Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/Ze2LPKmnrZh65PuVZNphVOE_UCo.roa
File:                     Ze2LPKmnrZh65PuVZNphVOE_UCo.roa (raw, json)
Hash identifier:          0H6E79KPgapOB7kTdw36QrYipN7DhIfjzdLY5Hmts18=
Subject key identifier:   65:ED:8B:3C:A9:A7:AD:98:7A:E4:FB:95:64:DA:61:54:E1:3F:50:2A
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A73F2D55EF7ECF1442184E2929CFA
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/Ze2LPKmnrZh65PuVZNphVOE_UCo.roa
Signing time:             Mon 01 Jan 2024 18:30:17 +0000
ROA not before:           Mon 01 Jan 2024 18:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        188.72.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:73:f2:d5:5e:f7:ec:f1:44:21:84:e2:92:9c:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65ed8b3ca9a7ad987ae4fb9564da6154e13f502a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:14:7b:a8:67:e6:ae:fd:08:11:dc:83:98:d0:
                    b3:24:54:d9:fe:c3:8f:a6:ad:a7:b2:40:17:1a:6d:
                    f2:f1:7b:d8:e2:d7:8b:b4:b8:2a:f8:93:37:ab:61:
                    93:e0:7d:e5:9e:b6:c6:68:eb:57:52:35:87:c4:a1:
                    2b:63:e7:4e:6c:a2:db:40:bb:ee:cf:7c:87:d5:2b:
                    02:a1:46:81:e9:da:c2:e4:01:1e:a3:12:c2:a6:23:
                    8d:c0:2d:55:ec:6a:b3:33:ba:f7:19:ea:a7:d5:a7:
                    69:95:cb:68:84:94:2c:4e:9b:26:63:e8:9c:aa:6a:
                    a8:7f:53:a9:5f:db:a6:ed:a6:72:41:d4:7b:55:d4:
                    a1:89:c9:5b:08:9e:78:30:39:53:cd:a1:6a:58:b7:
                    97:38:c9:6c:74:cd:8c:d1:ae:0e:7c:65:80:29:bd:
                    80:50:d8:85:37:8a:29:85:8a:86:04:7c:d6:3f:2e:
                    54:38:68:41:70:89:05:d1:a7:9f:a9:3f:ee:ab:d1:
                    39:d1:50:42:bf:35:38:25:65:b2:8d:d7:46:b8:e3:
                    5c:8d:d6:a8:b1:fb:d3:76:f6:c0:1f:ca:1e:c7:f1:
                    fa:8f:b6:ea:fe:76:1e:c3:28:35:b5:b1:fb:94:53:
                    c4:5d:6a:82:6e:34:c6:6b:0e:26:27:9f:fb:24:96:
                    85:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:ED:8B:3C:A9:A7:AD:98:7A:E4:FB:95:64:DA:61:54:E1:3F:50:2A
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/Ze2LPKmnrZh65PuVZNphVOE_UCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.72.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:ab:72:68:14:49:08:26:41:b2:79:9e:4f:99:c1:85:ca:7b:
         76:3f:be:89:4c:89:d2:74:7b:48:2e:7b:26:81:0d:52:46:65:
         56:0c:3a:71:b0:30:9d:ab:0c:d3:37:26:5f:03:35:ee:08:28:
         0e:77:88:e0:c6:cb:b1:5a:6e:67:3d:aa:b5:87:e4:5b:9e:25:
         86:ed:fb:93:d6:e6:8a:f2:f2:33:4e:d6:85:86:4c:18:4a:f2:
         88:46:17:35:99:f3:b7:46:a4:22:5e:37:22:8f:33:91:ba:d1:
         09:de:aa:ca:99:b5:92:d8:0a:83:76:b9:29:73:47:2a:70:7d:
         95:04:0d:4b:4d:87:9f:52:4f:1c:fa:3b:b7:88:d6:d4:f9:35:
         a7:c2:48:9f:3f:3f:59:aa:d7:41:7e:9a:f4:67:81:14:c3:ad:
         a2:ba:9d:2a:50:ba:99:71:93:2a:ca:85:12:63:62:93:74:51:
         ce:4a:88:d6:64:9b:15:70:2c:be:75:2c:47:90:7f:68:22:b3:
         1a:4a:2e:26:e6:c5:af:82:c1:6f:07:30:9a:62:41:34:fd:4a:
         60:85:ea:b3:e9:fc:6f:67:39:65:4b:61:f1:c3:ba:38:ab:75:
         fa:18:0a:cb:f8:14:6b:61:f9:73:3d:1c:49:08:36:8e:3c:e0:
         e8:cb:85:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSnPy1V737PFEIYTikpz6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWVkOGIzY2E5YTdhZDk4N2FlNGZiOTU2NGRhNjE1NGUxM2Y1MDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxR7qGfmrv0IEdyDmNCzJFTZ/sOP
pq2nskAXGm3y8XvY4teLtLgq+JM3q2GT4H3lnrbGaOtXUjWHxKErY+dObKLbQLvu
z3yH1SsCoUaB6drC5AEeoxLCpiONwC1V7GqzM7r3Geqn1adplctohJQsTpsmY+ic
qmqof1OpX9um7aZyQdR7VdShiclbCJ54MDlTzaFqWLeXOMlsdM2M0a4OfGWAKb2A
UNiFN4ophYqGBHzWPy5UOGhBcIkF0aefqT/uq9E50VBCvzU4JWWyjddGuONcjdao
sfvTdvbAH8oex/H6j7bq/nYewyg1tbH7lFPEXWqCbjTGaw4mJ5/7JJaFSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGXtizypp62YeuT7lWTaYVThP1AqMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvWmUyTFBLbW5yWmg2NVB1VlpOcGhWT0VfVUNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEhdMA0G
CSqGSIb3DQEBCwUAA4IBAQCLq3JoFEkIJkGyeZ5PmcGFynt2P76JTInSdHtILnsm
gQ1SRmVWDDpxsDCdqwzTNyZfAzXuCCgOd4jgxsuxWm5nPaq1h+RbniWG7fuT1uaK
8vIzTtaFhkwYSvKIRhc1mfO3RqQiXjcijzORutEJ3qrKmbWS2AqDdrkpc0cqcH2V
BA1LTYefUk8c+ju3iNbU+TWnwkifPz9ZqtdBfpr0Z4EUw62iup0qULqZcZMqyoUS
Y2KTdFHOSojWZJsVcCy+dSxHkH9oIrMaSi4m5sWvgsFvBzCaYkE0/Upgheqz6fxv
ZzllS2Hxw7o4q3X6GArL+BRrYflzPRxJCDaOPODoy4Wy
-----END CERTIFICATE-----