Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/ZhqPDcOCapfROWQiuyGvFSjWEXg.roa
File:                     ZhqPDcOCapfROWQiuyGvFSjWEXg.roa (raw, json)
Hash identifier:          fi2CuUQSUV3xEVgwLqLDdwHdZIDDzlmwMtqZAJe3hA4=
Subject key identifier:   66:1A:8F:0D:C3:82:6A:97:D1:39:64:22:BB:21:AF:15:28:D6:11:78
Certificate issuer:       /CN=91381bc969de6adc3d1ddc0eb89bdeeace9805cd
Certificate serial:       018CC4931D34A47B3402E27447D9F7A3B18C
Authority key identifier: 91:38:1B:C9:69:DE:6A:DC:3D:1D:DC:0E:B8:9B:DE:EA:CE:98:05:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kTgbyWneatw9HdwOuJve6s6YBc0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/ZhqPDcOCapfROWQiuyGvFSjWEXg.roa
Signing time:             Mon 01 Jan 2024 10:30:24 +0000
ROA not before:           Mon 01 Jan 2024 10:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12213
IP address blocks:        185.143.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/kTgbyWneatw9HdwOuJve6s6YBc0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/kTgbyWneatw9HdwOuJve6s6YBc0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kTgbyWneatw9HdwOuJve6s6YBc0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:1d:34:a4:7b:34:02:e2:74:47:d9:f7:a3:b1:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91381bc969de6adc3d1ddc0eb89bdeeace9805cd
        Validity
            Not Before: Jan  1 10:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=661a8f0dc3826a97d1396422bb21af1528d61178
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:33:35:34:0d:d9:66:0c:5d:5b:d9:8e:0d:79:
                    0a:62:79:86:1c:e2:62:b4:a2:e0:62:a3:ad:18:22:
                    68:4a:5a:09:c8:d2:d7:84:21:e5:13:a8:77:fb:5a:
                    90:17:ab:5d:a2:53:2d:d6:41:49:76:20:cf:53:16:
                    9a:c8:8b:ee:ef:28:42:d2:68:06:38:ae:5e:64:ed:
                    d2:e2:b3:37:44:90:80:0b:29:8d:d7:68:9c:d5:98:
                    b1:93:f7:d1:a1:89:1e:86:7c:af:78:42:a6:46:8a:
                    90:d9:62:51:f8:f4:a7:5f:5d:d1:e7:43:0b:cf:55:
                    b1:bb:32:2b:f8:af:6e:4e:7d:17:86:8a:4e:0d:65:
                    c3:4d:0d:3f:b8:93:37:68:59:2d:d8:2e:5c:14:83:
                    ee:4c:79:48:b7:8e:60:31:b2:f6:fe:c7:73:30:75:
                    81:09:d7:6b:28:5d:7a:52:3e:c4:be:e1:11:fd:0b:
                    f1:94:43:67:7e:21:47:4e:08:5f:c2:a0:a2:b6:57:
                    61:fe:23:29:ac:f9:ee:1b:db:1d:bf:6f:15:3c:d7:
                    aa:af:a6:ba:92:6b:2d:6a:20:af:bc:0c:d9:d6:f5:
                    d0:5f:b1:20:81:02:34:08:f5:60:04:d8:1a:87:29:
                    13:3e:36:0c:28:3a:5a:da:92:cc:0a:ed:fc:da:b5:
                    87:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:1A:8F:0D:C3:82:6A:97:D1:39:64:22:BB:21:AF:15:28:D6:11:78
            X509v3 Authority Key Identifier:
                keyid:91:38:1B:C9:69:DE:6A:DC:3D:1D:DC:0E:B8:9B:DE:EA:CE:98:05:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kTgbyWneatw9HdwOuJve6s6YBc0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/ZhqPDcOCapfROWQiuyGvFSjWEXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f35406-d8c4-4f5c-92ac-256da95d1345/1/kTgbyWneatw9HdwOuJve6s6YBc0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:30:a3:d7:47:53:f4:1b:2d:f5:c3:a0:88:24:87:78:b3:ab:
         6a:3f:68:3d:5f:52:37:cb:4a:29:90:fd:69:a7:b2:11:2e:bc:
         f6:50:68:0d:0d:25:84:0e:3d:87:db:57:cc:96:23:0d:8f:c4:
         35:26:73:53:a9:24:39:fe:ed:f9:4c:46:98:4f:b9:d4:2c:53:
         89:11:6f:e6:37:e9:b5:ca:f5:39:23:a4:a4:8a:5a:dd:69:f2:
         d4:a9:43:50:6f:56:2c:f0:b4:7c:10:07:ee:b5:20:09:79:7c:
         3e:8f:ea:8f:9c:1b:fb:31:09:f3:be:f5:46:7f:95:f2:25:73:
         83:11:58:b2:16:91:cb:4e:5c:5b:52:e8:d7:82:3a:c0:d5:45:
         ac:c7:0d:8e:0e:c6:cb:da:a3:f5:29:80:27:73:a2:6b:d0:38:
         88:d5:43:a8:2b:30:33:49:5f:ec:13:fc:99:c0:3f:df:7e:50:
         9b:07:1e:7c:6a:b3:f5:2f:3d:f6:24:fd:af:2f:86:58:55:38:
         be:0d:f4:bd:27:64:fb:34:95:76:7f:20:bb:d4:c0:fa:df:28:
         5c:da:b4:3d:a2:95:30:96:e8:ce:d7:43:c1:62:e4:a2:e9:fa:
         ae:8d:a5:93:85:6d:a5:7a:dc:d9:23:c5:f2:e7:7f:87:78:99:
         99:9f:44:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkx00pHs0AuJ0R9n3o7GMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxMzgxYmM5NjlkZTZhZGMzZDFkZGMwZWI4OWJkZWVhY2U5
ODA1Y2QwHhcNMjQwMTAxMTAzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjFhOGYwZGMzODI2YTk3ZDEzOTY0MjJiYjIxYWYxNTI4ZDYxMTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzM1NA3ZZgxdW9mODXkKYnmGHOJi
tKLgYqOtGCJoSloJyNLXhCHlE6h3+1qQF6tdolMt1kFJdiDPUxaayIvu7yhC0mgG
OK5eZO3S4rM3RJCACymN12ic1Zixk/fRoYkehnyveEKmRoqQ2WJR+PSnX13R50ML
z1WxuzIr+K9uTn0XhopODWXDTQ0/uJM3aFkt2C5cFIPuTHlIt45gMbL2/sdzMHWB
CddrKF16Uj7EvuER/QvxlENnfiFHTghfwqCitldh/iMprPnuG9sdv28VPNeqr6a6
kmstaiCvvAzZ1vXQX7EggQI0CPVgBNgahykTPjYMKDpa2pLMCu382rWHjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGYajw3DgmqX0TlkIrshrxUo1hF4MB8GA1UdIwQY
MBaAFJE4G8lp3mrcPR3cDrib3urOmAXNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1RnYnlXbmVhdHc5SGR3T3VKdmU2czZZQmMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9mMzU0MDYtZDhjNC00ZjVjLTkyYWMt
MjU2ZGE5NWQxMzQ1LzEvWmhxUERjT0NhcGZST1dRaXV5R3ZGU2pXRVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9mMzU0MDYtZDhjNC00ZjVjLTkyYWMtMjU2ZGE5NWQxMzQ1
LzEva1RnYnlXbmVhdHc5SGR3T3VKdmU2czZZQmMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY9OMA0G
CSqGSIb3DQEBCwUAA4IBAQCxMKPXR1P0Gy31w6CIJId4s6tqP2g9X1I3y0opkP1p
p7IRLrz2UGgNDSWEDj2H21fMliMNj8Q1JnNTqSQ5/u35TEaYT7nULFOJEW/mN+m1
yvU5I6SkilrdafLUqUNQb1Ys8LR8EAfutSAJeXw+j+qPnBv7MQnzvvVGf5XyJXOD
EViyFpHLTlxbUujXgjrA1UWsxw2ODsbL2qP1KYAnc6Jr0DiI1UOoKzAzSV/sE/yZ
wD/fflCbBx58arP1Lz32JP2vL4ZYVTi+DfS9J2T7NJV2fyC71MD63yhc2rQ9opUw
lujO10PBYuSi6fqujaWThW2letzZI8Xy53+HeJmZn0S6
-----END CERTIFICATE-----