Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/Z4j1DLQanFUmbIvnmG3K9H6cQ8I.roa
File:                     Z4j1DLQanFUmbIvnmG3K9H6cQ8I.roa (raw, json)
Hash identifier:          HtEqRzOi35BsTdQW6U6mqsrN2fZfG+M+ArMg7578XcY=
Subject key identifier:   67:88:F5:0C:B4:1A:9C:55:26:6C:8B:E7:98:6D:CA:F4:7E:9C:43:C2
Certificate issuer:       /CN=23662c9a980ad7584650abaa3545b9ea91d3e35e
Certificate serial:       018CC4938827773C6369EA0235335FB41D74
Authority key identifier: 23:66:2C:9A:98:0A:D7:58:46:50:AB:AA:35:45:B9:EA:91:D3:E3:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I2YsmpgK11hGUKuqNUW56pHT414.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/Z4j1DLQanFUmbIvnmG3K9H6cQ8I.roa
Signing time:             Mon 01 Jan 2024 10:30:52 +0000
ROA not before:           Mon 01 Jan 2024 10:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49009
IP address blocks:        2a03:2267:4e16::/48 maxlen: 48
                          2a03:2267:54ae::/48 maxlen: 48
                          2a03:2267::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/I2YsmpgK11hGUKuqNUW56pHT414.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/I2YsmpgK11hGUKuqNUW56pHT414.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I2YsmpgK11hGUKuqNUW56pHT414.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:88:27:77:3c:63:69:ea:02:35:33:5f:b4:1d:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23662c9a980ad7584650abaa3545b9ea91d3e35e
        Validity
            Not Before: Jan  1 10:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6788f50cb41a9c55266c8be7986dcaf47e9c43c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:78:95:22:4c:a1:94:d5:7d:2e:e8:d6:0f:75:
                    00:4e:73:f1:24:04:8b:6d:29:ac:5d:ac:52:72:1d:
                    ac:bf:2d:45:ae:67:43:c9:c1:3c:62:b5:a3:9e:4c:
                    70:0f:51:27:d3:f0:17:06:43:a9:74:77:d5:89:dc:
                    42:a2:d4:dd:41:7d:7f:48:7e:88:e9:c9:10:27:81:
                    66:66:bb:e9:43:24:b2:1e:ca:7f:19:a8:a4:8e:71:
                    f7:ae:f0:85:58:69:bf:1d:db:8e:31:7a:84:01:46:
                    b8:68:e4:34:f3:35:84:bc:13:8a:31:16:77:d6:15:
                    05:c3:57:79:a9:c7:7e:1f:96:bc:f2:b7:44:92:6a:
                    ef:99:b0:65:bc:eb:31:47:62:4e:8d:f3:9a:22:ca:
                    44:c7:75:0b:7a:47:ec:1d:85:de:a2:6d:92:97:74:
                    88:92:8f:dd:2e:cc:ba:14:4b:ea:9b:0e:be:ec:ce:
                    4c:a5:fd:4c:4b:19:2f:e7:a7:b2:a5:b0:b0:d4:1b:
                    7a:e2:05:e3:39:ef:4f:1d:96:4f:86:35:f0:21:e5:
                    55:da:69:51:fa:a4:19:12:59:82:77:a5:f7:23:4d:
                    56:f0:24:b3:ab:a9:87:26:a9:e7:ac:a9:b6:02:4a:
                    32:da:46:1c:ad:5c:ff:4d:94:fd:4a:3d:0a:51:1c:
                    c4:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:88:F5:0C:B4:1A:9C:55:26:6C:8B:E7:98:6D:CA:F4:7E:9C:43:C2
            X509v3 Authority Key Identifier:
                keyid:23:66:2C:9A:98:0A:D7:58:46:50:AB:AA:35:45:B9:EA:91:D3:E3:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I2YsmpgK11hGUKuqNUW56pHT414.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/Z4j1DLQanFUmbIvnmG3K9H6cQ8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/0175e6-427b-4ef9-8eb1-8232e350d458/1/I2YsmpgK11hGUKuqNUW56pHT414.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:2267::/32

    Signature Algorithm: sha256WithRSAEncryption
         08:33:c8:dc:f1:04:b7:5e:f1:ed:34:0b:0e:a1:90:5a:70:98:
         d8:8a:50:fa:f4:25:94:6e:1b:7f:e6:51:6d:8d:a1:3c:dc:40:
         e3:e0:13:7d:65:7b:93:0d:7c:96:e5:66:b4:f3:17:57:86:b0:
         2c:5f:4f:ec:90:e4:92:d8:8a:2e:6f:dd:9c:07:f3:36:b1:38:
         9a:0d:17:f1:85:de:ee:4b:97:d2:ae:4e:16:62:e6:eb:b8:02:
         1e:95:2a:c8:25:a4:6b:5f:2e:3d:45:7e:82:77:d9:7d:37:cb:
         fe:94:9a:1c:5e:5d:01:0d:2e:71:a6:cc:b1:6c:8d:03:e9:bf:
         87:03:ee:3a:17:cf:f9:40:97:76:7c:09:e5:8c:25:22:4e:c6:
         29:33:4a:25:c9:76:22:bc:e0:7a:65:7b:3b:48:49:5b:52:47:
         fb:b2:c1:c7:53:5b:b7:f1:cb:a9:36:6d:53:00:d8:06:a9:bd:
         bc:af:37:64:07:0d:ac:df:ee:c3:45:be:1d:94:28:74:db:85:
         56:e0:1c:34:3b:4a:ec:4d:63:b4:8f:d2:0b:31:04:57:00:2b:
         e2:c5:74:ee:12:ce:b7:71:8b:09:fb:b4:42:59:6c:ed:02:a8:
         ef:4f:bd:02:0d:d4:4b:34:7a:34:e4:1d:cb:79:dd:c7:53:58:
         2a:31:15:44
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEk4gndzxjaeoCNTNftB10MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNjYyYzlhOTgwYWQ3NTg0NjUwYWJhYTM1NDViOWVhOTFk
M2UzNWUwHhcNMjQwMTAxMTAzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzg4ZjUwY2I0MWE5YzU1MjY2YzhiZTc5ODZkY2FmNDdlOWM0M2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoniVIkyhlNV9LujWD3UATnPxJASL
bSmsXaxSch2svy1FrmdDycE8YrWjnkxwD1En0/AXBkOpdHfVidxCotTdQX1/SH6I
6ckQJ4FmZrvpQySyHsp/GaikjnH3rvCFWGm/HduOMXqEAUa4aOQ08zWEvBOKMRZ3
1hUFw1d5qcd+H5a88rdEkmrvmbBlvOsxR2JOjfOaIspEx3ULekfsHYXeom2Sl3SI
ko/dLsy6FEvqmw6+7M5Mpf1MSxkv56eypbCw1Bt64gXjOe9PHZZPhjXwIeVV2mlR
+qQZElmCd6X3I01W8CSzq6mHJqnnrKm2Akoy2kYcrVz/TZT9Sj0KURzEaQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGeI9Qy0GpxVJmyL55htyvR+nEPCMB8GA1UdIwQY
MBaAFCNmLJqYCtdYRlCrqjVFueqR0+NeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTJZc21wZ0sxMWhHVUt1cU5VVzU2cEhUNDE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8wMTc1ZTYtNDI3Yi00ZWY5LThlYjEt
ODIzMmUzNTBkNDU4LzEvWjRqMURMUWFuRlVtYkl2bm1HM0s5SDZjUThJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8wMTc1ZTYtNDI3Yi00ZWY5LThlYjEtODIzMmUzNTBkNDU4
LzEvSTJZc21wZ0sxMWhHVUt1cU5VVzU2cEhUNDE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgMiZzAN
BgkqhkiG9w0BAQsFAAOCAQEACDPI3PEEt17x7TQLDqGQWnCY2IpQ+vQllG4bf+ZR
bY2hPNxA4+ATfWV7kw18luVmtPMXV4awLF9P7JDkktiKLm/dnAfzNrE4mg0X8YXe
7kuX0q5OFmLm67gCHpUqyCWka18uPUV+gnfZfTfL/pSaHF5dAQ0ucabMsWyNA+m/
hwPuOhfP+UCXdnwJ5YwlIk7GKTNKJcl2IrzgemV7O0hJW1JH+7LBx1Nbt/HLqTZt
UwDYBqm9vK83ZAcNrN/uw0W+HZQodNuFVuAcNDtK7E1jtI/SCzEEVwAr4sV07hLO
t3GLCfu0Qlls7QKo70+9Ag3USzR6NOQdy3ndx1NYKjEVRA==
-----END CERTIFICATE-----