Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/d45469-0c7b-4410-bb5e-7dc528aa5d4e/1/ZJKn36loWlj0fuc-EVjG9Cizs4Q.roa
File:                     ZJKn36loWlj0fuc-EVjG9Cizs4Q.roa (raw, json)
Hash identifier:          daJen4xFPiwSlOzjCzp+Cey1wJwRGq3nVhjTthtftA0=
Subject key identifier:   64:92:A7:DF:A9:68:5A:58:F4:7E:E7:3E:11:58:C6:F4:28:B3:B3:84
Certificate issuer:       /CN=e0d5d561e76ef259c4a02df30f35064dededf2d7
Certificate serial:       018F0A5B06917CC8057CAC02803471B502C9
Authority key identifier: E0:D5:D5:61:E7:6E:F2:59:C4:A0:2D:F3:0F:35:06:4D:ED:ED:F2:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4NXVYedu8lnEoC3zDzUGTe3t8tc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/d45469-0c7b-4410-bb5e-7dc528aa5d4e/1/ZJKn36loWlj0fuc-EVjG9Cizs4Q.roa
Signing time:             Tue 23 Apr 2024 09:48:08 +0000
ROA not before:           Tue 23 Apr 2024 09:48:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20570
IP address blocks:        2001:67c:d70::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/d45469-0c7b-4410-bb5e-7dc528aa5d4e/1/4NXVYedu8lnEoC3zDzUGTe3t8tc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/d45469-0c7b-4410-bb5e-7dc528aa5d4e/1/4NXVYedu8lnEoC3zDzUGTe3t8tc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4NXVYedu8lnEoC3zDzUGTe3t8tc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0a:5b:06:91:7c:c8:05:7c:ac:02:80:34:71:b5:02:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0d5d561e76ef259c4a02df30f35064dededf2d7
        Validity
            Not Before: Apr 23 09:48:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6492a7dfa9685a58f47ee73e1158c6f428b3b384
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:c7:a1:3d:a6:71:f5:d9:9e:77:49:73:64:01:
                    9d:2b:de:26:9f:de:98:b7:d9:60:17:44:f6:d3:73:
                    f6:5c:0c:89:c9:5e:3e:51:d3:db:1b:4e:3e:fd:31:
                    71:5c:cd:79:3e:2b:21:7d:35:a1:cf:5a:5e:5d:df:
                    a1:69:45:3f:dd:fd:7a:9e:8c:27:33:aa:11:67:1b:
                    54:94:94:7b:35:76:38:dd:ec:db:84:c5:1a:8a:a6:
                    03:cd:84:14:98:ff:66:f4:0d:14:cc:2b:06:4b:17:
                    ea:aa:29:19:c9:f9:7d:c4:52:54:c1:54:e0:0a:a5:
                    76:1e:78:45:a0:aa:27:58:e1:44:b0:89:b3:8e:9e:
                    9f:43:d7:60:0a:64:70:e1:49:5f:ff:77:22:8b:ea:
                    18:fa:e2:9c:3a:74:5f:01:ea:b6:54:8f:97:bb:9f:
                    d9:1a:44:b7:de:e0:7c:2f:7a:5e:ab:40:61:09:87:
                    24:44:3a:b5:23:7c:b5:bb:e6:6d:fe:d2:67:03:d0:
                    8a:5c:7f:5d:80:1f:60:f8:34:1a:73:21:6d:43:fc:
                    09:0b:8e:95:00:a9:cf:02:1d:dd:d5:e9:4b:e9:46:
                    63:9d:57:1b:7f:e4:b9:e4:78:45:e4:11:28:21:c1:
                    51:4e:c9:69:f4:33:02:39:fe:05:c3:88:00:b6:98:
                    af:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:92:A7:DF:A9:68:5A:58:F4:7E:E7:3E:11:58:C6:F4:28:B3:B3:84
            X509v3 Authority Key Identifier:
                keyid:E0:D5:D5:61:E7:6E:F2:59:C4:A0:2D:F3:0F:35:06:4D:ED:ED:F2:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4NXVYedu8lnEoC3zDzUGTe3t8tc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/d45469-0c7b-4410-bb5e-7dc528aa5d4e/1/ZJKn36loWlj0fuc-EVjG9Cizs4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/d45469-0c7b-4410-bb5e-7dc528aa5d4e/1/4NXVYedu8lnEoC3zDzUGTe3t8tc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:d70::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:79:6f:f6:80:3b:79:29:f2:70:f2:4c:c5:cc:db:35:19:27:
         fa:02:3d:bf:37:08:39:e9:4d:34:58:bf:13:a2:e4:70:5c:5d:
         a9:d3:c9:b8:6d:5a:29:50:fa:32:2a:e0:cf:e7:1f:5a:0f:66:
         1c:af:30:49:ad:e9:15:b8:d3:a8:82:5e:1e:21:77:38:0e:1e:
         c5:f0:9f:8b:a9:d1:44:7b:5d:2b:a6:39:37:68:f7:5f:8c:58:
         36:f3:b8:2a:16:68:40:52:86:52:8e:a2:31:31:94:18:dc:8c:
         3a:68:f5:f8:ff:72:bc:e5:74:02:32:51:b4:ac:65:c9:7f:e1:
         c3:f9:a6:25:6b:3c:d9:f9:e3:6a:a6:bd:d2:85:90:c3:31:c5:
         95:13:10:10:fd:83:fe:58:50:ee:db:8b:b8:7e:d2:0d:3a:da:
         29:28:f5:f9:b2:e5:04:0a:96:1c:32:c4:72:b9:01:14:4c:44:
         3f:42:42:f6:df:ad:1e:f0:b8:e2:01:c2:76:40:06:eb:0c:6c:
         a3:08:2d:d5:25:9e:b9:1f:86:39:8e:86:fb:2d:11:c5:c8:ce:
         7a:45:07:7d:31:ee:cc:22:af:3d:3c:df:1e:a9:40:df:c0:70:
         18:50:99:97:56:c3:70:06:55:4f:bd:85:35:8d:74:33:e7:85:
         bf:cc:2d:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8KWwaRfMgFfKwCgDRxtQLJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZDVkNTYxZTc2ZWYyNTljNGEwMmRmMzBmMzUwNjRkZWRl
ZGYyZDcwHhcNMjQwNDIzMDk0ODA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDkyYTdkZmE5Njg1YTU4ZjQ3ZWU3M2UxMTU4YzZmNDI4YjNiMzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhcehPaZx9dmed0lzZAGdK94mn96Y
t9lgF0T203P2XAyJyV4+UdPbG04+/TFxXM15PishfTWhz1peXd+haUU/3f16nown
M6oRZxtUlJR7NXY43ezbhMUaiqYDzYQUmP9m9A0UzCsGSxfqqikZyfl9xFJUwVTg
CqV2HnhFoKonWOFEsImzjp6fQ9dgCmRw4Ulf/3cii+oY+uKcOnRfAeq2VI+Xu5/Z
GkS33uB8L3peq0BhCYckRDq1I3y1u+Zt/tJnA9CKXH9dgB9g+DQacyFtQ/wJC46V
AKnPAh3d1elL6UZjnVcbf+S55HhF5BEoIcFRTslp9DMCOf4Fw4gAtpivfwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGSSp9+paFpY9H7nPhFYxvQos7OEMB8GA1UdIwQY
MBaAFODV1WHnbvJZxKAt8w81Bk3t7fLXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE5YVlllZHU4bG5Fb0MzekR6VUdUZTN0OHRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9kNDU0NjktMGM3Yi00NDEwLWJiNWUt
N2RjNTI4YWE1ZDRlLzEvWkpLbjM2bG9XbGowZnVjLUVWakc5Q2l6czRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9kNDU0NjktMGM3Yi00NDEwLWJiNWUtN2RjNTI4YWE1ZDRl
LzEvNE5YVlllZHU4bG5Fb0MzekR6VUdUZTN0OHRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA1w
MA0GCSqGSIb3DQEBCwUAA4IBAQAWeW/2gDt5KfJw8kzFzNs1GSf6Aj2/Nwg56U00
WL8TouRwXF2p08m4bVopUPoyKuDP5x9aD2YcrzBJrekVuNOogl4eIXc4Dh7F8J+L
qdFEe10rpjk3aPdfjFg287gqFmhAUoZSjqIxMZQY3Iw6aPX4/3K85XQCMlG0rGXJ
f+HD+aYlazzZ+eNqpr3ShZDDMcWVExAQ/YP+WFDu24u4ftINOtopKPX5suUECpYc
MsRyuQEUTEQ/QkL2360e8LjiAcJ2QAbrDGyjCC3VJZ65H4Y5job7LRHFyM56RQd9
Me7MIq89PN8eqUDfwHAYUJmXVsNwBlVPvYU1jXQz54W/zC0T
-----END CERTIFICATE-----