Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/zm2TqG_LFqBOOesJDWpY1JZBpiE.roa
File:                     zm2TqG_LFqBOOesJDWpY1JZBpiE.roa (raw, json)
Hash identifier:          1n+gyXugbh3ycdaMNHRWEgWT2TYRF/9/A2tq+nc3WyI=
Subject key identifier:   CE:6D:93:A8:6F:CB:16:A0:4E:39:EB:09:0D:6A:58:D4:96:41:A6:21
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       018CC72769A7DE690ADD0129B54121936F6B
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/zm2TqG_LFqBOOesJDWpY1JZBpiE.roa
Signing time:             Mon 01 Jan 2024 22:31:38 +0000
ROA not before:           Mon 01 Jan 2024 22:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199410
IP address blocks:        217.153.154.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:69:a7:de:69:0a:dd:01:29:b5:41:21:93:6f:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 22:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce6d93a86fcb16a04e39eb090d6a58d49641a621
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:bb:48:03:72:b8:7a:8a:a8:a7:29:b4:c5:17:
                    e2:57:b0:71:a3:44:4b:99:c8:bc:d1:9a:63:02:0f:
                    69:6d:62:e6:bb:e5:c7:23:af:14:cc:fa:6d:02:87:
                    b1:12:53:f0:d6:d4:2d:cb:51:1a:56:12:06:ae:53:
                    15:7f:49:80:7b:38:c5:38:07:9f:d7:25:8e:c1:c7:
                    df:8b:22:85:a1:f9:05:c4:44:8a:b9:3e:de:f5:bf:
                    ac:5e:2b:41:e6:f3:95:62:74:3c:ad:f9:48:9e:da:
                    ea:cc:81:d6:25:a9:f9:5b:43:e3:1a:cf:35:56:7b:
                    d4:98:f9:ca:62:f5:90:ce:b6:ae:fe:e3:f7:17:50:
                    ea:4f:9a:21:54:32:2a:ec:8b:ef:3c:6b:06:97:7b:
                    c6:94:73:54:28:a7:6a:87:7d:08:6f:8d:be:2c:ae:
                    a9:2c:49:e3:7b:81:f7:1c:cb:0e:b4:10:34:f4:86:
                    54:67:40:e1:35:b1:72:66:25:af:8a:c9:1a:dc:ec:
                    99:7d:cc:3a:7a:50:07:4d:39:7b:1e:e1:ac:96:b8:
                    0c:27:72:dd:62:01:c9:b5:2c:5c:74:27:8d:16:41:
                    16:cf:4a:ff:9c:8b:ad:2f:0e:38:50:ff:19:0a:ff:
                    c7:83:dd:4f:e9:df:a1:00:30:64:13:d1:19:c1:55:
                    b2:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:6D:93:A8:6F:CB:16:A0:4E:39:EB:09:0D:6A:58:D4:96:41:A6:21
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/zm2TqG_LFqBOOesJDWpY1JZBpiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.153.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:cd:b6:f5:1b:97:78:04:84:6a:d6:bf:fb:70:98:5a:bc:7a:
         73:8a:77:d6:68:9e:f6:43:1a:83:d6:2e:35:c4:1a:a3:71:15:
         84:9b:21:5c:2b:3a:7a:76:cf:d2:9b:3e:d8:12:46:e8:6a:8a:
         c3:87:47:14:54:e8:37:de:eb:26:23:4f:65:bd:ff:7f:b7:56:
         2c:24:e2:f6:de:62:0b:1d:3e:ab:a7:01:ee:a4:2d:20:08:57:
         47:df:d5:96:92:2a:c0:97:aa:b0:fc:09:67:eb:6c:e9:0f:29:
         f1:2c:6e:57:95:09:91:25:ec:52:5f:aa:56:7b:1f:80:8c:32:
         cd:83:47:12:03:e1:31:e9:fa:25:4e:fe:e6:99:a0:2a:c4:dd:
         7e:97:ac:91:6f:bc:87:82:00:94:2f:73:29:a5:c0:a6:73:43:
         4b:7b:41:91:bb:f8:89:c9:24:b3:ef:86:81:b5:9d:ea:51:9a:
         1b:7d:07:6b:19:9e:87:e9:18:a5:62:0c:26:0d:3b:f1:93:a9:
         dc:7b:59:75:b4:e9:e9:bb:58:cd:33:51:a0:de:38:0b:25:70:
         2e:22:b3:70:55:15:5c:c4:c6:b1:80:73:ce:af:57:02:58:13:
         b2:6a:0c:db:be:7e:e2:f1:b0:34:0c:1f:b7:aa:6a:a1:3a:85:
         e8:0c:fd:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2mn3mkK3QEptUEhk29rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjQwMTAxMjIzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTZkOTNhODZmY2IxNmEwNGUzOWViMDkwZDZhNThkNDk2NDFhNjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1btIA3K4eoqopym0xRfiV7Bxo0RL
mci80ZpjAg9pbWLmu+XHI68UzPptAoexElPw1tQty1EaVhIGrlMVf0mAezjFOAef
1yWOwcffiyKFofkFxESKuT7e9b+sXitB5vOVYnQ8rflIntrqzIHWJan5W0PjGs81
VnvUmPnKYvWQzrau/uP3F1DqT5ohVDIq7IvvPGsGl3vGlHNUKKdqh30Ib42+LK6p
LEnje4H3HMsOtBA09IZUZ0DhNbFyZiWviska3OyZfcw6elAHTTl7HuGslrgMJ3Ld
YgHJtSxcdCeNFkEWz0r/nIutLw44UP8ZCv/Hg91P6d+hADBkE9EZwVWy1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM5tk6hvyxagTjnrCQ1qWNSWQaYhMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvem0yVHFHX0xGcUJPT2VzSkRXcFkxSlpCcGlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2ZmaMA0G
CSqGSIb3DQEBCwUAA4IBAQAzzbb1G5d4BIRq1r/7cJhavHpzinfWaJ72QxqD1i41
xBqjcRWEmyFcKzp6ds/Smz7YEkboaorDh0cUVOg33usmI09lvf9/t1YsJOL23mIL
HT6rpwHupC0gCFdH39WWkirAl6qw/Aln62zpDynxLG5XlQmRJexSX6pWex+AjDLN
g0cSA+Ex6folTv7mmaAqxN1+l6yRb7yHggCUL3MppcCmc0NLe0GRu/iJySSz74aB
tZ3qUZobfQdrGZ6H6RilYgwmDTvxk6nce1l1tOnpu1jNM1Gg3jgLJXAuIrNwVRVc
xMaxgHPOr1cCWBOyagzbvn7i8bA0DB+3qmqhOoXoDP3w
-----END CERTIFICATE-----