Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ZTiCsV6bgRfhPBftZO07IO-JigA.roa
File:                     ZTiCsV6bgRfhPBftZO07IO-JigA.roa (raw, json)
Hash identifier:          I7nIEO2+fIjFDWFpdEnQ2V0weeNFRDhvbJryBBUL3LA=
Subject key identifier:   65:38:82:B1:5E:9B:81:17:E1:3C:17:ED:64:ED:3B:20:EF:89:8A:00
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       01906D62536723BB084D54304AD86A75824E
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ZTiCsV6bgRfhPBftZO07IO-JigA.roa
Signing time:             Mon 01 Jul 2024 08:21:18 +0000
ROA not before:           Mon 01 Jul 2024 08:21:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214614
IP address blocks:        193.124.186.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6d:62:53:67:23:bb:08:4d:54:30:4a:d8:6a:75:82:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jul  1 08:21:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=653882b15e9b8117e13c17ed64ed3b20ef898a00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b9:67:fa:49:22:a4:a5:2e:8c:8c:3c:4b:64:
                    79:f3:aa:87:38:2e:f3:52:68:fd:1a:c1:0e:bd:6b:
                    8b:28:25:92:9b:0f:6f:1f:2a:25:d1:65:6f:c3:0f:
                    68:ac:bc:8b:bc:cb:02:78:8f:be:05:34:a2:46:d6:
                    7d:2e:d4:ca:dc:cb:8b:ae:3b:62:3d:4f:ce:65:40:
                    e2:dd:49:37:3e:f3:9a:22:1d:01:94:a1:a8:7e:9f:
                    1e:1f:1c:82:1b:8a:e3:1a:0d:e1:23:b9:00:6c:19:
                    88:1b:e1:94:2f:39:87:84:cb:3d:ca:69:61:1e:c3:
                    1b:a3:14:17:75:b2:5d:c5:92:9e:38:14:04:b9:d4:
                    b2:ad:48:70:c3:1c:0a:83:9b:9b:9e:ec:30:7d:1b:
                    7c:fd:91:b4:b3:0d:5a:f7:6b:89:ce:cc:85:95:85:
                    a5:81:6a:b3:b6:a7:89:86:e9:79:ac:fe:bd:f6:2d:
                    d1:5d:d6:33:d8:05:ba:59:97:30:76:fc:bc:ef:62:
                    89:5f:d8:9d:48:23:e4:3d:93:35:a6:d1:37:32:cf:
                    6b:0b:12:a6:7e:1a:bf:b7:3f:e3:35:fd:a1:9e:12:
                    4e:b0:65:60:54:fb:1b:8f:b0:fd:bb:c5:66:2a:28:
                    9d:33:82:0a:15:80:1f:1c:ed:03:34:76:6e:11:5c:
                    80:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:38:82:B1:5E:9B:81:17:E1:3C:17:ED:64:ED:3B:20:EF:89:8A:00
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/ZTiCsV6bgRfhPBftZO07IO-JigA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:ff:89:6b:73:29:9d:63:80:be:8a:d6:e6:dc:b0:13:a8:42:
         d8:25:df:2e:ed:fc:e9:fa:5f:53:46:83:d4:1e:8d:10:13:fa:
         65:b9:b3:a6:fc:4b:7e:b8:0c:0d:ec:1b:7a:15:05:6c:9f:da:
         d2:0f:d5:6c:b7:b9:c9:eb:80:32:63:02:25:89:dc:2d:9b:d8:
         cc:16:dc:fe:ee:95:67:77:42:f2:ca:e4:4d:3c:23:65:b4:c7:
         eb:d4:94:d7:10:76:a4:61:3d:72:a7:bc:73:57:8f:8d:73:1f:
         40:78:5c:bb:ed:82:bb:c9:0d:f9:9b:4f:27:37:6a:9b:37:05:
         8f:df:73:e0:66:98:cf:bc:93:f5:e2:2e:52:5f:bb:02:d4:45:
         ec:71:4a:be:4a:0f:cb:e0:5a:37:8a:9a:bc:14:78:5b:e9:c5:
         09:41:f5:87:c5:8b:0f:e9:e3:a8:1a:8b:e6:d4:71:f3:dc:64:
         e1:ad:14:ad:1f:30:90:92:2b:6e:36:03:c0:8e:2b:89:de:9e:
         31:f6:b5:ed:59:fb:ee:e9:d3:06:55:1a:ae:e5:ea:7a:42:32:
         32:45:e8:aa:61:0c:36:d2:9e:0c:fa:8d:16:4e:83:0f:ff:fd:
         9f:79:f6:bb:0c:eb:e2:80:9b:b0:41:9b:e1:7f:50:c0:ae:03:
         4c:c7:ff:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBtYlNnI7sITVQwSthqdYJOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwNzAxMDgyMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTM4ODJiMTVlOWI4MTE3ZTEzYzE3ZWQ2NGVkM2IyMGVmODk4YTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLln+kkipKUujIw8S2R586qHOC7z
Umj9GsEOvWuLKCWSmw9vHyol0WVvww9orLyLvMsCeI++BTSiRtZ9LtTK3MuLrjti
PU/OZUDi3Uk3PvOaIh0BlKGofp8eHxyCG4rjGg3hI7kAbBmIG+GULzmHhMs9ymlh
HsMboxQXdbJdxZKeOBQEudSyrUhwwxwKg5ubnuwwfRt8/ZG0sw1a92uJzsyFlYWl
gWqztqeJhul5rP699i3RXdYz2AW6WZcwdvy872KJX9idSCPkPZM1ptE3Ms9rCxKm
fhq/tz/jNf2hnhJOsGVgVPsbj7D9u8VmKiidM4IKFYAfHO0DNHZuEVyAiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGU4grFem4EX4TwX7WTtOyDviYoAMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvWlRpQ3NWNmJnUmZoUEJmdFpPMDdJTy1KaWdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwXy6MA0G
CSqGSIb3DQEBCwUAA4IBAQAZ/4lrcymdY4C+itbm3LATqELYJd8u7fzp+l9TRoPU
Ho0QE/plubOm/Et+uAwN7Bt6FQVsn9rSD9Vst7nJ64AyYwIlidwtm9jMFtz+7pVn
d0LyyuRNPCNltMfr1JTXEHakYT1yp7xzV4+Ncx9AeFy77YK7yQ35m08nN2qbNwWP
33PgZpjPvJP14i5SX7sC1EXscUq+Sg/L4Fo3ipq8FHhb6cUJQfWHxYsP6eOoGovm
1HHz3GThrRStHzCQkituNgPAjiuJ3p4x9rXtWfvu6dMGVRqu5ep6QjIyReiqYQw2
0p4M+o0WToMP//2fefa7DOvigJuwQZvhf1DArgNMx/+T
-----END CERTIFICATE-----