Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/f171be-9653-41d8-a344-fec15ab84135/1/ZyPIESuaSWPIuQmq_le4sKOKISE.roa
File:                     ZyPIESuaSWPIuQmq_le4sKOKISE.roa (raw, json)
Hash identifier:          ZskQdIcp36rlr+2ORbgrG1PrwisAu9ueRcvHTkIY4YM=
Subject key identifier:   67:23:C8:11:2B:9A:49:63:C8:B9:09:AA:FE:57:B8:B0:A3:8A:21:21
Certificate issuer:       /CN=329dbb46a4eb7645d994a0e4b984fcdac204a484
Certificate serial:       019421B1F987E2DE7E391802CFA1EF2CF678
Authority key identifier: 32:9D:BB:46:A4:EB:76:45:D9:94:A0:E4:B9:84:FC:DA:C2:04:A4:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mp27RqTrdkXZlKDkuYT82sIEpIQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/f171be-9653-41d8-a344-fec15ab84135/1/ZyPIESuaSWPIuQmq_le4sKOKISE.roa
Signing time:             Wed 01 Jan 2025 11:48:19 +0000
ROA not before:           Wed 01 Jan 2025 11:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210177
IP address blocks:        194.62.136.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/f171be-9653-41d8-a344-fec15ab84135/1/Mp27RqTrdkXZlKDkuYT82sIEpIQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/f171be-9653-41d8-a344-fec15ab84135/1/Mp27RqTrdkXZlKDkuYT82sIEpIQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mp27RqTrdkXZlKDkuYT82sIEpIQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:f9:87:e2:de:7e:39:18:02:cf:a1:ef:2c:f6:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=329dbb46a4eb7645d994a0e4b984fcdac204a484
        Validity
            Not Before: Jan  1 11:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6723c8112b9a4963c8b909aafe57b8b0a38a2121
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3e:42:92:52:96:b5:00:a2:93:fc:d6:fa:96:
                    a8:67:df:9c:c9:4c:c7:fe:d0:09:69:51:fb:6d:63:
                    81:bb:7c:bc:ea:79:be:e9:63:f8:a5:2a:e2:22:ca:
                    9a:3f:9b:3e:63:c1:77:e3:7d:1d:c9:0b:54:2e:60:
                    d3:8d:86:63:7a:aa:5b:16:ef:8f:09:79:30:9a:0c:
                    bd:ec:82:96:7c:4d:9f:7a:1f:bb:4b:a3:9f:38:c2:
                    4a:a3:c2:c1:b3:99:60:f3:12:f0:ca:0a:1c:5e:d6:
                    f1:77:c7:5a:0a:0a:6d:38:8c:3e:e0:79:14:d5:ad:
                    f9:69:ef:85:b3:1f:c0:ab:e0:16:52:8f:0e:32:d1:
                    56:31:aa:b8:2b:b1:46:fc:4f:c9:aa:90:7f:04:3d:
                    da:cc:a2:38:55:60:59:48:1d:c6:36:66:77:5f:24:
                    fe:00:29:0d:a0:b9:48:1d:e0:fe:64:a3:bd:87:bf:
                    34:73:96:c0:74:50:31:86:ee:a6:d6:08:ae:6f:2e:
                    6e:2e:50:37:4c:50:3e:77:91:f5:4f:d0:86:1c:42:
                    8a:25:1b:f0:c5:d3:cc:fb:22:18:80:4f:75:65:c1:
                    d6:59:15:bf:ba:ff:1c:7e:d0:1d:0a:dd:8c:48:ee:
                    9b:28:3a:1f:72:a2:68:bf:a2:0b:00:ec:73:37:23:
                    cf:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:23:C8:11:2B:9A:49:63:C8:B9:09:AA:FE:57:B8:B0:A3:8A:21:21
            X509v3 Authority Key Identifier:
                keyid:32:9D:BB:46:A4:EB:76:45:D9:94:A0:E4:B9:84:FC:DA:C2:04:A4:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mp27RqTrdkXZlKDkuYT82sIEpIQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f171be-9653-41d8-a344-fec15ab84135/1/ZyPIESuaSWPIuQmq_le4sKOKISE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/f171be-9653-41d8-a344-fec15ab84135/1/Mp27RqTrdkXZlKDkuYT82sIEpIQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:b2:21:d9:59:f3:0e:8f:97:b8:18:06:0d:09:0c:41:c9:21:
         a8:ac:d6:bd:35:e7:7b:1d:af:69:ef:f2:50:a8:f6:82:2b:d8:
         68:34:b9:41:20:73:5f:5f:c9:46:75:b2:c2:9b:8d:89:9d:cd:
         33:d2:85:8e:a7:c6:3e:e1:70:02:9e:0e:6d:e6:f1:59:85:06:
         44:77:15:ca:07:ec:2c:da:22:75:81:59:58:d1:07:77:1e:b0:
         af:db:c1:73:c3:b2:fc:11:cc:e1:77:fc:26:b3:9b:93:0e:5e:
         b8:b8:39:d1:1e:4c:3a:60:4d:3e:df:3c:74:fe:67:1f:48:aa:
         34:40:a1:b5:66:70:ab:8d:e3:3b:cc:5d:38:fa:4a:45:b5:99:
         07:42:75:b2:0b:bc:51:9b:23:db:c8:98:54:30:f7:5e:e0:50:
         5b:6c:0c:7e:82:20:f8:da:06:27:12:fc:71:71:64:5f:ad:c1:
         ad:49:55:be:4f:15:9d:01:5a:e7:f2:bb:6f:5e:41:a1:c9:97:
         98:61:01:f5:1c:7d:be:2b:f9:0a:4a:18:43:4b:be:dc:aa:19:
         00:a3:1a:9f:b3:a0:ac:44:9a:f5:c6:96:17:2b:d9:c9:6a:3a:
         90:9b:b9:75:d7:d2:75:c0:42:ba:08:97:7a:e4:e2:28:85:40:
         c0:3d:56:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsfmH4t5+ORgCz6HvLPZ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyOWRiYjQ2YTRlYjc2NDVkOTk0YTBlNGI5ODRmY2RhYzIw
NGE0ODQwHhcNMjUwMTAxMTE0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzIzYzgxMTJiOWE0OTYzYzhiOTA5YWFmZTU3YjhiMGEzOGEyMTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvj5CklKWtQCik/zW+paoZ9+cyUzH
/tAJaVH7bWOBu3y86nm+6WP4pSriIsqaP5s+Y8F3430dyQtULmDTjYZjeqpbFu+P
CXkwmgy97IKWfE2feh+7S6OfOMJKo8LBs5lg8xLwygocXtbxd8daCgptOIw+4HkU
1a35ae+Fsx/Aq+AWUo8OMtFWMaq4K7FG/E/JqpB/BD3azKI4VWBZSB3GNmZ3XyT+
ACkNoLlIHeD+ZKO9h780c5bAdFAxhu6m1giuby5uLlA3TFA+d5H1T9CGHEKKJRvw
xdPM+yIYgE91ZcHWWRW/uv8cftAdCt2MSO6bKDofcqJov6ILAOxzNyPPkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcjyBErmkljyLkJqv5XuLCjiiEhMB8GA1UdIwQY
MBaAFDKdu0ak63ZF2ZSg5LmE/NrCBKSEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXAyN1JxVHJka1habEtEa3VZVDgyc0lFcElRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9mMTcxYmUtOTY1My00MWQ4LWEzNDQt
ZmVjMTVhYjg0MTM1LzEvWnlQSUVTdWFTV1BJdVFtcV9sZTRzS09LSVNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9mMTcxYmUtOTY1My00MWQ4LWEzNDQtZmVjMTVhYjg0MTM1
LzEvTXAyN1JxVHJka1habEtEa3VZVDgyc0lFcElRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwj6IMA0G
CSqGSIb3DQEBCwUAA4IBAQCPsiHZWfMOj5e4GAYNCQxBySGorNa9Ned7Ha9p7/JQ
qPaCK9hoNLlBIHNfX8lGdbLCm42Jnc0z0oWOp8Y+4XACng5t5vFZhQZEdxXKB+ws
2iJ1gVlY0Qd3HrCv28Fzw7L8Eczhd/wms5uTDl64uDnRHkw6YE0+3zx0/mcfSKo0
QKG1ZnCrjeM7zF04+kpFtZkHQnWyC7xRmyPbyJhUMPde4FBbbAx+giD42gYnEvxx
cWRfrcGtSVW+TxWdAVrn8rtvXkGhyZeYYQH1HH2+K/kKShhDS77cqhkAoxqfs6Cs
RJr1xpYXK9nJajqQm7l119J1wEK6CJd65OIohUDAPVZM
-----END CERTIFICATE-----