Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/ZCIYbveBzPwOtAOjTbp-pW8S2KQ.roa
File:                     ZCIYbveBzPwOtAOjTbp-pW8S2KQ.roa (raw, json)
Hash identifier:          QF0nml+XaqUmTK70dWtkILMYckm8sags1g3iwl+elNw=
Subject key identifier:   64:22:18:6E:F7:81:CC:FC:0E:B4:03:A3:4D:BA:7E:A5:6F:12:D8:A4
Certificate issuer:       /CN=15ffa042114301368b4069abd68a1efbac47fdce
Certificate serial:       018CCA29F8ED09E75E52449F793288622CC2
Authority key identifier: 15:FF:A0:42:11:43:01:36:8B:40:69:AB:D6:8A:1E:FB:AC:47:FD:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ff-gQhFDATaLQGmr1ooe-6xH_c4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/ZCIYbveBzPwOtAOjTbp-pW8S2KQ.roa
Signing time:             Tue 02 Jan 2024 12:33:17 +0000
ROA not before:           Tue 02 Jan 2024 12:33:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43852
IP address blocks:        62.215.221.0/24 maxlen: 24
                          185.95.6.0/24 maxlen: 24
                          62.215.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/Ff-gQhFDATaLQGmr1ooe-6xH_c4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/Ff-gQhFDATaLQGmr1ooe-6xH_c4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ff-gQhFDATaLQGmr1ooe-6xH_c4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:f8:ed:09:e7:5e:52:44:9f:79:32:88:62:2c:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15ffa042114301368b4069abd68a1efbac47fdce
        Validity
            Not Before: Jan  2 12:33:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6422186ef781ccfc0eb403a34dba7ea56f12d8a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:76:12:aa:3f:32:46:1f:0e:bd:6a:5b:6b:75:
                    af:b5:e3:3f:87:0c:17:69:8a:3c:fc:ad:89:a2:4e:
                    09:67:db:5f:38:bb:fc:a0:eb:ac:0c:ef:f1:45:60:
                    87:88:6c:da:02:bd:78:bf:b7:4e:ab:f1:81:8d:9b:
                    17:69:f0:ae:8b:26:92:4e:fd:b8:37:00:8f:1b:dd:
                    95:4a:b1:50:20:b2:02:63:ff:d3:89:15:ef:f2:64:
                    3a:3e:7a:55:3d:fc:ad:50:a4:c1:9c:7b:07:a3:1a:
                    66:a3:72:42:51:43:2d:33:ff:20:c4:47:14:7b:7f:
                    2d:d5:6e:34:3d:4d:9e:59:da:b0:8c:dd:77:2a:81:
                    4a:dd:a4:a2:88:2c:6b:9b:0c:be:cf:57:12:8c:a7:
                    7b:18:5a:ee:82:62:66:e0:e8:f5:78:ad:ec:42:64:
                    32:d1:0c:60:6d:c3:1d:d8:51:b2:56:96:b0:2b:5a:
                    1a:be:96:ef:b9:61:be:af:c8:13:98:de:b9:ad:ae:
                    9f:bd:34:c7:9f:2a:7a:8d:ad:e2:a8:3f:8a:f1:1c:
                    ca:32:79:d8:72:ed:57:02:4a:20:81:9b:54:09:ed:
                    96:9f:4c:c0:a5:52:db:f8:35:5f:b9:c3:fd:3c:00:
                    05:4e:e8:69:30:31:d1:60:73:e8:26:5d:d7:d2:8b:
                    95:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:22:18:6E:F7:81:CC:FC:0E:B4:03:A3:4D:BA:7E:A5:6F:12:D8:A4
            X509v3 Authority Key Identifier:
                keyid:15:FF:A0:42:11:43:01:36:8B:40:69:AB:D6:8A:1E:FB:AC:47:FD:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ff-gQhFDATaLQGmr1ooe-6xH_c4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/ZCIYbveBzPwOtAOjTbp-pW8S2KQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/Ff-gQhFDATaLQGmr1ooe-6xH_c4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.215.174.0/24
                  62.215.221.0/24
                  185.95.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:f1:9b:e6:fb:a5:45:7e:b6:71:e1:c1:3f:dc:b7:c2:fd:28:
         a8:ec:3a:ca:b5:ee:eb:7d:92:ec:9e:f8:fe:19:60:4e:01:22:
         62:d3:74:ce:9c:4d:a9:34:12:67:71:ab:d0:72:0c:27:8e:ad:
         75:6c:21:7f:20:97:81:c5:8d:a5:81:95:67:5c:a9:f3:dd:c0:
         34:06:20:b5:7c:13:84:a2:c8:78:99:6d:6b:e1:d4:c5:3f:ee:
         8b:07:4c:0d:d3:02:d6:09:fd:2e:36:d0:c6:5b:98:9a:8e:2a:
         f9:85:d3:d3:36:cf:b6:59:64:69:0d:91:78:30:c7:09:d6:a3:
         41:45:cc:8e:4c:d5:d8:d7:3e:fa:fb:9c:42:13:c1:89:4c:7b:
         ff:d4:7f:1e:0d:b1:46:47:3f:57:68:47:cb:d0:82:30:83:51:
         2d:7c:cb:ff:87:df:8c:4a:73:17:b8:36:f2:f8:71:21:56:c6:
         ea:d0:d7:cd:71:5c:7c:5f:99:3e:dc:fe:d7:2d:aa:d7:16:59:
         49:1f:84:d8:23:ce:95:a1:f2:d8:99:03:b2:93:89:6c:b2:99:
         5e:7d:b7:b8:72:3f:96:af:b3:ff:65:de:d8:8b:e9:0e:57:ff:
         ca:23:fc:a4:9f:2d:24:9a:21:f8:6e:72:2a:e2:48:40:bc:da:
         17:4a:73:4c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKKfjtCedeUkSfeTKIYizCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZmZhMDQyMTE0MzAxMzY4YjQwNjlhYmQ2OGExZWZiYWM0
N2ZkY2UwHhcNMjQwMTAyMTIzMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDIyMTg2ZWY3ODFjY2ZjMGViNDAzYTM0ZGJhN2VhNTZmMTJkOGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3YSqj8yRh8OvWpba3WvteM/hwwX
aYo8/K2Jok4JZ9tfOLv8oOusDO/xRWCHiGzaAr14v7dOq/GBjZsXafCuiyaSTv24
NwCPG92VSrFQILICY//TiRXv8mQ6PnpVPfytUKTBnHsHoxpmo3JCUUMtM/8gxEcU
e38t1W40PU2eWdqwjN13KoFK3aSiiCxrmwy+z1cSjKd7GFrugmJm4Oj1eK3sQmQy
0QxgbcMd2FGyVpawK1oavpbvuWG+r8gTmN65ra6fvTTHnyp6ja3iqD+K8RzKMnnY
cu1XAkoggZtUCe2Wn0zApVLb+DVfucP9PAAFTuhpMDHRYHPoJl3X0ouV6QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGQiGG73gcz8DrQDo026fqVvEtikMB8GA1UdIwQY
MBaAFBX/oEIRQwE2i0Bpq9aKHvusR/3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmYtZ1FoRkRBVGFMUUdtcjFvb2UtNnhIX2M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi8xNDliYzUtNTFhYS00ZTdiLThmMDMt
YjczYTM2ZDkzOWIyLzEvWkNJWWJ2ZUJ6UHdPdEFPalRicC1wVzhTMktRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi8xNDliYzUtNTFhYS00ZTdiLThmMDMtYjczYTM2ZDkzOWIy
LzEvRmYtZ1FoRkRBVGFMUUdtcjFvb2UtNnhIX2M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPteuAwQA
PtfdAwQAuV8GMA0GCSqGSIb3DQEBCwUAA4IBAQAg8Zvm+6VFfrZx4cE/3LfC/Sio
7DrKte7rfZLsnvj+GWBOASJi03TOnE2pNBJncavQcgwnjq11bCF/IJeBxY2lgZVn
XKnz3cA0BiC1fBOEosh4mW1r4dTFP+6LB0wN0wLWCf0uNtDGW5iajir5hdPTNs+2
WWRpDZF4MMcJ1qNBRcyOTNXY1z76+5xCE8GJTHv/1H8eDbFGRz9XaEfL0IIwg1Et
fMv/h9+MSnMXuDby+HEhVsbq0NfNcVx8X5k+3P7XLarXFllJH4TYI86VofLYmQOy
k4lssplefbe4cj+Wr7P/Zd7Yi+kOV//KI/ykny0kmiH4bnIq4khAvNoXSnNM
-----END CERTIFICATE-----