Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/05881c-2aa5-42e4-84b8-7ac3ca1f357d/1/zjBKO7n2aAjT_WIdb3Ie2Rbh50w.roa
File:                     zjBKO7n2aAjT_WIdb3Ie2Rbh50w.roa (raw, json)
Hash identifier:          dqQwDekCLXmGlQnip2R4a8D8gRdXpyWj3m8wviKoNBo=
Subject key identifier:   CE:30:4A:3B:B9:F6:68:08:D3:FD:62:1D:6F:72:1E:D9:16:E1:E7:4C
Certificate issuer:       /CN=6e409def4a8a89ca88f57182c52ed6d70fb91976
Certificate serial:       018CC86F472C81B167C46F4778F0AF0990B9
Authority key identifier: 6E:40:9D:EF:4A:8A:89:CA:88:F5:71:82:C5:2E:D6:D7:0F:B9:19:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bkCd70qKicqI9XGCxS7W1w-5GXY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/05881c-2aa5-42e4-84b8-7ac3ca1f357d/1/zjBKO7n2aAjT_WIdb3Ie2Rbh50w.roa
Signing time:             Tue 02 Jan 2024 04:29:45 +0000
ROA not before:           Tue 02 Jan 2024 04:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200697
IP address blocks:        192.166.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/05881c-2aa5-42e4-84b8-7ac3ca1f357d/1/bkCd70qKicqI9XGCxS7W1w-5GXY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/05881c-2aa5-42e4-84b8-7ac3ca1f357d/1/bkCd70qKicqI9XGCxS7W1w-5GXY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bkCd70qKicqI9XGCxS7W1w-5GXY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:47:2c:81:b1:67:c4:6f:47:78:f0:af:09:90:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e409def4a8a89ca88f57182c52ed6d70fb91976
        Validity
            Not Before: Jan  2 04:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce304a3bb9f66808d3fd621d6f721ed916e1e74c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:c4:a4:c8:d2:5c:27:d6:c3:bd:a3:ee:ae:43:
                    b3:8d:36:a6:1e:1f:ba:1b:1a:83:48:90:50:9a:73:
                    9d:b9:32:18:ac:3e:c7:39:9e:30:9c:32:07:80:14:
                    c2:c9:d0:32:0d:37:79:c9:80:b8:be:18:8b:91:af:
                    c3:01:8f:41:8c:69:b1:63:05:fe:ba:c9:71:58:d3:
                    3d:05:37:47:23:ad:0c:93:d7:00:7f:ec:be:ed:0a:
                    4e:bf:f6:d7:d4:05:b8:70:4c:16:52:ee:22:b5:0d:
                    fa:53:38:74:6c:cb:be:f3:3e:46:32:28:81:c7:63:
                    6c:46:4e:41:0d:40:2e:07:66:c8:2c:53:8a:20:f3:
                    15:27:7f:00:7b:31:fc:a6:91:ec:7e:96:73:1c:d0:
                    f8:2e:05:11:8e:a4:0b:1f:8a:0e:48:6f:d9:4f:a9:
                    20:66:91:fa:ff:9d:31:6b:56:3b:c7:fc:1a:ca:07:
                    92:c2:4b:40:3b:f5:f8:7b:4e:2d:0e:46:98:0a:b3:
                    cd:d5:8d:27:c2:61:6c:c4:4c:c0:e0:f6:95:da:4c:
                    bd:88:cb:87:36:ae:be:ee:85:45:28:1e:6a:1e:2a:
                    76:70:5b:3a:7e:71:b4:63:2e:60:e5:91:12:f2:08:
                    ab:f5:da:35:a9:c0:9f:ed:c1:85:20:f0:b1:cf:99:
                    1b:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:30:4A:3B:B9:F6:68:08:D3:FD:62:1D:6F:72:1E:D9:16:E1:E7:4C
            X509v3 Authority Key Identifier:
                keyid:6E:40:9D:EF:4A:8A:89:CA:88:F5:71:82:C5:2E:D6:D7:0F:B9:19:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bkCd70qKicqI9XGCxS7W1w-5GXY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/05881c-2aa5-42e4-84b8-7ac3ca1f357d/1/zjBKO7n2aAjT_WIdb3Ie2Rbh50w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/05881c-2aa5-42e4-84b8-7ac3ca1f357d/1/bkCd70qKicqI9XGCxS7W1w-5GXY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:8a:05:9f:65:b1:82:c1:d4:20:54:a3:9d:3e:b4:9a:3b:0b:
         89:83:6c:06:6a:4a:73:14:54:00:04:58:75:9b:23:eb:19:cd:
         0a:b7:10:c3:7e:f3:9b:cf:12:8f:f0:b0:35:61:c8:03:99:89:
         aa:1f:0f:28:01:77:3c:2b:ad:dc:bf:4b:4d:93:49:cc:aa:3b:
         9e:c0:af:6e:41:b1:f2:79:77:c8:7f:df:f7:d9:0e:19:54:fb:
         cd:96:cd:9e:36:f1:42:62:2d:e6:9f:dc:de:e4:72:c5:5e:54:
         3b:18:9d:cd:22:5f:dc:fb:ab:a2:91:19:cc:d1:f0:79:ed:a7:
         f6:a0:d5:c2:87:5d:e1:8f:40:3b:63:c4:f4:ca:20:43:4d:29:
         c4:08:da:80:50:43:78:1d:20:27:f3:58:38:fe:17:ad:9d:59:
         c2:90:c6:86:17:fc:c3:2a:50:02:57:a0:a5:33:7a:44:a7:21:
         fb:bc:82:cd:95:f8:48:3e:a7:db:b0:4f:5a:68:aa:c5:81:b7:
         ed:b1:0f:39:ed:78:8b:cd:d6:f8:ce:ce:a4:86:4c:92:d5:ad:
         dd:fc:7c:6e:44:77:35:2d:54:85:69:c6:eb:ab:f2:a4:f0:ce:
         23:24:89:bc:95:86:f3:79:83:d3:3a:f4:28:a7:e1:ee:01:e2:
         c5:23:25:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb0csgbFnxG9HePCvCZC5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlNDA5ZGVmNGE4YTg5Y2E4OGY1NzE4MmM1MmVkNmQ3MGZi
OTE5NzYwHhcNMjQwMTAyMDQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTMwNGEzYmI5ZjY2ODA4ZDNmZDYyMWQ2ZjcyMWVkOTE2ZTFlNzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAisSkyNJcJ9bDvaPurkOzjTamHh+6
GxqDSJBQmnOduTIYrD7HOZ4wnDIHgBTCydAyDTd5yYC4vhiLka/DAY9BjGmxYwX+
uslxWNM9BTdHI60Mk9cAf+y+7QpOv/bX1AW4cEwWUu4itQ36Uzh0bMu+8z5GMiiB
x2NsRk5BDUAuB2bILFOKIPMVJ38AezH8ppHsfpZzHND4LgURjqQLH4oOSG/ZT6kg
ZpH6/50xa1Y7x/waygeSwktAO/X4e04tDkaYCrPN1Y0nwmFsxEzA4PaV2ky9iMuH
Nq6+7oVFKB5qHip2cFs6fnG0Yy5g5ZES8gir9do1qcCf7cGFIPCxz5kbawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4wSju59mgI0/1iHW9yHtkW4edMMB8GA1UdIwQY
MBaAFG5Ane9KionKiPVxgsUu1tcPuRl2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmtDZDcwcUtpY3FJOVhHQ3hTN1cxdy01R1hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8wNTg4MWMtMmFhNS00MmU0LTg0Yjgt
N2FjM2NhMWYzNTdkLzEvempCS083bjJhQWpUX1dJZGIzSWUyUmJoNTB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8wNTg4MWMtMmFhNS00MmU0LTg0YjgtN2FjM2NhMWYzNTdk
LzEvYmtDZDcwcUtpY3FJOVhHQ3hTN1cxdy01R1hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKYlMA0G
CSqGSIb3DQEBCwUAA4IBAQBPigWfZbGCwdQgVKOdPrSaOwuJg2wGakpzFFQABFh1
myPrGc0KtxDDfvObzxKP8LA1YcgDmYmqHw8oAXc8K63cv0tNk0nMqjuewK9uQbHy
eXfIf9/32Q4ZVPvNls2eNvFCYi3mn9ze5HLFXlQ7GJ3NIl/c+6uikRnM0fB57af2
oNXCh13hj0A7Y8T0yiBDTSnECNqAUEN4HSAn81g4/hetnVnCkMaGF/zDKlACV6Cl
M3pEpyH7vILNlfhIPqfbsE9aaKrFgbftsQ857XiLzdb4zs6khkyS1a3d/HxuRHc1
LVSFacbrq/Kk8M4jJIm8lYbzeYPTOvQop+HuAeLFIyW2
-----END CERTIFICATE-----