Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/mZ6dw2-RWGiPJmI1cofllQ7czLE.roa
File:                     mZ6dw2-RWGiPJmI1cofllQ7czLE.roa (raw, json)
Hash identifier:          wLTfakveqy4UzrNDZuvxH1KuNXzMRVjKwd94EzC3Rdg=
Subject key identifier:   99:9E:9D:C3:6F:91:58:68:8F:26:62:35:72:87:E5:95:0E:DC:CC:B1
Certificate issuer:       /CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
Certificate serial:       018D2D4F0D3E61D5A6A07F58511C8E9EC2C9
Authority key identifier: CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/mZ6dw2-RWGiPJmI1cofllQ7czLE.roa
Signing time:             Sun 21 Jan 2024 18:36:11 +0000
ROA not before:           Sun 21 Jan 2024 18:36:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6505
IP address blocks:        57.74.0.0/16 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:2d:4f:0d:3e:61:d5:a6:a0:7f:58:51:1c:8e:9e:c2:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
        Validity
            Not Before: Jan 21 18:36:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=999e9dc36f9158688f2662357287e5950edcccb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:70:57:35:97:8c:54:03:9b:e3:56:42:0e:ea:
                    b7:0a:6d:b1:0d:d1:20:cb:34:c6:b2:0e:dc:80:52:
                    bf:ee:c8:49:98:d8:9e:4b:a4:9f:b6:af:3b:02:8f:
                    c4:a8:e8:d1:40:80:93:f6:8e:77:f9:5f:32:b2:5a:
                    1e:93:6d:75:a1:56:8b:98:7f:1c:59:75:02:04:73:
                    bf:7a:6e:b8:2d:dd:4a:db:58:78:35:75:a3:b4:ff:
                    5d:64:d3:fd:03:2e:7f:b2:3c:32:52:a5:59:64:e7:
                    2d:9d:e2:ff:4c:1d:7c:f8:d7:54:ea:2d:28:8c:56:
                    75:40:7f:c6:1e:b1:4a:e9:4b:ea:8d:f5:55:a0:ea:
                    dd:a0:58:89:58:94:45:08:a2:ab:ce:ef:fe:db:f0:
                    7b:92:c3:96:c6:f7:04:a7:91:4d:4e:84:cc:85:3c:
                    a9:25:b7:66:ef:37:2f:2c:11:12:48:c1:ad:00:f3:
                    f1:ec:5e:d4:6d:d3:8f:b8:6a:06:c1:c8:77:ad:5b:
                    00:32:c2:1b:a4:38:72:cd:04:93:23:1d:79:bd:ae:
                    fc:d7:3a:b2:40:97:0a:d3:d0:c9:c4:0e:98:01:53:
                    01:26:6c:49:1d:b8:09:c4:fd:66:46:75:07:46:b9:
                    42:48:13:63:77:bd:30:0d:34:6e:50:96:32:dd:0d:
                    60:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:9E:9D:C3:6F:91:58:68:8F:26:62:35:72:87:E5:95:0E:DC:CC:B1
            X509v3 Authority Key Identifier:
                keyid:CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/mZ6dw2-RWGiPJmI1cofllQ7czLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.74.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a9:54:f7:75:d4:f2:d4:be:5d:33:b4:41:46:b5:5a:0a:12:50:
         7a:c7:90:ef:4c:35:59:6c:1c:2b:11:58:de:a7:d1:53:08:62:
         3a:18:67:52:80:68:05:94:a0:a8:d4:20:43:b7:fe:ad:d1:4f:
         92:1d:ef:5b:e2:c5:86:81:4a:39:9e:3a:86:da:c0:49:31:fb:
         c2:39:62:dc:c8:ff:e3:6c:dd:4f:0e:f3:71:e8:8f:5f:3c:89:
         df:ac:07:5e:6d:86:f4:f4:10:22:51:b5:ef:d1:98:fa:6d:fe:
         73:6a:98:81:34:69:7c:6a:be:6e:a5:99:cb:b3:84:3c:25:2d:
         02:c6:63:8c:91:c1:df:60:9e:2a:6d:f3:42:ac:e4:95:ff:84:
         15:7f:75:9e:83:c3:27:b1:ca:b5:c0:64:79:06:dc:43:91:e9:
         5d:f0:31:4a:3f:47:b4:fd:3a:30:76:98:49:f6:c9:6d:95:42:
         28:1d:3d:7c:9b:30:40:fc:f6:9a:71:f9:81:3a:17:80:77:3f:
         f3:f2:11:d8:ae:d8:f8:0b:07:d3:27:70:f5:7d:a9:9d:08:ca:
         c3:84:2a:3a:15:50:a6:ca:3a:a6:22:dc:c0:b0:15:c3:67:cf:
         31:7d:f3:4c:f2:86:14:9e:4d:b1:26:67:b4:71:15:23:93:01:
         a7:a8:63:f9
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAY0tTw0+YdWmoH9YURyOnsLJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYjgzY2ZlNTQ4OTgzNWYyOTRkMGFmNGRkNGRiNmUzZGMy
NWYxZjMwHhcNMjQwMTIxMTgzNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTllOWRjMzZmOTE1ODY4OGYyNjYyMzU3Mjg3ZTU5NTBlZGNjY2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13BXNZeMVAOb41ZCDuq3Cm2xDdEg
yzTGsg7cgFK/7shJmNieS6Sftq87Ao/EqOjRQICT9o53+V8ysloek211oVaLmH8c
WXUCBHO/em64Ld1K21h4NXWjtP9dZNP9Ay5/sjwyUqVZZOctneL/TB18+NdU6i0o
jFZ1QH/GHrFK6UvqjfVVoOrdoFiJWJRFCKKrzu/+2/B7ksOWxvcEp5FNToTMhTyp
Jbdm7zcvLBESSMGtAPPx7F7UbdOPuGoGwch3rVsAMsIbpDhyzQSTIx15va781zqy
QJcK09DJxA6YAVMBJmxJHbgJxP1mRnUHRrlCSBNjd70wDTRuUJYy3Q1gsQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFJmencNvkVhojyZiNXKH5ZUO3MyxMB8GA1UdIwQY
MBaAFM24PP5UiYNfKU0K9N1NtuPcJfHzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEt
YTNiNzRmOTY0MWFjLzEvbVo2ZHcyLVJXR2lQSm1JMWNvZmxsUTdjekxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEtYTNiNzRmOTY0MWFj
LzEvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAOUowDQYJ
KoZIhvcNAQELBQADggEBAKlU93XU8tS+XTO0QUa1WgoSUHrHkO9MNVlsHCsRWN6n
0VMIYjoYZ1KAaAWUoKjUIEO3/q3RT5Id71vixYaBSjmeOobawEkx+8I5YtzI/+Ns
3U8O83Hoj188id+sB15thvT0ECJRte/RmPpt/nNqmIE0aXxqvm6lmcuzhDwlLQLG
Y4yRwd9gnipt80Ks5JX/hBV/dZ6DwyexyrXAZHkG3EOR6V3wMUo/R7T9OjB2mEn2
yW2VQigdPXybMED89ppx+YE6F4B3P/PyEdiu2PgLB9MncPV9qZ0IysOEKjoVUKbK
OqYi3MCwFcNnzzF980zyhhSeTbEmZ7RxFSOTAaeoY/k=
-----END CERTIFICATE-----