Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/ZZUKIjHVO-4botwxeBT6GXT-Uig.roa
File:                     ZZUKIjHVO-4botwxeBT6GXT-Uig.roa (raw, json)
Hash identifier:          FT7lulbveGyu32Utqzbu0LxRmLjclkT4ixuWGxGXah8=
Subject key identifier:   65:95:0A:22:31:D5:3B:EE:1B:A2:DC:31:78:14:FA:19:74:FE:52:28
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01928F381BA0FAC55DC541860C307D7D501E
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/ZZUKIjHVO-4botwxeBT6GXT-Uig.roa
Signing time:             Tue 15 Oct 2024 08:07:51 +0000
ROA not before:           Tue 15 Oct 2024 08:07:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     265561
IP address blocks:        178.19.32.0/24 maxlen: 24
                          201.77.59.0/24 maxlen: 24
                          201.77.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8f:38:1b:a0:fa:c5:5d:c5:41:86:0c:30:7d:7d:50:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Oct 15 08:07:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65950a2231d53bee1ba2dc317814fa1974fe5228
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:9e:aa:e3:5d:41:ae:c2:45:1e:8b:41:91:db:
                    27:5d:59:76:85:8f:50:95:f1:d0:01:d3:b9:bb:db:
                    1f:fc:9c:a1:a6:1a:0a:9b:27:49:bc:30:6c:74:ac:
                    bb:54:b1:ff:06:ec:24:61:e7:b9:74:5e:92:50:e9:
                    4f:06:2e:42:8f:be:c3:1e:18:e5:92:fc:96:e5:3d:
                    f9:35:6e:8b:fa:05:f6:66:a1:85:3f:43:6a:06:5a:
                    8d:01:8e:06:cb:3b:02:31:b5:6f:38:27:28:c6:21:
                    af:32:04:f2:34:67:22:55:03:a3:a7:0d:73:71:0b:
                    13:aa:40:4c:40:d8:36:8f:03:c8:10:32:b5:70:94:
                    c7:c6:cc:47:54:6e:75:ef:90:14:71:37:cb:cb:e9:
                    08:32:e1:bd:cf:5f:f4:0c:ec:3e:0b:e3:15:2e:47:
                    0e:73:d5:be:f3:50:9c:f4:ab:9a:2c:20:8f:b1:0f:
                    d5:7a:51:26:f0:37:ca:5b:f8:1f:af:1f:1b:9f:1f:
                    ec:16:b7:fc:74:94:5f:15:e8:8c:14:2e:4d:5e:02:
                    16:e8:2a:93:40:52:9b:60:e4:63:9b:f8:12:de:1a:
                    19:e6:59:e0:95:3a:ea:db:0c:31:7c:99:7c:56:42:
                    4d:12:35:3c:fc:40:40:ba:c9:2d:db:98:ef:89:77:
                    91:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:95:0A:22:31:D5:3B:EE:1B:A2:DC:31:78:14:FA:19:74:FE:52:28
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/ZZUKIjHVO-4botwxeBT6GXT-Uig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.19.32.0/24
                  201.77.59.0-201.77.60.255

    Signature Algorithm: sha256WithRSAEncryption
         81:3b:ad:f5:26:41:72:19:98:f5:f6:e2:5e:3b:7a:ac:e7:af:
         11:d2:d4:f6:f5:14:da:5c:c7:2c:c8:d1:56:b4:bd:76:32:88:
         59:05:d3:b2:a1:fc:78:59:8c:59:e0:95:ad:f0:a4:6e:77:6c:
         60:c7:87:a8:1d:11:7c:a6:ab:3a:9b:d6:18:b1:fd:3c:14:43:
         95:fc:ff:97:cb:d7:72:0d:15:6b:a3:a3:d8:de:de:7c:1c:4f:
         21:6a:61:40:15:f7:e7:ed:c2:53:35:2e:bb:78:8f:7e:13:51:
         7d:22:9a:fb:f8:75:92:5a:51:df:86:25:76:7e:40:68:a5:5b:
         e2:72:5e:42:49:2a:01:42:b7:b5:a5:20:99:5b:fb:9e:c3:b9:
         9e:08:60:c2:a8:94:48:7e:83:0e:56:8d:6b:d1:c8:7d:de:c5:
         ea:c4:21:77:22:1f:da:13:c1:ca:22:c3:31:e2:47:28:a9:6f:
         13:a1:a4:20:4c:1c:c2:c3:a0:03:06:be:4e:c6:c3:77:bc:43:
         1a:08:18:62:ef:a1:3d:8a:68:ea:49:b3:82:ec:b1:8c:d4:9b:
         b8:fa:6e:81:27:2a:9e:33:66:a2:b6:eb:f2:33:12:ba:43:6c:
         49:b6:fc:4b:c5:55:ab:54:25:f3:ab:84:ed:76:39:65:a4:2c:
         3e:20:51:52
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZKPOBug+sVdxUGGDDB9fVAeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQxMDE1MDgwNzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTk1MGEyMjMxZDUzYmVlMWJhMmRjMzE3ODE0ZmExOTc0ZmU1MjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZ6q411BrsJFHotBkdsnXVl2hY9Q
lfHQAdO5u9sf/JyhphoKmydJvDBsdKy7VLH/BuwkYee5dF6SUOlPBi5Cj77DHhjl
kvyW5T35NW6L+gX2ZqGFP0NqBlqNAY4GyzsCMbVvOCcoxiGvMgTyNGciVQOjpw1z
cQsTqkBMQNg2jwPIEDK1cJTHxsxHVG5175AUcTfLy+kIMuG9z1/0DOw+C+MVLkcO
c9W+81Cc9KuaLCCPsQ/VelEm8DfKW/gfrx8bnx/sFrf8dJRfFeiMFC5NXgIW6CqT
QFKbYORjm/gS3hoZ5lnglTrq2wwxfJl8VkJNEjU8/EBAuskt25jviXeR4QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGWVCiIx1TvuG6LcMXgU+hl0/lIoMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvWlpVS0lqSFZPLTRib3R3eGVCVDZHWFQtVWlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAshMgMAwD
BADJTTsDBADJTTwwDQYJKoZIhvcNAQELBQADggEBAIE7rfUmQXIZmPX24l47eqzn
rxHS1Pb1FNpcxyzI0Va0vXYyiFkF07Kh/HhZjFngla3wpG53bGDHh6gdEXymqzqb
1hix/TwUQ5X8/5fL13INFWujo9je3nwcTyFqYUAV9+ftwlM1Lrt4j34TUX0imvv4
dZJaUd+GJXZ+QGilW+JyXkJJKgFCt7WlIJlb+57DuZ4IYMKolEh+gw5WjWvRyH3e
xerEIXciH9oTwcoiwzHiRyipbxOhpCBMHMLDoAMGvk7Gw3e8QxoIGGLvoT2KaOpJ
s4LssYzUm7j6boEnKp4zZqK26/IzErpDbEm2/EvFVatUJfOrhO12OWWkLD4gUVI=
-----END CERTIFICATE-----