Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/e8d4c5-5d11-4d79-82ed-83f6852bf958/1/zSGSGL1Bc2vY4JAY-pZQ4A9Zpjc.roa
File:                     zSGSGL1Bc2vY4JAY-pZQ4A9Zpjc.roa (raw, json)
Hash identifier:          /3USw1NR98bSwMFj/ZJVVPjJTXIZQUJLATH2+vVnW5M=
Subject key identifier:   CD:21:92:18:BD:41:73:6B:D8:E0:90:18:FA:96:50:E0:0F:59:A6:37
Certificate issuer:       /CN=5a93259014f5b764847072c3734ecb528072218d
Certificate serial:       018CC86F996A2C65763353AB255E7F66E50A
Authority key identifier: 5A:93:25:90:14:F5:B7:64:84:70:72:C3:73:4E:CB:52:80:72:21:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WpMlkBT1t2SEcHLDc07LUoByIY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/e8d4c5-5d11-4d79-82ed-83f6852bf958/1/zSGSGL1Bc2vY4JAY-pZQ4A9Zpjc.roa
Signing time:             Tue 02 Jan 2024 04:30:06 +0000
ROA not before:           Tue 02 Jan 2024 04:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57729
IP address blocks:        194.31.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/e8d4c5-5d11-4d79-82ed-83f6852bf958/1/WpMlkBT1t2SEcHLDc07LUoByIY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/e8d4c5-5d11-4d79-82ed-83f6852bf958/1/WpMlkBT1t2SEcHLDc07LUoByIY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WpMlkBT1t2SEcHLDc07LUoByIY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Jun 2024 01:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:99:6a:2c:65:76:33:53:ab:25:5e:7f:66:e5:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a93259014f5b764847072c3734ecb528072218d
        Validity
            Not Before: Jan  2 04:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd219218bd41736bd8e09018fa9650e00f59a637
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:47:6e:38:1a:ee:3b:cd:cb:92:09:e8:f5:72:
                    c1:bb:02:a7:c5:10:9b:20:7c:5a:7f:d1:eb:c9:ec:
                    65:9b:a5:cd:09:45:47:23:af:d0:f9:bd:46:59:d1:
                    2b:2e:c7:fa:95:19:84:ab:d0:1c:1b:3b:d2:d0:ac:
                    bb:68:eb:f7:6e:4c:d7:f4:11:8a:d5:40:33:27:8f:
                    26:d5:b3:66:fd:9e:09:15:81:1c:14:7a:8d:13:da:
                    c6:40:2b:d3:21:09:7b:0e:0c:89:b1:da:a6:1b:93:
                    a5:cf:40:bc:e0:53:29:cd:01:e1:df:29:c4:4e:93:
                    19:ad:4b:56:3b:77:68:c0:fb:7b:5e:08:e5:9f:df:
                    26:b6:22:d0:eb:24:d7:1f:90:4f:07:4c:d4:cb:4b:
                    ad:f1:f7:cf:96:f3:3a:c8:c8:67:8b:92:69:81:4f:
                    8c:c8:c1:da:7d:e0:7d:6e:14:74:22:52:a3:16:52:
                    7c:48:62:cb:a1:35:2a:b5:be:e3:06:13:a4:41:61:
                    9d:82:37:12:97:48:f1:ac:ee:9c:a8:7e:32:5d:44:
                    34:ac:7f:0d:33:2a:de:91:ab:38:23:50:ad:e2:f9:
                    86:fd:2f:93:6f:8b:4b:2b:53:5d:c7:ad:5f:e1:76:
                    c0:5f:ab:af:80:07:c9:d0:67:d8:31:0a:6f:76:90:
                    63:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:21:92:18:BD:41:73:6B:D8:E0:90:18:FA:96:50:E0:0F:59:A6:37
            X509v3 Authority Key Identifier:
                keyid:5A:93:25:90:14:F5:B7:64:84:70:72:C3:73:4E:CB:52:80:72:21:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WpMlkBT1t2SEcHLDc07LUoByIY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/e8d4c5-5d11-4d79-82ed-83f6852bf958/1/zSGSGL1Bc2vY4JAY-pZQ4A9Zpjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/e8d4c5-5d11-4d79-82ed-83f6852bf958/1/WpMlkBT1t2SEcHLDc07LUoByIY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:0c:3a:03:5f:44:12:d2:0a:77:c7:c3:f0:ad:81:6f:d5:73:
         76:e2:81:85:7c:35:6d:e1:d9:2f:d4:ef:1b:5e:b2:20:7b:1f:
         6c:4f:bd:4d:e1:cd:be:fe:71:f9:8c:3c:99:d4:f1:23:68:49:
         6f:b6:85:a4:04:d7:32:a0:04:f5:e4:1c:2b:db:62:ab:be:7d:
         16:5f:b7:ca:6c:55:e2:31:0c:57:99:d4:3f:89:98:65:d3:7d:
         cc:a7:ef:4e:cc:ae:84:28:5e:15:c5:a1:ca:72:fe:37:3d:d9:
         e5:f5:ef:8f:be:63:07:dc:c9:41:af:80:7c:50:b2:61:7e:d8:
         59:56:0b:1b:50:f2:09:39:c4:3f:6f:cf:68:09:78:ff:96:04:
         2e:94:5c:f7:62:ca:a4:a1:65:fc:3f:ca:1f:76:9b:e2:22:5b:
         12:0c:7f:74:ef:d1:2b:c0:fb:25:b5:ed:ea:60:dc:a0:c0:e8:
         3e:eb:0f:32:da:6d:80:d2:4e:db:60:aa:1a:05:e0:66:c4:e1:
         e6:7c:8f:cd:9b:fc:72:83:df:4b:e2:74:de:9e:7c:b3:9c:a6:
         ef:26:a8:7f:a8:f3:16:b0:5d:79:33:c4:f7:f7:7a:55:69:da:
         09:e2:c9:2d:30:7d:00:32:2d:28:ed:16:b5:bf:4a:38:6c:9d:
         78:37:e7:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb5lqLGV2M1OrJV5/ZuUKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhOTMyNTkwMTRmNWI3NjQ4NDcwNzJjMzczNGVjYjUyODA3
MjIxOGQwHhcNMjQwMTAyMDQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDIxOTIxOGJkNDE3MzZiZDhlMDkwMThmYTk2NTBlMDBmNTlhNjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkduOBruO83Lkgno9XLBuwKnxRCb
IHxaf9Hryexlm6XNCUVHI6/Q+b1GWdErLsf6lRmEq9AcGzvS0Ky7aOv3bkzX9BGK
1UAzJ48m1bNm/Z4JFYEcFHqNE9rGQCvTIQl7DgyJsdqmG5Olz0C84FMpzQHh3ynE
TpMZrUtWO3dowPt7Xgjln98mtiLQ6yTXH5BPB0zUy0ut8ffPlvM6yMhni5JpgU+M
yMHafeB9bhR0IlKjFlJ8SGLLoTUqtb7jBhOkQWGdgjcSl0jxrO6cqH4yXUQ0rH8N
Myrekas4I1Ct4vmG/S+Tb4tLK1Ndx61f4XbAX6uvgAfJ0GfYMQpvdpBjlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM0hkhi9QXNr2OCQGPqWUOAPWaY3MB8GA1UdIwQY
MBaAFFqTJZAU9bdkhHByw3NOy1KAciGNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3BNbGtCVDF0MlNFY0hMRGMwN0xVb0J5SVkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9lOGQ0YzUtNWQxMS00ZDc5LTgyZWQt
ODNmNjg1MmJmOTU4LzEvelNHU0dMMUJjMnZZNEpBWS1wWlE0QTlacGpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9lOGQ0YzUtNWQxMS00ZDc5LTgyZWQtODNmNjg1MmJmOTU4
LzEvV3BNbGtCVDF0MlNFY0hMRGMwN0xVb0J5SVkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh89MA0G
CSqGSIb3DQEBCwUAA4IBAQBjDDoDX0QS0gp3x8PwrYFv1XN24oGFfDVt4dkv1O8b
XrIgex9sT71N4c2+/nH5jDyZ1PEjaElvtoWkBNcyoAT15Bwr22Krvn0WX7fKbFXi
MQxXmdQ/iZhl033Mp+9OzK6EKF4VxaHKcv43Pdnl9e+PvmMH3MlBr4B8ULJhfthZ
VgsbUPIJOcQ/b89oCXj/lgQulFz3YsqkoWX8P8ofdpviIlsSDH9079ErwPslte3q
YNygwOg+6w8y2m2A0k7bYKoaBeBmxOHmfI/Nm/xyg99L4nTennyznKbvJqh/qPMW
sF15M8T393pVadoJ4sktMH0AMi0o7Ra1v0o4bJ14N+cQ
-----END CERTIFICATE-----