bea5-d2e351609759/1/xVnUaTVVufKtaAe6ztxLWi5wGkg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xVnUaTVVufKtaAe6ztxLWi5wGkg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:5b:58:b3:f2:92:0c:f9:93:b8:c4:80:22:1e:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c559d4693555b9f2ad6807bacedc4b5a2e701a48
        Validity
            Not Before: Jan  1 10:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=459e2b9c990a24021ba9217bc27bc1816fb1b8f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:6e:63:a6:9f:48:83:f6:c6:0e:5b:b1:28:3c:
                    f0:b7:a4:70:8b:aa:f9:b2:64:c5:0c:64:38:e8:4a:
                    0a:ba:b7:23:12:1f:c8:19:0f:c1:18:70:48:63:9d:
                    d0:95:5e:a8:c7:6a:d3:12:aa:c2:a3:6b:98:ed:cb:
                    ea:1f:d4:24:a0:c7:44:29:f9:6b:e1:26:0b:5d:6d:
                    65:b7:7f:dc:e2:8a:90:a4:d7:17:ee:2f:33:cc:01:
                    98:c9:e7:b3:75:48:8a:12:45:28:af:0c:30:33:f0:
                    b6:bd:ae:5b:2d:89:c5:50:c3:cd:a8:f6:41:c2:0b:
                    e8:1c:d2:ca:ed:ee:07:89:48:18:35:26:5f:52:d6:
                    85:2d:e5:d0:51:16:e0:24:a0:c7:e2:6a:00:8e:71:
                    ca:5a:bc:e6:be:c9:54:8c:80:06:72:ee:6a:da:fd:
                    51:a8:28:47:8f:42:0d:df:ff:ea:27:6a:1d:1f:b4:
                    a5:5e:bf:69:22:2e:66:3b:66:1a:df:05:80:b8:3f:
                    2a:89:8b:aa:ea:5d:85:c0:4c:2b:d6:d7:d9:9b:b7:
                    ad:9f:d8:9d:39:b3:b7:90:c2:9e:33:2f:b5:da:92:
                    9a:e3:10:d4:14:e4:7e:4b:f5:a2:d8:86:29:4e:bd:
                    e0:9d:c6:ee:74:04:5d:75:30:2c:a0:d4:39:12:b3:
                    a7:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:9E:2B:9C:99:0A:24:02:1B:A9:21:7B:C2:7B:C1:81:6F:B1:B8:F0
            X509v3 Authority Key Identifier:
                keyid:C5:59:D4:69:35:55:B9:F2:AD:68:07:BA:CE:DC:4B:5A:2E:70:1A:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xVnUaTVVufKtaAe6ztxLWi5wGkg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/3f0f8b-af93-423b-bea5-d2e351609759/1/RZ4rnJkKJAIbqSF7wnvBgW-xuPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/3f0f8b-af93-423b-bea5-d2e351609759/1/xVnUaTVVufKtaAe6ztxLWi5wGkg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.118.0/24
                  149.62.34.0/24
                  185.70.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:33:12:6c:4a:06:99:83:44:42:c1:d9:a6:42:3f:54:69:4d:
         23:2c:ff:cf:73:a5:cd:2c:c9:ca:0d:69:97:5a:27:c3:f9:52:
         da:a6:fd:eb:35:23:99:dc:e1:4f:a9:3c:cd:91:e7:f2:37:59:
         b9:ee:8c:ea:84:e4:6e:82:7a:6b:63:8d:30:94:81:5e:c3:f8:
         2c:5f:33:29:1b:77:73:af:21:03:d4:32:e4:d2:8a:4a:77:50:
         70:ee:1f:18:d5:2c:00:86:f3:0a:aa:8c:63:e8:17:f8:97:3c:
         eb:72:ff:7d:3d:76:28:ff:af:c9:fa:ee:82:e4:42:63:e5:2a:
         f6:a8:26:59:a1:7c:15:dc:f8:2b:2e:89:14:0c:41:0f:f3:45:
         6c:5b:a8:ec:1d:d5:6a:1f:fc:1e:86:ae:8a:ef:97:35:9e:39:
         a6:68:46:87:3a:49:31:e2:ec:1a:f2:09:ea:3f:f3:00:c5:78:
         b0:aa:d1:cf:26:26:b3:e5:25:6e:22:cc:96:79:72:c5:b0:d2:
         34:21:f2:1d:35:fd:e5:63:4a:7d:1e:c1:4d:59:9a:99:e2:0d:
         90:95:04:b9:93:59:69:40:b7:3d:56:ce:74:f9:69:37:89:4f:
         c0:16:a2:58:f3:99:a4:92:0a:f8:81:a0:54:19:03:b3:48:b4:
         b2:61:eb:c1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEk1tYs/KSDPmTuMSAIh5IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NTlkNDY5MzU1NWI5ZjJhZDY4MDdiYWNlZGM0YjVhMmU3
MDFhNDgwHhcNMjQwMTAxMTAzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTllMmI5Yzk5MGEyNDAyMWJhOTIxN2JjMjdiYzE4MTZmYjFiOGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk25jpp9Ig/bGDluxKDzwt6Rwi6r5
smTFDGQ46EoKurcjEh/IGQ/BGHBIY53QlV6ox2rTEqrCo2uY7cvqH9QkoMdEKflr
4SYLXW1lt3/c4oqQpNcX7i8zzAGYyeezdUiKEkUorwwwM/C2va5bLYnFUMPNqPZB
wgvoHNLK7e4HiUgYNSZfUtaFLeXQURbgJKDH4moAjnHKWrzmvslUjIAGcu5q2v1R
qChHj0IN3//qJ2odH7SlXr9pIi5mO2Ya3wWAuD8qiYuq6l2FwEwr1tfZm7etn9id
ObO3kMKeMy+12pKa4xDUFOR+S/Wi2IYpTr3gncbudARddTAsoNQ5ErOn7QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEWeK5yZCiQCG6khe8J7wYFvsbjwMB8GA1UdIwQY
MBaAFMVZ1Gk1VbnyrWgHus7cS1oucBpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFZuVWFUVlZ1Zkt0YUFlNnp0eExXaTV3R2tnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC8zZjBmOGItYWY5My00MjNiLWJlYTUt
ZDJlMzUxNjA5NzU5LzEvUlo0cm5Ka0tKQUlicVNGN3dudkJnVy14dVBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC8zZjBmOGItYWY5My00MjNiLWJlYTUtZDJlMzUxNjA5NzU5
LzEveFZuVWFUVlZ1Zkt0YUFlNnp0eExXaTV3R2tnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWSN2AwQA
lT4iAwQCuUYcMA0GCSqGSIb3DQEBCwUAA4IBAQBpMxJsSgaZg0RCwdmmQj9UaU0j
LP/Pc6XNLMnKDWmXWifD+VLapv3rNSOZ3OFPqTzNkefyN1m57ozqhORugnprY40w
lIFew/gsXzMpG3dzryED1DLk0opKd1Bw7h8Y1SwAhvMKqoxj6Bf4lzzrcv99PXYo
/6/J+u6C5EJj5Sr2qCZZoXwV3PgrLokUDEEP80VsW6jsHdVqH/wehq6K75c1njmm
aEaHOkkx4uwa8gnqP/MAxXiwqtHPJiaz5SVuIsyWeXLFsNI0IfIdNf3lY0p9HsFN
WZqZ4g2QlQS5k1lpQLc9Vs50+Wk3iU/AFqJY85mkkgr4gaBUGQOzSLSyYevB
-----END CERTIFICATE-----