Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/901ad2-6c6c-43c6-a280-4250ce5517d9/1/zbtufAG2E0pkZrnFpAwcajDVV-M.roa
File:                     zbtufAG2E0pkZrnFpAwcajDVV-M.roa (raw, json)
Hash identifier:          IcIL58EIlX7bDx7l9puV4E7Yq6+BKDZcDNvoOjTwGS8=
Subject key identifier:   CD:BB:6E:7C:01:B6:13:4A:64:66:B9:C5:A4:0C:1C:6A:30:D5:57:E3
Certificate issuer:       /CN=89b5fad18dd9110413a31b4d8e18765a27d4c3f1
Certificate serial:       018CC87132BCEF98CA9E4DE75D2DA6B88DBC
Authority key identifier: 89:B5:FA:D1:8D:D9:11:04:13:A3:1B:4D:8E:18:76:5A:27:D4:C3:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ibX60Y3ZEQQToxtNjhh2WifUw_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/901ad2-6c6c-43c6-a280-4250ce5517d9/1/zbtufAG2E0pkZrnFpAwcajDVV-M.roa
Signing time:             Tue 02 Jan 2024 04:31:50 +0000
ROA not before:           Tue 02 Jan 2024 04:31:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62451
IP address blocks:        185.35.152.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/901ad2-6c6c-43c6-a280-4250ce5517d9/1/ibX60Y3ZEQQToxtNjhh2WifUw_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/901ad2-6c6c-43c6-a280-4250ce5517d9/1/ibX60Y3ZEQQToxtNjhh2WifUw_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ibX60Y3ZEQQToxtNjhh2WifUw_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:32:bc:ef:98:ca:9e:4d:e7:5d:2d:a6:b8:8d:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89b5fad18dd9110413a31b4d8e18765a27d4c3f1
        Validity
            Not Before: Jan  2 04:31:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cdbb6e7c01b6134a6466b9c5a40c1c6a30d557e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:5a:3d:10:d5:42:bb:bd:38:11:61:2d:d1:8c:
                    c7:67:4c:be:bb:bf:c1:f1:11:cc:1c:81:e4:0b:46:
                    43:c5:ee:e7:15:a6:0c:91:2a:46:0e:13:2b:89:82:
                    98:11:c1:98:ec:9f:87:ad:ef:33:bf:71:26:a4:93:
                    b0:43:fa:31:7e:49:54:89:b4:1f:72:79:bd:33:9e:
                    01:5f:1a:40:d6:ec:e4:50:c0:c8:71:ba:5c:2c:1e:
                    83:ff:ea:1f:20:db:9a:e7:f6:6e:d5:d9:d3:7b:41:
                    bf:87:ed:69:d1:33:c4:1e:8b:17:04:a7:d0:5f:ec:
                    91:f9:0c:74:1f:80:4a:97:fb:76:ca:5e:ab:67:67:
                    db:79:4a:28:4e:8c:db:e5:e6:c5:95:5d:ca:68:b2:
                    26:b9:ec:15:fd:b3:78:31:f9:c8:24:3e:4a:bd:30:
                    2b:bf:9f:54:e3:69:15:ac:cd:ea:13:ef:6e:72:ef:
                    43:48:1a:c2:12:32:df:87:0e:e6:8a:76:7e:a6:3c:
                    7b:8b:29:e3:6d:1d:ea:3d:51:c3:cc:4c:79:ad:7c:
                    64:db:1c:a7:7e:71:54:02:a7:e0:75:27:76:fc:47:
                    c3:d4:b8:bc:75:a0:df:37:a3:71:fd:db:70:ff:19:
                    c2:aa:4a:de:94:dd:44:11:70:5b:e3:55:14:1e:19:
                    2a:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:BB:6E:7C:01:B6:13:4A:64:66:B9:C5:A4:0C:1C:6A:30:D5:57:E3
            X509v3 Authority Key Identifier:
                keyid:89:B5:FA:D1:8D:D9:11:04:13:A3:1B:4D:8E:18:76:5A:27:D4:C3:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ibX60Y3ZEQQToxtNjhh2WifUw_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/901ad2-6c6c-43c6-a280-4250ce5517d9/1/zbtufAG2E0pkZrnFpAwcajDVV-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/901ad2-6c6c-43c6-a280-4250ce5517d9/1/ibX60Y3ZEQQToxtNjhh2WifUw_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.35.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         56:bb:56:e7:07:1b:b1:91:dd:d2:2a:c4:63:57:4d:5e:81:e8:
         e6:4d:67:1d:e6:de:98:95:c2:a4:2d:91:a5:79:fa:1b:61:51:
         91:5f:9e:9b:39:56:da:a2:1d:2a:8e:b9:2c:d7:22:bb:d8:55:
         e7:66:7d:70:a2:e6:09:6d:7b:43:03:26:2b:36:71:6b:2c:11:
         1b:08:ab:cb:c8:bb:c3:36:8e:25:d4:8f:2d:57:6c:29:32:30:
         ae:85:24:ff:e5:73:82:f1:a8:7b:75:e0:45:e0:e6:41:4b:f5:
         84:56:f3:67:8c:48:1a:81:91:9e:39:8a:9a:f1:a9:93:de:67:
         af:dc:c2:8d:a2:52:a4:9c:52:11:96:d5:ee:e8:7d:6d:1f:56:
         93:76:c4:b5:ef:a4:0a:60:2a:4f:59:1a:58:85:41:cc:e8:ce:
         93:bd:38:94:76:73:f9:56:27:36:cc:fa:21:e5:fd:32:cb:1b:
         6e:58:dc:00:99:17:c0:ab:50:53:82:45:3e:e3:a4:8a:13:fe:
         51:a0:4f:8a:cb:72:8d:d1:ea:64:be:24:f3:99:9b:e2:e2:6d:
         94:71:9d:3d:ad:58:48:f0:ca:5e:56:c4:d6:e5:5d:4f:05:27:
         10:46:c7:b2:6b:ad:1e:06:fb:99:d3:ac:85:12:dc:15:28:f2:
         49:33:16:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcTK875jKnk3nXS2muI28MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YjVmYWQxOGRkOTExMDQxM2EzMWI0ZDhlMTg3NjVhMjdk
NGMzZjEwHhcNMjQwMTAyMDQzMTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGJiNmU3YzAxYjYxMzRhNjQ2NmI5YzVhNDBjMWM2YTMwZDU1N2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlo9ENVCu704EWEt0YzHZ0y+u7/B
8RHMHIHkC0ZDxe7nFaYMkSpGDhMriYKYEcGY7J+Hre8zv3EmpJOwQ/oxfklUibQf
cnm9M54BXxpA1uzkUMDIcbpcLB6D/+ofINua5/Zu1dnTe0G/h+1p0TPEHosXBKfQ
X+yR+Qx0H4BKl/t2yl6rZ2fbeUooTozb5ebFlV3KaLImuewV/bN4MfnIJD5KvTAr
v59U42kVrM3qE+9ucu9DSBrCEjLfhw7minZ+pjx7iynjbR3qPVHDzEx5rXxk2xyn
fnFUAqfgdSd2/EfD1Li8daDfN6Nx/dtw/xnCqkrelN1EEXBb41UUHhkqRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM27bnwBthNKZGa5xaQMHGow1VfjMB8GA1UdIwQY
MBaAFIm1+tGN2REEE6MbTY4Ydlon1MPxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWJYNjBZM1pFUVFUb3h0TmpoaDJXaWZVd19FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS85MDFhZDItNmM2Yy00M2M2LWEyODAt
NDI1MGNlNTUxN2Q5LzEvemJ0dWZBRzJFMHBrWnJuRnBBd2NhakRWVi1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS85MDFhZDItNmM2Yy00M2M2LWEyODAtNDI1MGNlNTUxN2Q5
LzEvaWJYNjBZM1pFUVFUb3h0TmpoaDJXaWZVd19FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSOYMA0G
CSqGSIb3DQEBCwUAA4IBAQBWu1bnBxuxkd3SKsRjV01egejmTWcd5t6YlcKkLZGl
efobYVGRX56bOVbaoh0qjrks1yK72FXnZn1wouYJbXtDAyYrNnFrLBEbCKvLyLvD
No4l1I8tV2wpMjCuhST/5XOC8ah7deBF4OZBS/WEVvNnjEgagZGeOYqa8amT3mev
3MKNolKknFIRltXu6H1tH1aTdsS176QKYCpPWRpYhUHM6M6TvTiUdnP5Vic2zPoh
5f0yyxtuWNwAmRfAq1BTgkU+46SKE/5RoE+Ky3KN0epkviTzmZvi4m2UcZ09rVhI
8MpeVsTW5V1PBScQRseya60eBvuZ06yFEtwVKPJJMxaR
-----END CERTIFICATE-----