Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ZC089-t1OsXy6_xB9kNC_Q9cSQA.roa
File:                     ZC089-t1OsXy6_xB9kNC_Q9cSQA.roa (raw, json)
Hash identifier:          cCDSZAzCOsmACqoHFg30WYnjU+FYSMU7OYG7Sk6Hgsk=
Subject key identifier:   64:2D:3C:F7:EB:75:3A:C5:F2:EB:FC:41:F6:43:42:FD:0F:5C:49:00
Certificate issuer:       /CN=11125404c6dd472f1001ed9ffdf726762ac7701d
Certificate serial:       019423D7811C89BA4CDF559A1C48E0890420
Authority key identifier: 11:12:54:04:C6:DD:47:2F:10:01:ED:9F:FD:F7:26:76:2A:C7:70:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ERJUBMbdRy8QAe2f_fcmdirHcB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ZC089-t1OsXy6_xB9kNC_Q9cSQA.roa
Signing time:             Wed 01 Jan 2025 21:48:33 +0000
ROA not before:           Wed 01 Jan 2025 21:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215780
IP address blocks:        92.242.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ERJUBMbdRy8QAe2f_fcmdirHcB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ERJUBMbdRy8QAe2f_fcmdirHcB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ERJUBMbdRy8QAe2f_fcmdirHcB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:81:1c:89:ba:4c:df:55:9a:1c:48:e0:89:04:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11125404c6dd472f1001ed9ffdf726762ac7701d
        Validity
            Not Before: Jan  1 21:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=642d3cf7eb753ac5f2ebfc41f64342fd0f5c4900
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c5:b3:25:ce:c4:99:d2:86:0b:8d:d2:2d:c6:
                    29:cc:f2:95:d8:71:65:e4:cb:d4:17:49:31:ac:5c:
                    97:5f:d9:8e:c6:fd:df:24:75:07:a3:87:c9:30:7c:
                    e9:27:83:8f:38:f2:6c:ec:d5:d1:5e:12:62:b3:37:
                    c1:8e:72:2a:93:eb:46:e2:59:51:31:ca:d5:29:4a:
                    be:56:a5:65:ef:e0:bc:39:c3:67:35:54:fc:3c:c8:
                    42:73:3c:cc:02:50:c8:50:25:09:03:6e:9d:ae:70:
                    d2:db:17:f6:7b:01:5c:5b:ff:a4:de:a1:86:4a:a5:
                    ce:bc:63:35:d1:9d:e7:b5:8c:66:02:4a:c9:6d:17:
                    3a:e9:5e:d2:f2:70:d8:5d:ed:63:0a:cd:ea:18:b7:
                    ff:9c:63:ab:99:7c:69:77:ee:bf:5f:1b:d4:1d:a8:
                    28:ef:a3:84:5e:97:fe:35:d6:52:7a:7a:52:31:8b:
                    da:32:97:73:95:44:9b:3b:17:47:31:eb:d3:f4:31:
                    d4:3b:e9:24:43:93:6f:92:f7:20:55:52:b1:90:4c:
                    46:18:94:1b:06:ea:34:8a:3e:93:6b:68:9a:91:fb:
                    ac:7b:e0:1b:6c:e0:3c:19:2a:d6:7a:af:7a:65:92:
                    af:f7:64:0b:a8:27:d7:28:56:d3:c0:2e:90:5b:34:
                    2d:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:2D:3C:F7:EB:75:3A:C5:F2:EB:FC:41:F6:43:42:FD:0F:5C:49:00
            X509v3 Authority Key Identifier:
                keyid:11:12:54:04:C6:DD:47:2F:10:01:ED:9F:FD:F7:26:76:2A:C7:70:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ERJUBMbdRy8QAe2f_fcmdirHcB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ZC089-t1OsXy6_xB9kNC_Q9cSQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/cf9cd6-e717-4dda-82ef-6dfe0f7d53bd/1/ERJUBMbdRy8QAe2f_fcmdirHcB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.242.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:45:36:88:e6:8c:a1:f8:68:f2:f8:39:fd:3d:58:66:25:e5:
         bf:f8:05:5a:a7:ef:c7:be:e0:75:db:42:74:7b:59:af:19:50:
         bf:2c:ea:c9:75:3f:06:79:cd:06:bc:21:ab:3a:4a:62:39:6d:
         3b:56:b4:57:d8:5c:dc:f5:aa:46:24:fe:31:86:ad:44:ac:4c:
         a7:f3:8a:a8:68:8f:85:8c:19:af:f1:9c:07:18:d6:4e:b0:82:
         db:f3:93:49:4b:42:15:be:6d:89:96:07:00:d3:06:f9:50:fc:
         8d:2f:fd:5c:7f:ce:5c:6a:a2:29:25:0b:2a:52:86:d2:97:b6:
         01:ec:d5:70:bb:a4:c0:4d:a1:1d:e1:1a:36:c0:4a:24:0d:a0:
         b6:3d:87:66:6d:27:c4:8d:72:9a:81:0b:25:46:67:26:b7:1d:
         eb:e7:09:74:08:77:72:3d:9a:00:5a:04:e6:f0:1f:bd:07:6d:
         9b:d0:e7:86:36:45:18:b1:c0:48:40:4b:f2:90:6e:64:70:a9:
         2a:77:a7:4c:d9:75:82:72:6b:66:e4:eb:4a:fd:7a:73:34:dd:
         d2:6e:5d:00:e4:5e:a2:bc:80:9d:60:d8:d4:4f:94:30:11:a5:
         17:9d:19:ad:22:15:cb:4e:00:12:a0:93:83:88:0e:07:1b:50:
         41:c9:8d:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj14EcibpM31WaHEjgiQQgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMTI1NDA0YzZkZDQ3MmYxMDAxZWQ5ZmZkZjcyNjc2MmFj
NzcwMWQwHhcNMjUwMTAxMjE0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDJkM2NmN2ViNzUzYWM1ZjJlYmZjNDFmNjQzNDJmZDBmNWM0OTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsWzJc7EmdKGC43SLcYpzPKV2HFl
5MvUF0kxrFyXX9mOxv3fJHUHo4fJMHzpJ4OPOPJs7NXRXhJiszfBjnIqk+tG4llR
McrVKUq+VqVl7+C8OcNnNVT8PMhCczzMAlDIUCUJA26drnDS2xf2ewFcW/+k3qGG
SqXOvGM10Z3ntYxmAkrJbRc66V7S8nDYXe1jCs3qGLf/nGOrmXxpd+6/XxvUHago
76OEXpf+NdZSenpSMYvaMpdzlUSbOxdHMevT9DHUO+kkQ5NvkvcgVVKxkExGGJQb
Buo0ij6Ta2iakfuse+AbbOA8GSrWeq96ZZKv92QLqCfXKFbTwC6QWzQtnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQtPPfrdTrF8uv8QfZDQv0PXEkAMB8GA1UdIwQY
MBaAFBESVATG3UcvEAHtn/33JnYqx3AdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVJKVUJNYmRSeThRQWUyZl9mY21kaXJIY0IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jZjljZDYtZTcxNy00ZGRhLTgyZWYt
NmRmZTBmN2Q1M2JkLzEvWkMwODktdDFPc1h5Nl94QjlrTkNfUTljU1FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jZjljZDYtZTcxNy00ZGRhLTgyZWYtNmRmZTBmN2Q1M2Jk
LzEvRVJKVUJNYmRSeThRQWUyZl9mY21kaXJIY0IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXPKkMA0G
CSqGSIb3DQEBCwUAA4IBAQBFRTaI5oyh+Gjy+Dn9PVhmJeW/+AVap+/HvuB120J0
e1mvGVC/LOrJdT8Gec0GvCGrOkpiOW07VrRX2Fzc9apGJP4xhq1ErEyn84qoaI+F
jBmv8ZwHGNZOsILb85NJS0IVvm2JlgcA0wb5UPyNL/1cf85caqIpJQsqUobSl7YB
7NVwu6TATaEd4Ro2wEokDaC2PYdmbSfEjXKagQslRmcmtx3r5wl0CHdyPZoAWgTm
8B+9B22b0OeGNkUYscBIQEvykG5kcKkqd6dM2XWCcmtm5OtK/XpzNN3Sbl0A5F6i
vICdYNjUT5QwEaUXnRmtIhXLTgASoJODiA4HG1BByY1u
-----END CERTIFICATE-----