Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/5d5cc5-9d98-415a-ab0e-aa1481f0c13a/1/DjXkjJRSN7zxmGVcFgPTup8lipY.roa
File:                     DjXkjJRSN7zxmGVcFgPTup8lipY.roa (raw, json)
Hash identifier:          MFYtY9GLGlMAZ4uc8CTcG9wlIXMvagyAuGeWA8uZUkQ=
Subject key identifier:   0E:35:E4:8C:94:52:37:BC:F1:98:65:5C:16:03:D3:BA:9F:25:8A:96
Certificate issuer:       /CN=66d8a84f0e8cf755137a9680ebcc4fccd20a34b2
Certificate serial:       018CC424EAFBF71DDB5A497952A97CB9081F
Authority key identifier: 66:D8:A8:4F:0E:8C:F7:55:13:7A:96:80:EB:CC:4F:CC:D2:0A:34:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZtioTw6M91UTepaA68xPzNIKNLI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/5d5cc5-9d98-415a-ab0e-aa1481f0c13a/1/DjXkjJRSN7zxmGVcFgPTup8lipY.roa
Signing time:             Mon 01 Jan 2024 08:30:02 +0000
ROA not before:           Mon 01 Jan 2024 08:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205804
IP address blocks:        195.246.200.0/22 maxlen: 24
                          2a0d:12c0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/5d5cc5-9d98-415a-ab0e-aa1481f0c13a/1/ZtioTw6M91UTepaA68xPzNIKNLI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/5d5cc5-9d98-415a-ab0e-aa1481f0c13a/1/ZtioTw6M91UTepaA68xPzNIKNLI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZtioTw6M91UTepaA68xPzNIKNLI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:ea:fb:f7:1d:db:5a:49:79:52:a9:7c:b9:08:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66d8a84f0e8cf755137a9680ebcc4fccd20a34b2
        Validity
            Not Before: Jan  1 08:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e35e48c945237bcf198655c1603d3ba9f258a96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:06:17:c4:02:32:9b:d9:1d:64:10:a8:f2:e7:
                    ec:aa:bb:6b:d7:52:56:2f:26:84:29:82:d4:b4:f0:
                    f9:47:24:7e:bf:e8:2d:dc:4e:1b:b8:6a:dc:b2:8c:
                    50:ee:b2:87:a6:ee:65:48:7c:77:50:a2:9c:61:b9:
                    51:a6:22:f1:24:cd:d9:e6:23:53:e0:ad:62:54:88:
                    f1:77:a0:c9:bc:fc:cc:fd:bd:f6:4e:1c:15:e3:c6:
                    0c:17:86:e3:35:6e:d6:e1:52:b7:05:2a:28:7d:ba:
                    ed:28:7d:2f:53:4c:0d:d5:ba:1c:5a:cc:87:ff:78:
                    09:ab:9b:61:e9:4b:4b:4f:9f:1c:57:68:c5:67:94:
                    65:b5:3d:a9:99:f9:64:ad:89:93:ea:bf:88:90:d8:
                    22:70:47:8f:e6:3e:cf:fb:d0:33:1a:da:8f:b5:b2:
                    63:c0:fd:3c:f7:5b:a9:20:4f:67:64:14:19:6b:2e:
                    ac:35:61:0a:05:01:32:6a:fd:83:f1:67:ff:5d:b3:
                    6f:dc:ce:0d:54:82:3e:fa:e4:e9:46:b2:f3:b7:f2:
                    7a:f6:48:23:18:76:43:ed:7a:fb:0b:b5:52:38:ae:
                    7e:33:e3:f4:84:b1:30:7a:03:49:a9:02:69:1d:7e:
                    12:ee:88:d3:ba:b0:40:64:7a:49:65:84:33:cb:36:
                    1c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:35:E4:8C:94:52:37:BC:F1:98:65:5C:16:03:D3:BA:9F:25:8A:96
            X509v3 Authority Key Identifier:
                keyid:66:D8:A8:4F:0E:8C:F7:55:13:7A:96:80:EB:CC:4F:CC:D2:0A:34:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZtioTw6M91UTepaA68xPzNIKNLI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/5d5cc5-9d98-415a-ab0e-aa1481f0c13a/1/DjXkjJRSN7zxmGVcFgPTup8lipY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/5d5cc5-9d98-415a-ab0e-aa1481f0c13a/1/ZtioTw6M91UTepaA68xPzNIKNLI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.246.200.0/22
                IPv6:
                  2a0d:12c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         02:8d:6a:ff:82:8e:75:8f:34:f5:0d:29:73:6a:1a:70:9a:01:
         fd:64:99:6a:15:cc:4c:b1:f4:a5:71:4c:4e:ea:46:aa:b7:7b:
         81:e4:be:a4:14:ad:58:2e:ee:db:1d:e5:06:d6:27:c2:fc:a2:
         35:21:4c:08:41:fb:8e:ed:4e:ca:18:88:02:84:59:b6:2d:df:
         9e:ac:c1:e1:66:61:21:e3:70:cb:04:bc:61:6f:df:13:9a:60:
         01:70:15:26:8c:9e:fc:c7:d4:a4:32:3d:07:cc:47:fb:97:55:
         a6:28:88:d2:5d:e2:32:5f:8b:db:0a:71:ac:21:36:a0:d8:bd:
         75:cc:dc:d2:a9:85:c1:cc:47:b8:be:a7:cc:2c:dd:96:c0:55:
         f3:45:1b:1b:90:62:6f:68:10:1b:26:96:7e:50:ea:da:db:a7:
         76:97:ad:1c:b9:54:be:2b:98:cb:1a:20:01:53:3f:69:dc:12:
         c5:6d:92:2e:e9:44:9b:f6:04:58:42:93:10:e7:fa:ed:35:89:
         65:67:f2:cd:84:b0:d4:ac:44:5d:38:e9:e3:86:f6:40:ec:38:
         7d:6f:68:c3:42:9b:fe:3d:52:dc:ed:da:d2:65:13:25:39:3b:
         cb:2a:89:9a:ac:d9:3a:f6:6e:63:0c:d3:c3:c6:8d:a3:e1:bc:
         a6:28:b3:3d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJOr79x3bWkl5Uql8uQgfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZDhhODRmMGU4Y2Y3NTUxMzdhOTY4MGViY2M0ZmNjZDIw
YTM0YjIwHhcNMjQwMTAxMDgzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTM1ZTQ4Yzk0NTIzN2JjZjE5ODY1NWMxNjAzZDNiYTlmMjU4YTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAYXxAIym9kdZBCo8ufsqrtr11JW
LyaEKYLUtPD5RyR+v+gt3E4buGrcsoxQ7rKHpu5lSHx3UKKcYblRpiLxJM3Z5iNT
4K1iVIjxd6DJvPzM/b32ThwV48YMF4bjNW7W4VK3BSoofbrtKH0vU0wN1bocWsyH
/3gJq5th6UtLT58cV2jFZ5RltT2pmflkrYmT6r+IkNgicEeP5j7P+9AzGtqPtbJj
wP0891upIE9nZBQZay6sNWEKBQEyav2D8Wf/XbNv3M4NVII++uTpRrLzt/J69kgj
GHZD7Xr7C7VSOK5+M+P0hLEwegNJqQJpHX4S7ojTurBAZHpJZYQzyzYcDQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFA415IyUUje88ZhlXBYD07qfJYqWMB8GA1UdIwQY
MBaAFGbYqE8OjPdVE3qWgOvMT8zSCjSyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnRpb1R3Nk05MVVUZXBhQTY4eFB6TklLTkxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81ZDVjYzUtOWQ5OC00MTVhLWFiMGUt
YWExNDgxZjBjMTNhLzEvRGpYa2pKUlNON3p4bUdWY0ZnUFR1cDhsaXBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81ZDVjYzUtOWQ5OC00MTVhLWFiMGUtYWExNDgxZjBjMTNh
LzEvWnRpb1R3Nk05MVVUZXBhQTY4eFB6TklLTkxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCw/bIMA0E
AgACMAcDBQAqDRLAMA0GCSqGSIb3DQEBCwUAA4IBAQACjWr/go51jzT1DSlzahpw
mgH9ZJlqFcxMsfSlcUxO6kaqt3uB5L6kFK1YLu7bHeUG1ifC/KI1IUwIQfuO7U7K
GIgChFm2Ld+erMHhZmEh43DLBLxhb98TmmABcBUmjJ78x9SkMj0HzEf7l1WmKIjS
XeIyX4vbCnGsITag2L11zNzSqYXBzEe4vqfMLN2WwFXzRRsbkGJvaBAbJpZ+UOra
26d2l60cuVS+K5jLGiABUz9p3BLFbZIu6USb9gRYQpMQ5/rtNYllZ/LNhLDUrERd
OOnjhvZA7Dh9b2jDQpv+PVLc7drSZRMlOTvLKomarNk69m5jDNPDxo2j4bymKLM9
-----END CERTIFICATE-----