Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/zhBMjU7aAPmsZFzS4cIxrtvuYdE.roa
File:                     zhBMjU7aAPmsZFzS4cIxrtvuYdE.roa (raw, json)
Hash identifier:          8U50t4Q0Qi2qbMttkkIiCo7yAr7olh8ufyeW4fOZHwU=
Subject key identifier:   CE:10:4C:8D:4E:DA:00:F9:AC:64:5C:D2:E1:C2:31:AE:DB:EE:61:D1
Certificate issuer:       /CN=dcae4b0471a61872c404142e1f90f5074f0d6f15
Certificate serial:       018CCA2BBEB9078414FF3AC83B9CEF73CDF9
Authority key identifier: DC:AE:4B:04:71:A6:18:72:C4:04:14:2E:1F:90:F5:07:4F:0D:6F:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3K5LBHGmGHLEBBQuH5D1B08NbxU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/zhBMjU7aAPmsZFzS4cIxrtvuYdE.roa
Signing time:             Tue 02 Jan 2024 12:35:13 +0000
ROA not before:           Tue 02 Jan 2024 12:35:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199659
IP address blocks:        185.223.88.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/3K5LBHGmGHLEBBQuH5D1B08NbxU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/3K5LBHGmGHLEBBQuH5D1B08NbxU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3K5LBHGmGHLEBBQuH5D1B08NbxU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:be:b9:07:84:14:ff:3a:c8:3b:9c:ef:73:cd:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcae4b0471a61872c404142e1f90f5074f0d6f15
        Validity
            Not Before: Jan  2 12:35:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce104c8d4eda00f9ac645cd2e1c231aedbee61d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:59:93:07:4d:69:2a:5f:ff:c6:3d:88:c7:a0:
                    22:51:8f:8c:41:e6:f2:d6:0f:d0:a6:d0:93:17:3a:
                    71:47:e6:7a:6e:24:ef:65:71:a8:29:fd:19:22:63:
                    71:1d:d2:8b:b8:45:74:e3:7b:0b:88:65:18:33:89:
                    02:9d:f9:28:e0:46:0b:1f:01:1c:c9:c7:57:1e:ef:
                    63:c0:32:31:81:91:91:70:e1:86:a8:38:79:25:63:
                    94:6f:d2:7a:7a:dc:69:2c:06:bd:6e:8a:05:d9:cb:
                    cd:1a:d3:6b:30:3e:c7:7f:c9:e3:39:d9:26:0b:f6:
                    a9:4d:9a:14:52:c0:47:3d:8e:6b:33:ac:a0:54:c7:
                    ca:a2:f9:89:04:87:e0:4e:db:db:25:20:d0:f4:bf:
                    df:6a:c2:15:76:63:d1:cf:12:d1:1f:e7:3a:ca:00:
                    32:8c:1b:40:1e:a6:42:b4:d5:d4:4c:c8:d9:13:9c:
                    df:12:ab:f9:eb:eb:82:5e:42:26:80:e3:76:39:f8:
                    fb:19:ef:83:a5:ed:3b:d6:0a:28:39:c2:67:68:9c:
                    4f:68:cf:4a:e2:d6:1e:3f:0a:ab:87:b2:8d:b4:50:
                    3c:13:1e:39:e0:16:85:2d:1a:0f:c0:06:a3:83:ba:
                    25:18:0c:da:47:35:73:5c:15:09:83:8b:2e:24:f6:
                    95:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:10:4C:8D:4E:DA:00:F9:AC:64:5C:D2:E1:C2:31:AE:DB:EE:61:D1
            X509v3 Authority Key Identifier:
                keyid:DC:AE:4B:04:71:A6:18:72:C4:04:14:2E:1F:90:F5:07:4F:0D:6F:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3K5LBHGmGHLEBBQuH5D1B08NbxU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/zhBMjU7aAPmsZFzS4cIxrtvuYdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/67f9a7-a6e8-426e-bac4-4b68b15d301a/1/3K5LBHGmGHLEBBQuH5D1B08NbxU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:22:94:55:44:91:ad:44:4d:99:75:c4:6a:fb:cd:61:16:af:
         21:fe:5c:e7:16:13:ae:9b:27:33:a2:c7:30:30:cb:d9:68:03:
         5b:ed:fd:6a:f9:9b:d0:11:10:10:2e:29:63:ef:87:67:21:80:
         60:49:4b:30:fb:5d:34:3e:45:5d:cd:ad:fc:0f:25:08:39:77:
         28:2f:af:92:95:0b:df:b2:ed:07:2f:a1:52:9b:2f:f1:4e:3a:
         b8:8f:40:68:25:21:d8:bd:3c:99:f0:4b:f7:9b:15:dd:ab:13:
         26:51:fc:9c:09:2e:ba:79:4f:9b:93:d9:be:ff:af:9f:2c:8e:
         b5:3b:37:92:ba:d0:83:82:b7:23:bd:a5:28:13:a3:61:71:48:
         9f:33:66:af:83:59:95:6a:6c:02:b9:0d:54:9a:44:71:c0:a3:
         84:12:c3:37:da:3b:56:0a:6a:0d:83:10:8c:d7:88:ae:c2:d6:
         aa:c1:4b:89:e9:13:52:5d:cd:77:b5:8b:13:2e:a8:6d:f5:95:
         1b:c7:fd:a3:12:bf:41:60:52:f7:8a:e8:49:d3:c2:09:e9:4b:
         1f:01:ab:01:a8:1c:cd:68:c2:f9:8a:a8:63:45:25:05:52:0a:
         96:5a:80:79:0d:dd:92:ef:c4:8e:43:6b:0c:e4:50:98:d0:c4:
         c3:25:a2:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK765B4QU/zrIO5zvc835MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjYWU0YjA0NzFhNjE4NzJjNDA0MTQyZTFmOTBmNTA3NGYw
ZDZmMTUwHhcNMjQwMTAyMTIzNTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTEwNGM4ZDRlZGEwMGY5YWM2NDVjZDJlMWMyMzFhZWRiZWU2MWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFmTB01pKl//xj2Ix6AiUY+MQeby
1g/QptCTFzpxR+Z6biTvZXGoKf0ZImNxHdKLuEV043sLiGUYM4kCnfko4EYLHwEc
ycdXHu9jwDIxgZGRcOGGqDh5JWOUb9J6etxpLAa9booF2cvNGtNrMD7Hf8njOdkm
C/apTZoUUsBHPY5rM6ygVMfKovmJBIfgTtvbJSDQ9L/fasIVdmPRzxLRH+c6ygAy
jBtAHqZCtNXUTMjZE5zfEqv56+uCXkImgON2Ofj7Ge+Dpe071gooOcJnaJxPaM9K
4tYePwqrh7KNtFA8Ex454BaFLRoPwAajg7olGAzaRzVzXBUJg4suJPaVKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4QTI1O2gD5rGRc0uHCMa7b7mHRMB8GA1UdIwQY
MBaAFNyuSwRxphhyxAQULh+Q9QdPDW8VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0s1TEJIR21HSExFQkJRdUg1RDFCMDhOYnhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi82N2Y5YTctYTZlOC00MjZlLWJhYzQt
NGI2OGIxNWQzMDFhLzEvemhCTWpVN2FBUG1zWkZ6UzRjSXhydHZ1WWRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi82N2Y5YTctYTZlOC00MjZlLWJhYzQtNGI2OGIxNWQzMDFh
LzEvM0s1TEJIR21HSExFQkJRdUg1RDFCMDhOYnhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCud9YMA0G
CSqGSIb3DQEBCwUAA4IBAQBrIpRVRJGtRE2ZdcRq+81hFq8h/lznFhOumyczoscw
MMvZaANb7f1q+ZvQERAQLilj74dnIYBgSUsw+100PkVdza38DyUIOXcoL6+SlQvf
su0HL6FSmy/xTjq4j0BoJSHYvTyZ8Ev3mxXdqxMmUfycCS66eU+bk9m+/6+fLI61
OzeSutCDgrcjvaUoE6NhcUifM2avg1mVamwCuQ1UmkRxwKOEEsM32jtWCmoNgxCM
14iuwtaqwUuJ6RNSXc13tYsTLqht9ZUbx/2jEr9BYFL3iuhJ08IJ6UsfAasBqBzN
aML5iqhjRSUFUgqWWoB5Dd2S78SOQ2sM5FCY0MTDJaIO
-----END CERTIFICATE-----