Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/zz__2bm8z-6mp52iMw6Aufj23bs.roa
File:                     zz__2bm8z-6mp52iMw6Aufj23bs.roa (raw, json)
Hash identifier:          ds2t5UzlFTX4rv8cVyQyXxMYvbaV1Yo3UD9w3R72CII=
Subject key identifier:   CF:3F:FF:D9:B9:BC:CF:EE:A6:A7:9D:A2:33:0E:80:B9:F8:F6:DD:BB
Certificate issuer:       /CN=556a5fa0dcfb34433f9b860d95e2c442547c5f9c
Certificate serial:       018DB0BBEACF2712C99B630728421941265B
Authority key identifier: 55:6A:5F:A0:DC:FB:34:43:3F:9B:86:0D:95:E2:C4:42:54:7C:5F:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VWpfoNz7NEM_m4YNleLEQlR8X5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/zz__2bm8z-6mp52iMw6Aufj23bs.roa
Signing time:             Fri 16 Feb 2024 07:05:21 +0000
ROA not before:           Fri 16 Feb 2024 07:05:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49037
IP address blocks:        151.0.48.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/VWpfoNz7NEM_m4YNleLEQlR8X5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/VWpfoNz7NEM_m4YNleLEQlR8X5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VWpfoNz7NEM_m4YNleLEQlR8X5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b0:bb:ea:cf:27:12:c9:9b:63:07:28:42:19:41:26:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=556a5fa0dcfb34433f9b860d95e2c442547c5f9c
        Validity
            Not Before: Feb 16 07:05:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf3fffd9b9bccfeea6a79da2330e80b9f8f6ddbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:2d:7d:c4:32:9e:1a:37:40:28:5c:83:3c:05:
                    3b:cc:da:c5:cd:26:a9:d1:aa:f5:0b:95:35:e0:29:
                    89:56:d6:f6:3e:4d:18:a2:cd:7a:a4:fa:b8:2c:ec:
                    26:2b:f6:e6:f3:79:78:f9:24:21:07:0c:b7:33:12:
                    35:6b:53:bc:f1:42:44:45:fd:76:3f:6c:0e:e3:e8:
                    c1:a8:54:eb:b6:3d:80:b3:53:d7:18:4d:4a:cc:9a:
                    27:3d:b0:c2:44:59:b4:f6:e0:6b:fc:82:0b:e6:5f:
                    1d:19:03:cb:64:94:55:cd:24:47:65:f9:a8:5e:f7:
                    b7:1e:2c:ac:d4:e0:95:fa:e7:61:25:13:1a:1c:7f:
                    f3:c2:e2:1d:81:d7:de:c4:04:12:39:21:12:df:f2:
                    62:05:b9:2a:7d:cc:bc:4e:aa:8b:66:04:e8:f6:2a:
                    07:bc:ff:a2:55:54:31:85:d3:6d:1f:4e:b3:0c:d2:
                    9f:21:96:14:72:a3:85:0a:6d:ca:16:9d:b2:b6:13:
                    dc:e7:fa:8a:3e:e9:58:60:c7:94:37:b0:00:13:6e:
                    f3:09:0e:b5:7a:8a:89:a2:85:7e:1e:2a:b0:20:1e:
                    a8:ad:12:e7:33:25:48:69:b6:87:76:d2:d2:64:ad:
                    d2:1e:11:75:c4:b1:8c:e9:e9:1f:05:7f:60:30:95:
                    8b:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:3F:FF:D9:B9:BC:CF:EE:A6:A7:9D:A2:33:0E:80:B9:F8:F6:DD:BB
            X509v3 Authority Key Identifier:
                keyid:55:6A:5F:A0:DC:FB:34:43:3F:9B:86:0D:95:E2:C4:42:54:7C:5F:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VWpfoNz7NEM_m4YNleLEQlR8X5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/zz__2bm8z-6mp52iMw6Aufj23bs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/VWpfoNz7NEM_m4YNleLEQlR8X5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.0.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:91:2e:52:b1:3b:28:af:26:64:53:43:36:27:c3:36:e9:92:
         34:8f:f4:9c:6a:6c:a5:17:ca:9a:44:14:c9:8f:b8:8b:85:70:
         fa:ce:4d:ae:f1:14:0f:b6:6f:94:0a:57:9f:05:41:5f:0d:fb:
         29:57:0e:ac:8d:f7:76:b5:60:e8:f0:e8:52:5e:97:77:6d:25:
         0c:67:15:34:12:a7:05:dd:22:6b:c1:1f:f0:82:48:d5:d1:05:
         e2:69:9c:a9:2a:85:90:45:17:f4:9d:94:87:49:64:07:c7:0f:
         a1:55:bd:99:d9:9e:73:6f:6e:11:70:5b:19:da:95:04:d3:c6:
         1a:cc:95:ef:e1:b1:3a:92:93:44:15:08:bf:7f:55:44:ad:c3:
         58:c8:25:19:47:67:38:48:8a:a7:c3:6b:c0:a2:84:50:7c:80:
         65:87:b1:24:78:9d:41:c3:85:cf:c4:05:05:dd:1a:fb:12:83:
         98:82:5b:d6:87:37:37:4b:ac:09:fb:36:36:b3:c2:b1:3b:01:
         7e:c4:32:fe:15:74:80:62:3a:af:5d:00:06:aa:87:03:72:c2:
         0b:3f:31:de:86:ff:ff:96:fa:67:cc:d7:53:c0:38:93:b9:c6:
         f2:58:ab:ee:6e:79:a1:85:8e:d0:2d:3b:92:96:d5:5b:c1:f0:
         37:03:e4:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2wu+rPJxLJm2MHKEIZQSZbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1NmE1ZmEwZGNmYjM0NDMzZjliODYwZDk1ZTJjNDQyNTQ3
YzVmOWMwHhcNMjQwMjE2MDcwNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjNmZmZkOWI5YmNjZmVlYTZhNzlkYTIzMzBlODBiOWY4ZjZkZGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6i19xDKeGjdAKFyDPAU7zNrFzSap
0ar1C5U14CmJVtb2Pk0Yos16pPq4LOwmK/bm83l4+SQhBwy3MxI1a1O88UJERf12
P2wO4+jBqFTrtj2As1PXGE1KzJonPbDCRFm09uBr/IIL5l8dGQPLZJRVzSRHZfmo
Xve3Hiys1OCV+udhJRMaHH/zwuIdgdfexAQSOSES3/JiBbkqfcy8TqqLZgTo9ioH
vP+iVVQxhdNtH06zDNKfIZYUcqOFCm3KFp2ythPc5/qKPulYYMeUN7AAE27zCQ61
eoqJooV+HiqwIB6orRLnMyVIabaHdtLSZK3SHhF1xLGM6ekfBX9gMJWLlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8//9m5vM/upqedojMOgLn49t27MB8GA1UdIwQY
MBaAFFVqX6Dc+zRDP5uGDZXixEJUfF+cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVldwZm9OejdORU1fbTRZTmxlTEVRbFI4WDV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9lMjNkMzAtNzZlMy00NDkxLThkNzUt
MmZkYTRjMjczYTQ4LzEvenpfXzJibTh6LTZtcDUyaU13NkF1ZmoyM2JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9lMjNkMzAtNzZlMy00NDkxLThkNzUtMmZkYTRjMjczYTQ4
LzEvVldwZm9OejdORU1fbTRZTmxlTEVRbFI4WDV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQClwAwMA0G
CSqGSIb3DQEBCwUAA4IBAQCOkS5SsTsoryZkU0M2J8M26ZI0j/ScamylF8qaRBTJ
j7iLhXD6zk2u8RQPtm+UClefBUFfDfspVw6sjfd2tWDo8OhSXpd3bSUMZxU0EqcF
3SJrwR/wgkjV0QXiaZypKoWQRRf0nZSHSWQHxw+hVb2Z2Z5zb24RcFsZ2pUE08Ya
zJXv4bE6kpNEFQi/f1VErcNYyCUZR2c4SIqnw2vAooRQfIBlh7EkeJ1Bw4XPxAUF
3Rr7EoOYglvWhzc3S6wJ+zY2s8KxOwF+xDL+FXSAYjqvXQAGqocDcsILPzHehv//
lvpnzNdTwDiTucbyWKvubnmhhY7QLTuSltVbwfA3A+QC
-----END CERTIFICATE-----