Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/f2da78-2d98-4081-9d67-43bf655f3365/1/zQbng0C92EiiK6VfScCiY0yEQT4.roa
File:                     zQbng0C92EiiK6VfScCiY0yEQT4.roa (raw, json)
Hash identifier:          7SJSSgSsDsQMU0aWa6FaRAMQyzaDM8VaNcSiQvsImxA=
Subject key identifier:   CD:06:E7:83:40:BD:D8:48:A2:2B:A5:5F:49:C0:A2:63:4C:84:41:3E
Certificate issuer:       /CN=21077355df11cdbf992f90d67eaab9109ab8ebf3
Certificate serial:       018CC56DF8EA625E19DF6CC2376B85391AE5
Authority key identifier: 21:07:73:55:DF:11:CD:BF:99:2F:90:D6:7E:AA:B9:10:9A:B8:EB:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQdzVd8Rzb-ZL5DWfqq5EJq46_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/f2da78-2d98-4081-9d67-43bf655f3365/1/zQbng0C92EiiK6VfScCiY0yEQT4.roa
Signing time:             Mon 01 Jan 2024 14:29:27 +0000
ROA not before:           Mon 01 Jan 2024 14:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60205
IP address blocks:        185.25.47.254/31 maxlen: 31
                          185.25.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/f2da78-2d98-4081-9d67-43bf655f3365/1/IQdzVd8Rzb-ZL5DWfqq5EJq46_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/f2da78-2d98-4081-9d67-43bf655f3365/1/IQdzVd8Rzb-ZL5DWfqq5EJq46_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQdzVd8Rzb-ZL5DWfqq5EJq46_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 23:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f8:ea:62:5e:19:df:6c:c2:37:6b:85:39:1a:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21077355df11cdbf992f90d67eaab9109ab8ebf3
        Validity
            Not Before: Jan  1 14:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd06e78340bdd848a22ba55f49c0a2634c84413e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:e0:7b:37:22:2f:b5:01:5b:2f:72:6a:2c:24:
                    47:05:f3:cd:ea:24:e6:2f:b7:42:39:60:07:6c:85:
                    21:64:2a:a4:0f:64:40:94:fc:89:f5:c4:3d:78:c0:
                    76:af:74:3d:f8:a5:31:19:be:95:78:77:f5:7a:fd:
                    55:46:40:44:d4:9d:78:b5:30:2a:61:06:e7:67:d0:
                    f3:52:24:f4:24:37:06:8e:0d:1e:e6:ed:d1:29:32:
                    f7:03:af:53:11:67:f1:33:42:71:44:b6:67:0f:df:
                    a0:af:15:5b:75:2e:6c:d9:3e:3d:04:9b:cf:86:2c:
                    8e:fe:3d:cb:b2:c0:6f:14:59:0b:aa:99:0e:a1:85:
                    94:af:9c:a9:73:23:85:ad:77:fb:fd:e8:73:2f:9e:
                    d3:07:92:ff:ab:46:f5:53:9b:ad:7f:f5:1e:14:90:
                    3a:34:00:c0:dd:e6:44:02:80:18:6a:f1:b6:92:cf:
                    ce:83:3c:e6:08:b0:49:90:78:9b:7d:c0:68:c1:cb:
                    73:bc:de:40:c8:d1:f8:dd:5b:25:bf:fb:27:b7:25:
                    f3:7e:a7:a7:2a:70:46:75:a2:2e:88:78:3d:c7:fd:
                    9a:97:e3:3d:d7:ab:af:d1:3e:ed:46:b2:92:a8:40:
                    7b:d5:99:d1:f9:39:73:75:b6:96:c6:14:6b:55:7c:
                    62:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:06:E7:83:40:BD:D8:48:A2:2B:A5:5F:49:C0:A2:63:4C:84:41:3E
            X509v3 Authority Key Identifier:
                keyid:21:07:73:55:DF:11:CD:BF:99:2F:90:D6:7E:AA:B9:10:9A:B8:EB:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQdzVd8Rzb-ZL5DWfqq5EJq46_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/f2da78-2d98-4081-9d67-43bf655f3365/1/zQbng0C92EiiK6VfScCiY0yEQT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/f2da78-2d98-4081-9d67-43bf655f3365/1/IQdzVd8Rzb-ZL5DWfqq5EJq46_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:e7:10:c4:f6:10:c7:7c:28:86:e0:94:78:90:2d:55:2a:21:
         b6:5c:e5:70:e4:1e:f5:dd:77:9f:cc:fa:8d:02:53:c1:53:9f:
         0d:bf:2f:6b:6e:6c:f2:6c:64:d6:3a:12:63:d5:f7:0b:85:8a:
         9a:56:85:5a:39:57:2b:f0:4a:68:38:3a:6a:56:c0:37:0e:b7:
         6a:3f:fa:6e:f9:18:52:8d:6c:cb:d6:b3:6f:e7:62:7a:01:27:
         a9:98:79:00:c1:71:fe:e9:3d:17:3d:4d:61:2a:e6:73:72:e7:
         71:86:5c:e7:ee:88:29:c0:f3:19:fa:74:b2:5c:ae:8c:7c:56:
         a1:f5:00:51:ee:b1:61:b8:86:7f:77:08:b1:26:a3:7b:3c:40:
         d2:48:ee:74:3c:d5:e7:43:d8:93:8b:20:39:22:2b:4d:c1:5d:
         ae:62:aa:38:cb:bc:4c:9b:a1:d7:aa:9a:ba:e8:d8:a8:66:1b:
         36:4b:4c:6f:a6:dd:e2:1d:aa:8f:44:c4:6c:b6:f2:66:57:1b:
         86:78:c9:3b:bf:b1:cd:d1:c5:db:7b:88:6c:b9:12:ab:b4:c4:
         69:e6:6b:b9:0f:f6:cc:54:72:09:65:1d:ab:04:b2:3d:12:87:
         2a:a9:f5:50:b2:b4:38:ce:89:ed:43:68:c5:65:8b:d7:96:c5:
         86:c5:8a:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbfjqYl4Z32zCN2uFORrlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDc3MzU1ZGYxMWNkYmY5OTJmOTBkNjdlYWFiOTEwOWFi
OGViZjMwHhcNMjQwMTAxMTQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDA2ZTc4MzQwYmRkODQ4YTIyYmE1NWY0OWMwYTI2MzRjODQ0MTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+B7NyIvtQFbL3JqLCRHBfPN6iTm
L7dCOWAHbIUhZCqkD2RAlPyJ9cQ9eMB2r3Q9+KUxGb6VeHf1ev1VRkBE1J14tTAq
YQbnZ9DzUiT0JDcGjg0e5u3RKTL3A69TEWfxM0JxRLZnD9+grxVbdS5s2T49BJvP
hiyO/j3LssBvFFkLqpkOoYWUr5ypcyOFrXf7/ehzL57TB5L/q0b1U5utf/UeFJA6
NADA3eZEAoAYavG2ks/OgzzmCLBJkHibfcBowctzvN5AyNH43Vslv/sntyXzfqen
KnBGdaIuiHg9x/2al+M916uv0T7tRrKSqEB71ZnR+TlzdbaWxhRrVXxiEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM0G54NAvdhIoiulX0nAomNMhEE+MB8GA1UdIwQY
MBaAFCEHc1XfEc2/mS+Q1n6quRCauOvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFkelZkOFJ6Yi1aTDVEV2ZxcTVFSnE0Nl9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9mMmRhNzgtMmQ5OC00MDgxLTlkNjct
NDNiZjY1NWYzMzY1LzEvelFibmcwQzkyRWlpSzZWZlNjQ2lZMHlFUVQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9mMmRhNzgtMmQ5OC00MDgxLTlkNjctNDNiZjY1NWYzMzY1
LzEvSVFkelZkOFJ6Yi1aTDVEV2ZxcTVFSnE0Nl9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRkvMA0G
CSqGSIb3DQEBCwUAA4IBAQAA5xDE9hDHfCiG4JR4kC1VKiG2XOVw5B713XefzPqN
AlPBU58Nvy9rbmzybGTWOhJj1fcLhYqaVoVaOVcr8EpoODpqVsA3DrdqP/pu+RhS
jWzL1rNv52J6ASepmHkAwXH+6T0XPU1hKuZzcudxhlzn7ogpwPMZ+nSyXK6MfFah
9QBR7rFhuIZ/dwixJqN7PEDSSO50PNXnQ9iTiyA5IitNwV2uYqo4y7xMm6HXqpq6
6NioZhs2S0xvpt3iHaqPRMRstvJmVxuGeMk7v7HN0cXbe4hsuRKrtMRp5mu5D/bM
VHIJZR2rBLI9EocqqfVQsrQ4zontQ2jFZYvXlsWGxYqy
-----END CERTIFICATE-----