Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/ZF9449-41UhJXmrXFkaxGnmMBxo.roa
File:                     ZF9449-41UhJXmrXFkaxGnmMBxo.roa (raw, json)
Hash identifier:          NbupFgZ400cBwsoaeMYQOGAWszg917QM3WiEMbkjn8g=
Subject key identifier:   64:5F:78:E3:DF:B8:D5:48:49:5E:6A:D7:16:46:B1:1A:79:8C:07:1A
Certificate issuer:       /CN=42f8ab2ba24879e45c445486fceb21af46656d5a
Certificate serial:       018D9CE90D4B1B8E11B57A7E5420A7699C21
Authority key identifier: 42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/ZF9449-41UhJXmrXFkaxGnmMBxo.roa
Signing time:             Mon 12 Feb 2024 10:42:15 +0000
ROA not before:           Mon 12 Feb 2024 10:42:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        217.147.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9c:e9:0d:4b:1b:8e:11:b5:7a:7e:54:20:a7:69:9c:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f8ab2ba24879e45c445486fceb21af46656d5a
        Validity
            Not Before: Feb 12 10:42:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=645f78e3dfb8d548495e6ad71646b11a798c071a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:29:55:c4:25:ba:ea:41:db:9e:4c:db:aa:de:
                    b0:40:9b:f2:66:39:3f:b3:0f:2e:a2:29:b9:d8:c5:
                    78:15:1f:65:a2:b6:8e:0f:6c:f9:56:e5:4d:c2:dc:
                    ba:d6:1a:f8:22:b2:fe:de:cb:15:f6:18:7c:3e:87:
                    27:8e:28:9d:50:df:57:38:79:28:3d:1d:65:e5:e2:
                    7e:66:32:15:e1:f1:b4:90:25:06:c5:3c:7f:30:e0:
                    9c:12:0a:7c:44:86:a2:7a:5e:cf:33:f6:39:d7:c9:
                    13:96:fd:82:06:b4:e7:6d:e8:c3:44:86:53:22:9e:
                    de:f3:e8:c3:97:ca:52:33:46:21:14:c1:9f:a5:89:
                    6a:e1:7b:69:29:8e:2d:5b:3c:e7:ea:31:73:8d:0b:
                    3f:3c:2f:b6:76:39:f0:77:1f:ec:24:71:29:2f:a4:
                    7e:c1:a0:f5:9e:e8:79:24:9c:10:51:aa:2b:41:53:
                    49:20:67:00:68:b8:8c:ab:ab:17:5a:5f:7e:ad:fd:
                    96:ab:7a:60:36:47:dc:78:7e:c4:e5:56:c7:2d:4e:
                    74:8b:b8:c8:14:ce:66:3d:af:5b:7a:d9:03:94:83:
                    df:bf:fe:04:11:fb:2c:22:62:b5:82:3b:73:fb:5f:
                    c6:85:71:8c:53:d3:79:16:a7:55:71:5c:d2:fe:7d:
                    70:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:5F:78:E3:DF:B8:D5:48:49:5E:6A:D7:16:46:B1:1A:79:8C:07:1A
            X509v3 Authority Key Identifier:
                keyid:42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/ZF9449-41UhJXmrXFkaxGnmMBxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:65:4f:ba:fe:03:f8:9f:aa:f4:a0:04:b0:ad:63:9b:65:2c:
         df:e0:39:38:46:20:6c:53:a7:d6:c7:c3:59:0f:16:68:7a:2b:
         69:c8:f8:3e:5b:1c:78:2a:4c:85:0b:5d:9a:fa:17:e4:48:e1:
         76:27:ee:b0:a7:2a:dd:80:4e:29:16:24:1e:c2:39:7b:d1:c9:
         76:3a:d5:38:bf:86:5c:dd:f3:4f:91:8c:f8:a2:21:ff:63:a1:
         5a:06:d5:c3:d6:65:c9:e2:20:6a:cf:4c:2b:68:95:5a:39:38:
         12:1a:f7:21:bb:c6:19:86:ae:58:a9:21:17:c5:c2:76:97:8e:
         da:eb:c2:08:7c:4e:c5:d4:a2:e6:82:b1:ab:9e:5f:f4:ce:8e:
         f1:bd:8e:c5:42:2f:91:c9:37:1a:04:7c:8e:2c:63:b1:7a:a4:
         2d:2c:dd:37:ba:02:be:14:d7:7e:84:8f:05:49:f1:e1:04:93:
         af:c8:3a:9f:32:1e:2e:9d:17:07:e9:61:44:41:3b:ae:1d:c9:
         46:c8:92:72:2d:ab:5a:68:d7:e1:9e:73:45:00:3e:34:19:1e:
         9e:25:d0:c6:34:32:13:94:ae:7a:91:a4:4b:d4:55:b1:96:6c:
         93:50:2d:e8:30:87:2b:c7:22:10:3f:8f:48:57:61:0b:5a:f0:
         2a:36:c8:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2c6Q1LG44RtXp+VCCnaZwhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjhhYjJiYTI0ODc5ZTQ1YzQ0NTQ4NmZjZWIyMWFmNDY2
NTZkNWEwHhcNMjQwMjEyMTA0MjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDVmNzhlM2RmYjhkNTQ4NDk1ZTZhZDcxNjQ2YjExYTc5OGMwNzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlClVxCW66kHbnkzbqt6wQJvyZjk/
sw8uoim52MV4FR9loraOD2z5VuVNwty61hr4IrL+3ssV9hh8PocnjiidUN9XOHko
PR1l5eJ+ZjIV4fG0kCUGxTx/MOCcEgp8RIaiel7PM/Y518kTlv2CBrTnbejDRIZT
Ip7e8+jDl8pSM0YhFMGfpYlq4XtpKY4tWzzn6jFzjQs/PC+2djnwdx/sJHEpL6R+
waD1nuh5JJwQUaorQVNJIGcAaLiMq6sXWl9+rf2Wq3pgNkfceH7E5VbHLU50i7jI
FM5mPa9betkDlIPfv/4EEfssImK1gjtz+1/GhXGMU9N5FqdVcVzS/n1wcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGRfeOPfuNVISV5q1xZGsRp5jAcaMB8GA1UdIwQY
MBaAFEL4qyuiSHnkXERUhvzrIa9GZW1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYt
MTc2OWZlZjZiZTk2LzEvWkY5NDQ5LTQxVWhKWG1yWEZrYXhHbm1NQnhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYtMTc2OWZlZjZiZTk2
LzEvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZOoMA0G
CSqGSIb3DQEBCwUAA4IBAQA0ZU+6/gP4n6r0oASwrWObZSzf4Dk4RiBsU6fWx8NZ
DxZoeitpyPg+Wxx4KkyFC12a+hfkSOF2J+6wpyrdgE4pFiQewjl70cl2OtU4v4Zc
3fNPkYz4oiH/Y6FaBtXD1mXJ4iBqz0wraJVaOTgSGvchu8YZhq5YqSEXxcJ2l47a
68IIfE7F1KLmgrGrnl/0zo7xvY7FQi+RyTcaBHyOLGOxeqQtLN03ugK+FNd+hI8F
SfHhBJOvyDqfMh4unRcH6WFEQTuuHclGyJJyLataaNfhnnNFAD40GR6eJdDGNDIT
lK56kaRL1FWxlmyTUC3oMIcrxyIQP49IV2ELWvAqNsj7
-----END CERTIFICATE-----