Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/dd6ea7-bdb8-47c3-964f-2af9178382fb/1/zqAcylR6KM19jXxpPTt4DJupqU8.roa
File:                     zqAcylR6KM19jXxpPTt4DJupqU8.roa (raw, json)
Hash identifier:          IvbfAZO/+ZLFKIN2lL/NpXAO4jEguwSLKG+/Te8JsMM=
Subject key identifier:   CE:A0:1C:CA:54:7A:28:CD:7D:8D:7C:69:3D:3B:78:0C:9B:A9:A9:4F
Certificate issuer:       /CN=771bce29a36cbde898ac00707db95143f86a7922
Certificate serial:       018CC5DD15F3D28F4C5005F9C25003A1F41B
Authority key identifier: 77:1B:CE:29:A3:6C:BD:E8:98:AC:00:70:7D:B9:51:43:F8:6A:79:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dxvOKaNsveiYrABwfblRQ_hqeSI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/dd6ea7-bdb8-47c3-964f-2af9178382fb/1/zqAcylR6KM19jXxpPTt4DJupqU8.roa
Signing time:             Mon 01 Jan 2024 16:30:49 +0000
ROA not before:           Mon 01 Jan 2024 16:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8893
IP address blocks:        194.105.146.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/dd6ea7-bdb8-47c3-964f-2af9178382fb/1/dxvOKaNsveiYrABwfblRQ_hqeSI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/dd6ea7-bdb8-47c3-964f-2af9178382fb/1/dxvOKaNsveiYrABwfblRQ_hqeSI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dxvOKaNsveiYrABwfblRQ_hqeSI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:15:f3:d2:8f:4c:50:05:f9:c2:50:03:a1:f4:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=771bce29a36cbde898ac00707db95143f86a7922
        Validity
            Not Before: Jan  1 16:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cea01cca547a28cd7d8d7c693d3b780c9ba9a94f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:f7:f6:5f:19:de:50:2d:51:d5:af:87:0f:62:
                    59:83:6f:aa:a0:d8:e5:a1:ba:80:48:5b:fb:8e:87:
                    38:66:a1:67:5f:6f:cf:44:e5:ac:a7:c3:8f:5d:05:
                    74:a6:19:32:0e:e5:c6:af:63:95:cb:69:fc:aa:2d:
                    2b:e8:8a:45:bd:02:97:ed:06:3a:d4:74:b1:e8:23:
                    a9:7d:57:6c:3f:cc:9b:30:0d:57:8d:73:8c:27:85:
                    e0:ad:53:d7:52:2c:ab:7a:cd:6d:64:c6:31:79:6b:
                    fb:59:d6:c7:c0:96:f1:13:f4:9a:2d:aa:ef:1a:ba:
                    f3:0d:52:37:40:90:e1:40:cf:9c:8a:a8:47:ea:f5:
                    f4:12:03:0e:05:fb:63:f6:c0:3f:08:e2:b6:fe:9c:
                    d3:97:d5:1c:1e:af:14:b5:04:b4:02:e8:1e:11:91:
                    f7:89:be:be:59:8c:74:ab:7c:86:ae:dd:53:5b:94:
                    4f:fc:a5:f5:57:24:3c:6c:9a:00:9a:60:0c:cf:08:
                    d6:56:21:1e:4a:c0:3f:a2:18:78:cc:92:1c:0d:bc:
                    2e:e5:ef:5e:45:a5:81:09:f1:c0:e2:48:e7:26:a4:
                    af:ce:10:b8:ab:04:9d:a9:b4:0f:b0:54:e5:18:e5:
                    da:2b:27:e3:35:3e:ec:92:ac:63:02:54:bb:02:36:
                    fe:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:A0:1C:CA:54:7A:28:CD:7D:8D:7C:69:3D:3B:78:0C:9B:A9:A9:4F
            X509v3 Authority Key Identifier:
                keyid:77:1B:CE:29:A3:6C:BD:E8:98:AC:00:70:7D:B9:51:43:F8:6A:79:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dxvOKaNsveiYrABwfblRQ_hqeSI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/dd6ea7-bdb8-47c3-964f-2af9178382fb/1/zqAcylR6KM19jXxpPTt4DJupqU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/dd6ea7-bdb8-47c3-964f-2af9178382fb/1/dxvOKaNsveiYrABwfblRQ_hqeSI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.105.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         77:98:7d:a5:b6:b9:f2:e6:09:4d:27:54:b9:8e:50:fa:6e:a0:
         30:c0:da:69:43:35:11:52:ae:ef:1a:ef:41:84:39:56:1e:91:
         39:76:3f:8b:66:a4:82:2d:f1:09:30:f6:e4:d1:6a:c9:64:d3:
         06:75:53:f9:ac:42:e0:a7:c7:c5:92:bf:05:d4:8c:cc:cd:0f:
         c5:41:34:91:de:6e:6b:1d:e1:5c:fa:e1:17:36:75:6a:da:3d:
         46:25:98:89:ff:50:c9:8f:32:c7:38:8d:bc:da:ab:57:4b:e2:
         b4:a8:79:16:61:9c:45:40:45:03:b1:61:2c:c9:4c:51:c1:ca:
         d7:13:f8:61:2b:b9:ab:62:5d:61:8f:d8:60:0a:af:ab:a3:a7:
         d9:2c:6f:49:b3:3e:d6:1c:29:12:44:08:e5:59:57:f0:5c:26:
         52:6d:65:cb:26:d1:9c:bf:36:eb:3c:07:72:e7:21:5c:8e:8f:
         90:66:76:8d:f1:54:98:62:26:06:f1:bf:60:ce:c9:4d:b9:e3:
         50:51:27:fb:bf:64:1e:8d:22:dd:4f:0e:17:fa:e3:03:93:fe:
         9f:8e:d9:ce:29:f6:a8:0d:32:74:b5:8f:44:8c:58:46:c4:ae:
         e7:bc:2c:23:d1:f8:15:df:bb:2c:94:f4:5d:21:31:90:cc:63:
         84:e7:5d:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3RXz0o9MUAX5wlADofQbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MWJjZTI5YTM2Y2JkZTg5OGFjMDA3MDdkYjk1MTQzZjg2
YTc5MjIwHhcNMjQwMTAxMTYzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWEwMWNjYTU0N2EyOGNkN2Q4ZDdjNjkzZDNiNzgwYzliYTlhOTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7vf2XxneUC1R1a+HD2JZg2+qoNjl
obqASFv7joc4ZqFnX2/PROWsp8OPXQV0phkyDuXGr2OVy2n8qi0r6IpFvQKX7QY6
1HSx6COpfVdsP8ybMA1XjXOMJ4XgrVPXUiyres1tZMYxeWv7WdbHwJbxE/SaLarv
GrrzDVI3QJDhQM+ciqhH6vX0EgMOBftj9sA/COK2/pzTl9UcHq8UtQS0AugeEZH3
ib6+WYx0q3yGrt1TW5RP/KX1VyQ8bJoAmmAMzwjWViEeSsA/ohh4zJIcDbwu5e9e
RaWBCfHA4kjnJqSvzhC4qwSdqbQPsFTlGOXaKyfjNT7skqxjAlS7Ajb+VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM6gHMpUeijNfY18aT07eAybqalPMB8GA1UdIwQY
MBaAFHcbzimjbL3omKwAcH25UUP4ankiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHh2T0thTnN2ZWlZckFCd2ZibFJRX2hxZVNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9kZDZlYTctYmRiOC00N2MzLTk2NGYt
MmFmOTE3ODM4MmZiLzEvenFBY3lsUjZLTTE5alh4cFBUdDRESnVwcVU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9kZDZlYTctYmRiOC00N2MzLTk2NGYtMmFmOTE3ODM4MmZi
LzEvZHh2T0thTnN2ZWlZckFCd2ZibFJRX2hxZVNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwmmSMA0G
CSqGSIb3DQEBCwUAA4IBAQB3mH2ltrny5glNJ1S5jlD6bqAwwNppQzURUq7vGu9B
hDlWHpE5dj+LZqSCLfEJMPbk0WrJZNMGdVP5rELgp8fFkr8F1IzMzQ/FQTSR3m5r
HeFc+uEXNnVq2j1GJZiJ/1DJjzLHOI282qtXS+K0qHkWYZxFQEUDsWEsyUxRwcrX
E/hhK7mrYl1hj9hgCq+ro6fZLG9Jsz7WHCkSRAjlWVfwXCZSbWXLJtGcvzbrPAdy
5yFcjo+QZnaN8VSYYiYG8b9gzslNueNQUSf7v2QejSLdTw4X+uMDk/6fjtnOKfao
DTJ0tY9EjFhGxK7nvCwj0fgV37sslPRdITGQzGOE512c
-----END CERTIFICATE-----