Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/27c928-02fe-4052-9d65-b1fc2083c906/1/ZHDIfIKVe00cJZJgvHqtrTuqsSs.roa
File:                     ZHDIfIKVe00cJZJgvHqtrTuqsSs.roa (raw, json)
Hash identifier:          ByfdGv8ndQNEpCY/csA0Hex+C+pm3QRXYdkvaYKI44U=
Subject key identifier:   64:70:C8:7C:82:95:7B:4D:1C:25:92:60:BC:7A:AD:AD:3B:AA:B1:2B
Certificate issuer:       /CN=ffbe256565e1c27c4b26560190e9978286a82b52
Certificate serial:       018CC6B8A09155963528B386D430E382F3F6
Authority key identifier: FF:BE:25:65:65:E1:C2:7C:4B:26:56:01:90:E9:97:82:86:A8:2B:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_74lZWXhwnxLJlYBkOmXgoaoK1I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/27c928-02fe-4052-9d65-b1fc2083c906/1/ZHDIfIKVe00cJZJgvHqtrTuqsSs.roa
Signing time:             Mon 01 Jan 2024 20:30:37 +0000
ROA not before:           Mon 01 Jan 2024 20:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29608
IP address blocks:        194.146.204.0/24 maxlen: 24
                          2a14:5500::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/27c928-02fe-4052-9d65-b1fc2083c906/1/_74lZWXhwnxLJlYBkOmXgoaoK1I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/27c928-02fe-4052-9d65-b1fc2083c906/1/_74lZWXhwnxLJlYBkOmXgoaoK1I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_74lZWXhwnxLJlYBkOmXgoaoK1I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:a0:91:55:96:35:28:b3:86:d4:30:e3:82:f3:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffbe256565e1c27c4b26560190e9978286a82b52
        Validity
            Not Before: Jan  1 20:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6470c87c82957b4d1c259260bc7aadad3baab12b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:1f:25:2f:43:10:19:f7:15:de:f1:37:04:bc:
                    7f:4f:25:a0:77:ec:9e:c2:58:06:6f:a2:02:3c:c3:
                    f7:28:14:7b:db:f2:b0:35:e0:0b:5c:df:60:0f:76:
                    08:6c:a5:88:b8:79:84:71:e5:eb:56:8c:f7:92:14:
                    c2:ca:e2:48:71:d3:31:30:e7:bb:0a:cc:ae:5a:ce:
                    5f:3d:d2:b1:30:5b:53:5d:87:b2:ee:39:39:b7:10:
                    66:aa:83:0e:27:4b:e9:52:e3:fd:ec:35:76:e6:ed:
                    93:55:71:b9:a0:ea:9b:a9:5f:a1:08:e5:d4:37:d1:
                    5a:c5:be:95:34:e8:fa:50:6b:71:c4:29:ff:1a:10:
                    e5:38:25:8b:b2:f2:e7:c6:3e:a2:c7:11:e1:99:6d:
                    0e:a5:cc:96:b3:ed:81:a8:ce:16:5a:93:e4:b3:ba:
                    61:fc:7d:59:12:75:2c:74:8d:09:5b:59:00:2c:be:
                    a5:67:58:a1:03:0d:26:5d:0d:0f:d9:f5:53:76:84:
                    81:24:fd:d8:a6:27:c8:37:b2:86:93:71:ea:a7:4e:
                    ba:27:f2:bb:7d:3b:4b:bc:98:52:0b:5b:89:c4:93:
                    b3:71:b3:d9:94:6b:90:d4:23:e9:f9:5b:94:1e:66:
                    43:35:e5:bd:79:74:54:88:09:e8:52:4c:ed:d3:f3:
                    29:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:70:C8:7C:82:95:7B:4D:1C:25:92:60:BC:7A:AD:AD:3B:AA:B1:2B
            X509v3 Authority Key Identifier:
                keyid:FF:BE:25:65:65:E1:C2:7C:4B:26:56:01:90:E9:97:82:86:A8:2B:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_74lZWXhwnxLJlYBkOmXgoaoK1I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/27c928-02fe-4052-9d65-b1fc2083c906/1/ZHDIfIKVe00cJZJgvHqtrTuqsSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/27c928-02fe-4052-9d65-b1fc2083c906/1/_74lZWXhwnxLJlYBkOmXgoaoK1I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.146.204.0/24
                IPv6:
                  2a14:5500::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:88:52:c9:34:c0:10:70:96:7d:68:ac:f2:17:94:aa:8b:c7:
         c3:87:ae:6b:f6:13:29:40:77:c2:df:19:67:34:10:e3:b6:32:
         84:17:b5:7a:3f:97:ff:72:e4:84:6e:33:67:85:4e:d7:3e:b4:
         4e:26:ce:b1:cf:20:64:48:db:68:33:90:61:5f:c8:0c:b2:c1:
         60:e7:ed:e3:50:64:42:ca:ea:b4:52:17:45:11:f1:1a:ba:64:
         1f:fe:fd:92:c8:28:48:71:19:c7:d4:ee:27:67:86:57:0d:b8:
         5e:ca:54:a0:5d:0b:7f:b7:8c:49:5d:4c:ea:76:3e:49:0f:09:
         58:9d:3d:27:e1:86:b4:75:bd:86:84:43:4d:6d:e5:09:1b:c3:
         6e:a7:dc:77:f6:d0:3c:43:fb:43:e5:7a:b6:c5:a5:23:6e:38:
         4c:f0:a5:3d:ac:b9:af:57:3c:75:93:c2:1c:39:11:ff:f3:cd:
         69:85:e0:1c:85:0e:e5:89:69:72:88:fc:16:0d:60:78:af:d4:
         d8:2d:79:34:c7:67:81:c8:c6:4d:47:4c:1e:d0:f1:7a:b3:fe:
         4c:f2:c4:7a:53:6b:bd:28:c4:5c:2f:97:dd:97:f2:22:5c:d5:
         84:74:29:07:16:f0:ca:88:28:13:d9:91:f3:05:53:e4:15:16:
         0e:ba:7d:1c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuKCRVZY1KLOG1DDjgvP2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYmUyNTY1NjVlMWMyN2M0YjI2NTYwMTkwZTk5NzgyODZh
ODJiNTIwHhcNMjQwMTAxMjAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDcwYzg3YzgyOTU3YjRkMWMyNTkyNjBiYzdhYWRhZDNiYWFiMTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApR8lL0MQGfcV3vE3BLx/TyWgd+ye
wlgGb6ICPMP3KBR72/KwNeALXN9gD3YIbKWIuHmEceXrVoz3khTCyuJIcdMxMOe7
CsyuWs5fPdKxMFtTXYey7jk5txBmqoMOJ0vpUuP97DV25u2TVXG5oOqbqV+hCOXU
N9Faxb6VNOj6UGtxxCn/GhDlOCWLsvLnxj6ixxHhmW0OpcyWs+2BqM4WWpPks7ph
/H1ZEnUsdI0JW1kALL6lZ1ihAw0mXQ0P2fVTdoSBJP3YpifIN7KGk3Hqp066J/K7
fTtLvJhSC1uJxJOzcbPZlGuQ1CPp+VuUHmZDNeW9eXRUiAnoUkzt0/MpKwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGRwyHyClXtNHCWSYLx6ra07qrErMB8GA1UdIwQY
MBaAFP++JWVl4cJ8SyZWAZDpl4KGqCtSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzc0bFpXWGh3bnhMSmxZQmtPbVhnb2FvSzFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8yN2M5MjgtMDJmZS00MDUyLTlkNjUt
YjFmYzIwODNjOTA2LzEvWkhESWZJS1ZlMDBjSlpKZ3ZIcXRyVHVxc1NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8yN2M5MjgtMDJmZS00MDUyLTlkNjUtYjFmYzIwODNjOTA2
LzEvXzc0bFpXWGh3bnhMSmxZQmtPbVhnb2FvSzFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwpLMMA0E
AgACMAcDBQMqFFUAMA0GCSqGSIb3DQEBCwUAA4IBAQALiFLJNMAQcJZ9aKzyF5Sq
i8fDh65r9hMpQHfC3xlnNBDjtjKEF7V6P5f/cuSEbjNnhU7XPrROJs6xzyBkSNto
M5BhX8gMssFg5+3jUGRCyuq0UhdFEfEaumQf/v2SyChIcRnH1O4nZ4ZXDbheylSg
XQt/t4xJXUzqdj5JDwlYnT0n4Ya0db2GhENNbeUJG8Nup9x39tA8Q/tD5Xq2xaUj
bjhM8KU9rLmvVzx1k8IcORH/881pheAchQ7liWlyiPwWDWB4r9TYLXk0x2eByMZN
R0we0PF6s/5M8sR6U2u9KMRcL5fdl/IiXNWEdCkHFvDKiCgT2ZHzBVPkFRYOun0c
-----END CERTIFICATE-----