Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/ZwtHkqD4t5Y5BpRtpTTetaItW1k.roa
File:                     ZwtHkqD4t5Y5BpRtpTTetaItW1k.roa (raw, json)
Hash identifier:          /k1C6LnCWrYVWP8L4m0wT23vvOjiQTLsift+oymrWWg=
Subject key identifier:   67:0B:47:92:A0:F8:B7:96:39:06:94:6D:A5:34:DE:B5:A2:2D:5B:59
Certificate issuer:       /CN=2979cc43c2469ffa5cf8b7ac639b01f3a768ac55
Certificate serial:       018DC0B67EB6FE92D2669547C021724FE199
Authority key identifier: 29:79:CC:43:C2:46:9F:FA:5C:F8:B7:AC:63:9B:01:F3:A7:68:AC:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/ZwtHkqD4t5Y5BpRtpTTetaItW1k.roa
Signing time:             Mon 19 Feb 2024 09:33:21 +0000
ROA not before:           Mon 19 Feb 2024 09:33:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        185.121.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c0:b6:7e:b6:fe:92:d2:66:95:47:c0:21:72:4f:e1:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2979cc43c2469ffa5cf8b7ac639b01f3a768ac55
        Validity
            Not Before: Feb 19 09:33:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=670b4792a0f8b7963906946da534deb5a22d5b59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c7:89:86:d9:de:4c:18:8e:c1:c4:ca:3a:df:
                    eb:d6:b3:b6:6d:d6:8a:cf:06:a9:8b:af:19:57:d2:
                    2f:25:ea:5c:9d:a2:20:7f:37:ef:8c:1a:85:14:d4:
                    61:15:88:d4:47:55:34:31:9d:9b:61:ec:04:5b:0b:
                    d3:04:48:6c:6e:e8:5a:d2:b0:2e:31:92:ae:4f:4f:
                    c2:e4:c7:a9:8d:ee:24:e1:1d:d4:eb:fd:bb:84:9e:
                    6b:71:d5:38:c3:b4:4c:f2:13:2e:3f:f5:3d:12:57:
                    93:25:56:d0:17:b4:6c:36:a0:6d:29:94:6e:29:0a:
                    7a:7e:8e:80:14:cb:66:24:a9:02:d4:82:79:e2:ef:
                    8d:8f:ed:e9:b8:ed:01:91:0a:ff:6d:ed:af:31:c3:
                    ec:71:0f:0c:c4:10:28:cc:ff:e8:f5:03:bc:e9:f3:
                    d4:c0:65:92:89:d3:a0:82:c9:e9:ff:7e:f6:ba:3c:
                    cd:c3:ce:14:93:05:8a:ac:67:54:76:be:c6:f2:b8:
                    e9:ce:1e:2a:71:da:80:02:da:40:b2:49:be:12:84:
                    e5:6d:49:cf:b3:8e:d6:5b:44:6e:3d:2e:05:29:4e:
                    85:37:89:38:11:3e:6d:87:cf:18:b8:c5:cb:63:7a:
                    29:aa:a8:1d:a6:9c:15:7d:44:17:cc:99:c4:9b:e0:
                    6d:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:0B:47:92:A0:F8:B7:96:39:06:94:6D:A5:34:DE:B5:A2:2D:5B:59
            X509v3 Authority Key Identifier:
                keyid:29:79:CC:43:C2:46:9F:FA:5C:F8:B7:AC:63:9B:01:F3:A7:68:AC:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/ZwtHkqD4t5Y5BpRtpTTetaItW1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ec:e9:b5:1a:61:0f:40:3c:87:fb:46:06:3e:4f:ce:a3:d8:47:
         5e:f0:43:f7:67:9d:4e:84:12:63:7f:02:9f:cb:7c:a7:4e:0d:
         ec:01:04:a4:7b:d7:fb:d0:77:73:b0:43:8d:bc:f9:56:b7:cf:
         dc:95:87:cb:6d:f8:17:96:e4:9b:35:e5:57:34:8a:b5:26:7d:
         5f:ba:09:32:0c:7f:7e:28:3d:be:ce:b4:e1:9e:26:e2:61:94:
         dd:69:1d:65:db:ed:0a:57:a1:33:12:0d:89:43:9c:af:42:2b:
         c8:e2:72:90:cf:65:20:ab:60:a4:59:87:20:2e:9a:56:40:a1:
         36:2d:b5:2e:a7:4e:33:de:67:82:65:87:65:ef:86:22:c7:39:
         ad:c1:fe:9a:7a:24:25:f3:c3:2b:9b:f1:e2:f6:d1:8a:5e:02:
         e4:aa:f6:ce:76:ce:ec:0c:41:36:c0:04:b9:b1:d9:d2:be:6e:
         0d:7f:22:cd:7d:d8:af:38:7f:04:25:94:f7:dc:5e:14:54:4c:
         78:05:e2:1f:c5:79:55:29:cf:0a:e4:50:78:e9:83:6e:c5:fb:
         37:0f:84:33:f7:01:e6:ff:d5:5e:38:ba:57:cf:3e:27:48:14:
         87:bf:08:f2:c1:20:3d:95:5b:3c:e0:c2:80:80:62:e0:ac:07:
         9a:fa:95:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3Atn62/pLSZpVHwCFyT+GZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NzljYzQzYzI0NjlmZmE1Y2Y4YjdhYzYzOWIwMWYzYTc2
OGFjNTUwHhcNMjQwMjE5MDkzMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzBiNDc5MmEwZjhiNzk2MzkwNjk0NmRhNTM0ZGViNWEyMmQ1YjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8eJhtneTBiOwcTKOt/r1rO2bdaK
zwapi68ZV9IvJepcnaIgfzfvjBqFFNRhFYjUR1U0MZ2bYewEWwvTBEhsbuha0rAu
MZKuT0/C5Mepje4k4R3U6/27hJ5rcdU4w7RM8hMuP/U9EleTJVbQF7RsNqBtKZRu
KQp6fo6AFMtmJKkC1IJ54u+Nj+3puO0BkQr/be2vMcPscQ8MxBAozP/o9QO86fPU
wGWSidOggsnp/372ujzNw84UkwWKrGdUdr7G8rjpzh4qcdqAAtpAskm+EoTlbUnP
s47WW0RuPS4FKU6FN4k4ET5th88YuMXLY3opqqgdppwVfUQXzJnEm+BtLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcLR5Kg+LeWOQaUbaU03rWiLVtZMB8GA1UdIwQY
MBaAFCl5zEPCRp/6XPi3rGObAfOnaKxVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1huTVE4SkduX3BjLUxlc1k1c0I4NmRvckZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9lNDBmOWQtMDBmNC00MGQ5LThiOGQt
NDBlYWViYzFjNDdlLzEvWnd0SGtxRDR0NVk1QnBSdHBUVGV0YUl0VzFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9lNDBmOWQtMDBmNC00MGQ5LThiOGQtNDBlYWViYzFjNDdl
LzEvS1huTVE4SkduX3BjLUxlc1k1c0I4NmRvckZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXnjMA0G
CSqGSIb3DQEBCwUAA4IBAQDs6bUaYQ9APIf7RgY+T86j2Ede8EP3Z51OhBJjfwKf
y3ynTg3sAQSke9f70HdzsEONvPlWt8/clYfLbfgXluSbNeVXNIq1Jn1fugkyDH9+
KD2+zrThnibiYZTdaR1l2+0KV6EzEg2JQ5yvQivI4nKQz2Ugq2CkWYcgLppWQKE2
LbUup04z3meCZYdl74Yixzmtwf6aeiQl88Mrm/Hi9tGKXgLkqvbOds7sDEE2wAS5
sdnSvm4NfyLNfdivOH8EJZT33F4UVEx4BeIfxXlVKc8K5FB46YNuxfs3D4Qz9wHm
/9VeOLpXzz4nSBSHvwjywSA9lVs84MKAgGLgrAea+pVl
-----END CERTIFICATE-----