Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/319c7b-28c6-49a3-ac1b-fae0e5d2eebf/1/AzZvN-66OvxxCMvfmzQ5C-Ks1bM.roa
File:                     AzZvN-66OvxxCMvfmzQ5C-Ks1bM.roa (raw, json)
Hash identifier:          0JCuChvgmh+9vtfEAPQtSV4P8TLnn1cYQDpiBkCRzUI=
Subject key identifier:   03:36:6F:37:EE:BA:3A:FC:71:08:CB:DF:9B:34:39:0B:E2:AC:D5:B3
Certificate issuer:       /CN=e777bc8e3ec250ce85fb90913c2c49051043ebc5
Certificate serial:       018CC8018261F65A8FE560FF29688A7D9086
Authority key identifier: E7:77:BC:8E:3E:C2:50:CE:85:FB:90:91:3C:2C:49:05:10:43:EB:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/53e8jj7CUM6F-5CRPCxJBRBD68U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/319c7b-28c6-49a3-ac1b-fae0e5d2eebf/1/AzZvN-66OvxxCMvfmzQ5C-Ks1bM.roa
Signing time:             Tue 02 Jan 2024 02:29:51 +0000
ROA not before:           Tue 02 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204541
IP address blocks:        185.239.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/319c7b-28c6-49a3-ac1b-fae0e5d2eebf/1/53e8jj7CUM6F-5CRPCxJBRBD68U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/319c7b-28c6-49a3-ac1b-fae0e5d2eebf/1/53e8jj7CUM6F-5CRPCxJBRBD68U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/53e8jj7CUM6F-5CRPCxJBRBD68U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 22:02:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:82:61:f6:5a:8f:e5:60:ff:29:68:8a:7d:90:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e777bc8e3ec250ce85fb90913c2c49051043ebc5
        Validity
            Not Before: Jan  2 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03366f37eeba3afc7108cbdf9b34390be2acd5b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:36:83:b2:e2:25:8f:89:ea:f3:57:24:e9:de:
                    6d:c8:a8:d8:87:a4:ac:16:f4:56:00:4c:eb:7f:5a:
                    45:c1:95:bf:d8:bc:90:c5:40:f4:f5:cf:da:04:80:
                    85:90:46:96:f8:28:f4:98:3a:30:82:ea:0c:d9:bf:
                    10:08:9e:32:c0:42:11:54:13:f2:03:55:12:c0:6f:
                    14:04:f6:99:8f:95:97:ed:8d:4b:33:fd:20:04:26:
                    da:00:7e:73:6b:22:e7:e4:12:36:77:10:a4:f3:32:
                    4d:c2:4c:56:98:3c:ae:94:f7:a7:10:00:ad:f1:c6:
                    1e:76:91:f5:0b:fc:92:1a:72:01:39:73:2c:b8:d2:
                    4f:81:a1:17:d0:ec:6b:6c:49:7a:79:fb:70:bd:85:
                    30:92:9b:f0:69:58:b4:c4:75:dd:56:00:99:76:8a:
                    37:07:fe:13:0a:88:fc:85:1b:5a:75:83:c9:3d:70:
                    2e:99:be:79:4f:0b:dd:c8:f0:36:45:7b:86:96:92:
                    94:69:bb:f3:13:a2:30:51:5a:10:98:43:4c:ff:a9:
                    4f:8f:7b:1f:bf:a6:ea:12:35:f8:f1:b6:76:05:7a:
                    21:80:e2:38:97:3d:66:e9:71:38:26:5d:5b:36:67:
                    da:ee:ab:7c:5b:35:70:29:5f:4c:2a:9f:24:c7:c4:
                    25:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:36:6F:37:EE:BA:3A:FC:71:08:CB:DF:9B:34:39:0B:E2:AC:D5:B3
            X509v3 Authority Key Identifier:
                keyid:E7:77:BC:8E:3E:C2:50:CE:85:FB:90:91:3C:2C:49:05:10:43:EB:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/53e8jj7CUM6F-5CRPCxJBRBD68U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/319c7b-28c6-49a3-ac1b-fae0e5d2eebf/1/AzZvN-66OvxxCMvfmzQ5C-Ks1bM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/319c7b-28c6-49a3-ac1b-fae0e5d2eebf/1/53e8jj7CUM6F-5CRPCxJBRBD68U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:6c:58:f8:bd:24:d9:87:87:49:3a:20:e8:d3:4b:af:34:20:
         21:4a:97:a9:d2:ed:53:da:57:27:68:20:28:67:ac:8f:05:75:
         ac:56:3b:90:26:12:d1:e3:40:f5:eb:e0:ea:34:fd:f7:12:3c:
         cb:c2:b2:51:d6:10:11:84:94:5c:ad:4e:04:17:4f:ec:87:14:
         d6:26:95:eb:08:19:13:68:03:f2:6c:b2:12:60:52:d8:c7:e0:
         47:0e:fa:b4:7b:66:ef:b5:f7:4d:de:dc:94:bf:a9:12:28:21:
         31:89:a8:01:d7:b3:bd:70:34:fc:66:cb:b0:c5:19:ad:be:8c:
         8a:6a:ba:d9:d7:1d:f5:cf:4d:bd:3f:be:c4:93:d2:8c:06:ab:
         04:0f:6a:34:3c:59:89:16:45:3d:4b:bc:9e:31:71:3a:ac:2b:
         68:00:91:20:b1:f7:9a:a0:cf:a9:1d:f3:9f:2b:3c:64:b5:60:
         dd:73:3a:c7:d3:1f:65:24:04:49:87:3d:8f:c6:d1:af:95:b4:
         41:66:3a:d4:fc:a5:af:17:d2:b2:73:42:ae:bf:11:2f:a1:28:
         ac:d3:8f:ec:91:ee:e0:e1:d4:46:2b:3f:83:13:ec:d1:3a:50:
         a0:e8:cc:ae:ce:a3:b4:7c:5d:d2:c1:76:81:4b:2f:ef:9a:5e:
         4f:b2:82:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAYJh9lqP5WD/KWiKfZCGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NzdiYzhlM2VjMjUwY2U4NWZiOTA5MTNjMmM0OTA1MTA0
M2ViYzUwHhcNMjQwMTAyMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzM2NmYzN2VlYmEzYWZjNzEwOGNiZGY5YjM0MzkwYmUyYWNkNWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozaDsuIlj4nq81ck6d5tyKjYh6Ss
FvRWAEzrf1pFwZW/2LyQxUD09c/aBICFkEaW+Cj0mDowguoM2b8QCJ4ywEIRVBPy
A1USwG8UBPaZj5WX7Y1LM/0gBCbaAH5zayLn5BI2dxCk8zJNwkxWmDyulPenEACt
8cYedpH1C/ySGnIBOXMsuNJPgaEX0OxrbEl6eftwvYUwkpvwaVi0xHXdVgCZdoo3
B/4TCoj8hRtadYPJPXAumb55TwvdyPA2RXuGlpKUabvzE6IwUVoQmENM/6lPj3sf
v6bqEjX48bZ2BXohgOI4lz1m6XE4Jl1bNmfa7qt8WzVwKV9MKp8kx8Ql+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAM2bzfuujr8cQjL35s0OQvirNWzMB8GA1UdIwQY
MBaAFOd3vI4+wlDOhfuQkTwsSQUQQ+vFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTNlOGpqN0NVTTZGLTVDUlBDeEpCUkJENjhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8zMTljN2ItMjhjNi00OWEzLWFjMWIt
ZmFlMGU1ZDJlZWJmLzEvQXpadk4tNjZPdnh4Q012Zm16UTVDLUtzMWJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8zMTljN2ItMjhjNi00OWEzLWFjMWItZmFlMGU1ZDJlZWJm
LzEvNTNlOGpqN0NVTTZGLTVDUlBDeEpCUkJENjhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue+5MA0G
CSqGSIb3DQEBCwUAA4IBAQA3bFj4vSTZh4dJOiDo00uvNCAhSpep0u1T2lcnaCAo
Z6yPBXWsVjuQJhLR40D16+DqNP33EjzLwrJR1hARhJRcrU4EF0/shxTWJpXrCBkT
aAPybLISYFLYx+BHDvq0e2bvtfdN3tyUv6kSKCExiagB17O9cDT8ZsuwxRmtvoyK
arrZ1x31z029P77Ek9KMBqsED2o0PFmJFkU9S7yeMXE6rCtoAJEgsfeaoM+pHfOf
KzxktWDdczrH0x9lJARJhz2PxtGvlbRBZjrU/KWvF9Kyc0KuvxEvoSis04/ske7g
4dRGKz+DE+zROlCg6MyuzqO0fF3SwXaBSy/vml5PsoIX
-----END CERTIFICATE-----