Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/z0Ko0qIMATu-HmtjRkS2cybANpM.roa
File:                     z0Ko0qIMATu-HmtjRkS2cybANpM.roa (raw, json)
Hash identifier:          p87jVhDdV2HsUsjZanVGXpLPeY2la/CnwKVXeF4XECg=
Subject key identifier:   CF:42:A8:D2:A2:0C:01:3B:BE:1E:6B:63:46:44:B6:73:26:C0:36:93
Certificate issuer:       /CN=9d5de490ff874e9689cecf726cbb4e2f51f6c731
Certificate serial:       018CC6B8FF5C0680DFB83DFFCE447B06BA6B
Authority key identifier: 9D:5D:E4:90:FF:87:4E:96:89:CE:CF:72:6C:BB:4E:2F:51:F6:C7:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/z0Ko0qIMATu-HmtjRkS2cybANpM.roa
Signing time:             Mon 01 Jan 2024 20:31:01 +0000
ROA not before:           Mon 01 Jan 2024 20:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47696
IP address blocks:        194.8.96.0/19 maxlen: 25
                          194.145.64.0/19 maxlen: 25
                          2a01:8180::/36 maxlen: 42

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:ff:5c:06:80:df:b8:3d:ff:ce:44:7b:06:ba:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d5de490ff874e9689cecf726cbb4e2f51f6c731
        Validity
            Not Before: Jan  1 20:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf42a8d2a20c013bbe1e6b634644b67326c03693
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:a1:90:2f:83:a2:af:a7:1c:0b:0f:de:26:1d:
                    35:82:a9:38:e2:8a:ec:26:a2:53:6a:8b:f9:4e:c2:
                    7d:37:4b:6d:89:62:1b:5a:d7:af:0d:52:06:54:95:
                    c6:d7:b5:0d:8a:68:d1:ab:e3:2a:87:2a:a0:e3:7b:
                    e2:51:cd:7c:7f:08:c7:ec:45:2c:9f:46:3b:6d:a1:
                    7e:7b:1a:fe:bf:23:83:20:d1:dc:8c:f5:ff:07:fc:
                    d0:57:9a:bb:34:50:c1:0c:40:58:6c:d8:12:b7:08:
                    85:8d:71:89:c6:a4:2b:04:5d:b4:cd:42:94:3a:8a:
                    32:26:29:ff:b9:e6:b1:d5:6e:89:fd:05:99:6d:cc:
                    0f:72:09:ef:33:72:a6:42:72:01:44:91:84:b9:c4:
                    ed:57:dc:f2:a4:75:bb:15:1e:10:87:f5:d5:07:a6:
                    c2:c0:00:cc:28:31:0c:b3:a5:11:9a:1e:79:a4:75:
                    a1:3f:86:6c:b3:cb:6d:de:57:2a:5c:8b:a9:a3:c4:
                    c6:6f:a9:7a:ff:38:dc:a4:f5:22:c5:fc:d9:91:d1:
                    a0:03:b7:85:6e:1f:42:ff:11:0e:aa:71:38:ca:bf:
                    b9:4f:39:82:d4:9d:c8:c8:64:99:b7:db:f9:4f:0d:
                    dd:f8:e2:14:ed:78:c3:57:1f:c2:ec:ab:97:74:df:
                    f1:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:42:A8:D2:A2:0C:01:3B:BE:1E:6B:63:46:44:B6:73:26:C0:36:93
            X509v3 Authority Key Identifier:
                keyid:9D:5D:E4:90:FF:87:4E:96:89:CE:CF:72:6C:BB:4E:2F:51:F6:C7:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/z0Ko0qIMATu-HmtjRkS2cybANpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.8.96.0/19
                  194.145.64.0/19
                IPv6:
                  2a01:8180::/36

    Signature Algorithm: sha256WithRSAEncryption
         5d:97:42:8c:e9:cc:6b:16:ab:4a:4f:0d:4e:13:58:2b:6d:e7:
         9c:6a:b4:4e:89:e5:88:d3:c0:f3:36:5a:6a:ed:9b:f6:0c:33:
         bf:a1:67:61:99:58:a0:01:2d:dd:51:11:21:db:6f:57:fc:9a:
         70:13:3c:0b:0a:c6:2e:57:3f:6f:88:3e:bc:a1:de:ab:30:3c:
         3a:69:67:a5:42:8c:72:84:08:74:65:c6:7e:30:40:00:87:44:
         63:04:a3:7f:42:8d:a9:6b:f5:f8:e8:13:58:7c:cf:67:3b:5d:
         13:86:be:bf:bd:48:d5:82:9f:f7:01:49:d0:d2:89:9c:90:49:
         0f:68:b8:32:41:d4:83:e0:a9:19:92:94:76:a8:3d:bf:18:28:
         07:d2:74:d8:e3:51:8e:b5:c5:d7:e3:e9:bd:98:4f:e9:ff:1a:
         64:cf:c9:48:1c:bb:3b:25:08:d9:4b:df:f4:19:98:60:68:3d:
         cc:3f:99:81:17:b8:b4:13:ef:42:bf:ad:58:dc:5c:e8:fc:fa:
         7c:4f:90:ae:9d:ec:0e:6b:b2:4e:63:1a:f8:a7:45:e1:9f:07:
         f6:12:56:92:f2:98:e6:c6:a5:c1:a3:db:8e:94:f8:b4:d0:7a:
         2f:42:ff:4b:a3:ee:11:92:f1:7c:99:a4:71:b4:f0:fb:47:d3:
         91:80:06:2a
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzGuP9cBoDfuD3/zkR7BrprMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNWRlNDkwZmY4NzRlOTY4OWNlY2Y3MjZjYmI0ZTJmNTFm
NmM3MzEwHhcNMjQwMTAxMjAzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjQyYThkMmEyMGMwMTNiYmUxZTZiNjM0NjQ0YjY3MzI2YzAzNjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiaGQL4Oir6ccCw/eJh01gqk44ors
JqJTaov5TsJ9N0ttiWIbWtevDVIGVJXG17UNimjRq+Mqhyqg43viUc18fwjH7EUs
n0Y7baF+exr+vyODINHcjPX/B/zQV5q7NFDBDEBYbNgStwiFjXGJxqQrBF20zUKU
OooyJin/ueax1W6J/QWZbcwPcgnvM3KmQnIBRJGEucTtV9zypHW7FR4Qh/XVB6bC
wADMKDEMs6URmh55pHWhP4Zss8tt3lcqXIupo8TGb6l6/zjcpPUixfzZkdGgA7eF
bh9C/xEOqnE4yr+5TzmC1J3IyGSZt9v5Tw3d+OIU7XjDVx/C7KuXdN/xEQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFM9CqNKiDAE7vh5rY0ZEtnMmwDaTMB8GA1UdIwQY
MBaAFJ1d5JD/h06Wic7Pcmy7Ti9R9scxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblYza2tQLUhUcGFKenM5eWJMdE9MMUgyeHpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC83NDViZGItMTA0Yi00OWM3LTk5ZDUt
Y2VjMzNiYTFiZGY1LzEvejBLbzBxSU1BVHUtSG10alJrUzJjeWJBTnBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC83NDViZGItMTA0Yi00OWM3LTk5ZDUtY2VjMzNiYTFiZGY1
LzEvblYza2tQLUhUcGFKenM5eWJMdE9MMUgyeHpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQFwghgAwQF
wpFAMA4EAgACMAgDBgQqAYGAADANBgkqhkiG9w0BAQsFAAOCAQEAXZdCjOnMaxar
Sk8NThNYK23nnGq0TonliNPA8zZaau2b9gwzv6FnYZlYoAEt3VERIdtvV/yacBM8
CwrGLlc/b4g+vKHeqzA8OmlnpUKMcoQIdGXGfjBAAIdEYwSjf0KNqWv1+OgTWHzP
ZztdE4a+v71I1YKf9wFJ0NKJnJBJD2i4MkHUg+CpGZKUdqg9vxgoB9J02ONRjrXF
1+PpvZhP6f8aZM/JSBy7OyUI2Uvf9BmYYGg9zD+ZgRe4tBPvQr+tWNxc6Pz6fE+Q
rp3sDmuyTmMa+KdF4Z8H9hJWkvKY5salwaPbjpT4tNB6L0L/S6PuEZLxfJmkcbTw
+0fTkYAGKg==
-----END CERTIFICATE-----