Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/1d4b2c-945d-4f39-b233-3e6b7025b65e/1/Z0YBTdG-ACym8dED58qgVY8QuAY.roa
File:                     Z0YBTdG-ACym8dED58qgVY8QuAY.roa (raw, json)
Hash identifier:          Gb032JReU0qd5WJ0Wqo6+R4CmrlqcLcHKbctHx8kuJ0=
Subject key identifier:   67:46:01:4D:D1:BE:00:2C:A6:F1:D1:03:E7:CA:A0:55:8F:10:B8:06
Certificate issuer:       /CN=21e421a6d96e99d63f7cfb499ca7117c82304eaa
Certificate serial:       018CC3B726120FC1CD38BDD5D9826F61A0AB
Authority key identifier: 21:E4:21:A6:D9:6E:99:D6:3F:7C:FB:49:9C:A7:11:7C:82:30:4E:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IeQhptlumdY_fPtJnKcRfIIwTqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/1d4b2c-945d-4f39-b233-3e6b7025b65e/1/Z0YBTdG-ACym8dED58qgVY8QuAY.roa
Signing time:             Mon 01 Jan 2024 06:30:08 +0000
ROA not before:           Mon 01 Jan 2024 06:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210178
IP address blocks:        194.61.140.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/1d4b2c-945d-4f39-b233-3e6b7025b65e/1/IeQhptlumdY_fPtJnKcRfIIwTqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/1d4b2c-945d-4f39-b233-3e6b7025b65e/1/IeQhptlumdY_fPtJnKcRfIIwTqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IeQhptlumdY_fPtJnKcRfIIwTqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:26:12:0f:c1:cd:38:bd:d5:d9:82:6f:61:a0:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21e421a6d96e99d63f7cfb499ca7117c82304eaa
        Validity
            Not Before: Jan  1 06:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6746014dd1be002ca6f1d103e7caa0558f10b806
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:f2:72:61:17:66:42:58:46:91:18:1d:a9:a6:
                    1b:0d:e4:a5:d9:72:79:39:f4:ae:bb:a6:6e:f0:3e:
                    08:fb:a1:f8:29:76:ee:34:06:fe:56:7b:2e:75:12:
                    14:99:92:8e:7b:c8:d6:c5:da:d0:ff:5e:6f:1c:ae:
                    2d:b3:68:22:ff:3d:1a:4a:02:e5:f0:c3:ed:23:78:
                    51:c2:a2:ce:a5:25:26:c9:e6:cb:54:fb:6b:ae:66:
                    cd:83:8f:a1:fa:32:ad:51:aa:7c:65:dc:14:5e:86:
                    5f:13:2e:dd:3e:9e:4f:cc:24:de:d1:f8:6b:64:7e:
                    57:a2:a8:49:cc:69:b9:a0:f7:1d:d7:eb:07:14:a1:
                    b7:35:7a:44:28:0b:8a:4d:73:16:df:cf:3b:ec:8d:
                    4f:c7:0a:07:45:77:6f:45:b0:0a:35:20:87:57:a5:
                    c8:ef:ae:77:20:f6:38:04:7e:49:90:62:03:0c:bc:
                    cb:03:dc:ec:0e:0c:43:59:93:2c:e5:25:c8:2e:d9:
                    cf:58:2f:8f:3d:d6:37:b9:8a:f5:a1:82:2f:41:c7:
                    b7:3f:b8:23:6e:c4:0e:c3:2c:d8:5c:a2:30:e8:1b:
                    61:86:86:40:a1:d6:b2:f6:23:bb:a2:72:58:92:07:
                    9f:67:a5:fb:94:2a:3a:0e:12:3f:d9:e6:f2:84:8e:
                    37:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:46:01:4D:D1:BE:00:2C:A6:F1:D1:03:E7:CA:A0:55:8F:10:B8:06
            X509v3 Authority Key Identifier:
                keyid:21:E4:21:A6:D9:6E:99:D6:3F:7C:FB:49:9C:A7:11:7C:82:30:4E:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IeQhptlumdY_fPtJnKcRfIIwTqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/1d4b2c-945d-4f39-b233-3e6b7025b65e/1/Z0YBTdG-ACym8dED58qgVY8QuAY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/1d4b2c-945d-4f39-b233-3e6b7025b65e/1/IeQhptlumdY_fPtJnKcRfIIwTqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:84:c8:70:d6:d7:78:17:51:d3:34:57:a7:37:17:03:5b:77:
         e2:15:5e:c0:94:14:3f:1e:9d:92:20:d5:0c:2a:cb:e1:42:fd:
         6e:a8:0f:e9:90:04:bf:3d:f3:16:de:1d:5c:13:82:56:ec:f8:
         e3:11:f7:62:eb:1a:7f:e6:0b:6f:23:aa:95:f4:99:cc:4b:f1:
         91:52:4a:4c:78:4f:42:ee:b9:09:7b:7c:34:f6:16:ff:45:16:
         15:68:b7:ef:66:a1:41:4a:17:17:67:4d:ea:c8:61:2f:e0:d0:
         21:30:97:e4:67:d3:d8:32:fa:57:19:d4:49:ce:29:52:31:5a:
         a7:3f:b1:89:d9:83:19:7b:a3:14:9f:b1:d8:ca:c8:09:b1:d5:
         32:3e:75:b9:02:29:0d:70:fc:32:69:1d:bc:45:3a:7f:2a:b3:
         53:08:38:24:ab:1b:4e:91:df:8f:af:34:1a:e0:07:65:e5:09:
         3b:fb:4f:51:eb:87:6f:e7:05:d9:10:9c:51:7d:43:87:d7:68:
         78:80:86:1a:c0:0b:b2:13:bf:de:dc:3e:96:2a:1c:b5:be:50:
         1a:ba:44:57:2c:84:d4:ee:6b:eb:93:68:6f:d0:66:52:60:e2:
         cb:41:b5:bb:13:6c:ed:49:18:10:b4:aa:4a:ad:26:d8:fe:b2:
         88:f2:b2:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyYSD8HNOL3V2YJvYaCrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxZTQyMWE2ZDk2ZTk5ZDYzZjdjZmI0OTljYTcxMTdjODIz
MDRlYWEwHhcNMjQwMTAxMDYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzQ2MDE0ZGQxYmUwMDJjYTZmMWQxMDNlN2NhYTA1NThmMTBiODA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPJyYRdmQlhGkRgdqaYbDeSl2XJ5
OfSuu6Zu8D4I+6H4KXbuNAb+VnsudRIUmZKOe8jWxdrQ/15vHK4ts2gi/z0aSgLl
8MPtI3hRwqLOpSUmyebLVPtrrmbNg4+h+jKtUap8ZdwUXoZfEy7dPp5PzCTe0fhr
ZH5XoqhJzGm5oPcd1+sHFKG3NXpEKAuKTXMW38877I1PxwoHRXdvRbAKNSCHV6XI
7653IPY4BH5JkGIDDLzLA9zsDgxDWZMs5SXILtnPWC+PPdY3uYr1oYIvQce3P7gj
bsQOwyzYXKIw6BthhoZAoday9iO7onJYkgefZ6X7lCo6DhI/2ebyhI43pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGdGAU3RvgAspvHRA+fKoFWPELgGMB8GA1UdIwQY
MBaAFCHkIabZbpnWP3z7SZynEXyCME6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWVRaHB0bHVtZFlfZlB0Sm5LY1JmSUl3VHFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8xZDRiMmMtOTQ1ZC00ZjM5LWIyMzMt
M2U2YjcwMjViNjVlLzEvWjBZQlRkRy1BQ3ltOGRFRDU4cWdWWThRdUFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8xZDRiMmMtOTQ1ZC00ZjM5LWIyMzMtM2U2YjcwMjViNjVl
LzEvSWVRaHB0bHVtZFlfZlB0Sm5LY1JmSUl3VHFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwj2MMA0G
CSqGSIb3DQEBCwUAA4IBAQBdhMhw1td4F1HTNFenNxcDW3fiFV7AlBQ/Hp2SINUM
KsvhQv1uqA/pkAS/PfMW3h1cE4JW7PjjEfdi6xp/5gtvI6qV9JnMS/GRUkpMeE9C
7rkJe3w09hb/RRYVaLfvZqFBShcXZ03qyGEv4NAhMJfkZ9PYMvpXGdRJzilSMVqn
P7GJ2YMZe6MUn7HYysgJsdUyPnW5AikNcPwyaR28RTp/KrNTCDgkqxtOkd+PrzQa
4Adl5Qk7+09R64dv5wXZEJxRfUOH12h4gIYawAuyE7/e3D6WKhy1vlAaukRXLITU
7mvrk2hv0GZSYOLLQbW7E2ztSRgQtKpKrSbY/rKI8rLD
-----END CERTIFICATE-----