Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/ZJ50OdULynP8okLYzyfDXRkM6O8.roa
File:                     ZJ50OdULynP8okLYzyfDXRkM6O8.roa (raw, json)
Hash identifier:          tflcZ3rzw7zJsP8zgcaaoIOZRan4zRkhesjnJNdOV6c=
Subject key identifier:   64:9E:74:39:D5:0B:CA:73:FC:A2:42:D8:CF:27:C3:5D:19:0C:E8:EF
Certificate issuer:       /CN=11bfa2961fa0e0b07041293ddc0c3693a9e0a238
Certificate serial:       018CC26D7112A3A428515E10D7ABB2114DA5
Authority key identifier: 11:BF:A2:96:1F:A0:E0:B0:70:41:29:3D:DC:0C:36:93:A9:E0:A2:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eb-ilh-g4LBwQSk93Aw2k6ngojg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/ZJ50OdULynP8okLYzyfDXRkM6O8.roa
Signing time:             Mon 01 Jan 2024 00:30:01 +0000
ROA not before:           Mon 01 Jan 2024 00:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197615
IP address blocks:        46.22.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/Eb-ilh-g4LBwQSk93Aw2k6ngojg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/Eb-ilh-g4LBwQSk93Aw2k6ngojg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eb-ilh-g4LBwQSk93Aw2k6ngojg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 10:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:71:12:a3:a4:28:51:5e:10:d7:ab:b2:11:4d:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11bfa2961fa0e0b07041293ddc0c3693a9e0a238
        Validity
            Not Before: Jan  1 00:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=649e7439d50bca73fca242d8cf27c35d190ce8ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:55:9e:f5:98:65:52:92:20:8a:ba:52:c4:a8:
                    98:c0:13:1c:d9:3f:39:1d:75:d7:58:96:53:f5:7e:
                    a2:a2:29:aa:88:20:b8:85:9e:5b:06:dc:0d:6e:c9:
                    3e:b2:c3:3e:28:c0:f6:a8:a3:14:e5:3a:d5:5d:16:
                    de:c8:fc:f7:8b:9e:0e:47:d8:fc:ea:90:ab:39:03:
                    d6:ff:af:42:99:19:27:f6:d4:1c:e2:fd:c2:ba:d2:
                    35:de:40:bf:3c:65:08:72:92:06:ef:92:3a:94:44:
                    3f:fa:d4:73:81:a8:3a:d4:29:1d:52:90:cd:b9:a6:
                    43:fc:15:ef:4e:94:35:0e:8d:af:f0:95:2e:32:25:
                    4a:79:7a:81:5f:2f:c7:a4:14:fd:ed:9a:7a:2c:85:
                    75:3f:4b:44:9f:c0:c3:bb:56:c9:a7:f0:c7:11:89:
                    a0:af:b6:db:8c:57:87:9c:6b:35:45:97:ba:3d:ea:
                    d2:ef:22:13:8c:9d:29:25:60:c8:b0:d1:82:6c:b7:
                    de:5d:d6:52:ac:54:f0:cc:63:07:eb:94:2e:8e:16:
                    12:7e:6c:57:0c:26:d9:8b:35:f0:19:44:24:53:4f:
                    cc:03:63:e5:d7:6d:c4:6d:1d:b7:24:b0:a8:a9:3a:
                    08:df:23:46:7b:5c:94:2c:f1:4b:39:47:dc:17:fd:
                    d0:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:9E:74:39:D5:0B:CA:73:FC:A2:42:D8:CF:27:C3:5D:19:0C:E8:EF
            X509v3 Authority Key Identifier:
                keyid:11:BF:A2:96:1F:A0:E0:B0:70:41:29:3D:DC:0C:36:93:A9:E0:A2:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eb-ilh-g4LBwQSk93Aw2k6ngojg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/ZJ50OdULynP8okLYzyfDXRkM6O8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/Eb-ilh-g4LBwQSk93Aw2k6ngojg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.22.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:58:f2:0a:83:ce:32:a3:d6:b2:3b:03:f8:96:f3:4e:52:a3:
         f7:ff:75:58:00:a5:b7:ac:e4:8f:bf:d5:d8:8d:5f:0d:93:cf:
         51:5d:67:33:5f:84:07:96:2f:30:74:46:94:81:26:d5:fd:6f:
         f9:38:29:f0:23:f3:5f:61:80:15:1c:74:e9:08:97:19:ae:b8:
         e8:08:78:68:71:fa:f7:b6:48:18:bf:7c:96:22:91:59:62:04:
         87:6d:a9:c3:98:76:fd:57:2a:35:63:e1:4e:5e:22:50:f9:af:
         79:cd:68:ee:ec:85:c0:5f:ff:00:9c:50:9c:2e:b3:96:83:a3:
         32:d9:fe:1b:60:18:40:3c:9e:bb:36:36:9e:a9:c3:59:d8:4f:
         89:94:87:b9:bb:2f:d9:8c:a4:79:e4:68:c0:e7:21:97:f4:20:
         11:27:57:89:83:65:b8:9c:5c:fe:b0:81:39:0a:e3:9e:30:b6:
         fe:b2:a7:17:36:d1:2d:59:5a:be:80:ed:04:ce:48:da:60:44:
         32:52:c4:ee:19:88:59:4b:8b:07:06:58:d6:9f:13:00:cf:fa:
         9f:69:84:5c:90:04:ff:9e:34:f3:aa:58:5c:4f:cd:57:d6:3c:
         df:af:10:37:cd:62:ba:6d:b1:cf:22:5a:00:fc:d1:43:73:48:
         89:7e:b7:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXESo6QoUV4Q16uyEU2lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYmZhMjk2MWZhMGUwYjA3MDQxMjkzZGRjMGMzNjkzYTll
MGEyMzgwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDllNzQzOWQ1MGJjYTczZmNhMjQyZDhjZjI3YzM1ZDE5MGNlOGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFWe9ZhlUpIgirpSxKiYwBMc2T85
HXXXWJZT9X6ioimqiCC4hZ5bBtwNbsk+ssM+KMD2qKMU5TrVXRbeyPz3i54OR9j8
6pCrOQPW/69CmRkn9tQc4v3CutI13kC/PGUIcpIG75I6lEQ/+tRzgag61CkdUpDN
uaZD/BXvTpQ1Do2v8JUuMiVKeXqBXy/HpBT97Zp6LIV1P0tEn8DDu1bJp/DHEYmg
r7bbjFeHnGs1RZe6PerS7yITjJ0pJWDIsNGCbLfeXdZSrFTwzGMH65QujhYSfmxX
DCbZizXwGUQkU0/MA2Pl123EbR23JLCoqToI3yNGe1yULPFLOUfcF/3QxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGSedDnVC8pz/KJC2M8nw10ZDOjvMB8GA1UdIwQY
MBaAFBG/opYfoOCwcEEpPdwMNpOp4KI4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWItaWxoLWc0TEJ3UVNrOTNBdzJrNm5nb2pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8xNzMxNzMtODE5Zi00YmM5LTkyZDgt
Nzg3OTFjOTM1NmEzLzEvWko1ME9kVUx5blA4b2tMWXp5ZkRYUmtNNk84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8xNzMxNzMtODE5Zi00YmM5LTkyZDgtNzg3OTFjOTM1NmEz
LzEvRWItaWxoLWc0TEJ3UVNrOTNBdzJrNm5nb2pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhamMA0G
CSqGSIb3DQEBCwUAA4IBAQBwWPIKg84yo9ayOwP4lvNOUqP3/3VYAKW3rOSPv9XY
jV8Nk89RXWczX4QHli8wdEaUgSbV/W/5OCnwI/NfYYAVHHTpCJcZrrjoCHhocfr3
tkgYv3yWIpFZYgSHbanDmHb9Vyo1Y+FOXiJQ+a95zWju7IXAX/8AnFCcLrOWg6My
2f4bYBhAPJ67NjaeqcNZ2E+JlIe5uy/ZjKR55GjA5yGX9CARJ1eJg2W4nFz+sIE5
CuOeMLb+sqcXNtEtWVq+gO0EzkjaYEQyUsTuGYhZS4sHBljWnxMAz/qfaYRckAT/
njTzqlhcT81X1jzfrxA3zWK6bbHPIloA/NFDc0iJfrda
-----END CERTIFICATE-----