Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/Z3PKI6uowBd9a8R3TsVc8TvnToQ.roa
File:                     Z3PKI6uowBd9a8R3TsVc8TvnToQ.roa (raw, json)
Hash identifier:          frZJ5IL/Q/Mi93pMmupOWdGQA4dsQQQWBC9wvWqavVs=
Subject key identifier:   67:73:CA:23:AB:A8:C0:17:7D:6B:C4:77:4E:C5:5C:F1:3B:E7:4E:84
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       018F4FB3263B8D3F937F738D869C0B550D79
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/Z3PKI6uowBd9a8R3TsVc8TvnToQ.roa
Signing time:             Mon 06 May 2024 20:58:11 +0000
ROA not before:           Mon 06 May 2024 20:58:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213220
IP address blocks:        194.31.72.0/24 maxlen: 24
                          2a0c:5c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4f:b3:26:3b:8d:3f:93:7f:73:8d:86:9c:0b:55:0d:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: May  6 20:58:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6773ca23aba8c0177d6bc4774ec55cf13be74e84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:9f:88:02:a9:49:8f:7c:6a:7a:cc:ed:e9:c3:
                    a3:e3:4e:8d:4c:d6:13:96:56:a1:65:73:6b:0c:d2:
                    80:e3:a7:f0:41:48:e6:4e:16:09:e4:4b:9f:00:97:
                    95:86:2a:2f:7a:46:3e:6d:97:4e:e4:59:70:7a:2b:
                    f2:7d:40:ad:83:fb:95:df:8a:de:91:2f:52:4c:04:
                    5e:84:22:a1:de:7b:0e:60:71:9f:ce:03:85:26:4c:
                    34:9b:52:56:a4:03:f3:60:11:46:30:69:3e:5c:16:
                    a9:1c:9d:b8:1a:6a:97:56:47:f7:f6:23:7a:d3:5f:
                    2a:30:59:be:54:f7:c6:00:e9:08:86:96:41:f6:3c:
                    f1:a5:59:9e:64:00:b1:77:96:3b:bf:d7:bb:d3:a8:
                    a9:0e:4a:ac:d5:e0:a3:d3:06:c9:82:51:18:4d:96:
                    6b:6d:bf:22:45:81:36:fa:e2:17:ff:48:b1:9d:31:
                    02:47:94:4d:0c:4f:3b:53:df:b7:01:a6:ae:6a:06:
                    4f:6a:87:fb:0b:15:7b:36:28:c4:b8:45:e2:0e:f1:
                    cb:d6:2f:34:e6:36:26:c6:e1:67:0b:a1:f7:4b:ca:
                    1b:07:e4:33:77:00:f0:a4:92:d6:fb:11:40:9e:3f:
                    57:05:01:c2:6d:6e:54:e0:74:d4:99:08:29:07:51:
                    15:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:73:CA:23:AB:A8:C0:17:7D:6B:C4:77:4E:C5:5C:F1:3B:E7:4E:84
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/Z3PKI6uowBd9a8R3TsVc8TvnToQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.72.0/24
                IPv6:
                  2a0c:5c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0c:04:b4:2b:4a:d7:93:26:26:e7:0e:99:c1:f1:6b:fd:8b:86:
         4e:3d:1d:50:d4:17:ab:35:6c:a1:4c:4c:22:37:bc:4b:84:49:
         56:09:e8:15:21:05:b1:3d:b5:db:2b:f9:97:6d:d5:c6:0f:cc:
         de:de:7e:05:3c:ee:58:46:40:a7:98:0b:49:92:2c:e1:e9:fb:
         57:ae:03:da:25:e2:8f:2f:1f:ec:bd:40:4b:8e:15:70:fd:e0:
         e7:db:8c:8b:6e:66:b6:ab:44:65:b6:6e:dd:28:2b:8d:d8:93:
         32:7b:54:08:5c:c8:65:10:c2:81:5c:ad:16:fa:62:86:48:c0:
         45:22:6a:d6:76:dd:38:8d:d2:ff:99:ef:b0:e4:b9:5a:e4:c6:
         b2:23:77:82:77:2f:00:af:36:70:76:a7:45:04:d3:ff:a2:c7:
         86:34:1c:4e:4d:b3:56:62:16:c4:35:2d:65:0f:b8:bc:46:44:
         b8:25:08:15:41:46:b4:60:43:f5:a1:e3:85:cb:02:5a:89:a3:
         51:ca:94:e1:6c:23:ff:88:e6:dd:d5:d9:3b:60:19:0d:9a:c5:
         4e:46:58:90:be:6f:60:c4:37:5b:5f:fa:48:19:25:27:8a:82:
         68:a5:c1:3b:5f:43:e3:6f:05:22:26:e6:f8:b4:74:42:66:36:
         0a:dd:c1:36
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY9PsyY7jT+Tf3ONhpwLVQ15MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjQwNTA2MjA1ODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzczY2EyM2FiYThjMDE3N2Q2YmM0Nzc0ZWM1NWNmMTNiZTc0ZTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1J+IAqlJj3xqeszt6cOj406NTNYT
llahZXNrDNKA46fwQUjmThYJ5EufAJeVhiovekY+bZdO5FlweivyfUCtg/uV34re
kS9STARehCKh3nsOYHGfzgOFJkw0m1JWpAPzYBFGMGk+XBapHJ24GmqXVkf39iN6
018qMFm+VPfGAOkIhpZB9jzxpVmeZACxd5Y7v9e706ipDkqs1eCj0wbJglEYTZZr
bb8iRYE2+uIX/0ixnTECR5RNDE87U9+3AaauagZPaof7CxV7NijEuEXiDvHL1i80
5jYmxuFnC6H3S8obB+QzdwDwpJLW+xFAnj9XBQHCbW5U4HTUmQgpB1EVCwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGdzyiOrqMAXfWvEd07FXPE7506EMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvWjNQS0k2dW93QmQ5YThSM1RzVmM4VHZuVG9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwh9IMA0E
AgACMAcDBQMqDAXAMA0GCSqGSIb3DQEBCwUAA4IBAQAMBLQrSteTJibnDpnB8Wv9
i4ZOPR1Q1BerNWyhTEwiN7xLhElWCegVIQWxPbXbK/mXbdXGD8ze3n4FPO5YRkCn
mAtJkizh6ftXrgPaJeKPLx/svUBLjhVw/eDn24yLbma2q0Rltm7dKCuN2JMye1QI
XMhlEMKBXK0W+mKGSMBFImrWdt04jdL/me+w5Lla5MayI3eCdy8ArzZwdqdFBNP/
oseGNBxOTbNWYhbENS1lD7i8RkS4JQgVQUa0YEP1oeOFywJaiaNRypThbCP/iObd
1dk7YBkNmsVORliQvm9gxDdbX/pIGSUnioJopcE7X0PjbwUiJub4tHRCZjYK3cE2
-----END CERTIFICATE-----