Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/a4af15-7fdd-45a4-a172-1df8fa20fa9e/1/eNZA__1ccfG_o61unflPAZGa2T0.roa
File:                     eNZA__1ccfG_o61unflPAZGa2T0.roa (raw, json)
Hash identifier:          lKQXNSSDuxMFcLZQj7bXX+HSWrqr2tzAGDw78Dlynu4=
Subject key identifier:   78:D6:40:FF:FD:5C:71:F1:BF:A3:AD:6E:9D:F9:4F:01:91:9A:D9:3D
Certificate issuer:       /CN=5ea1653e177aa2955400805c8c75bd0d68583afc
Certificate serial:       018CC424C7B95EEC985BE5D5B53EDDEA4599
Authority key identifier: 5E:A1:65:3E:17:7A:A2:95:54:00:80:5C:8C:75:BD:0D:68:58:3A:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XqFlPhd6opVUAIBcjHW9DWhYOvw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/a4af15-7fdd-45a4-a172-1df8fa20fa9e/1/eNZA__1ccfG_o61unflPAZGa2T0.roa
Signing time:             Mon 01 Jan 2024 08:29:53 +0000
ROA not before:           Mon 01 Jan 2024 08:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212086
IP address blocks:        185.231.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/a4af15-7fdd-45a4-a172-1df8fa20fa9e/1/XqFlPhd6opVUAIBcjHW9DWhYOvw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/a4af15-7fdd-45a4-a172-1df8fa20fa9e/1/XqFlPhd6opVUAIBcjHW9DWhYOvw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XqFlPhd6opVUAIBcjHW9DWhYOvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:c7:b9:5e:ec:98:5b:e5:d5:b5:3e:dd:ea:45:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ea1653e177aa2955400805c8c75bd0d68583afc
        Validity
            Not Before: Jan  1 08:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78d640fffd5c71f1bfa3ad6e9df94f01919ad93d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:18:bb:72:aa:0e:18:cb:fc:b6:c9:9f:a4:01:
                    b1:e4:f8:b9:1f:5f:bc:6c:9a:7e:9e:0b:2f:d9:96:
                    9f:2f:95:5d:1f:16:57:7a:e3:36:c3:33:1e:60:7c:
                    2c:39:4e:7f:51:23:d5:80:f3:5a:9c:cd:06:f1:23:
                    05:02:2f:86:99:21:f8:13:07:78:ee:d3:1c:55:50:
                    0b:5f:dc:69:38:75:7d:55:73:81:ab:a6:7d:14:6c:
                    99:75:fe:ae:02:2f:32:c7:f4:71:3c:dd:cf:71:37:
                    57:98:74:2a:6d:50:ee:23:28:65:af:f3:65:7e:c4:
                    9f:e5:dc:ed:33:8a:7d:de:46:0d:b0:38:1d:02:55:
                    1f:f7:bd:95:1b:8e:36:25:c2:23:53:11:94:60:45:
                    24:07:63:27:89:cb:a1:3b:8e:bc:8a:e0:4b:b2:ed:
                    e8:e0:17:10:54:50:66:d0:d5:ea:96:9e:08:2a:cc:
                    ed:55:5c:99:3f:92:67:94:c8:84:4d:d2:08:33:5e:
                    d2:2d:df:bf:0f:cd:89:bd:4d:56:18:d3:ba:7a:aa:
                    3e:0c:a6:de:22:54:6c:43:87:17:ac:89:94:9a:38:
                    ec:f5:7f:55:22:c1:39:50:09:ae:98:db:74:1d:6a:
                    96:b8:29:14:be:4a:87:19:d2:cd:0a:78:55:44:dd:
                    d3:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:D6:40:FF:FD:5C:71:F1:BF:A3:AD:6E:9D:F9:4F:01:91:9A:D9:3D
            X509v3 Authority Key Identifier:
                keyid:5E:A1:65:3E:17:7A:A2:95:54:00:80:5C:8C:75:BD:0D:68:58:3A:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XqFlPhd6opVUAIBcjHW9DWhYOvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a4af15-7fdd-45a4-a172-1df8fa20fa9e/1/eNZA__1ccfG_o61unflPAZGa2T0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a4af15-7fdd-45a4-a172-1df8fa20fa9e/1/XqFlPhd6opVUAIBcjHW9DWhYOvw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:b5:fe:0a:56:89:4e:e9:8d:ca:71:78:c2:ba:e6:89:22:2d:
         67:fa:8e:62:05:dc:28:61:d0:2c:79:6b:3b:0a:6e:62:19:d4:
         d8:51:fb:36:e7:9c:5e:5b:52:c2:9f:2c:4f:fb:4e:d0:e9:b4:
         79:08:ce:1f:a5:41:b6:6d:39:2d:37:9e:28:d2:20:91:9c:54:
         df:e5:8b:0e:68:f6:14:45:65:c7:99:60:db:aa:94:72:10:69:
         90:a2:07:5a:1e:40:e4:b0:6c:5f:39:a4:41:c3:61:4e:93:ef:
         d2:59:f7:b2:ba:ae:3b:c2:7f:c0:b4:f4:b7:38:3d:88:87:59:
         f9:1d:be:c2:00:b8:8b:d3:e3:08:21:5c:5d:1a:9d:31:f4:b2:
         7b:52:cc:15:4f:8e:38:86:c3:6d:8f:21:7d:96:5e:ca:da:2d:
         9a:fa:3d:a2:43:8c:96:33:35:cf:e4:8a:6c:06:91:81:81:d3:
         98:f7:f5:4e:d9:25:e7:8b:35:13:99:6f:55:c3:c5:10:76:b3:
         11:82:a2:0c:ab:29:b5:0a:0f:70:5b:18:56:fe:4e:9f:76:49:
         6f:69:b3:2f:fe:3f:f2:b5:2b:da:48:5c:8b:48:0e:97:36:85:
         4f:6e:dc:70:26:52:ee:40:e2:64:96:78:51:ac:72:5d:96:be:
         0a:6c:49:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJMe5XuyYW+XVtT7d6kWZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlYTE2NTNlMTc3YWEyOTU1NDAwODA1YzhjNzViZDBkNjg1
ODNhZmMwHhcNMjQwMTAxMDgyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGQ2NDBmZmZkNWM3MWYxYmZhM2FkNmU5ZGY5NGYwMTkxOWFkOTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxi7cqoOGMv8tsmfpAGx5Pi5H1+8
bJp+ngsv2ZafL5VdHxZXeuM2wzMeYHwsOU5/USPVgPNanM0G8SMFAi+GmSH4Ewd4
7tMcVVALX9xpOHV9VXOBq6Z9FGyZdf6uAi8yx/RxPN3PcTdXmHQqbVDuIyhlr/Nl
fsSf5dztM4p93kYNsDgdAlUf972VG442JcIjUxGUYEUkB2MnicuhO468iuBLsu3o
4BcQVFBm0NXqlp4IKsztVVyZP5JnlMiETdIIM17SLd+/D82JvU1WGNO6eqo+DKbe
IlRsQ4cXrImUmjjs9X9VIsE5UAmumNt0HWqWuCkUvkqHGdLNCnhVRN3TLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHjWQP/9XHHxv6Otbp35TwGRmtk9MB8GA1UdIwQY
MBaAFF6hZT4XeqKVVACAXIx1vQ1oWDr8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHFGbFBoZDZvcFZVQUlCY2pIVzlEV2hZT3Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy9hNGFmMTUtN2ZkZC00NWE0LWExNzIt
MWRmOGZhMjBmYTllLzEvZU5aQV9fMWNjZkdfbzYxdW5mbFBBWkdhMlQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy9hNGFmMTUtN2ZkZC00NWE0LWExNzItMWRmOGZhMjBmYTll
LzEvWHFGbFBoZDZvcFZVQUlCY2pIVzlEV2hZT3Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuedAMA0G
CSqGSIb3DQEBCwUAA4IBAQC4tf4KVolO6Y3KcXjCuuaJIi1n+o5iBdwoYdAseWs7
Cm5iGdTYUfs255xeW1LCnyxP+07Q6bR5CM4fpUG2bTktN54o0iCRnFTf5YsOaPYU
RWXHmWDbqpRyEGmQogdaHkDksGxfOaRBw2FOk+/SWfeyuq47wn/AtPS3OD2Ih1n5
Hb7CALiL0+MIIVxdGp0x9LJ7UswVT444hsNtjyF9ll7K2i2a+j2iQ4yWMzXP5Ips
BpGBgdOY9/VO2SXnizUTmW9Vw8UQdrMRgqIMqym1Cg9wWxhW/k6fdklvabMv/j/y
tSvaSFyLSA6XNoVPbtxwJlLuQOJklnhRrHJdlr4KbEn7
-----END CERTIFICATE-----