Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/zQj6eadudVXi3O2yLkwnkqDqs14.roa
File:                     zQj6eadudVXi3O2yLkwnkqDqs14.roa (raw, json)
Hash identifier:          1vStXhfH6Bx/njY+sQI2OighAfBRyys+wyz3AiCm0kE=
Subject key identifier:   CD:08:FA:79:A7:6E:75:55:E2:DC:ED:B2:2E:4C:27:92:A0:EA:B3:5E
Certificate issuer:       /CN=424feffb576e411de511871dc1e0bd7a20e2c4d7
Certificate serial:       018EBD368DEE5E72DA53FB625A5605E31778
Authority key identifier: 42:4F:EF:FB:57:6E:41:1D:E5:11:87:1D:C1:E0:BD:7A:20:E2:C4:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/zQj6eadudVXi3O2yLkwnkqDqs14.roa
Signing time:             Mon 08 Apr 2024 10:17:32 +0000
ROA not before:           Mon 08 Apr 2024 10:17:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     268624
IP address blocks:        162.12.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:36:8d:ee:5e:72:da:53:fb:62:5a:56:05:e3:17:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=424feffb576e411de511871dc1e0bd7a20e2c4d7
        Validity
            Not Before: Apr  8 10:17:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd08fa79a76e7555e2dcedb22e4c2792a0eab35e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c5:77:2c:29:fa:28:9b:77:37:c2:02:13:5c:
                    bb:a0:99:a4:04:4e:da:3d:7e:64:1e:fd:ec:27:43:
                    18:76:b4:79:6f:33:10:5a:09:72:76:8c:6d:7a:24:
                    b7:77:64:01:d9:db:14:87:3e:05:af:84:73:84:38:
                    c9:f3:6f:59:42:68:81:24:0b:55:b7:03:58:ed:5e:
                    35:6f:e0:31:9e:c2:52:d0:39:e8:95:4f:5c:95:89:
                    c0:1a:c7:fb:57:61:df:1c:a5:51:2c:ca:aa:11:c9:
                    20:9d:bc:11:fd:ea:9d:6c:a6:56:fe:44:a0:5a:80:
                    db:53:32:9a:c6:11:4f:8b:7a:9a:d8:01:fb:30:04:
                    24:d6:7c:2e:ee:7c:9c:d1:c7:4f:1d:b1:ca:c3:77:
                    b4:2f:9c:50:50:a3:91:28:eb:12:90:ff:7c:bb:a5:
                    22:72:08:4d:c7:68:c1:f1:1c:c5:2a:39:15:6a:eb:
                    4d:d4:ef:0d:80:af:8c:de:38:40:07:72:e9:ec:34:
                    e4:6b:18:9e:39:e8:d8:da:98:2c:9d:cc:ad:a0:c0:
                    a0:f5:b9:4b:2b:a8:7a:14:54:87:a0:3d:0d:e6:79:
                    9d:34:e7:8b:63:dc:bc:d7:63:9e:20:70:c4:46:4f:
                    14:66:38:14:4f:57:fd:c8:be:b1:71:09:df:60:70:
                    4a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:08:FA:79:A7:6E:75:55:E2:DC:ED:B2:2E:4C:27:92:A0:EA:B3:5E
            X509v3 Authority Key Identifier:
                keyid:42:4F:EF:FB:57:6E:41:1D:E5:11:87:1D:C1:E0:BD:7A:20:E2:C4:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/zQj6eadudVXi3O2yLkwnkqDqs14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.12.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:2b:9f:ae:5a:0c:e8:5a:1c:e8:54:b2:d1:b7:0b:e3:7b:d0:
         1b:29:4a:77:61:ac:8d:9e:cc:cc:49:45:31:29:21:f9:b4:fd:
         de:37:e2:c9:bc:af:3d:0a:3c:33:bd:26:a1:cf:5e:78:2b:af:
         c9:b4:f4:bb:5c:4a:6b:8a:73:be:1d:2e:e8:b8:d6:e1:7a:38:
         43:08:d3:e3:d5:d3:a8:69:04:38:99:01:d6:4b:df:98:a9:87:
         d4:44:34:37:a0:30:45:c7:8c:83:8d:86:34:5a:7c:08:9c:fe:
         3b:33:8c:af:14:ae:94:a7:f1:ad:07:74:91:fc:66:d0:f6:5c:
         5a:34:8e:18:12:a1:12:f8:eb:87:27:ff:8a:cb:56:cd:68:e3:
         fb:f5:0c:5d:50:95:6e:a4:18:77:8e:7b:70:71:d1:2f:1e:b9:
         cf:9e:52:6e:75:76:df:28:ea:27:11:2b:d2:7b:05:8e:33:6b:
         3b:82:77:f0:65:a6:0c:70:ac:e4:ab:ca:5a:a5:ae:04:25:4d:
         1a:f6:5d:2d:11:c4:65:92:52:d3:c8:bc:69:52:c5:3d:41:8b:
         f3:b6:63:3c:e4:f9:a9:2f:cd:fe:3b:02:f6:ac:ad:79:64:e7:
         23:ef:cd:2b:19:0e:23:7d:b2:db:29:2b:e5:a4:3f:81:64:11:
         28:34:8c:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY69No3uXnLaU/tiWlYF4xd4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyNGZlZmZiNTc2ZTQxMWRlNTExODcxZGMxZTBiZDdhMjBl
MmM0ZDcwHhcNMjQwNDA4MTAxNzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDA4ZmE3OWE3NmU3NTU1ZTJkY2VkYjIyZTRjMjc5MmEwZWFiMzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8V3LCn6KJt3N8ICE1y7oJmkBE7a
PX5kHv3sJ0MYdrR5bzMQWglydoxteiS3d2QB2dsUhz4Fr4RzhDjJ829ZQmiBJAtV
twNY7V41b+AxnsJS0DnolU9clYnAGsf7V2HfHKVRLMqqEckgnbwR/eqdbKZW/kSg
WoDbUzKaxhFPi3qa2AH7MAQk1nwu7nyc0cdPHbHKw3e0L5xQUKORKOsSkP98u6Ui
cghNx2jB8RzFKjkVautN1O8NgK+M3jhAB3Lp7DTkaxieOejY2pgsncytoMCg9blL
K6h6FFSHoD0N5nmdNOeLY9y812OeIHDERk8UZjgUT1f9yL6xcQnfYHBKzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM0I+nmnbnVV4tztsi5MJ5Kg6rNeMB8GA1UdIwQY
MBaAFEJP7/tXbkEd5RGHHcHgvXog4sTXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWtfdi0xZHVRUjNsRVljZHdlQzllaURpeE5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy82MTM1MDgtMDgzMi00MWY2LWFjYjct
ODMxZjdlNmY1Y2NkLzEvelFqNmVhZHVkVlhpM08yeUxrd25rcURxczE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy82MTM1MDgtMDgzMi00MWY2LWFjYjctODMxZjdlNmY1Y2Nk
LzEvUWtfdi0xZHVRUjNsRVljZHdlQzllaURpeE5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAogzMMA0G
CSqGSIb3DQEBCwUAA4IBAQAmK5+uWgzoWhzoVLLRtwvje9AbKUp3YayNnszMSUUx
KSH5tP3eN+LJvK89CjwzvSahz154K6/JtPS7XEprinO+HS7ouNbhejhDCNPj1dOo
aQQ4mQHWS9+YqYfURDQ3oDBFx4yDjYY0WnwInP47M4yvFK6Up/GtB3SR/GbQ9lxa
NI4YEqES+OuHJ/+Ky1bNaOP79QxdUJVupBh3jntwcdEvHrnPnlJudXbfKOonESvS
ewWOM2s7gnfwZaYMcKzkq8papa4EJU0a9l0tEcRlklLTyLxpUsU9QYvztmM85Pmp
L83+OwL2rK15ZOcj780rGQ4jfbLbKSvlpD+BZBEoNIyu
-----END CERTIFICATE-----