Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/bf09b7-71c4-499c-9fd6-5475135f1905/1/ZiO0ahrouk6dnt9YoTH9nE9ecnk.roa
File:                     ZiO0ahrouk6dnt9YoTH9nE9ecnk.roa (raw, json)
Hash identifier:          ENuyY/MafvCeRz8JmEPUja8dgnH+qKsth70U/I0mfoA=
Subject key identifier:   66:23:B4:6A:1A:E8:BA:4E:9D:9E:DF:58:A1:31:FD:9C:4F:5E:72:79
Certificate issuer:       /CN=ee8a95327187c30880f5bbf3c37289ee311c5920
Certificate serial:       018CC94DF67D23FCA817545AC2ED1B20B2A9
Authority key identifier: EE:8A:95:32:71:87:C3:08:80:F5:BB:F3:C3:72:89:EE:31:1C:59:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7oqVMnGHwwiA9bvzw3KJ7jEcWSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/bf09b7-71c4-499c-9fd6-5475135f1905/1/ZiO0ahrouk6dnt9YoTH9nE9ecnk.roa
Signing time:             Tue 02 Jan 2024 08:32:58 +0000
ROA not before:           Tue 02 Jan 2024 08:32:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199354
IP address blocks:        185.19.228.0/22 maxlen: 22
                          2a03:ffc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/bf09b7-71c4-499c-9fd6-5475135f1905/1/7oqVMnGHwwiA9bvzw3KJ7jEcWSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/bf09b7-71c4-499c-9fd6-5475135f1905/1/7oqVMnGHwwiA9bvzw3KJ7jEcWSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7oqVMnGHwwiA9bvzw3KJ7jEcWSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:f6:7d:23:fc:a8:17:54:5a:c2:ed:1b:20:b2:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee8a95327187c30880f5bbf3c37289ee311c5920
        Validity
            Not Before: Jan  2 08:32:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6623b46a1ae8ba4e9d9edf58a131fd9c4f5e7279
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:19:99:d8:8f:81:77:62:eb:26:3b:76:ba:6a:
                    de:29:24:15:40:39:42:44:e6:5d:a5:6f:a6:d7:ea:
                    9b:be:c1:42:be:7e:7d:e6:eb:dd:3c:ae:3c:1a:b7:
                    6a:f1:ca:ca:4a:9b:54:93:b4:1f:4e:b9:6e:f9:72:
                    cc:89:f8:6f:43:9a:cc:09:f3:ff:94:cd:d2:d4:bc:
                    ef:2d:0a:a8:7f:79:bc:fa:7b:ce:55:75:fd:9d:58:
                    a7:3b:01:a9:28:28:fd:40:5d:32:6b:df:56:8b:53:
                    3d:be:e4:aa:68:e5:42:01:e1:69:ed:8a:ec:7f:0d:
                    25:69:69:9d:db:b4:a3:ae:a9:0b:fe:fc:41:d6:13:
                    e0:71:e7:66:f7:f9:27:b6:65:19:8e:86:80:aa:ad:
                    3e:f8:06:36:f0:65:16:a3:ba:3e:6a:aa:73:26:a6:
                    10:82:1f:6d:d7:d2:3f:07:e3:df:ad:0d:2d:e1:6f:
                    bc:94:bd:f5:cb:6f:0e:e9:a8:6c:cc:0b:ec:a8:f1:
                    ff:5d:4b:85:a1:60:45:a8:c8:3d:4a:98:42:44:d7:
                    b9:42:18:1a:f8:ca:74:ed:aa:23:34:51:08:b5:15:
                    29:e6:3d:f6:45:32:37:ba:85:1a:b1:98:e1:b5:79:
                    a0:f6:27:d5:29:06:31:83:23:b0:89:74:8e:c7:72:
                    9d:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:23:B4:6A:1A:E8:BA:4E:9D:9E:DF:58:A1:31:FD:9C:4F:5E:72:79
            X509v3 Authority Key Identifier:
                keyid:EE:8A:95:32:71:87:C3:08:80:F5:BB:F3:C3:72:89:EE:31:1C:59:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7oqVMnGHwwiA9bvzw3KJ7jEcWSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/bf09b7-71c4-499c-9fd6-5475135f1905/1/ZiO0ahrouk6dnt9YoTH9nE9ecnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/bf09b7-71c4-499c-9fd6-5475135f1905/1/7oqVMnGHwwiA9bvzw3KJ7jEcWSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.228.0/22
                IPv6:
                  2a03:ffc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:bf:1d:31:cd:d3:3e:ce:3d:53:fd:99:8d:4c:d9:bd:96:39:
         de:a8:ec:d4:1f:ff:95:82:18:90:43:63:3d:07:cd:c3:21:f3:
         62:e6:fe:03:e3:1c:2a:3c:40:be:c8:bc:6c:dc:db:a6:34:32:
         52:0a:d9:68:01:f6:ee:74:53:e2:69:c6:d5:82:57:a6:34:3d:
         6c:3a:8e:e6:aa:9c:5d:f6:68:94:56:5a:5e:9a:e4:9e:e2:c0:
         44:63:84:1a:51:8b:b7:b3:e1:02:32:d6:d6:15:d9:ab:a2:87:
         26:15:26:11:4e:06:b6:db:7b:46:98:53:ae:96:5b:b9:82:b2:
         ef:85:63:b7:06:45:5c:5a:b9:37:0d:51:14:d7:66:ef:d7:2c:
         4c:a5:33:51:85:9f:d1:8c:55:ee:60:82:26:ba:f5:8f:03:a7:
         3d:e3:16:91:77:48:7c:d8:9d:0e:47:1c:f3:50:ec:f4:7e:4b:
         f5:92:e4:c7:cd:ab:37:b9:e9:87:f6:03:7b:c3:af:92:3d:7e:
         c7:ec:b2:c6:88:56:79:9f:29:6c:1a:c9:29:0c:cf:20:cd:83:
         dd:52:bf:df:ae:05:be:0b:8c:e4:dc:45:f4:45:a0:97:1c:05:
         c5:76:28:19:f6:61:00:27:b3:d5:69:71:f7:d7:38:b4:0c:1b:
         3a:25:e1:47
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTfZ9I/yoF1Rawu0bILKpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlOGE5NTMyNzE4N2MzMDg4MGY1YmJmM2MzNzI4OWVlMzEx
YzU5MjAwHhcNMjQwMTAyMDgzMjU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjIzYjQ2YTFhZThiYTRlOWQ5ZWRmNThhMTMxZmQ5YzRmNWU3Mjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRmZ2I+Bd2LrJjt2umreKSQVQDlC
ROZdpW+m1+qbvsFCvn595uvdPK48Grdq8crKSptUk7QfTrlu+XLMifhvQ5rMCfP/
lM3S1LzvLQqof3m8+nvOVXX9nVinOwGpKCj9QF0ya99Wi1M9vuSqaOVCAeFp7Yrs
fw0laWmd27SjrqkL/vxB1hPgcedm9/kntmUZjoaAqq0++AY28GUWo7o+aqpzJqYQ
gh9t19I/B+PfrQ0t4W+8lL31y28O6ahszAvsqPH/XUuFoWBFqMg9SphCRNe5Qhga
+Mp07aojNFEItRUp5j32RTI3uoUasZjhtXmg9ifVKQYxgyOwiXSOx3Kd1QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGYjtGoa6LpOnZ7fWKEx/ZxPXnJ5MB8GA1UdIwQY
MBaAFO6KlTJxh8MIgPW788Nyie4xHFkgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN29xVk1uR0h3d2lBOWJ2enczS0o3akVjV1NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9iZjA5YjctNzFjNC00OTljLTlmZDYt
NTQ3NTEzNWYxOTA1LzEvWmlPMGFocm91azZkbnQ5WW9USDluRTllY25rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9iZjA5YjctNzFjNC00OTljLTlmZDYtNTQ3NTEzNWYxOTA1
LzEvN29xVk1uR0h3d2lBOWJ2enczS0o3akVjV1NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRPkMA0E
AgACMAcDBQAqA//AMA0GCSqGSIb3DQEBCwUAA4IBAQAlvx0xzdM+zj1T/ZmNTNm9
ljneqOzUH/+VghiQQ2M9B83DIfNi5v4D4xwqPEC+yLxs3NumNDJSCtloAfbudFPi
acbVglemND1sOo7mqpxd9miUVlpemuSe4sBEY4QaUYu3s+ECMtbWFdmroocmFSYR
Tga223tGmFOullu5grLvhWO3BkVcWrk3DVEU12bv1yxMpTNRhZ/RjFXuYIImuvWP
A6c94xaRd0h82J0ORxzzUOz0fkv1kuTHzas3uemH9gN7w6+SPX7H7LLGiFZ5nyls
GskpDM8gzYPdUr/frgW+C4zk3EX0RaCXHAXFdigZ9mEAJ7PVaXH31zi0DBs6JeFH
-----END CERTIFICATE-----