Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ZLIq5_5y7YqabUJp74Lb6UaRYC0.roa
File:                     ZLIq5_5y7YqabUJp74Lb6UaRYC0.roa (raw, json)
Hash identifier:          oEGOT0oM7vw81b54SoxBfekU3SfbQSlkDB7ZF+w0J4c=
Subject key identifier:   64:B2:2A:E7:FE:72:ED:8A:9A:6D:42:69:EF:82:DB:E9:46:91:60:2D
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC802D5EE42092586183524DA1ADF1A2F
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ZLIq5_5y7YqabUJp74Lb6UaRYC0.roa
Signing time:             Tue 02 Jan 2024 02:31:18 +0000
ROA not before:           Tue 02 Jan 2024 02:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1234
IP address blocks:        192.176.176.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:d5:ee:42:09:25:86:18:35:24:da:1a:df:1a:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64b22ae7fe72ed8a9a6d4269ef82dbe94691602d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:1d:9d:25:34:ed:3a:3b:99:f3:b1:99:aa:84:
                    62:4d:c5:39:f8:e7:e5:73:ee:8e:5d:f6:3a:a2:d6:
                    aa:3e:01:6c:d7:b3:e3:9a:35:3f:01:ac:c7:41:be:
                    7b:bb:58:7f:01:da:50:b8:bf:5d:bf:34:07:cc:ae:
                    57:2a:db:cb:72:d0:88:e6:96:ab:f2:79:75:20:f0:
                    6b:01:ec:a3:dc:67:7c:0d:79:e1:87:74:54:e1:45:
                    71:4f:10:68:9f:1d:7c:1e:4e:f8:d2:c0:d3:21:14:
                    a0:d8:12:ff:ff:fd:5b:44:5b:8c:a6:a8:76:1a:7e:
                    67:a0:e3:64:97:4b:43:01:14:6a:39:a8:dd:24:bd:
                    8d:d9:bd:cd:81:c5:64:6e:f0:f9:0d:4f:c7:53:80:
                    d8:5f:ad:29:6a:d2:0d:51:74:44:9f:12:e2:87:36:
                    df:3c:69:04:ea:a1:ce:c2:fe:70:37:2b:2e:f9:e0:
                    7b:f6:f8:af:c0:c4:6c:a7:be:b4:27:68:25:5f:b8:
                    00:fd:c1:ec:da:31:5f:f4:5f:f9:15:81:fd:7f:10:
                    b9:91:e3:65:62:51:0d:42:90:82:7b:f4:f9:cd:ec:
                    35:7c:8b:ea:b6:78:b7:a8:bb:17:54:fc:b5:36:e9:
                    c0:df:e0:69:3f:73:bf:05:54:ae:eb:39:2f:ed:d1:
                    2d:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:B2:2A:E7:FE:72:ED:8A:9A:6D:42:69:EF:82:DB:E9:46:91:60:2D
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ZLIq5_5y7YqabUJp74Lb6UaRYC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.176.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         81:1e:97:83:37:df:80:f6:e3:f0:99:a8:75:fc:68:9e:a0:12:
         09:7b:d2:22:51:c7:f2:77:47:e2:55:e5:57:a5:00:f1:ce:84:
         59:58:ca:67:51:c8:13:b8:12:bf:26:ed:51:ba:70:dc:47:5f:
         92:8c:d0:fa:cd:c3:85:a6:4a:3b:9c:f9:99:a5:d5:a1:0e:28:
         0c:f9:f6:78:b9:d2:0a:8c:ef:d2:be:99:cc:c5:8e:17:6a:67:
         5d:83:2a:75:92:47:aa:44:5c:05:30:ca:5c:ed:78:cb:ef:42:
         0e:09:53:82:ee:b7:c2:0a:eb:b7:23:bc:b3:43:5a:c4:3f:85:
         e2:20:f8:2f:53:58:0d:17:9e:93:8c:2c:1b:05:c4:0b:d1:e8:
         19:a6:88:63:f2:88:e6:d6:52:8c:bc:bd:f8:b7:0b:76:d4:be:
         77:69:8b:e8:51:13:b5:a9:df:e4:db:f9:f7:b7:c3:2b:96:d7:
         be:82:ce:17:8e:08:8c:2c:f0:02:bb:8f:05:16:44:0c:bd:b0:
         61:f1:83:e6:f4:76:af:95:8f:0d:0a:0a:54:c8:31:ce:32:ae:
         a8:b3:46:02:3c:46:1c:36:53:53:69:bd:db:8a:b9:54:03:f0:
         48:3a:6a:86:2d:59:8c:d1:87:cc:48:7b:67:48:f1:85:c7:69:
         27:ae:67:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAtXuQgklhhg1JNoa3xovMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGIyMmFlN2ZlNzJlZDhhOWE2ZDQyNjllZjgyZGJlOTQ2OTE2MDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlx2dJTTtOjuZ87GZqoRiTcU5+Ofl
c+6OXfY6otaqPgFs17PjmjU/AazHQb57u1h/AdpQuL9dvzQHzK5XKtvLctCI5par
8nl1IPBrAeyj3Gd8DXnhh3RU4UVxTxBonx18Hk740sDTIRSg2BL///1bRFuMpqh2
Gn5noONkl0tDARRqOajdJL2N2b3NgcVkbvD5DU/HU4DYX60patINUXREnxLihzbf
PGkE6qHOwv5wNysu+eB79vivwMRsp760J2glX7gA/cHs2jFf9F/5FYH9fxC5keNl
YlENQpCCe/T5zew1fIvqtni3qLsXVPy1NunA3+BpP3O/BVSu6zkv7dEtDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGSyKuf+cu2Kmm1Cae+C2+lGkWAtMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvWkxJcTVfNXk3WXFhYlVKcDc0TGI2VWFSWUMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwLCwMA0G
CSqGSIb3DQEBCwUAA4IBAQCBHpeDN9+A9uPwmah1/GieoBIJe9IiUcfyd0fiVeVX
pQDxzoRZWMpnUcgTuBK/Ju1RunDcR1+SjND6zcOFpko7nPmZpdWhDigM+fZ4udIK
jO/SvpnMxY4Xamddgyp1kkeqRFwFMMpc7XjL70IOCVOC7rfCCuu3I7yzQ1rEP4Xi
IPgvU1gNF56TjCwbBcQL0egZpohj8ojm1lKMvL34twt21L53aYvoURO1qd/k2/n3
t8Mrlte+gs4XjgiMLPACu48FFkQMvbBh8YPm9HavlY8NCgpUyDHOMq6os0YCPEYc
NlNTab3birlUA/BIOmqGLVmM0YfMSHtnSPGFx2knrmca
-----END CERTIFICATE-----