Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/c9a9d1-b13c-403d-bd1c-d12a372f5173/1/MZSpqRhfdIzehE0rf9nVo-G31FY.roa
File:                     MZSpqRhfdIzehE0rf9nVo-G31FY.roa (raw, json)
Hash identifier:          znfoFNTJIbWzCd8WxpDAaLuGHzP4UL8j4XzzAC5kV5E=
Subject key identifier:   31:94:A9:A9:18:5F:74:8C:DE:84:4D:2B:7F:D9:D5:A3:E1:B7:D4:56
Certificate issuer:       /CN=ce741e7de657e4a10f93ca92c517a81b2c0b251e
Certificate serial:       018CC9B991BCB80751C6C5632BE2D44EE474
Authority key identifier: CE:74:1E:7D:E6:57:E4:A1:0F:93:CA:92:C5:17:A8:1B:2C:0B:25:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/znQefeZX5KEPk8qSxReoGywLJR4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/c9a9d1-b13c-403d-bd1c-d12a372f5173/1/MZSpqRhfdIzehE0rf9nVo-G31FY.roa
Signing time:             Tue 02 Jan 2024 10:30:31 +0000
ROA not before:           Tue 02 Jan 2024 10:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30848
IP address blocks:        185.9.53.0/24 maxlen: 24
                          185.203.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/c9a9d1-b13c-403d-bd1c-d12a372f5173/1/znQefeZX5KEPk8qSxReoGywLJR4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/c9a9d1-b13c-403d-bd1c-d12a372f5173/1/znQefeZX5KEPk8qSxReoGywLJR4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/znQefeZX5KEPk8qSxReoGywLJR4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:b9:91:bc:b8:07:51:c6:c5:63:2b:e2:d4:4e:e4:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce741e7de657e4a10f93ca92c517a81b2c0b251e
        Validity
            Not Before: Jan  2 10:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3194a9a9185f748cde844d2b7fd9d5a3e1b7d456
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:6f:a5:e7:90:c0:38:e8:e6:47:12:4e:a1:d3:
                    d9:d7:1d:1b:7a:6b:99:d9:98:8b:c3:3d:89:cb:7c:
                    cd:66:04:44:d9:e6:50:47:5a:a9:d7:ea:d4:9e:eb:
                    a5:ac:80:dc:8f:e7:c9:c7:4f:58:a5:65:23:ad:93:
                    0a:32:9a:53:59:16:3e:cd:7b:b6:0b:95:57:fe:77:
                    b2:04:08:f8:2d:4c:d3:03:8e:7c:9c:81:7a:b9:11:
                    ec:e9:b1:f4:22:15:a1:18:c3:30:17:96:ff:20:b6:
                    e7:cf:2f:0e:93:ca:af:f1:4b:ee:29:70:4d:5c:af:
                    51:5e:cb:fb:9c:70:3f:dc:ef:b6:fa:85:c1:33:88:
                    96:dc:5f:d5:3a:6b:c2:6b:32:2e:82:7e:7c:d3:20:
                    ba:5a:53:8c:ba:04:41:b8:dd:f1:75:58:24:c5:9c:
                    61:c3:24:f6:f0:66:4c:e8:cb:94:97:33:ed:e6:3c:
                    dc:07:e6:61:d3:f7:92:bb:09:61:30:2e:f5:8b:8e:
                    2c:d1:a4:81:54:a2:09:79:74:91:92:7a:ed:a6:a1:
                    c8:f2:33:25:96:b5:0e:b9:c3:4f:b9:cd:6c:2b:8f:
                    4b:fb:e7:b1:63:13:30:9c:1d:6d:99:8e:72:fa:38:
                    3e:bb:f2:b6:9a:96:b9:67:ad:ad:9c:cd:9e:74:5a:
                    d4:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:94:A9:A9:18:5F:74:8C:DE:84:4D:2B:7F:D9:D5:A3:E1:B7:D4:56
            X509v3 Authority Key Identifier:
                keyid:CE:74:1E:7D:E6:57:E4:A1:0F:93:CA:92:C5:17:A8:1B:2C:0B:25:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/znQefeZX5KEPk8qSxReoGywLJR4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/c9a9d1-b13c-403d-bd1c-d12a372f5173/1/MZSpqRhfdIzehE0rf9nVo-G31FY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/c9a9d1-b13c-403d-bd1c-d12a372f5173/1/znQefeZX5KEPk8qSxReoGywLJR4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.9.53.0/24
                  185.203.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:c2:b2:e2:d9:83:d0:40:e0:63:da:13:96:a2:7c:a8:88:30:
         ff:f5:8d:6d:39:a0:2a:ac:6a:5b:68:67:2d:31:c1:f8:0a:0d:
         11:73:49:e0:60:bb:f0:8f:72:75:0b:41:e4:09:28:cc:cc:6c:
         80:66:e5:b9:82:c6:97:c5:e4:ae:5c:cc:e4:39:c0:4b:a4:71:
         73:e5:2e:24:83:3f:e5:f8:34:cf:fd:61:fa:1e:bc:74:52:41:
         ec:dd:6b:36:2d:f3:bd:1d:b4:fc:d9:d5:b1:f3:ec:ac:84:d3:
         5f:dc:ee:b6:f0:d5:b6:af:3e:de:89:03:1f:de:86:7b:75:d2:
         63:23:39:6a:ea:a7:1b:cd:34:85:ba:f7:fa:bf:51:b9:3b:85:
         78:0a:86:20:b6:78:b2:97:68:d1:fd:0d:34:d6:d1:22:46:9d:
         87:b5:bd:50:53:7d:b0:2a:55:21:d7:72:05:a5:39:fd:72:96:
         1d:6c:68:ea:7f:86:4a:a8:ee:89:b5:48:a1:e3:7d:df:4e:ae:
         d2:36:79:04:d4:dc:09:eb:a5:bb:47:97:da:41:8a:b4:0a:4f:
         2c:a2:b5:90:69:8a:1a:b1:16:d4:10:de:9c:62:8e:a6:5c:d3:
         9a:85:b1:8c:e1:40:9e:6e:f2:14:ea:4e:ca:a6:6a:60:ea:26:
         93:70:e0:e5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJuZG8uAdRxsVjK+LUTuR0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlNzQxZTdkZTY1N2U0YTEwZjkzY2E5MmM1MTdhODFiMmMw
YjI1MWUwHhcNMjQwMTAyMTAzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTk0YTlhOTE4NWY3NDhjZGU4NDRkMmI3ZmQ5ZDVhM2UxYjdkNDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3m+l55DAOOjmRxJOodPZ1x0bemuZ
2ZiLwz2Jy3zNZgRE2eZQR1qp1+rUnuulrIDcj+fJx09YpWUjrZMKMppTWRY+zXu2
C5VX/neyBAj4LUzTA458nIF6uRHs6bH0IhWhGMMwF5b/ILbnzy8Ok8qv8UvuKXBN
XK9RXsv7nHA/3O+2+oXBM4iW3F/VOmvCazIugn580yC6WlOMugRBuN3xdVgkxZxh
wyT28GZM6MuUlzPt5jzcB+Zh0/eSuwlhMC71i44s0aSBVKIJeXSRknrtpqHI8jMl
lrUOucNPuc1sK49L++exYxMwnB1tmY5y+jg+u/K2mpa5Z62tnM2edFrUiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDGUqakYX3SM3oRNK3/Z1aPht9RWMB8GA1UdIwQY
MBaAFM50Hn3mV+ShD5PKksUXqBssCyUeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvem5RZWZlWlg1S0VQazhxU3hSZW9HeXdMSlI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9jOWE5ZDEtYjEzYy00MDNkLWJkMWMt
ZDEyYTM3MmY1MTczLzEvTVpTcHFSaGZkSXplaEUwcmY5blZvLUczMUZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9jOWE5ZDEtYjEzYy00MDNkLWJkMWMtZDEyYTM3MmY1MTcz
LzEvem5RZWZlWlg1S0VQazhxU3hSZW9HeXdMSlI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuQk1AwQA
uctYMA0GCSqGSIb3DQEBCwUAA4IBAQCCwrLi2YPQQOBj2hOWonyoiDD/9Y1tOaAq
rGpbaGctMcH4Cg0Rc0ngYLvwj3J1C0HkCSjMzGyAZuW5gsaXxeSuXMzkOcBLpHFz
5S4kgz/l+DTP/WH6Hrx0UkHs3Ws2LfO9HbT82dWx8+yshNNf3O628NW2rz7eiQMf
3oZ7ddJjIzlq6qcbzTSFuvf6v1G5O4V4CoYgtniyl2jR/Q001tEiRp2Htb1QU32w
KlUh13IFpTn9cpYdbGjqf4ZKqO6JtUih433fTq7SNnkE1NwJ66W7R5faQYq0Ck8s
orWQaYoasRbUEN6cYo6mXNOahbGM4UCebvIU6k7Kpmpg6iaTcODl
-----END CERTIFICATE-----