Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/zrD2bHxMbNqX9h1vgZ78C7pq7w0.roa
File:                     zrD2bHxMbNqX9h1vgZ78C7pq7w0.roa (raw, json)
Hash identifier:          idRqYHF5sdoRm+Ej+1aBGEG3u+00jq3PN3DsN0cTo8Q=
Subject key identifier:   CE:B0:F6:6C:7C:4C:6C:DA:97:F6:1D:6F:81:9E:FC:0B:BA:6A:EF:0D
Certificate issuer:       /CN=c4ff23b1c371352f39b73d39a4e07f8ca98ccd67
Certificate serial:       018CC6B92548D3D09B36FFD7E5F3DAAEAF6F
Authority key identifier: C4:FF:23:B1:C3:71:35:2F:39:B7:3D:39:A4:E0:7F:8C:A9:8C:CD:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xP8jscNxNS85tz05pOB_jKmMzWc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/zrD2bHxMbNqX9h1vgZ78C7pq7w0.roa
Signing time:             Mon 01 Jan 2024 20:31:11 +0000
ROA not before:           Mon 01 Jan 2024 20:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196775
IP address blocks:        193.169.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/xP8jscNxNS85tz05pOB_jKmMzWc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/xP8jscNxNS85tz05pOB_jKmMzWc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xP8jscNxNS85tz05pOB_jKmMzWc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:25:48:d3:d0:9b:36:ff:d7:e5:f3:da:ae:af:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ff23b1c371352f39b73d39a4e07f8ca98ccd67
        Validity
            Not Before: Jan  1 20:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ceb0f66c7c4c6cda97f61d6f819efc0bba6aef0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:49:09:b8:04:17:ad:d1:86:c5:21:42:73:7e:
                    5a:21:ce:fa:05:5e:38:f3:a6:cc:f7:9f:fd:bb:48:
                    a5:16:d7:20:38:f0:f1:98:ac:71:7a:8b:19:f4:e6:
                    64:fb:44:72:65:be:10:a0:32:ab:15:01:c9:6d:b3:
                    c5:dc:dd:ef:7f:75:b9:32:29:ed:ae:ca:ef:be:c3:
                    d2:82:84:ae:3e:38:18:14:ae:12:a8:d1:7e:36:a6:
                    f5:c8:52:17:8a:7a:4b:30:c0:07:d5:17:81:19:55:
                    07:19:94:9b:21:bc:15:7a:c7:08:8f:94:52:8b:45:
                    bd:09:a5:31:5b:80:cf:e3:97:6d:ca:0f:97:7d:8d:
                    39:61:99:58:d6:3f:73:c3:8f:69:06:58:09:cb:74:
                    1f:33:7b:d4:e9:12:61:77:d5:d5:c1:3e:e8:a8:d7:
                    04:b9:09:9e:39:c7:e6:45:8f:0a:dd:0c:68:4d:95:
                    0d:d0:6b:01:da:2f:11:cb:dd:ea:e2:6b:2a:f1:57:
                    9c:87:79:d6:90:8f:f3:1f:c6:2c:fc:b7:e1:17:76:
                    1a:e5:f9:00:95:90:e8:3d:85:cd:1a:f9:22:bf:8f:
                    d1:dc:6c:b8:6e:a5:02:47:95:d4:e5:49:80:1a:10:
                    e1:cf:e0:e4:e9:44:09:a2:da:8c:5a:32:b5:20:f8:
                    5b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:B0:F6:6C:7C:4C:6C:DA:97:F6:1D:6F:81:9E:FC:0B:BA:6A:EF:0D
            X509v3 Authority Key Identifier:
                keyid:C4:FF:23:B1:C3:71:35:2F:39:B7:3D:39:A4:E0:7F:8C:A9:8C:CD:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xP8jscNxNS85tz05pOB_jKmMzWc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/zrD2bHxMbNqX9h1vgZ78C7pq7w0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/xP8jscNxNS85tz05pOB_jKmMzWc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:9d:ad:56:28:2e:8d:4e:29:27:37:26:e5:20:95:06:51:57:
         44:b6:a0:09:a0:cd:ef:fb:1d:c7:56:2e:92:43:f8:ab:1e:1b:
         a6:68:68:6f:03:31:4c:5d:12:38:97:69:0a:c3:30:f5:ba:76:
         0d:7e:78:54:45:8b:80:0b:db:31:0b:6a:bd:a1:42:71:00:e9:
         54:1c:7d:4f:32:8f:da:00:ba:4b:70:46:4f:0a:35:41:96:f3:
         9f:c1:ee:30:aa:2c:b3:5f:2e:a5:42:20:53:48:f3:20:bf:30:
         02:ad:24:d4:a9:3c:ab:e3:5d:10:10:40:a3:ee:31:9f:7c:01:
         76:23:b1:fe:a6:e2:f3:72:3d:d0:e3:22:dc:1b:08:08:c9:0c:
         5e:23:5b:be:f2:cd:ea:f8:b5:93:5e:5b:de:7d:67:f6:bd:f9:
         11:3e:a1:18:a6:6e:f0:07:ca:ee:14:40:5e:b5:26:96:96:37:
         08:d9:fe:00:d4:89:46:ce:79:90:1f:3d:17:7c:44:b8:69:75:
         78:45:0d:bd:e6:2d:d1:ca:71:05:f9:96:f4:77:a3:43:da:8c:
         4f:de:f0:c0:6c:82:b3:f1:d6:64:01:3f:a1:2c:b1:44:e9:af:
         ee:b4:93:a2:1d:e3:6d:c7:79:5d:21:ce:31:4c:0e:e2:74:d3:
         a7:c6:fd:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSVI09CbNv/X5fParq9vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZmYyM2IxYzM3MTM1MmYzOWI3M2QzOWE0ZTA3ZjhjYTk4
Y2NkNjcwHhcNMjQwMTAxMjAzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWIwZjY2YzdjNGM2Y2RhOTdmNjFkNmY4MTllZmMwYmJhNmFlZjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkkJuAQXrdGGxSFCc35aIc76BV44
86bM95/9u0ilFtcgOPDxmKxxeosZ9OZk+0RyZb4QoDKrFQHJbbPF3N3vf3W5Mint
rsrvvsPSgoSuPjgYFK4SqNF+Nqb1yFIXinpLMMAH1ReBGVUHGZSbIbwVescIj5RS
i0W9CaUxW4DP45dtyg+XfY05YZlY1j9zw49pBlgJy3QfM3vU6RJhd9XVwT7oqNcE
uQmeOcfmRY8K3QxoTZUN0GsB2i8Ry93q4msq8Vech3nWkI/zH8Ys/LfhF3Ya5fkA
lZDoPYXNGvkiv4/R3Gy4bqUCR5XU5UmAGhDhz+Dk6UQJotqMWjK1IPhbwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM6w9mx8TGzal/Ydb4Ge/Au6au8NMB8GA1UdIwQY
MBaAFMT/I7HDcTUvObc9OaTgf4ypjM1nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFA4anNjTnhOUzg1dHowNXBPQl9qS21NeldjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9jNjVhYWItOGE1Mi00NzZmLTllMzIt
MTA5NTlhYWE4YjNlLzEvenJEMmJIeE1iTnFYOWgxdmdaNzhDN3BxN3cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9jNjVhYWItOGE1Mi00NzZmLTllMzItMTA5NTlhYWE4YjNl
LzEveFA4anNjTnhOUzg1dHowNXBPQl9qS21NeldjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwakeMA0G
CSqGSIb3DQEBCwUAA4IBAQBmna1WKC6NTiknNyblIJUGUVdEtqAJoM3v+x3HVi6S
Q/irHhumaGhvAzFMXRI4l2kKwzD1unYNfnhURYuAC9sxC2q9oUJxAOlUHH1PMo/a
ALpLcEZPCjVBlvOfwe4wqiyzXy6lQiBTSPMgvzACrSTUqTyr410QEECj7jGffAF2
I7H+puLzcj3Q4yLcGwgIyQxeI1u+8s3q+LWTXlvefWf2vfkRPqEYpm7wB8ruFEBe
tSaWljcI2f4A1IlGznmQHz0XfES4aXV4RQ295i3RynEF+Zb0d6ND2oxP3vDAbIKz
8dZkAT+hLLFE6a/utJOiHeNtx3ldIc4xTA7idNOnxv1Q
-----END CERTIFICATE-----