Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/566ef5-d13d-474c-a299-298fbe7dc168/1/ZCCXyxSxofpWvFbPyfQfVjynh4U.roa
File:                     ZCCXyxSxofpWvFbPyfQfVjynh4U.roa (raw, json)
Hash identifier:          x5C5mlWp9oFULTkrm03N9EIWX+r9tGjYo+poQ3X+iLA=
Subject key identifier:   64:20:97:CB:14:B1:A1:FA:56:BC:56:CF:C9:F4:1F:56:3C:A7:87:85
Certificate issuer:       /CN=572ba64b3a9060b464337ad30a02bec4b11a551f
Certificate serial:       018CC80125BCEF63867CDA940532F97D41F4
Authority key identifier: 57:2B:A6:4B:3A:90:60:B4:64:33:7A:D3:0A:02:BE:C4:B1:1A:55:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VyumSzqQYLRkM3rTCgK-xLEaVR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/566ef5-d13d-474c-a299-298fbe7dc168/1/ZCCXyxSxofpWvFbPyfQfVjynh4U.roa
Signing time:             Tue 02 Jan 2024 02:29:27 +0000
ROA not before:           Tue 02 Jan 2024 02:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        194.9.4.0/24 maxlen: 24
                          194.9.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/566ef5-d13d-474c-a299-298fbe7dc168/1/VyumSzqQYLRkM3rTCgK-xLEaVR8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/566ef5-d13d-474c-a299-298fbe7dc168/1/VyumSzqQYLRkM3rTCgK-xLEaVR8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VyumSzqQYLRkM3rTCgK-xLEaVR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:25:bc:ef:63:86:7c:da:94:05:32:f9:7d:41:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=572ba64b3a9060b464337ad30a02bec4b11a551f
        Validity
            Not Before: Jan  2 02:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=642097cb14b1a1fa56bc56cfc9f41f563ca78785
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:84:c3:06:ad:c0:94:18:70:94:c3:63:d2:d9:
                    ab:4c:04:5b:99:a9:18:90:ef:c2:89:fe:84:ae:76:
                    1a:b1:4b:cc:a5:65:51:34:1e:1e:d0:1a:06:c7:36:
                    a9:e2:b7:3c:10:4f:94:a2:f6:7a:07:7a:ed:c2:fe:
                    60:3e:ed:81:3a:a8:bd:be:4d:8c:4e:5e:b1:fe:ff:
                    e4:6a:d1:13:1b:8d:c3:f6:e0:82:9b:fe:13:a2:70:
                    ad:a1:2f:77:cf:a4:40:47:56:46:1f:3a:52:a6:dc:
                    f9:de:26:81:a8:cb:00:98:5d:35:d1:aa:11:9f:e3:
                    20:d3:ea:d0:26:c7:56:03:d3:b8:b3:9b:31:fa:ba:
                    67:69:cd:9e:95:29:55:93:fa:c1:76:6f:b7:57:09:
                    0e:4d:cd:1a:8a:99:ea:f8:f0:a6:71:8c:23:dd:b2:
                    ff:e7:c2:ff:2f:65:11:9f:71:75:ab:3e:df:cb:e2:
                    8b:18:d9:37:67:d5:89:c6:d2:1a:22:09:4c:ba:f2:
                    2a:e5:7b:d7:d7:db:8c:6e:ab:d3:d1:e4:a5:15:b1:
                    7a:96:57:e8:f8:e8:4a:89:13:07:c4:20:9f:05:5b:
                    04:7e:8b:e5:69:5c:bf:f6:0b:46:0b:d8:4b:4e:de:
                    3d:89:f9:48:5e:3c:6f:05:57:ee:41:91:49:73:68:
                    00:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:20:97:CB:14:B1:A1:FA:56:BC:56:CF:C9:F4:1F:56:3C:A7:87:85
            X509v3 Authority Key Identifier:
                keyid:57:2B:A6:4B:3A:90:60:B4:64:33:7A:D3:0A:02:BE:C4:B1:1A:55:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VyumSzqQYLRkM3rTCgK-xLEaVR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/566ef5-d13d-474c-a299-298fbe7dc168/1/ZCCXyxSxofpWvFbPyfQfVjynh4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/566ef5-d13d-474c-a299-298fbe7dc168/1/VyumSzqQYLRkM3rTCgK-xLEaVR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:df:e7:5a:6e:9b:e2:5c:48:34:96:94:b1:50:6d:64:05:1f:
         07:15:32:73:0b:e6:08:19:cc:99:6f:01:36:a3:4c:35:e5:af:
         2d:d2:31:83:29:36:7c:b1:49:e1:ca:f9:12:6c:0e:e3:bc:48:
         ab:25:79:43:5e:5b:c2:ef:58:3f:84:87:94:57:e9:db:ba:7a:
         bb:bc:62:b4:cd:fc:65:42:6f:64:30:33:74:0b:b2:b1:6a:e3:
         64:f1:0a:9f:bc:31:a6:96:0c:19:78:0f:ba:e2:ce:14:0e:2f:
         36:b8:82:42:80:b1:d5:71:fd:a5:21:89:8d:82:e1:81:4d:6c:
         03:44:cf:a8:96:a9:fe:08:72:7b:61:7c:b8:e1:9d:07:e7:46:
         12:36:cd:1c:c7:05:76:52:5d:a4:fd:32:1e:a9:a8:de:a0:83:
         d1:a8:90:50:19:5e:5c:e8:c3:c9:11:99:8a:2a:ad:49:a4:b2:
         65:f7:7d:79:24:0a:7f:ce:71:9b:7e:ef:f0:ce:39:1e:19:c9:
         b1:76:78:7a:9f:ba:0b:5f:c2:1d:f5:ae:e5:7c:b6:e4:1f:de:
         f2:1a:60:d0:1a:79:4f:29:97:11:ed:54:f4:f8:e0:7a:bf:40:
         7a:36:69:85:24:ae:9d:c7:e3:8d:0f:14:91:aa:6c:1d:9d:48:
         81:7a:93:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASW872OGfNqUBTL5fUH0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MmJhNjRiM2E5MDYwYjQ2NDMzN2FkMzBhMDJiZWM0YjEx
YTU1MWYwHhcNMjQwMTAyMDIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDIwOTdjYjE0YjFhMWZhNTZiYzU2Y2ZjOWY0MWY1NjNjYTc4Nzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ITDBq3AlBhwlMNj0tmrTARbmakY
kO/Cif6ErnYasUvMpWVRNB4e0BoGxzap4rc8EE+UovZ6B3rtwv5gPu2BOqi9vk2M
Tl6x/v/katETG43D9uCCm/4TonCtoS93z6RAR1ZGHzpSptz53iaBqMsAmF010aoR
n+Mg0+rQJsdWA9O4s5sx+rpnac2elSlVk/rBdm+3VwkOTc0aipnq+PCmcYwj3bL/
58L/L2URn3F1qz7fy+KLGNk3Z9WJxtIaIglMuvIq5XvX19uMbqvT0eSlFbF6llfo
+OhKiRMHxCCfBVsEfovlaVy/9gtGC9hLTt49iflIXjxvBVfuQZFJc2gAhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQgl8sUsaH6VrxWz8n0H1Y8p4eFMB8GA1UdIwQY
MBaAFFcrpks6kGC0ZDN60woCvsSxGlUfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnl1bVN6cVFZTFJrTTNyVENnSy14TEVhVlI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC81NjZlZjUtZDEzZC00NzRjLWEyOTkt
Mjk4ZmJlN2RjMTY4LzEvWkNDWHl4U3hvZnBXdkZiUHlmUWZWanluaDRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC81NjZlZjUtZDEzZC00NzRjLWEyOTktMjk4ZmJlN2RjMTY4
LzEvVnl1bVN6cVFZTFJrTTNyVENnSy14TEVhVlI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwgkEMA0G
CSqGSIb3DQEBCwUAA4IBAQBl3+dabpviXEg0lpSxUG1kBR8HFTJzC+YIGcyZbwE2
o0w15a8t0jGDKTZ8sUnhyvkSbA7jvEirJXlDXlvC71g/hIeUV+nbunq7vGK0zfxl
Qm9kMDN0C7KxauNk8QqfvDGmlgwZeA+64s4UDi82uIJCgLHVcf2lIYmNguGBTWwD
RM+olqn+CHJ7YXy44Z0H50YSNs0cxwV2Ul2k/TIeqajeoIPRqJBQGV5c6MPJEZmK
Kq1JpLJl9315JAp/znGbfu/wzjkeGcmxdnh6n7oLX8Id9a7lfLbkH97yGmDQGnlP
KZcR7VT0+OB6v0B6NmmFJK6dx+ONDxSRqmwdnUiBepOx
-----END CERTIFICATE-----