Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/1293db-c752-4d03-857d-579531e5a00f/1/NMzk_8Rl4BsvIDbu9hw1nlP7KpM.roa
File:                     NMzk_8Rl4BsvIDbu9hw1nlP7KpM.roa (raw, json)
Hash identifier:          mxUfa27OB1TAAlmYm5x56nkknkDy+6wRzqfrAOl/Usc=
Subject key identifier:   34:CC:E4:FF:C4:65:E0:1B:2F:20:36:EE:F6:1C:35:9E:53:FB:2A:93
Certificate issuer:       /CN=0297a58998f0974347081c17f25eedd65fad9661
Certificate serial:       018CC64A86706004F5AB1B61171323CAAEBC
Authority key identifier: 02:97:A5:89:98:F0:97:43:47:08:1C:17:F2:5E:ED:D6:5F:AD:96:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ApeliZjwl0NHCBwX8l7t1l-tlmE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/1293db-c752-4d03-857d-579531e5a00f/1/NMzk_8Rl4BsvIDbu9hw1nlP7KpM.roa
Signing time:             Mon 01 Jan 2024 18:30:22 +0000
ROA not before:           Mon 01 Jan 2024 18:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199365
IP address blocks:        164.138.1.0/24 maxlen: 24
                          164.138.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/1293db-c752-4d03-857d-579531e5a00f/1/ApeliZjwl0NHCBwX8l7t1l-tlmE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/1293db-c752-4d03-857d-579531e5a00f/1/ApeliZjwl0NHCBwX8l7t1l-tlmE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ApeliZjwl0NHCBwX8l7t1l-tlmE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 13:03:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:86:70:60:04:f5:ab:1b:61:17:13:23:ca:ae:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0297a58998f0974347081c17f25eedd65fad9661
        Validity
            Not Before: Jan  1 18:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34cce4ffc465e01b2f2036eef61c359e53fb2a93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:74:fe:70:31:a6:7e:fa:e2:e6:48:02:1e:d4:
                    07:5a:51:9d:a1:8b:50:bd:2b:0a:1c:76:e1:f8:d5:
                    b3:ea:ab:c2:e6:84:71:fd:d2:27:fa:cf:ef:4f:79:
                    fb:96:2d:9e:5f:18:7f:b6:17:34:89:37:4e:b3:4b:
                    c2:c6:2c:ce:27:fc:f1:d7:f8:71:db:27:0f:c5:6d:
                    63:11:19:1e:30:0f:be:fc:a5:7d:e8:e8:97:2c:27:
                    e8:40:33:81:91:17:77:07:56:d7:e0:8a:b6:58:b0:
                    37:42:d9:a4:95:39:2b:b2:21:45:9b:ef:01:73:41:
                    d8:94:53:44:a8:93:d2:99:a2:f4:d9:1f:d5:b5:d0:
                    5c:eb:f8:cd:c9:fe:f6:60:a0:0b:78:3e:64:82:d3:
                    78:f8:60:d8:87:9d:ca:9a:9e:71:1a:0b:f7:38:55:
                    ec:89:4d:7e:38:b1:47:51:85:1d:33:d6:95:6d:02:
                    94:9b:bc:ac:39:c3:87:cd:f8:3e:17:04:e2:72:59:
                    aa:12:66:5d:6b:61:80:d1:4e:d2:58:6c:62:c4:48:
                    60:20:bf:6f:af:90:2f:30:f1:4f:dd:06:a5:f5:62:
                    5b:2e:1f:dc:ba:b9:3b:20:a2:ef:1e:4e:be:5f:9f:
                    c3:9f:b3:69:5d:5f:45:b9:11:f1:a9:61:94:5d:69:
                    68:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:CC:E4:FF:C4:65:E0:1B:2F:20:36:EE:F6:1C:35:9E:53:FB:2A:93
            X509v3 Authority Key Identifier:
                keyid:02:97:A5:89:98:F0:97:43:47:08:1C:17:F2:5E:ED:D6:5F:AD:96:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ApeliZjwl0NHCBwX8l7t1l-tlmE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/1293db-c752-4d03-857d-579531e5a00f/1/NMzk_8Rl4BsvIDbu9hw1nlP7KpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/1293db-c752-4d03-857d-579531e5a00f/1/ApeliZjwl0NHCBwX8l7t1l-tlmE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.138.1.0/24
                  164.138.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:f2:fa:fc:e8:ad:0b:6f:b2:f0:fe:c2:a4:f4:8e:75:9b:c7:
         d7:34:4e:6a:dc:1c:de:64:26:39:46:b4:3b:12:4c:cc:bc:ca:
         35:9d:b8:cd:7b:3b:9d:92:bb:bd:0a:3b:a8:5e:7b:ad:22:8a:
         fd:41:c4:16:cb:47:a9:a1:58:21:88:b2:0f:00:10:93:99:b4:
         04:04:01:61:20:85:b1:61:38:01:47:6e:81:ca:e2:40:58:a2:
         f5:f5:6b:17:c6:ef:a4:2c:75:96:b8:cb:e0:24:42:b8:14:58:
         b3:12:1b:4e:52:79:22:ae:fe:13:a3:ac:bc:b1:fd:96:15:15:
         c4:c2:d5:ad:fe:38:50:36:d7:3e:1a:1b:e8:83:a4:c8:aa:cf:
         07:95:97:b5:a0:08:58:90:06:81:f4:a0:16:a2:61:fe:da:36:
         f3:40:7b:81:65:a5:bc:a7:82:6e:3a:3d:14:30:d4:7c:a7:19:
         c2:ee:f1:e6:6f:27:0b:b0:fd:1d:b2:84:03:5c:71:f6:7c:a8:
         dc:aa:dd:64:e1:f6:ce:51:7b:d0:5b:54:fe:9f:4b:b7:90:bf:
         ae:78:02:b2:39:53:f1:cc:fa:f5:62:9d:06:03:6b:86:81:9a:
         b9:cd:3e:b7:8f:a0:ca:9c:08:a6:2f:ae:26:46:56:d6:c2:dc:
         f8:f3:8f:31
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSoZwYAT1qxthFxMjyq68MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyOTdhNTg5OThmMDk3NDM0NzA4MWMxN2YyNWVlZGQ2NWZh
ZDk2NjEwHhcNMjQwMTAxMTgzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGNjZTRmZmM0NjVlMDFiMmYyMDM2ZWVmNjFjMzU5ZTUzZmIyYTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHT+cDGmfvri5kgCHtQHWlGdoYtQ
vSsKHHbh+NWz6qvC5oRx/dIn+s/vT3n7li2eXxh/thc0iTdOs0vCxizOJ/zx1/hx
2ycPxW1jERkeMA++/KV96OiXLCfoQDOBkRd3B1bX4Iq2WLA3QtmklTkrsiFFm+8B
c0HYlFNEqJPSmaL02R/VtdBc6/jNyf72YKALeD5kgtN4+GDYh53Kmp5xGgv3OFXs
iU1+OLFHUYUdM9aVbQKUm7ysOcOHzfg+FwTiclmqEmZda2GA0U7SWGxixEhgIL9v
r5AvMPFP3Qal9WJbLh/curk7IKLvHk6+X5/Dn7NpXV9FuRHxqWGUXWloiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDTM5P/EZeAbLyA27vYcNZ5T+yqTMB8GA1UdIwQY
MBaAFAKXpYmY8JdDRwgcF/Je7dZfrZZhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXBlbGlaandsME5IQ0J3WDhsN3QxbC10bG1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi8xMjkzZGItYzc1Mi00ZDAzLTg1N2Qt
NTc5NTMxZTVhMDBmLzEvTk16a184Umw0QnN2SURidTlodzFubFA3S3BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi8xMjkzZGItYzc1Mi00ZDAzLTg1N2QtNTc5NTMxZTVhMDBm
LzEvQXBlbGlaandsME5IQ0J3WDhsN3QxbC10bG1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQApIoBAwQA
pIoDMA0GCSqGSIb3DQEBCwUAA4IBAQBg8vr86K0Lb7Lw/sKk9I51m8fXNE5q3Bze
ZCY5RrQ7EkzMvMo1nbjNezudkru9CjuoXnutIor9QcQWy0epoVghiLIPABCTmbQE
BAFhIIWxYTgBR26ByuJAWKL19WsXxu+kLHWWuMvgJEK4FFizEhtOUnkirv4To6y8
sf2WFRXEwtWt/jhQNtc+Ghvog6TIqs8HlZe1oAhYkAaB9KAWomH+2jbzQHuBZaW8
p4JuOj0UMNR8pxnC7vHmbycLsP0dsoQDXHH2fKjcqt1k4fbOUXvQW1T+n0u3kL+u
eAKyOVPxzPr1Yp0GA2uGgZq5zT63j6DKnAimL64mRlbWwtz4848x
-----END CERTIFICATE-----