Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/Mz64B3nCKiuJEdwQLpwHpA9VrbA.roa
File:                     Mz64B3nCKiuJEdwQLpwHpA9VrbA.roa (raw, json)
Hash identifier:          zurT0mdf1V1xHODO9KZMtjX60+0Hvtgg0wI9KCnx3SY=
Subject key identifier:   33:3E:B8:07:79:C2:2A:2B:89:11:DC:10:2E:9C:07:A4:0F:55:AD:B0
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC80309E4B39D1A1262FCFE5F9681DED1
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/Mz64B3nCKiuJEdwQLpwHpA9VrbA.roa
Signing time:             Tue 02 Jan 2024 02:31:31 +0000
ROA not before:           Tue 02 Jan 2024 02:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211551
IP address blocks:        194.71.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:09:e4:b3:9d:1a:12:62:fc:fe:5f:96:81:de:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=333eb80779c22a2b8911dc102e9c07a40f55adb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f7:31:d2:d6:7b:c1:a4:29:be:0b:9f:1c:34:
                    fa:89:ae:ca:c9:5c:ea:4a:67:1f:e1:26:09:aa:2e:
                    32:f9:3a:56:9b:6c:43:c7:68:dd:a2:84:d2:b0:1b:
                    b6:dc:ac:fe:c8:f6:ce:76:89:72:d1:26:6a:06:6a:
                    34:65:25:e0:31:f9:ba:2b:92:74:78:d6:ad:61:40:
                    e7:af:c8:e6:aa:91:7b:49:45:9c:21:bb:63:a0:95:
                    e2:de:41:fc:1c:4d:9e:63:7d:8c:6b:a6:65:d7:14:
                    f6:7e:8d:fd:6c:c1:8a:9b:1f:ab:d4:de:c7:2e:f7:
                    7b:c1:a8:e1:32:2b:90:ee:03:6f:4e:0b:c6:bf:40:
                    20:79:0f:23:21:3a:ec:67:03:b9:31:30:87:b3:93:
                    fb:f4:99:a0:02:ec:d8:39:59:50:68:8e:08:29:e2:
                    8f:ae:5e:72:b1:12:da:6b:62:0b:b0:88:ba:c4:81:
                    ef:1c:aa:4f:07:92:a6:87:dd:b8:1d:0c:95:7c:6c:
                    ab:12:e2:53:ec:47:81:6f:36:be:d2:fd:ea:76:a1:
                    9d:d4:24:fa:e0:c6:40:22:73:43:f7:90:be:14:e5:
                    cf:ef:96:60:17:ac:21:82:61:75:c6:a3:59:22:83:
                    30:ef:c8:b4:82:27:bd:47:18:1a:01:79:cc:39:f3:
                    02:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:3E:B8:07:79:C2:2A:2B:89:11:DC:10:2E:9C:07:A4:0F:55:AD:B0
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/Mz64B3nCKiuJEdwQLpwHpA9VrbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.71.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:2f:8f:e9:0a:1b:14:42:43:8a:1f:d0:0c:94:9a:a6:e9:86:
         33:55:45:a6:65:d6:9d:a3:00:bb:af:f0:37:c1:26:f2:90:42:
         f1:3e:30:25:74:fc:dc:a9:b2:74:35:e8:07:e5:1b:da:f1:20:
         43:89:43:f7:8b:68:54:72:49:ad:df:57:11:4e:a8:21:6d:a6:
         59:77:08:94:e4:71:2c:8a:8d:d0:8c:82:3c:bf:4c:5e:41:e0:
         27:a0:d3:60:64:b9:dc:cb:7b:66:50:ba:21:ec:8a:91:cf:bb:
         7d:4f:a8:cf:92:24:98:2b:6b:e7:17:95:c1:3c:30:ea:6e:c6:
         74:9b:2f:3c:04:d3:8f:50:43:b9:9d:e8:d9:8c:a6:3b:7f:db:
         68:6b:26:73:37:ba:62:d1:0f:20:a4:02:2d:49:b3:e2:ef:58:
         07:d0:6e:05:c9:ee:aa:00:74:60:b1:26:b8:b0:31:42:9d:56:
         a4:27:b8:ed:e0:bd:e2:aa:1a:b4:db:ca:7c:39:fd:c0:70:50:
         4a:36:4e:fb:e0:63:70:0b:78:71:b1:cb:cc:16:37:ce:f3:b6:
         cf:f2:08:e9:ca:ea:22:34:20:5c:99:19:68:e5:05:00:db:34:
         23:8b:16:2f:d6:cc:6d:73:1e:9e:a7:e1:5c:1a:3e:a7:94:e2:
         1a:1e:e9:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAwnks50aEmL8/l+Wgd7RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzNlYjgwNzc5YzIyYTJiODkxMWRjMTAyZTljMDdhNDBmNTVhZGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPcx0tZ7waQpvgufHDT6ia7KyVzq
Smcf4SYJqi4y+TpWm2xDx2jdooTSsBu23Kz+yPbOdoly0SZqBmo0ZSXgMfm6K5J0
eNatYUDnr8jmqpF7SUWcIbtjoJXi3kH8HE2eY32Ma6Zl1xT2fo39bMGKmx+r1N7H
Lvd7wajhMiuQ7gNvTgvGv0AgeQ8jITrsZwO5MTCHs5P79JmgAuzYOVlQaI4IKeKP
rl5ysRLaa2ILsIi6xIHvHKpPB5Kmh924HQyVfGyrEuJT7EeBbza+0v3qdqGd1CT6
4MZAInND95C+FOXP75ZgF6whgmF1xqNZIoMw78i0gie9RxgaAXnMOfMCswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDM+uAd5wioriRHcEC6cB6QPVa2wMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvTXo2NEIzbkNLaXVKRWR3UUxwd0hwQTlWcmJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkeLMA0G
CSqGSIb3DQEBCwUAA4IBAQC3L4/pChsUQkOKH9AMlJqm6YYzVUWmZdadowC7r/A3
wSbykELxPjAldPzcqbJ0NegH5Rva8SBDiUP3i2hUckmt31cRTqghbaZZdwiU5HEs
io3QjII8v0xeQeAnoNNgZLncy3tmULoh7IqRz7t9T6jPkiSYK2vnF5XBPDDqbsZ0
my88BNOPUEO5nejZjKY7f9toayZzN7pi0Q8gpAItSbPi71gH0G4Fye6qAHRgsSa4
sDFCnVakJ7jt4L3iqhq028p8Of3AcFBKNk774GNwC3hxscvMFjfO87bP8gjpyuoi
NCBcmRlo5QUA2zQjixYv1sxtcx6ep+FcGj6nlOIaHumX
-----END CERTIFICATE-----