Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/4444ab-3da3-418b-a105-f2fe0d04bfbf/1/ZyEM52KArNUemSA9APTffn7vyu8.roa
File:                     ZyEM52KArNUemSA9APTffn7vyu8.roa (raw, json)
Hash identifier:          1gqklIS+a/daL94H7vytgoct0Hcyeqj9P9yWeUq3I3s=
Subject key identifier:   67:21:0C:E7:62:80:AC:D5:1E:99:20:3D:00:F4:DF:7E:7E:EF:CA:EF
Certificate issuer:       /CN=ddd9770c307ea3960c8da268a8865a4a9fa634c9
Certificate serial:       019034351E0B257509A4EA39FAC31365B493
Authority key identifier: DD:D9:77:0C:30:7E:A3:96:0C:8D:A2:68:A8:86:5A:4A:9F:A6:34:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3dl3DDB-o5YMjaJoqIZaSp-mNMk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/4444ab-3da3-418b-a105-f2fe0d04bfbf/1/ZyEM52KArNUemSA9APTffn7vyu8.roa
Signing time:             Thu 20 Jun 2024 05:53:34 +0000
ROA not before:           Thu 20 Jun 2024 05:53:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        193.34.56.0/24 maxlen: 24
                          193.34.57.0/24 maxlen: 24
                          193.34.58.0/24 maxlen: 24
                          193.34.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/4444ab-3da3-418b-a105-f2fe0d04bfbf/1/3dl3DDB-o5YMjaJoqIZaSp-mNMk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/4444ab-3da3-418b-a105-f2fe0d04bfbf/1/3dl3DDB-o5YMjaJoqIZaSp-mNMk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3dl3DDB-o5YMjaJoqIZaSp-mNMk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 14:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:34:35:1e:0b:25:75:09:a4:ea:39:fa:c3:13:65:b4:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddd9770c307ea3960c8da268a8865a4a9fa634c9
        Validity
            Not Before: Jun 20 05:53:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67210ce76280acd51e99203d00f4df7e7eefcaef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:dc:97:6d:ac:fb:e1:a6:92:1b:33:6e:b4:ae:
                    b6:c8:c6:c2:40:a9:9b:52:41:da:ab:d5:ad:13:35:
                    01:d4:c5:f0:7d:42:b6:77:49:3a:a0:18:64:e7:e6:
                    00:fa:92:2e:ab:75:96:eb:d9:9b:49:a6:ff:43:05:
                    a2:11:4c:60:46:29:93:65:b7:95:9f:c7:ba:f7:69:
                    bc:4f:60:55:12:61:f2:98:b2:95:06:cd:21:b1:f7:
                    e0:29:9e:84:01:f3:16:e0:ac:e0:61:c3:15:d9:92:
                    0a:b4:fb:0a:41:f2:ab:87:c8:27:cb:2e:2d:2a:1c:
                    b6:e3:3a:51:5e:a1:ff:0d:69:a3:1e:0c:d5:2b:19:
                    10:9b:6f:42:4a:2f:fe:20:6f:dd:42:2c:3a:83:82:
                    b3:0c:1d:51:b6:05:94:8a:3b:d8:cf:05:19:8e:4d:
                    fb:d5:9e:00:6d:f6:ce:7d:25:63:fa:37:80:01:d3:
                    b2:0d:46:77:ec:be:1d:cf:18:d6:29:c1:24:c4:b4:
                    62:42:df:6c:b2:f7:2a:0b:fb:78:65:7d:e7:6f:1c:
                    79:53:16:d2:13:0b:a3:ec:3c:21:0a:c3:e9:ab:f0:
                    b9:54:9b:64:68:29:20:82:d9:83:61:a7:e6:66:16:
                    82:58:f8:eb:8f:ad:58:e5:7b:3a:d0:b1:f1:b4:b3:
                    2b:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:21:0C:E7:62:80:AC:D5:1E:99:20:3D:00:F4:DF:7E:7E:EF:CA:EF
            X509v3 Authority Key Identifier:
                keyid:DD:D9:77:0C:30:7E:A3:96:0C:8D:A2:68:A8:86:5A:4A:9F:A6:34:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3dl3DDB-o5YMjaJoqIZaSp-mNMk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/4444ab-3da3-418b-a105-f2fe0d04bfbf/1/ZyEM52KArNUemSA9APTffn7vyu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/4444ab-3da3-418b-a105-f2fe0d04bfbf/1/3dl3DDB-o5YMjaJoqIZaSp-mNMk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:5d:1c:c1:8a:5c:35:d7:e5:00:fa:a1:5f:ad:ae:2d:60:3e:
         5e:cd:4d:b4:0c:17:11:ff:52:6f:01:3c:a3:af:3c:3c:54:40:
         42:64:e2:68:4a:c8:5f:4a:59:21:7d:67:d5:82:aa:86:13:6f:
         b9:69:08:0c:0c:0b:57:fe:94:d0:f6:e1:32:ff:83:bb:36:e5:
         01:c8:81:f1:b4:86:7b:39:d2:46:0c:52:8c:ef:b5:95:b1:56:
         57:4f:cb:c3:6a:45:61:a9:8c:35:f6:ae:16:a2:20:b2:3f:fb:
         d9:7b:69:2a:0b:c3:eb:7f:7c:f7:84:8e:28:03:4e:e6:33:f7:
         c0:04:6f:45:3e:55:f0:5a:f0:51:e9:65:75:d5:ff:b5:8d:d5:
         72:7a:da:be:0a:87:2a:b2:f2:cf:5f:36:29:15:53:b0:6a:c3:
         df:26:4f:63:60:71:4a:4b:55:47:44:59:ee:ab:ea:1b:ea:11:
         ba:6b:51:28:0f:92:ac:4a:06:65:f3:af:3f:8d:63:22:59:be:
         89:24:01:16:c2:d3:16:52:97:59:4d:a9:1b:2e:fb:bd:5a:e4:
         99:9a:9f:f1:bd:17:b9:d6:bb:b8:cc:e1:e6:03:de:57:ff:8b:
         99:02:a9:50:4f:b8:c5:ac:3e:44:57:9d:1c:0a:44:26:67:00:
         29:3a:65:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZA0NR4LJXUJpOo5+sMTZbSTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZDk3NzBjMzA3ZWEzOTYwYzhkYTI2OGE4ODY1YTRhOWZh
NjM0YzkwHhcNMjQwNjIwMDU1MzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzIxMGNlNzYyODBhY2Q1MWU5OTIwM2QwMGY0ZGY3ZTdlZWZjYWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NyXbaz74aaSGzNutK62yMbCQKmb
UkHaq9WtEzUB1MXwfUK2d0k6oBhk5+YA+pIuq3WW69mbSab/QwWiEUxgRimTZbeV
n8e692m8T2BVEmHymLKVBs0hsffgKZ6EAfMW4KzgYcMV2ZIKtPsKQfKrh8gnyy4t
Khy24zpRXqH/DWmjHgzVKxkQm29CSi/+IG/dQiw6g4KzDB1RtgWUijvYzwUZjk37
1Z4AbfbOfSVj+jeAAdOyDUZ37L4dzxjWKcEkxLRiQt9ssvcqC/t4ZX3nbxx5UxbS
Ewuj7DwhCsPpq/C5VJtkaCkggtmDYafmZhaCWPjrj61Y5Xs60LHxtLMrUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGchDOdigKzVHpkgPQD0335+78rvMB8GA1UdIwQY
MBaAFN3ZdwwwfqOWDI2iaKiGWkqfpjTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2RsM0REQi1vNVlNamFKb3FJWmFTcC1tTk1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My80NDQ0YWItM2RhMy00MThiLWExMDUt
ZjJmZTBkMDRiZmJmLzEvWnlFTTUyS0FyTlVlbVNBOUFQVGZmbjd2eXU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My80NDQ0YWItM2RhMy00MThiLWExMDUtZjJmZTBkMDRiZmJm
LzEvM2RsM0REQi1vNVlNamFKb3FJWmFTcC1tTk1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSI4MA0G
CSqGSIb3DQEBCwUAA4IBAQA6XRzBilw11+UA+qFfra4tYD5ezU20DBcR/1JvATyj
rzw8VEBCZOJoSshfSlkhfWfVgqqGE2+5aQgMDAtX/pTQ9uEy/4O7NuUByIHxtIZ7
OdJGDFKM77WVsVZXT8vDakVhqYw19q4WoiCyP/vZe2kqC8Prf3z3hI4oA07mM/fA
BG9FPlXwWvBR6WV11f+1jdVyetq+CocqsvLPXzYpFVOwasPfJk9jYHFKS1VHRFnu
q+ob6hG6a1EoD5KsSgZl868/jWMiWb6JJAEWwtMWUpdZTakbLvu9WuSZmp/xvRe5
1ru4zOHmA95X/4uZAqlQT7jFrD5EV50cCkQmZwApOmWo
-----END CERTIFICATE-----