Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/b68421-99b1-485e-b217-d3adc7449391/1/Zeibnx0jQfHrKCngsBYyNBtyCY8.roa
File:                     Zeibnx0jQfHrKCngsBYyNBtyCY8.roa (raw, json)
Hash identifier:          1tTIgh7rGioAClAEx5jMHBx5r9sM7mmraGPRQnv9pR0=
Subject key identifier:   65:E8:9B:9F:1D:23:41:F1:EB:28:29:E0:B0:16:32:34:1B:72:09:8F
Certificate issuer:       /CN=756fba46634d22b93db1bf46ec5a8d665e62dac7
Certificate serial:       0194228DF0D39F818F0DA27C5A73F7CAF685
Authority key identifier: 75:6F:BA:46:63:4D:22:B9:3D:B1:BF:46:EC:5A:8D:66:5E:62:DA:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dW-6RmNNIrk9sb9G7FqNZl5i2sc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/b68421-99b1-485e-b217-d3adc7449391/1/Zeibnx0jQfHrKCngsBYyNBtyCY8.roa
Signing time:             Wed 01 Jan 2025 15:48:35 +0000
ROA not before:           Wed 01 Jan 2025 15:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33915
IP address blocks:        195.128.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/b68421-99b1-485e-b217-d3adc7449391/1/dW-6RmNNIrk9sb9G7FqNZl5i2sc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/b68421-99b1-485e-b217-d3adc7449391/1/dW-6RmNNIrk9sb9G7FqNZl5i2sc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dW-6RmNNIrk9sb9G7FqNZl5i2sc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:f0:d3:9f:81:8f:0d:a2:7c:5a:73:f7:ca:f6:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=756fba46634d22b93db1bf46ec5a8d665e62dac7
        Validity
            Not Before: Jan  1 15:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65e89b9f1d2341f1eb2829e0b01632341b72098f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:45:de:7a:d8:a6:eb:ca:3d:f6:66:86:b6:a8:
                    5b:fe:0f:d7:92:7f:fd:94:f0:9d:e4:f3:57:ba:dd:
                    5b:46:05:2a:fe:44:39:b8:94:e9:7e:e8:53:e5:e7:
                    35:0f:f9:3e:58:0d:96:55:3c:03:f3:20:fc:31:ca:
                    04:04:30:a0:15:c2:c2:7d:8a:52:1e:b9:43:27:11:
                    b7:19:58:e5:ce:89:9f:54:86:49:cf:f5:94:61:3e:
                    7a:53:97:b4:6b:af:a8:1a:f5:7f:ef:68:0f:66:7c:
                    25:be:d4:e6:7b:a5:8a:bb:14:7a:24:be:77:63:b3:
                    5a:aa:4b:40:09:b4:e6:54:ee:50:9e:1b:13:b6:e2:
                    2e:11:42:b7:41:bf:d1:75:f8:67:5e:88:9a:19:b5:
                    19:23:60:b4:e0:50:7e:6e:c8:7c:ce:dc:9b:99:8c:
                    c8:18:85:c5:59:66:fb:89:af:98:e9:b3:bd:4a:d8:
                    38:d0:06:a1:21:17:e7:b6:14:c9:67:a1:11:4a:a2:
                    f1:e8:3e:45:42:82:19:e9:8b:eb:bd:39:43:a4:f4:
                    77:5e:c7:f8:9d:48:a1:3e:a2:36:85:8e:cf:2b:57:
                    d0:be:fe:5b:7d:ca:0e:4d:37:0c:f2:2c:d2:58:e7:
                    85:f5:af:f8:d8:d7:c7:b4:ba:02:a0:fb:8d:d1:52:
                    b1:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:E8:9B:9F:1D:23:41:F1:EB:28:29:E0:B0:16:32:34:1B:72:09:8F
            X509v3 Authority Key Identifier:
                keyid:75:6F:BA:46:63:4D:22:B9:3D:B1:BF:46:EC:5A:8D:66:5E:62:DA:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dW-6RmNNIrk9sb9G7FqNZl5i2sc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b68421-99b1-485e-b217-d3adc7449391/1/Zeibnx0jQfHrKCngsBYyNBtyCY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b68421-99b1-485e-b217-d3adc7449391/1/dW-6RmNNIrk9sb9G7FqNZl5i2sc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.128.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:2e:1a:0d:8e:95:c3:e7:3f:bf:6b:f7:75:b7:6d:6e:12:77:
         46:b2:fd:9f:e4:b2:12:9d:ae:39:45:9b:a2:a9:07:9c:07:33:
         02:fb:31:ce:8f:de:00:f2:82:3b:7a:10:6c:9a:f0:0c:9f:ac:
         d2:2a:6e:db:40:69:8b:f5:f5:b5:73:dd:83:c4:50:b9:12:01:
         87:ee:ce:74:8b:2c:b7:cb:bd:2f:3e:50:0d:3b:8a:0c:83:2e:
         1f:de:fb:cd:6c:93:8f:13:a1:27:46:7c:0b:13:f6:78:b9:f4:
         87:f4:76:6f:b7:bf:12:c3:d2:60:d2:1b:d9:2e:d0:93:50:61:
         e6:e1:aa:44:d9:e9:ab:44:45:b2:90:c2:83:bc:1f:6b:75:2d:
         2a:73:24:ca:52:b6:d8:7e:5d:13:97:b4:a7:f8:e9:80:1f:70:
         5d:5f:47:c3:46:b9:1c:a8:84:61:1d:0c:af:04:62:70:8f:00:
         35:4b:90:20:c9:54:5e:ac:ff:f4:13:06:e5:aa:fa:87:71:63:
         bb:94:8f:cf:63:18:38:5c:4e:17:18:5d:25:8e:af:29:f5:1c:
         89:b9:b5:14:4c:51:8a:08:9b:0d:54:a4:f8:72:52:05:67:6f:
         e9:39:1e:3e:d3:50:86:03:75:73:ff:8a:fb:91:8f:7a:3f:8a:
         a8:a4:41:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijfDTn4GPDaJ8WnP3yvaFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1NmZiYTQ2NjM0ZDIyYjkzZGIxYmY0NmVjNWE4ZDY2NWU2
MmRhYzcwHhcNMjUwMTAxMTU0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWU4OWI5ZjFkMjM0MWYxZWIyODI5ZTBiMDE2MzIzNDFiNzIwOThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1UXeetim68o99maGtqhb/g/Xkn/9
lPCd5PNXut1bRgUq/kQ5uJTpfuhT5ec1D/k+WA2WVTwD8yD8McoEBDCgFcLCfYpS
HrlDJxG3GVjlzomfVIZJz/WUYT56U5e0a6+oGvV/72gPZnwlvtTme6WKuxR6JL53
Y7NaqktACbTmVO5QnhsTtuIuEUK3Qb/RdfhnXoiaGbUZI2C04FB+bsh8ztybmYzI
GIXFWWb7ia+Y6bO9Stg40AahIRfnthTJZ6ERSqLx6D5FQoIZ6YvrvTlDpPR3Xsf4
nUihPqI2hY7PK1fQvv5bfcoOTTcM8izSWOeF9a/42NfHtLoCoPuN0VKxlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGXom58dI0Hx6ygp4LAWMjQbcgmPMB8GA1UdIwQY
MBaAFHVvukZjTSK5PbG/RuxajWZeYtrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFctNlJtTk5Jcms5c2I5RzdGcU5abDVpMnNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9iNjg0MjEtOTliMS00ODVlLWIyMTct
ZDNhZGM3NDQ5MzkxLzEvWmVpYm54MGpRZkhyS0NuZ3NCWXlOQnR5Q1k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9iNjg0MjEtOTliMS00ODVlLWIyMTctZDNhZGM3NDQ5Mzkx
LzEvZFctNlJtTk5Jcms5c2I5RzdGcU5abDVpMnNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4CQMA0G
CSqGSIb3DQEBCwUAA4IBAQBBLhoNjpXD5z+/a/d1t21uEndGsv2f5LISna45RZui
qQecBzMC+zHOj94A8oI7ehBsmvAMn6zSKm7bQGmL9fW1c92DxFC5EgGH7s50iyy3
y70vPlANO4oMgy4f3vvNbJOPE6EnRnwLE/Z4ufSH9HZvt78Sw9Jg0hvZLtCTUGHm
4apE2emrREWykMKDvB9rdS0qcyTKUrbYfl0Tl7Sn+OmAH3BdX0fDRrkcqIRhHQyv
BGJwjwA1S5AgyVRerP/0EwblqvqHcWO7lI/PYxg4XE4XGF0ljq8p9RyJubUUTFGK
CJsNVKT4clIFZ2/pOR4+01CGA3Vz/4r7kY96P4qopEGU
-----END CERTIFICATE-----