Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/05f238-bb62-455d-9921-3a2722507ee5/1/Zzb_I_BoRFwFfUJmLb_uckTo8LQ.roa
File:                     Zzb_I_BoRFwFfUJmLb_uckTo8LQ.roa (raw, json)
Hash identifier:          UkNe66awMWuyNnuDMbZCccZ+38j7XgxPHFdPh8lX/+o=
Subject key identifier:   67:36:FF:23:F0:68:44:5C:05:7D:42:66:2D:BF:EE:72:44:E8:F0:B4
Certificate issuer:       /CN=ea5187cbf738c0e9d7a3ed9bfcb2c4a677226483
Certificate serial:       018CC72767CC978CF0575903FD587224302F
Authority key identifier: EA:51:87:CB:F7:38:C0:E9:D7:A3:ED:9B:FC:B2:C4:A6:77:22:64:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6lGHy_c4wOnXo-2b_LLEpnciZIM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/05f238-bb62-455d-9921-3a2722507ee5/1/Zzb_I_BoRFwFfUJmLb_uckTo8LQ.roa
Signing time:             Mon 01 Jan 2024 22:31:37 +0000
ROA not before:           Mon 01 Jan 2024 22:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200306
IP address blocks:        2001:678:7e0::/48 maxlen: 48
                          2001:67c:2c40::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/05f238-bb62-455d-9921-3a2722507ee5/1/6lGHy_c4wOnXo-2b_LLEpnciZIM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/05f238-bb62-455d-9921-3a2722507ee5/1/6lGHy_c4wOnXo-2b_LLEpnciZIM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6lGHy_c4wOnXo-2b_LLEpnciZIM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:67:cc:97:8c:f0:57:59:03:fd:58:72:24:30:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea5187cbf738c0e9d7a3ed9bfcb2c4a677226483
        Validity
            Not Before: Jan  1 22:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6736ff23f068445c057d42662dbfee7244e8f0b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:49:8b:02:1d:c0:ad:f3:f6:64:e5:85:20:9c:
                    3b:51:04:89:b0:2b:75:57:4e:9b:4b:04:06:aa:3f:
                    c3:ed:d6:3e:3e:94:8c:e4:d5:a1:34:1c:82:5d:0b:
                    34:d6:00:a6:67:63:76:e0:06:23:1e:68:d9:e3:ce:
                    d9:f9:29:38:84:b2:ed:2d:5f:6b:c1:bd:fd:e3:0d:
                    c8:d3:0a:07:63:8a:25:62:d5:84:06:84:75:a3:9e:
                    75:9d:78:a8:6d:16:fc:7e:8f:ff:f0:ab:41:44:51:
                    17:44:a6:3d:5d:67:ea:0a:5b:95:3e:2c:f6:ed:eb:
                    91:42:30:28:1b:a0:de:f5:94:d6:64:ff:2b:d7:15:
                    40:75:1f:6b:1f:6a:c5:d4:ce:71:7d:cd:b3:a9:53:
                    a1:be:b0:c5:2d:fa:29:1e:ed:25:c0:23:de:10:92:
                    da:69:a9:80:36:20:22:82:fa:23:0f:3c:74:86:dd:
                    76:02:02:6a:a0:85:ce:78:ac:d9:51:fa:30:47:a0:
                    bf:f9:72:1d:c7:4b:c1:63:9d:03:8d:40:63:4d:34:
                    76:8e:df:3b:11:ee:49:04:e0:9e:14:4f:fe:2c:48:
                    fa:cf:0c:db:90:0d:e2:c7:98:4a:b2:9d:81:af:3b:
                    32:b5:6b:87:d5:69:67:a8:a9:cc:07:86:a9:bd:d7:
                    b3:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:36:FF:23:F0:68:44:5C:05:7D:42:66:2D:BF:EE:72:44:E8:F0:B4
            X509v3 Authority Key Identifier:
                keyid:EA:51:87:CB:F7:38:C0:E9:D7:A3:ED:9B:FC:B2:C4:A6:77:22:64:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6lGHy_c4wOnXo-2b_LLEpnciZIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/05f238-bb62-455d-9921-3a2722507ee5/1/Zzb_I_BoRFwFfUJmLb_uckTo8LQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/05f238-bb62-455d-9921-3a2722507ee5/1/6lGHy_c4wOnXo-2b_LLEpnciZIM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:7e0::/48
                  2001:67c:2c40::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:8b:86:2b:4f:95:6c:33:57:b8:8e:87:b8:ab:ae:20:2d:c6:
         f8:41:d1:43:82:bb:0b:e3:9c:ff:a6:bd:60:e2:15:b3:54:5e:
         47:61:93:80:1e:5a:3b:99:08:a6:55:29:14:bb:e8:7b:cb:76:
         2d:85:e5:fc:ec:c6:2f:59:5a:26:42:8d:15:8f:3b:bb:06:fc:
         79:19:22:1e:bb:8e:b7:1b:59:d8:bf:72:ea:9a:56:ab:9a:5e:
         53:87:ba:a2:f3:24:ef:86:a8:99:75:ec:d2:05:27:3b:b6:d1:
         48:41:79:36:c9:38:60:18:e8:1b:a6:88:b6:ec:41:74:84:90:
         a3:c2:97:76:c7:36:b8:f1:9a:7f:e5:f0:c7:84:d6:45:4a:8f:
         d7:a3:4e:fb:89:b7:fb:82:de:3f:0a:a5:7d:1f:86:7a:0c:ab:
         6b:6f:69:88:6e:0f:b1:f4:51:1e:ae:c4:9c:ea:13:dc:ec:59:
         84:6f:23:11:3c:a0:76:92:ad:d3:46:9c:39:83:5a:38:32:e3:
         23:e4:fc:70:47:1d:d2:58:65:07:86:25:79:bc:ee:5f:e8:ae:
         3e:44:10:0c:ee:16:4b:52:8a:b0:7b:dd:01:3f:d1:52:b9:03:
         26:5c:08:b6:bc:b9:2c:df:41:9f:4f:d9:72:77:f6:f0:25:22:
         ea:ad:e7:5b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHJ2fMl4zwV1kD/VhyJDAvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhNTE4N2NiZjczOGMwZTlkN2EzZWQ5YmZjYjJjNGE2Nzcy
MjY0ODMwHhcNMjQwMTAxMjIzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzM2ZmYyM2YwNjg0NDVjMDU3ZDQyNjYyZGJmZWU3MjQ0ZThmMGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1kmLAh3ArfP2ZOWFIJw7UQSJsCt1
V06bSwQGqj/D7dY+PpSM5NWhNByCXQs01gCmZ2N24AYjHmjZ487Z+Sk4hLLtLV9r
wb394w3I0woHY4olYtWEBoR1o551nXiobRb8fo//8KtBRFEXRKY9XWfqCluVPiz2
7euRQjAoG6De9ZTWZP8r1xVAdR9rH2rF1M5xfc2zqVOhvrDFLfopHu0lwCPeEJLa
aamANiAigvojDzx0ht12AgJqoIXOeKzZUfowR6C/+XIdx0vBY50DjUBjTTR2jt87
Ee5JBOCeFE/+LEj6zwzbkA3ix5hKsp2BrzsytWuH1WlnqKnMB4apvdezDQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGc2/yPwaERcBX1CZi2/7nJE6PC0MB8GA1UdIwQY
MBaAFOpRh8v3OMDp16Ptm/yyxKZ3ImSDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmxHSHlfYzR3T25Yby0yYl9MTEVwbmNpWklNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8wNWYyMzgtYmI2Mi00NTVkLTk5MjEt
M2EyNzIyNTA3ZWU1LzEvWnpiX0lfQm9SRndGZlVKbUxiX3Vja1RvOExRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8wNWYyMzgtYmI2Mi00NTVkLTk5MjEtM2EyNzIyNTA3ZWU1
LzEvNmxHSHlfYzR3T25Yby0yYl9MTEVwbmNpWklNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGeAfg
AwcAIAEGfCxAMA0GCSqGSIb3DQEBCwUAA4IBAQBni4YrT5VsM1e4joe4q64gLcb4
QdFDgrsL45z/pr1g4hWzVF5HYZOAHlo7mQimVSkUu+h7y3YtheX87MYvWVomQo0V
jzu7Bvx5GSIeu463G1nYv3Lqmlarml5Th7qi8yTvhqiZdezSBSc7ttFIQXk2yThg
GOgbpoi27EF0hJCjwpd2xza48Zp/5fDHhNZFSo/Xo077ibf7gt4/CqV9H4Z6DKtr
b2mIbg+x9FEersSc6hPc7FmEbyMRPKB2kq3TRpw5g1o4MuMj5PxwRx3SWGUHhiV5
vO5f6K4+RBAM7hZLUoqwe90BP9FSuQMmXAi2vLks30GfT9lyd/bwJSLqredb
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:18:43 2024 by rpki-client on console-ams.rpki-client.org