Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/zhDLoMmvChCKQ9Zvl11D4hYWCpI.roa
File:                     zhDLoMmvChCKQ9Zvl11D4hYWCpI.roa (raw, json)
Hash identifier:          DnvdEt9Bi5hiBRfs6vVp/0wp7a8+NZYxlyQ2XU9IPmg=
Subject key identifier:   CE:10:CB:A0:C9:AF:0A:10:8A:43:D6:6F:97:5D:43:E2:16:16:0A:92
Certificate issuer:       /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial:       018CC801DD6E4DC9217E0DD57C1EB2FE47F5
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/zhDLoMmvChCKQ9Zvl11D4hYWCpI.roa
Signing time:             Tue 02 Jan 2024 02:30:14 +0000
ROA not before:           Tue 02 Jan 2024 02:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        92.53.176.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 04:03:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:dd:6e:4d:c9:21:7e:0d:d5:7c:1e:b2:fe:47:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
        Validity
            Not Before: Jan  2 02:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce10cba0c9af0a108a43d66f975d43e216160a92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:fc:5b:32:0f:54:db:90:ff:60:35:5e:b4:b3:
                    42:d5:8c:19:77:b4:76:b3:da:ab:26:fa:53:6b:43:
                    04:f7:47:2a:b7:49:61:af:f1:c5:d0:ad:88:59:a2:
                    1b:55:95:bf:72:f7:28:7f:5e:4a:1a:6e:bf:f4:c9:
                    0c:6c:43:f5:89:74:3d:ae:1e:30:b9:8d:c9:c2:76:
                    72:59:d4:b2:87:b9:5a:27:d1:f1:6e:5d:2a:a2:ba:
                    82:04:3e:f4:a4:72:78:f5:8b:76:a6:e2:da:ed:fc:
                    55:de:bc:d4:65:1d:21:03:33:ba:6d:41:fa:a6:bc:
                    5f:c6:96:bc:16:49:70:e9:b0:ba:c3:82:b8:5f:25:
                    de:b7:2a:05:e9:61:19:16:49:e7:fe:1e:82:be:f0:
                    a3:57:bf:5f:e2:2c:e8:c2:1e:21:6c:8c:d8:0c:33:
                    48:f1:7a:ab:9a:ff:ba:1f:11:25:d2:6a:db:75:05:
                    18:3a:13:07:12:ba:18:6c:e3:0c:83:5c:6d:32:ae:
                    d8:22:21:a4:9b:95:91:cb:f9:dc:d6:8c:61:18:aa:
                    aa:0c:e5:42:19:67:64:8e:eb:c2:e1:6a:32:d5:99:
                    cf:79:38:f1:23:78:84:fa:f4:ea:4a:d4:43:21:3a:
                    c5:14:1f:5a:cb:cb:fb:0b:c8:8d:55:61:2b:87:aa:
                    bf:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:10:CB:A0:C9:AF:0A:10:8A:43:D6:6F:97:5D:43:E2:16:16:0A:92
            X509v3 Authority Key Identifier:
                keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/zhDLoMmvChCKQ9Zvl11D4hYWCpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.53.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:0f:d9:23:2a:87:ef:70:17:38:64:b6:93:3a:fd:21:8e:3f:
         74:2c:39:76:3a:69:d7:77:d9:74:90:12:cd:e2:3c:b6:d7:8d:
         0b:58:42:57:a9:67:fe:8b:b5:23:dc:1e:93:45:2c:38:00:f0:
         16:d9:bd:c1:e6:1e:fe:f8:2f:bb:9c:b4:4e:3e:6d:47:4d:51:
         cd:95:1f:9b:6d:7c:f7:87:c3:dd:12:0d:fd:5c:3b:0d:bb:67:
         84:cf:2e:f9:6c:e5:7d:43:f9:d3:40:15:a6:fb:48:3d:0f:90:
         94:f0:d5:11:75:9c:7e:f4:54:a1:ac:c6:44:c7:4f:a9:8b:de:
         3b:5a:15:1a:c5:c3:56:30:7f:5e:2a:76:16:d1:00:8e:6b:f1:
         7c:6b:a4:7c:f0:89:e2:8d:45:3b:e1:a5:9c:d6:b3:57:82:fe:
         15:3a:1c:75:09:44:17:bc:97:a5:85:d2:40:3b:55:ee:dd:8f:
         29:85:1e:19:c3:8c:5a:e8:06:10:1c:b4:be:ef:59:4c:f7:10:
         48:75:07:52:fc:10:cd:6f:9a:80:ce:b9:c2:b0:b2:14:ab:ce:
         1c:e3:70:92:27:60:2a:f6:71:3e:28:5e:df:ba:d9:0d:c1:cf:
         7c:97:11:f1:5a:8e:04:5b:1c:f3:f1:95:ab:55:72:cd:10:69:
         1a:15:88:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAd1uTckhfg3VfB6y/kf1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjQwMTAyMDIzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTEwY2JhMGM5YWYwYTEwOGE0M2Q2NmY5NzVkNDNlMjE2MTYwYTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvxbMg9U25D/YDVetLNC1YwZd7R2
s9qrJvpTa0ME90cqt0lhr/HF0K2IWaIbVZW/cvcof15KGm6/9MkMbEP1iXQ9rh4w
uY3JwnZyWdSyh7laJ9Hxbl0qorqCBD70pHJ49Yt2puLa7fxV3rzUZR0hAzO6bUH6
prxfxpa8Fklw6bC6w4K4XyXetyoF6WEZFknn/h6CvvCjV79f4izowh4hbIzYDDNI
8Xqrmv+6HxEl0mrbdQUYOhMHEroYbOMMg1xtMq7YIiGkm5WRy/nc1oxhGKqqDOVC
GWdkjuvC4Woy1ZnPeTjxI3iE+vTqStRDITrFFB9ay8v7C8iNVWErh6q/4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4Qy6DJrwoQikPWb5ddQ+IWFgqSMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvemhETG9NbXZDaENLUTladmwxMUQ0aFlXQ3BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXDWwMA0G
CSqGSIb3DQEBCwUAA4IBAQAVD9kjKofvcBc4ZLaTOv0hjj90LDl2OmnXd9l0kBLN
4jy2140LWEJXqWf+i7Uj3B6TRSw4APAW2b3B5h7++C+7nLROPm1HTVHNlR+bbXz3
h8PdEg39XDsNu2eEzy75bOV9Q/nTQBWm+0g9D5CU8NURdZx+9FShrMZEx0+pi947
WhUaxcNWMH9eKnYW0QCOa/F8a6R88InijUU74aWc1rNXgv4VOhx1CUQXvJelhdJA
O1Xu3Y8phR4Zw4xa6AYQHLS+71lM9xBIdQdS/BDNb5qAzrnCsLIUq84c43CSJ2Aq
9nE+KF7futkNwc98lxHxWo4EWxzz8ZWrVXLNEGkaFYhW
-----END CERTIFICATE-----