Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/c0b106-6bf1-4660-8aff-9cf87ff1ce5b/1/Zalmb79lgnJ8ZqrgJMNHmIB0_a8.roa
File:                     Zalmb79lgnJ8ZqrgJMNHmIB0_a8.roa (raw, json)
Hash identifier:          qT5QBRK21+1uxjdCx9gW03qYws/IDIrgYu8jrzg9fD8=
Subject key identifier:   65:A9:66:6F:BF:65:82:72:7C:66:AA:E0:24:C3:47:98:80:74:FD:AF
Certificate issuer:       /CN=5e4098f206850488b72cdde8387c3181c63f8cdf
Certificate serial:       01942143B9F277298331EF7307072C3422A0
Authority key identifier: 5E:40:98:F2:06:85:04:88:B7:2C:DD:E8:38:7C:31:81:C6:3F:8C:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XkCY8gaFBIi3LN3oOHwxgcY_jN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/c0b106-6bf1-4660-8aff-9cf87ff1ce5b/1/Zalmb79lgnJ8ZqrgJMNHmIB0_a8.roa
Signing time:             Wed 01 Jan 2025 09:47:54 +0000
ROA not before:           Wed 01 Jan 2025 09:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215278
IP address blocks:        194.147.72.0/24 maxlen: 24
                          2001:67c:2d8c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/c0b106-6bf1-4660-8aff-9cf87ff1ce5b/1/XkCY8gaFBIi3LN3oOHwxgcY_jN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/c0b106-6bf1-4660-8aff-9cf87ff1ce5b/1/XkCY8gaFBIi3LN3oOHwxgcY_jN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XkCY8gaFBIi3LN3oOHwxgcY_jN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:b9:f2:77:29:83:31:ef:73:07:07:2c:34:22:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e4098f206850488b72cdde8387c3181c63f8cdf
        Validity
            Not Before: Jan  1 09:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65a9666fbf6582727c66aae024c347988074fdaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:77:6f:42:94:72:e5:f3:e7:1c:47:e3:17:a5:
                    86:1f:03:f0:97:e5:b5:e3:f7:b2:4a:9d:60:8f:77:
                    61:e4:44:f4:18:a9:e0:9d:bb:a4:25:9c:b6:84:e6:
                    1f:18:99:19:88:6f:91:ba:df:f4:dc:f1:71:55:41:
                    be:43:f3:fe:a4:79:8a:db:41:51:f6:42:ad:82:84:
                    aa:23:f4:36:17:74:2a:2f:7b:55:97:71:4a:eb:35:
                    8e:b8:b6:02:94:d5:63:e9:9f:5e:a0:f2:1c:19:75:
                    9d:3d:a8:98:a6:ee:7c:8e:fc:56:f6:a7:89:21:ec:
                    54:2d:e3:22:6c:c0:32:9d:00:79:c3:d3:4e:84:74:
                    0b:0e:c7:ca:4c:55:f0:b9:a4:71:a1:db:da:a0:f6:
                    0c:3d:8c:78:50:a2:24:0e:a1:32:ce:cd:6b:2b:13:
                    56:fe:90:22:6e:9f:67:0a:e8:7d:88:b4:db:36:00:
                    36:09:a2:48:54:c2:3e:ce:f8:23:35:f6:d1:24:00:
                    a4:9b:15:9a:63:31:a4:24:37:ff:68:a3:ec:ec:62:
                    f0:68:92:d4:b3:e7:32:5e:7c:22:16:9b:73:f0:19:
                    00:d8:b4:89:a0:bb:c1:dc:10:de:15:a1:58:09:12:
                    47:b2:c0:a3:4b:bb:26:93:69:42:7e:47:50:b3:db:
                    fa:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:A9:66:6F:BF:65:82:72:7C:66:AA:E0:24:C3:47:98:80:74:FD:AF
            X509v3 Authority Key Identifier:
                keyid:5E:40:98:F2:06:85:04:88:B7:2C:DD:E8:38:7C:31:81:C6:3F:8C:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XkCY8gaFBIi3LN3oOHwxgcY_jN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/c0b106-6bf1-4660-8aff-9cf87ff1ce5b/1/Zalmb79lgnJ8ZqrgJMNHmIB0_a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/c0b106-6bf1-4660-8aff-9cf87ff1ce5b/1/XkCY8gaFBIi3LN3oOHwxgcY_jN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.72.0/24
                IPv6:
                  2001:67c:2d8c::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:1f:69:02:2d:f1:55:eb:0b:fc:12:a2:36:bb:35:b0:4b:6b:
         af:61:2a:d5:00:35:02:b9:62:c0:4b:3c:a0:9f:5c:09:8b:b7:
         60:60:a3:88:21:3a:1a:e8:3c:b6:9f:7f:f6:ff:5e:97:8f:36:
         84:a8:08:ec:8e:d3:ed:df:4a:bf:8b:3d:c1:b8:46:cb:0c:30:
         d7:db:95:fc:78:ba:ce:3e:70:73:34:4b:50:30:e5:43:32:1a:
         a6:f6:86:69:28:8b:7f:8e:d4:89:de:9f:95:4a:59:9d:d4:bf:
         e6:98:a7:4c:4c:0c:a1:34:d7:3f:bf:52:79:4d:a0:88:c3:ac:
         e7:c9:7c:fd:b0:26:80:17:21:fd:53:9f:58:ec:f5:54:97:8b:
         53:4c:c6:04:08:a2:b6:6a:21:91:f2:39:a7:3c:23:a7:35:58:
         ff:3a:60:29:94:72:57:c2:dc:29:1e:45:09:07:f2:2b:d1:74:
         99:aa:dc:80:6a:40:d9:8c:f9:2e:78:93:95:4c:b3:9d:6a:c4:
         54:5d:fd:62:21:b2:24:8d:50:9c:2d:2c:6c:c7:b8:80:7b:c7:
         cc:25:ba:27:1f:66:4d:67:cd:61:69:d6:9b:39:50:c1:06:2e:
         ab:52:82:1e:97:7f:dd:3f:e8:a9:6c:a2:fa:0a:bd:ef:90:51:
         c6:d1:bf:0b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhQ7nydymDMe9zBwcsNCKgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNDA5OGYyMDY4NTA0ODhiNzJjZGRlODM4N2MzMTgxYzYz
ZjhjZGYwHhcNMjUwMTAxMDk0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWE5NjY2ZmJmNjU4MjcyN2M2NmFhZTAyNGMzNDc5ODgwNzRmZGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXdvQpRy5fPnHEfjF6WGHwPwl+W1
4/eySp1gj3dh5ET0GKngnbukJZy2hOYfGJkZiG+Rut/03PFxVUG+Q/P+pHmK20FR
9kKtgoSqI/Q2F3QqL3tVl3FK6zWOuLYClNVj6Z9eoPIcGXWdPaiYpu58jvxW9qeJ
IexULeMibMAynQB5w9NOhHQLDsfKTFXwuaRxodvaoPYMPYx4UKIkDqEyzs1rKxNW
/pAibp9nCuh9iLTbNgA2CaJIVMI+zvgjNfbRJACkmxWaYzGkJDf/aKPs7GLwaJLU
s+cyXnwiFptz8BkA2LSJoLvB3BDeFaFYCRJHssCjS7smk2lCfkdQs9v6nQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGWpZm+/ZYJyfGaq4CTDR5iAdP2vMB8GA1UdIwQY
MBaAFF5AmPIGhQSItyzd6Dh8MYHGP4zfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGtDWThnYUZCSWkzTE4zb09Id3hnY1lfak44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9jMGIxMDYtNmJmMS00NjYwLThhZmYt
OWNmODdmZjFjZTViLzEvWmFsbWI3OWxnbko4WnFyZ0pNTkhtSUIwX2E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9jMGIxMDYtNmJmMS00NjYwLThhZmYtOWNmODdmZjFjZTVi
LzEvWGtDWThnYUZCSWkzTE4zb09Id3hnY1lfak44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwpNIMA8E
AgACMAkDBwAgAQZ8LYwwDQYJKoZIhvcNAQELBQADggEBAGkfaQIt8VXrC/wSoja7
NbBLa69hKtUANQK5YsBLPKCfXAmLt2Bgo4ghOhroPLaff/b/XpePNoSoCOyO0+3f
Sr+LPcG4RssMMNfblfx4us4+cHM0S1Aw5UMyGqb2hmkoi3+O1Inen5VKWZ3Uv+aY
p0xMDKE01z+/UnlNoIjDrOfJfP2wJoAXIf1Tn1js9VSXi1NMxgQIorZqIZHyOac8
I6c1WP86YCmUclfC3CkeRQkH8ivRdJmq3IBqQNmM+S54k5VMs51qxFRd/WIhsiSN
UJwtLGzHuIB7x8wluicfZk1nzWFp1ps5UMEGLqtSgh6Xf90/6KlsovoKve+QUcbR
vws=
-----END CERTIFICATE-----