Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/Dzv-96jlLG8EIYL3pmIleITKnMc.roa
File:                     Dzv-96jlLG8EIYL3pmIleITKnMc.roa (raw, json)
Hash identifier:          yswI3pca1LUEViIor8V2sURcy0zaWtuUzu+trTRNtE8=
Subject key identifier:   0F:3B:FE:F7:A8:E5:2C:6F:04:21:82:F7:A6:62:25:78:84:CA:9C:C7
Certificate issuer:       /CN=6eab53640b0931924b73f760925845150a6ccca5
Certificate serial:       0192B8EF33BD4426802EDD1D28597E218BC1
Authority key identifier: 6E:AB:53:64:0B:09:31:92:4B:73:F7:60:92:58:45:15:0A:6C:CC:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bqtTZAsJMZJLc_dgklhFFQpszKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/Dzv-96jlLG8EIYL3pmIleITKnMc.roa
Signing time:             Wed 23 Oct 2024 10:32:16 +0000
ROA not before:           Wed 23 Oct 2024 10:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48367
IP address blocks:        62.93.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/bqtTZAsJMZJLc_dgklhFFQpszKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/bqtTZAsJMZJLc_dgklhFFQpszKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bqtTZAsJMZJLc_dgklhFFQpszKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b8:ef:33:bd:44:26:80:2e:dd:1d:28:59:7e:21:8b:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6eab53640b0931924b73f760925845150a6ccca5
        Validity
            Not Before: Oct 23 10:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f3bfef7a8e52c6f042182f7a662257884ca9cc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:da:eb:c4:50:ab:20:83:36:4a:a5:be:f1:57:
                    52:7e:8c:69:e9:0a:e8:ba:4a:59:1a:e0:89:cc:b6:
                    5b:0a:f0:1a:2f:16:b1:34:76:44:c8:8f:47:e9:e8:
                    2b:98:18:90:24:35:07:7c:10:11:96:c5:86:92:64:
                    6b:b1:df:c7:9a:b0:e5:05:59:45:53:b1:c5:00:ea:
                    a9:33:ec:9a:f9:51:1e:ed:3d:9b:60:b6:57:82:f8:
                    4d:c3:b7:65:f0:18:92:26:c7:59:97:3a:26:18:4e:
                    f2:e0:ce:f2:7d:e0:bd:4b:d8:0f:49:1a:3b:f5:d7:
                    13:7d:4e:20:d4:51:67:91:3c:60:d4:40:48:a7:e9:
                    e5:df:a5:d7:8f:06:68:e0:06:73:c4:9d:6c:6d:bd:
                    4d:2d:f2:6e:ae:a7:4c:13:55:58:8a:14:99:86:4b:
                    b1:f9:3c:6c:5e:ad:23:59:c0:ba:5c:0e:46:23:b0:
                    88:f0:f9:f6:07:00:86:89:80:81:14:07:92:e2:38:
                    07:13:34:90:04:a9:b0:09:49:9c:9c:1e:ac:a4:c6:
                    6e:35:6b:55:1b:a3:8c:bc:9f:68:5d:3f:30:74:21:
                    5c:62:9d:f4:a7:9a:62:1f:54:93:d3:19:19:45:c4:
                    2e:d3:59:c4:32:c3:f3:cd:78:65:0b:8a:d0:a8:80:
                    b2:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:3B:FE:F7:A8:E5:2C:6F:04:21:82:F7:A6:62:25:78:84:CA:9C:C7
            X509v3 Authority Key Identifier:
                keyid:6E:AB:53:64:0B:09:31:92:4B:73:F7:60:92:58:45:15:0A:6C:CC:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bqtTZAsJMZJLc_dgklhFFQpszKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/Dzv-96jlLG8EIYL3pmIleITKnMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/2a38e6-294e-4fa3-a5a0-53046323951f/1/bqtTZAsJMZJLc_dgklhFFQpszKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.93.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:68:f0:a5:83:08:25:77:2b:2f:d6:e7:6f:9c:04:10:28:0b:
         da:0a:82:4e:85:97:d9:a4:c2:fe:e9:0b:9d:c9:ea:9c:d5:81:
         65:d1:c7:d4:b4:75:68:4e:d0:ee:55:b6:6f:5e:52:b0:48:a7:
         0c:85:e0:e7:9c:f9:bd:83:00:f8:56:15:66:ad:c1:4e:eb:fe:
         c8:d0:24:01:93:20:03:20:9f:36:13:74:9c:7c:df:e8:5c:13:
         60:91:fd:00:38:56:da:ae:f8:83:72:49:87:c9:15:a2:ed:79:
         8a:02:9e:74:ea:bb:df:65:a7:9a:5e:65:e2:28:72:29:2c:1a:
         62:28:4c:45:bc:cf:4a:5e:ac:44:b8:b2:1b:6e:d0:12:62:ca:
         f3:75:fa:87:70:da:5f:c2:90:36:9b:df:4e:2b:2a:8d:df:ba:
         20:31:8f:79:3e:be:ff:20:c3:9c:69:13:0b:15:9a:d2:cb:dc:
         92:b0:27:0b:56:55:36:95:b7:44:88:b2:7c:6a:ec:a7:1d:ad:
         c1:d1:cc:0d:a3:78:91:e2:6b:3e:da:2d:08:c9:b0:b6:30:c2:
         d0:2f:47:ed:d9:c9:8c:35:08:ca:5d:48:f5:b1:d8:81:c7:5a:
         f6:6f:1f:63:ac:77:24:69:71:e9:2e:b1:e3:74:df:35:0e:29:
         94:ba:0d:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK47zO9RCaALt0dKFl+IYvBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlYWI1MzY0MGIwOTMxOTI0YjczZjc2MDkyNTg0NTE1MGE2
Y2NjYTUwHhcNMjQxMDIzMTAzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjNiZmVmN2E4ZTUyYzZmMDQyMTgyZjdhNjYyMjU3ODg0Y2E5Y2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptrrxFCrIIM2SqW+8VdSfoxp6Qro
ukpZGuCJzLZbCvAaLxaxNHZEyI9H6egrmBiQJDUHfBARlsWGkmRrsd/HmrDlBVlF
U7HFAOqpM+ya+VEe7T2bYLZXgvhNw7dl8BiSJsdZlzomGE7y4M7yfeC9S9gPSRo7
9dcTfU4g1FFnkTxg1EBIp+nl36XXjwZo4AZzxJ1sbb1NLfJurqdME1VYihSZhkux
+TxsXq0jWcC6XA5GI7CI8Pn2BwCGiYCBFAeS4jgHEzSQBKmwCUmcnB6spMZuNWtV
G6OMvJ9oXT8wdCFcYp30p5piH1ST0xkZRcQu01nEMsPzzXhlC4rQqICy6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA87/veo5SxvBCGC96ZiJXiEypzHMB8GA1UdIwQY
MBaAFG6rU2QLCTGSS3P3YJJYRRUKbMylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnF0VFpBc0pNWkpMY19kZ2tsaEZGUXBzektVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8yYTM4ZTYtMjk0ZS00ZmEzLWE1YTAt
NTMwNDYzMjM5NTFmLzEvRHp2LTk2amxMRzhFSVlMM3BtSWxlSVRLbk1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8yYTM4ZTYtMjk0ZS00ZmEzLWE1YTAtNTMwNDYzMjM5NTFm
LzEvYnF0VFpBc0pNWkpMY19kZ2tsaEZGUXBzektVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPl1vMA0G
CSqGSIb3DQEBCwUAA4IBAQCQaPClgwgldysv1udvnAQQKAvaCoJOhZfZpML+6Qud
yeqc1YFl0cfUtHVoTtDuVbZvXlKwSKcMheDnnPm9gwD4VhVmrcFO6/7I0CQBkyAD
IJ82E3ScfN/oXBNgkf0AOFbarviDckmHyRWi7XmKAp506rvfZaeaXmXiKHIpLBpi
KExFvM9KXqxEuLIbbtASYsrzdfqHcNpfwpA2m99OKyqN37ogMY95Pr7/IMOcaRML
FZrSy9ySsCcLVlU2lbdEiLJ8auynHa3B0cwNo3iR4ms+2i0IybC2MMLQL0ft2cmM
NQjKXUj1sdiBx1r2bx9jrHckaXHpLrHjdN81DimUug0j
-----END CERTIFICATE-----