Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/227670-fe4d-4bd6-bf28-b2545b404eec/1/sZmZMcCIuaFfPfZ5LyDD-D0LpUM.roa
File:                     sZmZMcCIuaFfPfZ5LyDD-D0LpUM.roa (raw, json)
Hash identifier:          UxGwB74pP30MAmFuoHZvFDEzFafjRZgO61jqPzZ5mXA=
Subject key identifier:   B1:99:99:31:C0:88:B9:A1:5F:3D:F6:79:2F:20:C3:F8:3D:0B:A5:43
Certificate issuer:       /CN=92391353f6e1f502504a0868ebf8ad0debc9da78
Certificate serial:       018CC4934E32C0FBF95E1F9429A0579828B2
Authority key identifier: 92:39:13:53:F6:E1:F5:02:50:4A:08:68:EB:F8:AD:0D:EB:C9:DA:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kjkTU_bh9QJQSgho6_itDevJ2ng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/227670-fe4d-4bd6-bf28-b2545b404eec/1/sZmZMcCIuaFfPfZ5LyDD-D0LpUM.roa
Signing time:             Mon 01 Jan 2024 10:30:37 +0000
ROA not before:           Mon 01 Jan 2024 10:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39484
IP address blocks:        89.106.32.0/19 maxlen: 19
                          185.239.192.0/22 maxlen: 22
                          2a02:13c8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/227670-fe4d-4bd6-bf28-b2545b404eec/1/kjkTU_bh9QJQSgho6_itDevJ2ng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/227670-fe4d-4bd6-bf28-b2545b404eec/1/kjkTU_bh9QJQSgho6_itDevJ2ng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kjkTU_bh9QJQSgho6_itDevJ2ng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:4e:32:c0:fb:f9:5e:1f:94:29:a0:57:98:28:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92391353f6e1f502504a0868ebf8ad0debc9da78
        Validity
            Not Before: Jan  1 10:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1999931c088b9a15f3df6792f20c3f83d0ba543
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d8:f7:de:17:8c:c7:3c:7e:52:0b:81:a5:1c:
                    98:65:b9:d1:65:7d:15:64:cb:97:c2:cb:3b:63:73:
                    59:d3:6b:00:9b:45:1e:0f:d7:1e:10:04:87:e6:d1:
                    6e:fa:bd:41:7d:68:b7:0e:9d:a4:21:d8:f9:de:df:
                    88:d6:ed:d0:28:70:a5:e5:c0:9c:fd:a7:7a:27:24:
                    97:59:32:b5:6e:f4:9a:3c:10:ef:d5:ec:3c:13:2b:
                    fa:bb:94:41:ec:8a:20:69:70:d1:b6:c8:58:a7:c5:
                    41:bf:ee:32:94:53:b2:c4:83:70:4a:f1:39:1f:78:
                    0b:85:c5:9b:c9:3c:5c:41:30:67:ec:16:30:87:69:
                    c1:44:4a:06:c7:8d:c9:b7:f7:62:14:3e:dd:44:9f:
                    97:f3:5a:00:11:5b:6b:31:88:c2:26:27:ed:56:9c:
                    8b:56:18:65:f4:6a:1d:f0:6e:52:0d:67:bd:50:ec:
                    d6:0d:c0:3b:2d:af:a0:cd:18:3e:8f:0d:0a:c1:eb:
                    4e:ab:6c:73:a3:86:d4:d2:5a:b4:48:2f:08:0b:c3:
                    b1:46:72:d6:be:c6:c1:b0:da:05:45:d7:15:ab:ad:
                    bb:e5:89:44:0f:08:53:45:b5:0d:c3:d7:4b:56:f3:
                    1e:bc:87:9e:7f:4c:31:f2:9b:fb:8d:25:14:84:6d:
                    12:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:99:99:31:C0:88:B9:A1:5F:3D:F6:79:2F:20:C3:F8:3D:0B:A5:43
            X509v3 Authority Key Identifier:
                keyid:92:39:13:53:F6:E1:F5:02:50:4A:08:68:EB:F8:AD:0D:EB:C9:DA:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kjkTU_bh9QJQSgho6_itDevJ2ng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/227670-fe4d-4bd6-bf28-b2545b404eec/1/sZmZMcCIuaFfPfZ5LyDD-D0LpUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/227670-fe4d-4bd6-bf28-b2545b404eec/1/kjkTU_bh9QJQSgho6_itDevJ2ng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.32.0/19
                  185.239.192.0/22
                IPv6:
                  2a02:13c8::/32

    Signature Algorithm: sha256WithRSAEncryption
         85:cd:0c:60:16:e0:6d:e7:49:a3:4f:90:6e:4d:e1:4d:8e:d0:
         9e:30:10:0a:4f:ad:3b:9f:88:df:8e:83:4f:c3:56:8b:ce:0d:
         4d:57:e6:80:20:01:77:b1:19:3b:63:f6:c2:65:39:2b:04:61:
         0f:33:f5:6c:19:a4:55:b8:b7:95:64:87:35:eb:00:56:e6:a5:
         24:05:68:e7:0a:1e:f1:2c:e0:c5:82:9e:da:7b:d6:72:3c:d3:
         84:de:6d:de:75:4c:be:5d:13:9d:d0:bf:f8:4e:c7:47:60:ce:
         ba:09:d7:aa:a4:bc:54:a2:01:40:9e:03:09:98:a3:3c:7a:23:
         a7:dc:96:1c:48:d8:2b:f0:d3:04:76:a7:3f:a5:b9:b8:2a:26:
         52:c0:57:df:9f:94:54:86:44:45:69:4a:72:a2:c5:0c:d1:b7:
         0d:ea:65:cc:62:08:2d:aa:bd:15:08:73:f7:22:85:1e:27:04:
         1b:48:e9:26:49:ba:e1:22:ba:d3:8c:1e:e8:e4:58:88:5c:1d:
         a2:54:86:5f:eb:be:05:d8:2f:13:3c:23:1f:2a:48:cb:3d:ff:
         16:b9:04:4d:40:2f:02:5b:56:c0:76:bd:15:6d:33:fc:86:61:
         38:8e:f5:38:7e:38:5b:37:74:19:8c:cc:a4:f7:ad:b8:29:85:
         cb:a1:b6:f7
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEk04ywPv5Xh+UKaBXmCiyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMzkxMzUzZjZlMWY1MDI1MDRhMDg2OGViZjhhZDBkZWJj
OWRhNzgwHhcNMjQwMTAxMTAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTk5OTkzMWMwODhiOWExNWYzZGY2NzkyZjIwYzNmODNkMGJhNTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNj33heMxzx+UguBpRyYZbnRZX0V
ZMuXwss7Y3NZ02sAm0UeD9ceEASH5tFu+r1BfWi3Dp2kIdj53t+I1u3QKHCl5cCc
/ad6JySXWTK1bvSaPBDv1ew8Eyv6u5RB7IogaXDRtshYp8VBv+4ylFOyxINwSvE5
H3gLhcWbyTxcQTBn7BYwh2nBREoGx43Jt/diFD7dRJ+X81oAEVtrMYjCJiftVpyL
Vhhl9God8G5SDWe9UOzWDcA7La+gzRg+jw0KwetOq2xzo4bU0lq0SC8IC8OxRnLW
vsbBsNoFRdcVq6275YlEDwhTRbUNw9dLVvMevIeef0wx8pv7jSUUhG0SbQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLGZmTHAiLmhXz32eS8gw/g9C6VDMB8GA1UdIwQY
MBaAFJI5E1P24fUCUEoIaOv4rQ3rydp4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2prVFVfYmg5UUpRU2dobzZfaXREZXZKMm5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8yMjc2NzAtZmU0ZC00YmQ2LWJmMjgt
YjI1NDViNDA0ZWVjLzEvc1ptWk1jQ0l1YUZmUGZaNUx5REQtRDBMcFVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8yMjc2NzAtZmU0ZC00YmQ2LWJmMjgtYjI1NDViNDA0ZWVj
LzEva2prVFVfYmg5UUpRU2dobzZfaXREZXZKMm5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFWWogAwQC
ue/AMA0EAgACMAcDBQAqAhPIMA0GCSqGSIb3DQEBCwUAA4IBAQCFzQxgFuBt50mj
T5BuTeFNjtCeMBAKT607n4jfjoNPw1aLzg1NV+aAIAF3sRk7Y/bCZTkrBGEPM/Vs
GaRVuLeVZIc16wBW5qUkBWjnCh7xLODFgp7ae9ZyPNOE3m3edUy+XROd0L/4TsdH
YM66CdeqpLxUogFAngMJmKM8eiOn3JYcSNgr8NMEdqc/pbm4KiZSwFffn5RUhkRF
aUpyosUM0bcN6mXMYggtqr0VCHP3IoUeJwQbSOkmSbrhIrrTjB7o5FiIXB2iVIZf
674F2C8TPCMfKkjLPf8WuQRNQC8CW1bAdr0VbTP8hmE4jvU4fjhbN3QZjMyk9624
KYXLobb3
-----END CERTIFICATE-----