Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/f66b6b-cdde-40cb-a182-c5229863aeba/1/zWs1wQTbd6R2i4jnSpzR9aFPNqQ.roa
File:                     zWs1wQTbd6R2i4jnSpzR9aFPNqQ.roa (raw, json)
Hash identifier:          2GmSZmLliAZkMjeWqh/KgmOVb/kWYi6Jjzdh/qP+ldI=
Subject key identifier:   CD:6B:35:C1:04:DB:77:A4:76:8B:88:E7:4A:9C:D1:F5:A1:4F:36:A4
Certificate issuer:       /CN=bb2b48f64358011c7842d3cec5cb2d47068b836d
Certificate serial:       018DC057471315088FDE044347957CC85537
Authority key identifier: BB:2B:48:F6:43:58:01:1C:78:42:D3:CE:C5:CB:2D:47:06:8B:83:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uytI9kNYARx4QtPOxcstRwaLg20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/f66b6b-cdde-40cb-a182-c5229863aeba/1/zWs1wQTbd6R2i4jnSpzR9aFPNqQ.roa
Signing time:             Mon 19 Feb 2024 07:49:21 +0000
ROA not before:           Mon 19 Feb 2024 07:49:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215484
IP address blocks:        188.128.128.0/22 maxlen: 24
                          2a02:25af:dead::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/f66b6b-cdde-40cb-a182-c5229863aeba/1/uytI9kNYARx4QtPOxcstRwaLg20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/f66b6b-cdde-40cb-a182-c5229863aeba/1/uytI9kNYARx4QtPOxcstRwaLg20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uytI9kNYARx4QtPOxcstRwaLg20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c0:57:47:13:15:08:8f:de:04:43:47:95:7c:c8:55:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb2b48f64358011c7842d3cec5cb2d47068b836d
        Validity
            Not Before: Feb 19 07:49:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd6b35c104db77a4768b88e74a9cd1f5a14f36a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:46:84:cf:f2:ce:f2:b1:f7:9e:d8:42:1d:3f:
                    68:78:4e:0c:fe:ca:a1:75:6f:a2:cc:40:13:07:65:
                    96:5d:bf:44:f8:be:5a:a1:60:e0:f9:63:8d:53:24:
                    fb:9c:3d:82:9a:64:34:a2:39:71:e2:a4:5a:9a:2c:
                    11:85:7a:80:2b:f7:55:c7:e2:9c:e5:f0:b3:92:98:
                    cf:62:f5:58:91:2e:2c:aa:b4:9e:55:a2:f6:64:7a:
                    44:4f:d4:9d:bb:c0:f8:22:25:f0:f5:e8:2a:cf:32:
                    ad:e1:fe:0d:61:d4:60:e7:59:f0:3d:fc:d8:82:1f:
                    a3:b8:ba:c0:68:28:ce:7a:79:54:30:99:83:12:af:
                    18:42:6a:ce:68:76:c5:81:b3:a3:93:fa:ef:8b:5e:
                    c9:a8:03:dd:8a:dd:9c:a8:d8:f1:5b:1e:40:f8:89:
                    40:78:79:0f:c3:7e:4c:9e:e0:db:77:4a:5b:b3:d9:
                    4b:8b:bb:99:84:ab:ee:65:e5:9f:e5:c5:bb:a2:6a:
                    db:78:aa:47:62:5b:70:e9:c9:ed:3f:ba:d1:b3:7e:
                    54:61:b1:89:20:87:15:b8:30:04:99:fa:e4:6d:fc:
                    ce:70:67:b0:37:50:3f:b8:55:7b:b1:d4:0e:82:e2:
                    15:3a:c8:a3:6c:79:fc:43:54:63:41:4b:33:3a:73:
                    bf:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:6B:35:C1:04:DB:77:A4:76:8B:88:E7:4A:9C:D1:F5:A1:4F:36:A4
            X509v3 Authority Key Identifier:
                keyid:BB:2B:48:F6:43:58:01:1C:78:42:D3:CE:C5:CB:2D:47:06:8B:83:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uytI9kNYARx4QtPOxcstRwaLg20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/f66b6b-cdde-40cb-a182-c5229863aeba/1/zWs1wQTbd6R2i4jnSpzR9aFPNqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/f66b6b-cdde-40cb-a182-c5229863aeba/1/uytI9kNYARx4QtPOxcstRwaLg20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.128.128.0/22
                IPv6:
                  2a02:25af:dead::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:8a:2c:bb:76:18:94:19:8c:d6:0b:20:a3:fe:95:65:9e:f4:
         55:2a:cd:1e:c3:4e:74:1c:b8:76:38:86:ec:88:8f:b8:d8:43:
         6f:d4:00:40:3c:97:e2:03:43:bf:64:42:d8:94:98:ef:b8:10:
         6e:02:f7:52:80:2e:37:e0:7c:84:e3:c6:02:ca:38:a6:d6:a1:
         36:6b:bd:12:43:40:12:52:ac:99:43:a1:92:d5:c0:3f:0b:48:
         f3:a1:ff:c1:51:23:11:b8:ce:d5:42:00:3a:5b:75:3c:8b:b9:
         c5:a2:d1:ff:55:82:eb:0e:c7:63:6c:22:82:34:d5:ee:93:bf:
         67:91:c1:a2:00:24:04:9f:c2:b7:54:10:90:6f:c0:d0:46:02:
         3e:65:a4:43:7c:f5:e7:92:a4:82:a9:23:0d:7d:2f:25:ba:bf:
         78:9b:34:5b:d3:3f:43:50:96:4a:c7:0c:a0:7a:04:31:b2:8e:
         64:a2:28:b2:37:a8:be:8c:62:4c:21:0b:a6:5f:6e:04:d1:fb:
         03:de:7c:31:3c:8b:fe:64:e3:c8:cf:c8:b2:88:e4:ea:3d:6b:
         86:05:3b:d5:19:b0:bc:9b:63:a5:08:4b:b6:e0:36:d8:6f:d7:
         75:55:ff:23:f0:01:79:1e:d2:6c:af:fb:e4:e0:f9:62:6e:fa:
         e4:6a:6b:af
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY3AV0cTFQiP3gRDR5V8yFU3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiMmI0OGY2NDM1ODAxMWM3ODQyZDNjZWM1Y2IyZDQ3MDY4
YjgzNmQwHhcNMjQwMjE5MDc0OTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDZiMzVjMTA0ZGI3N2E0NzY4Yjg4ZTc0YTljZDFmNWExNGYzNmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0aEz/LO8rH3nthCHT9oeE4M/sqh
dW+izEATB2WWXb9E+L5aoWDg+WONUyT7nD2CmmQ0ojlx4qRamiwRhXqAK/dVx+Kc
5fCzkpjPYvVYkS4sqrSeVaL2ZHpET9Sdu8D4IiXw9egqzzKt4f4NYdRg51nwPfzY
gh+juLrAaCjOenlUMJmDEq8YQmrOaHbFgbOjk/rvi17JqAPdit2cqNjxWx5A+IlA
eHkPw35MnuDbd0pbs9lLi7uZhKvuZeWf5cW7omrbeKpHYltw6cntP7rRs35UYbGJ
IIcVuDAEmfrkbfzOcGewN1A/uFV7sdQOguIVOsijbHn8Q1RjQUszOnO/0QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFM1rNcEE23ekdouI50qc0fWhTzakMB8GA1UdIwQY
MBaAFLsrSPZDWAEceELTzsXLLUcGi4NtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXl0STlrTllBUng0UXRQT3hjc3RSd2FMZzIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9mNjZiNmItY2RkZS00MGNiLWExODIt
YzUyMjk4NjNhZWJhLzEveldzMXdRVGJkNlIyaTRqblNwelI5YUZQTnFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9mNjZiNmItY2RkZS00MGNiLWExODItYzUyMjk4NjNhZWJh
LzEvdXl0STlrTllBUng0UXRQT3hjc3RSd2FMZzIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCvICAMA8E
AgACMAkDBwAqAiWv3q0wDQYJKoZIhvcNAQELBQADggEBAFyKLLt2GJQZjNYLIKP+
lWWe9FUqzR7DTnQcuHY4huyIj7jYQ2/UAEA8l+IDQ79kQtiUmO+4EG4C91KALjfg
fITjxgLKOKbWoTZrvRJDQBJSrJlDoZLVwD8LSPOh/8FRIxG4ztVCADpbdTyLucWi
0f9VgusOx2NsIoI01e6Tv2eRwaIAJASfwrdUEJBvwNBGAj5lpEN89eeSpIKpIw19
LyW6v3ibNFvTP0NQlkrHDKB6BDGyjmSiKLI3qL6MYkwhC6ZfbgTR+wPefDE8i/5k
48jPyLKI5Oo9a4YFO9UZsLybY6UIS7bgNthv13VV/yPwAXke0myv++Tg+WJu+uRq
a68=
-----END CERTIFICATE-----