Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/215f47-1ce0-4ee5-aa4a-1272d2ab43d8/1/RzObnI5ThDDw95fe12AobXWghmk.roa
File:                     RzObnI5ThDDw95fe12AobXWghmk.roa (raw, json)
Hash identifier:          4coNN+1cFAdqubZs4wxUlWyvxr0OFhx8IPP1G8lzthI=
Subject key identifier:   47:33:9B:9C:8E:53:84:30:F0:F7:97:DE:D7:60:28:6D:75:A0:86:69
Certificate issuer:       /CN=cc78bfceb41bafefc02f7952e1aa2480e986f037
Certificate serial:       018F098A5D8DD8D93EB12C03E8889C1F7D84
Authority key identifier: CC:78:BF:CE:B4:1B:AF:EF:C0:2F:79:52:E1:AA:24:80:E9:86:F0:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zHi_zrQbr-_AL3lS4aokgOmG8Dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/215f47-1ce0-4ee5-aa4a-1272d2ab43d8/1/RzObnI5ThDDw95fe12AobXWghmk.roa
Signing time:             Tue 23 Apr 2024 06:00:13 +0000
ROA not before:           Tue 23 Apr 2024 06:00:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50332
IP address blocks:        109.233.136.0/21 maxlen: 21
                          2a0c:6100::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/215f47-1ce0-4ee5-aa4a-1272d2ab43d8/1/zHi_zrQbr-_AL3lS4aokgOmG8Dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/215f47-1ce0-4ee5-aa4a-1272d2ab43d8/1/zHi_zrQbr-_AL3lS4aokgOmG8Dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zHi_zrQbr-_AL3lS4aokgOmG8Dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:09:8a:5d:8d:d8:d9:3e:b1:2c:03:e8:88:9c:1f:7d:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc78bfceb41bafefc02f7952e1aa2480e986f037
        Validity
            Not Before: Apr 23 06:00:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47339b9c8e538430f0f797ded760286d75a08669
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ee:af:8c:09:44:7d:28:a6:48:a2:c4:9d:b5:
                    ce:37:3d:57:16:60:51:c5:0e:79:55:be:3c:b2:ee:
                    d3:24:95:33:e9:e3:b9:3a:5e:4b:59:98:f5:d5:7d:
                    32:1e:46:6a:fe:1b:ef:73:cf:9d:1e:a3:d6:07:fa:
                    67:ee:14:ae:23:08:0d:1c:4c:12:eb:e6:8e:09:b9:
                    11:33:75:27:a8:1d:65:a3:fc:68:99:c0:0a:e4:d6:
                    4a:a2:e9:c7:7f:75:97:c4:ce:5c:f2:f2:0f:2d:75:
                    0e:e8:be:04:a2:d3:a5:71:b3:81:d6:cb:70:ab:a9:
                    0c:53:0b:43:dc:10:6a:9f:fd:2f:9b:a8:a1:05:dc:
                    72:66:21:1d:33:8e:a2:59:b3:c3:b7:5a:b4:e2:9d:
                    61:28:a9:97:2c:bd:e4:4f:02:0f:4f:d3:60:94:36:
                    01:cc:cc:76:1d:1c:b5:5c:27:4f:07:2e:43:9c:c0:
                    d2:cd:03:10:3a:16:bf:2f:49:ab:87:bd:e5:02:15:
                    d2:a8:60:81:f1:96:e7:bb:8d:39:3b:74:6c:e4:fa:
                    8c:b1:5b:ef:d4:44:a3:89:8d:5a:cd:14:dc:9c:d2:
                    3d:bd:c4:7c:04:ce:05:c1:92:9b:4f:13:8c:b3:bc:
                    18:66:c0:e4:73:b8:41:9d:3a:6d:9c:b9:10:bd:06:
                    87:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:33:9B:9C:8E:53:84:30:F0:F7:97:DE:D7:60:28:6D:75:A0:86:69
            X509v3 Authority Key Identifier:
                keyid:CC:78:BF:CE:B4:1B:AF:EF:C0:2F:79:52:E1:AA:24:80:E9:86:F0:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zHi_zrQbr-_AL3lS4aokgOmG8Dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/215f47-1ce0-4ee5-aa4a-1272d2ab43d8/1/RzObnI5ThDDw95fe12AobXWghmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/215f47-1ce0-4ee5-aa4a-1272d2ab43d8/1/zHi_zrQbr-_AL3lS4aokgOmG8Dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.233.136.0/21
                IPv6:
                  2a0c:6100::/29

    Signature Algorithm: sha256WithRSAEncryption
         1f:31:3a:ad:6d:ec:14:81:e4:13:ef:cf:bd:d8:5e:49:19:5a:
         44:2e:98:a3:f8:cc:e3:5e:3b:8c:2b:96:a6:49:97:07:26:30:
         81:ed:b3:47:f3:5d:98:69:7d:aa:93:d9:13:24:00:75:11:9d:
         18:bc:a6:a6:af:43:f5:ee:73:61:b8:21:33:b4:4f:1c:3f:32:
         86:58:f3:cf:d8:d5:86:ba:69:55:e1:6e:29:d6:18:08:bd:69:
         b1:d6:3c:2d:5a:89:ca:26:e3:69:64:16:60:24:41:d1:93:e7:
         4d:5a:e4:92:f4:7a:8f:25:bf:e4:7c:4c:81:c7:b2:ad:ea:cb:
         d1:bc:41:b3:3f:1d:7c:72:68:2f:2b:27:8f:91:65:15:dc:18:
         f1:d1:d6:7d:8a:aa:c9:25:ad:15:a2:44:0a:60:0d:7d:54:e7:
         e0:3a:65:30:ec:55:64:28:7c:a0:08:e1:6a:e3:f9:04:90:77:
         6e:c3:33:20:83:a4:ac:9e:10:d0:f8:86:f2:eb:44:dd:44:4b:
         60:7c:0a:8c:28:7b:94:24:05:ca:fc:a0:da:d2:ff:d0:d2:fe:
         36:23:62:af:32:51:b1:e4:5c:f8:92:4b:a4:56:39:d2:a0:28:
         2e:0e:38:8c:43:c8:13:b2:f6:0d:a8:76:62:5b:99:f9:bb:9d:
         6d:1e:de:42
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY8Jil2N2Nk+sSwD6IicH32EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNzhiZmNlYjQxYmFmZWZjMDJmNzk1MmUxYWEyNDgwZTk4
NmYwMzcwHhcNMjQwNDIzMDYwMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzMzOWI5YzhlNTM4NDMwZjBmNzk3ZGVkNzYwMjg2ZDc1YTA4NjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArO6vjAlEfSimSKLEnbXONz1XFmBR
xQ55Vb48su7TJJUz6eO5Ol5LWZj11X0yHkZq/hvvc8+dHqPWB/pn7hSuIwgNHEwS
6+aOCbkRM3UnqB1lo/xomcAK5NZKounHf3WXxM5c8vIPLXUO6L4EotOlcbOB1stw
q6kMUwtD3BBqn/0vm6ihBdxyZiEdM46iWbPDt1q04p1hKKmXLL3kTwIPT9NglDYB
zMx2HRy1XCdPBy5DnMDSzQMQOha/L0mrh73lAhXSqGCB8Zbnu405O3Rs5PqMsVvv
1ESjiY1azRTcnNI9vcR8BM4FwZKbTxOMs7wYZsDkc7hBnTptnLkQvQaHbQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEczm5yOU4Qw8PeX3tdgKG11oIZpMB8GA1UdIwQY
MBaAFMx4v860G6/vwC95UuGqJIDphvA3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekhpX3pyUWJyLV9BTDNsUzRhb2tnT21HOERjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMTVmNDctMWNlMC00ZWU1LWFhNGEt
MTI3MmQyYWI0M2Q4LzEvUnpPYm5JNVRoRER3OTVmZTEyQW9iWFdnaG1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMTVmNDctMWNlMC00ZWU1LWFhNGEtMTI3MmQyYWI0M2Q4
LzEvekhpX3pyUWJyLV9BTDNsUzRhb2tnT21HOERjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDbemIMA0E
AgACMAcDBQMqDGEAMA0GCSqGSIb3DQEBCwUAA4IBAQAfMTqtbewUgeQT78+92F5J
GVpELpij+MzjXjuMK5amSZcHJjCB7bNH812YaX2qk9kTJAB1EZ0YvKamr0P17nNh
uCEztE8cPzKGWPPP2NWGumlV4W4p1hgIvWmx1jwtWonKJuNpZBZgJEHRk+dNWuSS
9HqPJb/kfEyBx7Kt6svRvEGzPx18cmgvKyePkWUV3Bjx0dZ9iqrJJa0VokQKYA19
VOfgOmUw7FVkKHygCOFq4/kEkHduwzMgg6SsnhDQ+Iby60TdREtgfAqMKHuUJAXK
/KDa0v/Q0v42I2KvMlGx5Fz4kkukVjnSoCguDjiMQ8gTsvYNqHZiW5n5u51tHt5C
-----END CERTIFICATE-----