Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/_z1NWtZIMCVFeHm4Mw9QXo0MDuM.roa
File:                     _z1NWtZIMCVFeHm4Mw9QXo0MDuM.roa (raw, json)
Hash identifier:          m7ypxbyhmwDoexCQsfdbi9jobo86WItA2+Dwhf9R68s=
Subject key identifier:   FF:3D:4D:5A:D6:48:30:25:45:78:79:B8:33:0F:50:5E:8D:0C:0E:E3
Certificate issuer:       /CN=c2d21e804ab7713ad7877dde603aa7824b31983c
Certificate serial:       018CC86F820005FBC00FDF63987FC4DADB68
Authority key identifier: C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/_z1NWtZIMCVFeHm4Mw9QXo0MDuM.roa
Signing time:             Tue 02 Jan 2024 04:30:00 +0000
ROA not before:           Tue 02 Jan 2024 04:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47377
IP address blocks:        195.182.200.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:82:00:05:fb:c0:0f:df:63:98:7f:c4:da:db:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2d21e804ab7713ad7877dde603aa7824b31983c
        Validity
            Not Before: Jan  2 04:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff3d4d5ad6483025457879b8330f505e8d0c0ee3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:12:d9:ca:b0:f4:a9:c7:3d:95:7c:f3:98:ac:
                    a5:26:ba:1e:5b:e6:c2:c0:a9:29:a0:b4:3b:89:d1:
                    59:e0:ff:9e:50:0c:e2:58:4c:0a:cd:48:96:03:fe:
                    10:36:cf:81:2f:6e:1e:86:20:18:a2:c4:67:8f:6a:
                    16:2d:bb:42:44:51:90:7f:cb:38:87:c6:58:18:90:
                    55:e2:88:3b:74:da:80:e1:a1:b3:86:d2:3a:01:d7:
                    38:e9:a1:b6:a3:c8:ee:d6:6b:62:ab:84:24:9f:a6:
                    e5:3d:10:e3:1c:a5:39:d3:e1:9f:67:9e:f7:6a:bf:
                    68:75:b6:f4:57:9a:66:55:f3:ac:e7:cc:be:7a:47:
                    97:8e:46:13:01:d4:93:4a:89:f7:bb:b3:b7:81:a5:
                    e4:39:54:b4:4c:32:a6:3b:88:00:80:ed:1f:dc:9a:
                    a5:c2:7a:c1:f8:24:f3:9d:b9:5f:07:e4:99:7c:db:
                    dc:36:0a:19:f7:1e:e8:d0:d8:89:1f:85:6f:12:3d:
                    1b:01:dc:af:e5:34:04:25:ad:59:36:56:21:13:40:
                    a8:9d:2c:34:e7:de:f0:7c:e1:51:45:8b:76:bd:9b:
                    08:64:27:4c:a8:f8:9d:58:e3:1a:ba:47:a1:49:89:
                    7f:dd:a9:9a:01:cf:83:86:99:eb:39:33:c1:77:48:
                    95:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:3D:4D:5A:D6:48:30:25:45:78:79:B8:33:0F:50:5E:8D:0C:0E:E3
            X509v3 Authority Key Identifier:
                keyid:C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/_z1NWtZIMCVFeHm4Mw9QXo0MDuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:f3:f3:8e:a2:1c:49:a0:60:b8:bf:dd:2f:da:49:db:2f:60:
         66:3a:b0:93:dd:ab:86:b3:f6:83:dc:22:ce:cd:dc:fb:4c:b4:
         01:ca:9d:31:72:5f:26:36:14:e5:21:9b:e5:67:c2:00:6f:95:
         49:79:9f:67:0d:58:43:bd:61:3b:95:84:9a:cf:1d:c9:46:f8:
         44:5b:e0:69:a8:73:df:ee:8c:59:4d:d2:54:44:52:69:79:cb:
         a9:e2:ff:1c:c4:09:7e:1c:12:12:94:82:03:a5:a1:1f:13:7a:
         a4:0c:dc:36:73:cf:db:5c:8c:cb:76:13:d9:6e:a9:20:84:45:
         81:94:82:40:6a:ad:ed:34:b1:fc:3d:95:da:46:90:a4:30:c3:
         fd:b5:34:af:c6:80:42:b7:64:e0:aa:04:da:1b:e6:fa:a2:24:
         77:7c:8e:3c:ee:cc:b4:97:d3:90:bf:2f:2c:cb:27:1d:a8:33:
         ce:4b:91:f4:25:9a:38:c9:8b:c2:9c:8a:4f:c5:ed:62:fc:b7:
         63:69:2b:b2:db:46:c5:67:ec:48:16:e8:4d:40:df:36:25:84:
         0a:6f:ec:aa:ff:cd:51:65:36:12:4e:9c:9a:4c:d8:7f:86:59:
         7b:2b:55:27:2a:a7:b9:90:e4:00:08:4f:26:fb:2b:e4:88:87:
         aa:1d:12:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb4IABfvAD99jmH/E2ttoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZDIxZTgwNGFiNzcxM2FkNzg3N2RkZTYwM2FhNzgyNGIz
MTk4M2MwHhcNMjQwMTAyMDQzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjNkNGQ1YWQ2NDgzMDI1NDU3ODc5YjgzMzBmNTA1ZThkMGMwZWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRLZyrD0qcc9lXzzmKylJroeW+bC
wKkpoLQ7idFZ4P+eUAziWEwKzUiWA/4QNs+BL24ehiAYosRnj2oWLbtCRFGQf8s4
h8ZYGJBV4og7dNqA4aGzhtI6Adc46aG2o8ju1mtiq4Qkn6blPRDjHKU50+GfZ573
ar9odbb0V5pmVfOs58y+ekeXjkYTAdSTSon3u7O3gaXkOVS0TDKmO4gAgO0f3Jql
wnrB+CTznblfB+SZfNvcNgoZ9x7o0NiJH4VvEj0bAdyv5TQEJa1ZNlYhE0ConSw0
597wfOFRRYt2vZsIZCdMqPidWOMaukehSYl/3amaAc+DhpnrOTPBd0iVawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP89TVrWSDAlRXh5uDMPUF6NDA7jMB8GA1UdIwQY
MBaAFMLSHoBKt3E614d93mA6p4JLMZg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYt
NTlhZTA5ZWRiZWI5LzEvX3oxTld0WklNQ1ZGZUhtNE13OVFYbzBNRHVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYtNTlhZTA5ZWRiZWI5
LzEvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7bIMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ8/OOohxJoGC4v90v2knbL2BmOrCT3auGs/aD3CLO
zdz7TLQByp0xcl8mNhTlIZvlZ8IAb5VJeZ9nDVhDvWE7lYSazx3JRvhEW+BpqHPf
7oxZTdJURFJpecup4v8cxAl+HBISlIIDpaEfE3qkDNw2c8/bXIzLdhPZbqkghEWB
lIJAaq3tNLH8PZXaRpCkMMP9tTSvxoBCt2TgqgTaG+b6oiR3fI487sy0l9OQvy8s
yycdqDPOS5H0JZo4yYvCnIpPxe1i/LdjaSuy20bFZ+xIFuhNQN82JYQKb+yq/81R
ZTYSTpyaTNh/hll7K1UnKqe5kOQACE8m+yvkiIeqHRLK
-----END CERTIFICATE-----