Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/e77b83-a23b-4897-b4dd-68eedf5f66bc/1/ZG0HUOzad5KiJiqTf9pYkDFYO_I.roa
File:                     ZG0HUOzad5KiJiqTf9pYkDFYO_I.roa (raw, json)
Hash identifier:          E4TiSXCkXS1SRFzIcZTrg5hDQNcvyOf3H2WFmzx7S7w=
Subject key identifier:   64:6D:07:50:EC:DA:77:92:A2:26:2A:93:7F:DA:58:90:31:58:3B:F2
Certificate issuer:       /CN=1de5dbc0b610485d0f7e2194d8f816d6c1445326
Certificate serial:       018CC94D807B6AE402EBEEEE63D885E1C067
Authority key identifier: 1D:E5:DB:C0:B6:10:48:5D:0F:7E:21:94:D8:F8:16:D6:C1:44:53:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HeXbwLYQSF0PfiGU2PgW1sFEUyY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/e77b83-a23b-4897-b4dd-68eedf5f66bc/1/ZG0HUOzad5KiJiqTf9pYkDFYO_I.roa
Signing time:             Tue 02 Jan 2024 08:32:28 +0000
ROA not before:           Tue 02 Jan 2024 08:32:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29611
IP address blocks:        185.119.54.0/24 maxlen: 24
                          185.119.52.0/24 maxlen: 24
                          185.119.55.0/24 maxlen: 24
                          185.119.52.0/22 maxlen: 22
                          185.119.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/e77b83-a23b-4897-b4dd-68eedf5f66bc/1/HeXbwLYQSF0PfiGU2PgW1sFEUyY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/e77b83-a23b-4897-b4dd-68eedf5f66bc/1/HeXbwLYQSF0PfiGU2PgW1sFEUyY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HeXbwLYQSF0PfiGU2PgW1sFEUyY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:80:7b:6a:e4:02:eb:ee:ee:63:d8:85:e1:c0:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1de5dbc0b610485d0f7e2194d8f816d6c1445326
        Validity
            Not Before: Jan  2 08:32:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=646d0750ecda7792a2262a937fda589031583bf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ee:31:49:85:d9:31:3b:da:10:a7:16:9b:a2:
                    31:c1:36:b4:40:6e:15:c1:8e:a7:1f:fb:63:88:ea:
                    95:1d:5f:98:6e:8c:40:d3:19:f8:ad:ab:c1:72:24:
                    90:da:15:c4:88:22:b1:dc:7e:2d:ef:9f:dc:a0:e1:
                    b0:b8:6f:06:47:ad:e5:6d:26:d0:27:7d:4e:97:02:
                    d5:fb:d3:c1:e0:e3:ea:3e:b4:ae:5c:9a:4c:0f:b4:
                    ca:63:0e:bd:e6:0d:71:3b:d0:71:67:d5:41:15:d0:
                    b9:c7:f4:a3:53:19:2f:fb:b8:ed:a1:1f:6a:cd:48:
                    b9:81:17:b5:85:d9:51:1f:fe:ac:f7:bd:a7:94:20:
                    b6:dd:34:7e:bb:ed:bc:ba:16:54:ca:08:fe:d3:ce:
                    3f:ef:69:bb:cb:b6:9c:d3:e3:e6:1d:f7:c4:5e:01:
                    e3:36:8a:0d:1b:61:08:4e:43:d6:96:af:82:5f:5e:
                    3d:1b:22:af:c5:d1:aa:3f:81:ec:fc:f0:9c:a5:7c:
                    99:24:2f:d0:8a:23:c2:b0:f7:ca:de:2f:34:d5:22:
                    1f:3a:10:f4:0d:b4:44:63:04:f4:b3:98:dd:d3:50:
                    42:24:62:a5:79:98:2f:50:61:ca:5f:e2:56:f8:90:
                    88:8d:52:78:8a:02:0a:5c:b5:86:be:d8:52:2b:25:
                    17:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:6D:07:50:EC:DA:77:92:A2:26:2A:93:7F:DA:58:90:31:58:3B:F2
            X509v3 Authority Key Identifier:
                keyid:1D:E5:DB:C0:B6:10:48:5D:0F:7E:21:94:D8:F8:16:D6:C1:44:53:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HeXbwLYQSF0PfiGU2PgW1sFEUyY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/e77b83-a23b-4897-b4dd-68eedf5f66bc/1/ZG0HUOzad5KiJiqTf9pYkDFYO_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/e77b83-a23b-4897-b4dd-68eedf5f66bc/1/HeXbwLYQSF0PfiGU2PgW1sFEUyY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:b7:9c:6a:48:a7:0a:c7:7a:09:6f:bf:72:59:07:40:a2:d8:
         91:83:82:b9:19:d7:87:ed:90:51:59:88:90:1d:ee:02:6f:95:
         67:a9:1c:a9:e7:5b:91:60:df:70:73:0f:29:36:73:f1:c1:ae:
         f3:b9:a9:b2:f6:00:94:cd:bc:e1:a2:21:8c:3f:e1:96:eb:2b:
         fb:fa:c4:0f:f6:31:db:23:29:98:3f:65:c6:66:88:a8:b0:cd:
         95:0f:ee:ed:f9:b9:6d:b8:be:b4:e7:af:57:b0:df:53:f4:70:
         e2:63:c1:3d:5a:d2:e0:73:7c:55:5a:71:47:5f:a3:7e:72:38:
         15:50:cc:5f:9a:04:ca:92:cd:63:1a:49:5c:60:8f:9f:56:db:
         c5:d7:c5:71:50:47:29:4e:17:e4:8f:1d:ae:d2:c1:72:0c:5d:
         30:46:40:9d:dd:f6:f5:22:5e:fb:81:85:52:8f:73:2c:92:c1:
         be:f8:96:6f:3f:95:af:56:e2:4e:19:3a:8b:0f:5d:81:10:93:
         60:23:93:3f:94:a8:c0:08:ac:22:60:fa:c3:53:cb:d5:f8:f2:
         b4:f0:4a:98:81:7e:32:cb:97:99:3a:e8:1d:ef:1c:26:a3:99:
         38:80:83:94:e3:e4:8f:c1:11:dd:c7:4e:2e:e8:bb:2b:8e:72:
         17:42:d6:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTYB7auQC6+7uY9iF4cBnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkZTVkYmMwYjYxMDQ4NWQwZjdlMjE5NGQ4ZjgxNmQ2YzE0
NDUzMjYwHhcNMjQwMTAyMDgzMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDZkMDc1MGVjZGE3NzkyYTIyNjJhOTM3ZmRhNTg5MDMxNTgzYmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAne4xSYXZMTvaEKcWm6IxwTa0QG4V
wY6nH/tjiOqVHV+YboxA0xn4ravBciSQ2hXEiCKx3H4t75/coOGwuG8GR63lbSbQ
J31OlwLV+9PB4OPqPrSuXJpMD7TKYw695g1xO9BxZ9VBFdC5x/SjUxkv+7jtoR9q
zUi5gRe1hdlRH/6s972nlCC23TR+u+28uhZUygj+084/72m7y7ac0+PmHffEXgHj
NooNG2EITkPWlq+CX149GyKvxdGqP4Hs/PCcpXyZJC/QiiPCsPfK3i801SIfOhD0
DbREYwT0s5jd01BCJGKleZgvUGHKX+JW+JCIjVJ4igIKXLWGvthSKyUXnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGRtB1Ds2neSoiYqk3/aWJAxWDvyMB8GA1UdIwQY
MBaAFB3l28C2EEhdD34hlNj4FtbBRFMmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGVYYndMWVFTRjBQZmlHVTJQZ1cxc0ZFVXlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9lNzdiODMtYTIzYi00ODk3LWI0ZGQt
NjhlZWRmNWY2NmJjLzEvWkcwSFVPemFkNUtpSmlxVGY5cFlrREZZT19JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9lNzdiODMtYTIzYi00ODk3LWI0ZGQtNjhlZWRmNWY2NmJj
LzEvSGVYYndMWVFTRjBQZmlHVTJQZ1cxc0ZFVXlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXc0MA0G
CSqGSIb3DQEBCwUAA4IBAQBst5xqSKcKx3oJb79yWQdAotiRg4K5GdeH7ZBRWYiQ
He4Cb5VnqRyp51uRYN9wcw8pNnPxwa7zuamy9gCUzbzhoiGMP+GW6yv7+sQP9jHb
IymYP2XGZoiosM2VD+7t+bltuL60569XsN9T9HDiY8E9WtLgc3xVWnFHX6N+cjgV
UMxfmgTKks1jGklcYI+fVtvF18VxUEcpThfkjx2u0sFyDF0wRkCd3fb1Il77gYVS
j3MsksG++JZvP5WvVuJOGTqLD12BEJNgI5M/lKjACKwiYPrDU8vV+PK08EqYgX4y
y5eZOugd7xwmo5k4gIOU4+SPwRHdx04u6LsrjnIXQta6
-----END CERTIFICATE-----