Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/9b1d85-7198-4af6-a632-d0cfe43016de/1/ZM1dhLREHUK9THyRbQhmbYvH-go.roa
File:                     ZM1dhLREHUK9THyRbQhmbYvH-go.roa (raw, json)
Hash identifier:          N1Sa8G0Rm15Kvd0+4hmG1B9UX0vybL83hTGxPQknPt0=
Subject key identifier:   64:CD:5D:84:B4:44:1D:42:BD:4C:7C:91:6D:08:66:6D:8B:C7:FA:0A
Certificate issuer:       /CN=52411e52dab7d0be2674313b6b5d2e74bd11360e
Certificate serial:       018EAEC33CA800A16A38E2557FA6B6A4965F
Authority key identifier: 52:41:1E:52:DA:B7:D0:BE:26:74:31:3B:6B:5D:2E:74:BD:11:36:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UkEeUtq30L4mdDE7a10udL0RNg4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/9b1d85-7198-4af6-a632-d0cfe43016de/1/ZM1dhLREHUK9THyRbQhmbYvH-go.roa
Signing time:             Fri 05 Apr 2024 14:56:54 +0000
ROA not before:           Fri 05 Apr 2024 14:56:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        217.198.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/9b1d85-7198-4af6-a632-d0cfe43016de/1/UkEeUtq30L4mdDE7a10udL0RNg4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/9b1d85-7198-4af6-a632-d0cfe43016de/1/UkEeUtq30L4mdDE7a10udL0RNg4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UkEeUtq30L4mdDE7a10udL0RNg4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ae:c3:3c:a8:00:a1:6a:38:e2:55:7f:a6:b6:a4:96:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52411e52dab7d0be2674313b6b5d2e74bd11360e
        Validity
            Not Before: Apr  5 14:56:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64cd5d84b4441d42bd4c7c916d08666d8bc7fa0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:50:7a:e0:59:af:82:d4:c9:b4:aa:9c:0f:50:
                    cb:e5:09:f3:2b:f5:48:aa:fb:a5:4d:10:b3:34:7e:
                    58:ea:d9:56:ca:ac:2c:2f:af:82:d1:bc:64:88:92:
                    99:7f:5c:d1:a0:90:f1:75:0b:00:59:a0:2a:c4:5f:
                    2f:77:e4:60:ce:fe:f6:92:ec:25:27:51:ee:5d:6e:
                    70:09:c5:b4:05:71:d6:a8:ea:64:b4:9f:7f:57:33:
                    5a:1c:a7:02:4d:4a:52:27:2d:2e:6d:9a:bc:5a:57:
                    6d:3d:a3:2c:64:fc:b9:62:87:4c:f9:01:2e:3e:82:
                    ec:59:ae:55:2c:84:7b:09:12:93:c1:0e:00:a7:02:
                    85:9f:37:bf:b8:c1:57:8d:77:f4:ee:a3:00:32:49:
                    ed:2d:86:bd:d8:5f:06:6f:5e:ae:dc:7f:e8:88:86:
                    5c:e2:88:18:1d:58:20:c4:ec:ca:c2:04:a3:08:c8:
                    fd:2d:d9:8f:46:a0:e6:8f:e8:19:60:38:7e:29:e3:
                    e3:b1:6b:bc:fd:cc:32:d0:96:5f:0d:f4:5e:ff:88:
                    0f:bf:68:d1:7e:24:78:45:7e:19:d5:1b:c8:6d:67:
                    5a:7d:62:d9:bb:80:5b:a7:50:e1:0b:f3:7a:e9:6c:
                    0a:aa:bb:1f:24:c4:e2:dc:e4:ea:00:7b:1b:ff:13:
                    fd:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:CD:5D:84:B4:44:1D:42:BD:4C:7C:91:6D:08:66:6D:8B:C7:FA:0A
            X509v3 Authority Key Identifier:
                keyid:52:41:1E:52:DA:B7:D0:BE:26:74:31:3B:6B:5D:2E:74:BD:11:36:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UkEeUtq30L4mdDE7a10udL0RNg4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/9b1d85-7198-4af6-a632-d0cfe43016de/1/ZM1dhLREHUK9THyRbQhmbYvH-go.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/9b1d85-7198-4af6-a632-d0cfe43016de/1/UkEeUtq30L4mdDE7a10udL0RNg4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.198.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:d8:aa:af:19:f0:58:88:c9:da:50:a1:e1:8e:6f:55:b5:a3:
         b8:02:c7:7c:9a:db:dc:53:30:9e:1d:16:0c:1f:17:c3:0a:d4:
         42:c7:f6:36:13:3b:bb:98:9c:ae:02:60:e8:84:53:95:e5:3b:
         0b:a9:86:cd:ae:f3:45:cc:97:53:b5:54:05:b4:9e:26:17:d4:
         34:0c:e4:2d:4f:e9:f5:04:36:43:9f:91:8f:24:22:de:7e:9e:
         fc:8d:a3:5c:5a:ea:8b:b8:22:38:97:2f:72:c4:78:37:54:e6:
         3e:63:47:39:75:70:2d:a1:6a:4d:17:28:2f:53:29:96:ef:31:
         e4:c3:d2:f3:fa:db:0c:85:51:e0:1c:5b:3d:07:6e:31:4e:9d:
         fc:f5:5c:a2:75:f3:72:c8:95:b2:75:62:71:ac:82:79:32:a5:
         ad:2a:08:ca:66:1e:0b:92:4d:a4:5f:46:8a:48:ac:be:09:8a:
         d9:72:c0:57:76:29:f0:00:2a:84:84:e6:4a:db:a9:aa:2e:0c:
         cf:92:02:bf:7c:f1:4e:27:1c:f4:8e:c5:d2:45:0f:5f:4e:2a:
         3e:bf:c0:b7:fd:e2:41:70:bb:e5:b0:76:16:bb:97:5c:92:22:
         0f:c1:6e:83:dd:2a:3c:ce:07:2e:74:48:cd:f7:27:4e:90:73:
         e4:4f:08:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6uwzyoAKFqOOJVf6a2pJZfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNDExZTUyZGFiN2QwYmUyNjc0MzEzYjZiNWQyZTc0YmQx
MTM2MGUwHhcNMjQwNDA1MTQ1NjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGNkNWQ4NGI0NDQxZDQyYmQ0YzdjOTE2ZDA4NjY2ZDhiYzdmYTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVB64FmvgtTJtKqcD1DL5QnzK/VI
qvulTRCzNH5Y6tlWyqwsL6+C0bxkiJKZf1zRoJDxdQsAWaAqxF8vd+Rgzv72kuwl
J1HuXW5wCcW0BXHWqOpktJ9/VzNaHKcCTUpSJy0ubZq8WldtPaMsZPy5YodM+QEu
PoLsWa5VLIR7CRKTwQ4ApwKFnze/uMFXjXf07qMAMkntLYa92F8Gb16u3H/oiIZc
4ogYHVggxOzKwgSjCMj9LdmPRqDmj+gZYDh+KePjsWu8/cwy0JZfDfRe/4gPv2jR
fiR4RX4Z1RvIbWdafWLZu4Bbp1DhC/N66WwKqrsfJMTi3OTqAHsb/xP93wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGTNXYS0RB1CvUx8kW0IZm2Lx/oKMB8GA1UdIwQY
MBaAFFJBHlLat9C+JnQxO2tdLnS9ETYOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWtFZVV0cTMwTDRtZERFN2ExMHVkTDBSTmc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi85YjFkODUtNzE5OC00YWY2LWE2MzIt
ZDBjZmU0MzAxNmRlLzEvWk0xZGhMUkVIVUs5VEh5UmJRaG1iWXZILWdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi85YjFkODUtNzE5OC00YWY2LWE2MzItZDBjZmU0MzAxNmRl
LzEvVWtFZVV0cTMwTDRtZERFN2ExMHVkTDBSTmc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ca9MA0G
CSqGSIb3DQEBCwUAA4IBAQAe2KqvGfBYiMnaUKHhjm9VtaO4Asd8mtvcUzCeHRYM
HxfDCtRCx/Y2Ezu7mJyuAmDohFOV5TsLqYbNrvNFzJdTtVQFtJ4mF9Q0DOQtT+n1
BDZDn5GPJCLefp78jaNcWuqLuCI4ly9yxHg3VOY+Y0c5dXAtoWpNFygvUymW7zHk
w9Lz+tsMhVHgHFs9B24xTp389VyidfNyyJWydWJxrIJ5MqWtKgjKZh4Lkk2kX0aK
SKy+CYrZcsBXdinwACqEhOZK26mqLgzPkgK/fPFOJxz0jsXSRQ9fTio+v8C3/eJB
cLvlsHYWu5dckiIPwW6D3So8zgcudEjN9ydOkHPkTwho
-----END CERTIFICATE-----