Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/nzd75-pS9MC991OTVr3vTr4WJiU.roa
File:                     nzd75-pS9MC991OTVr3vTr4WJiU.roa (raw, json)
Hash identifier:          VHjOeCvxloN6LRgchb79KbYJem8TBjQHkqGfd8VbQf4=
Subject key identifier:   9F:37:7B:E7:EA:52:F4:C0:BD:F7:53:93:56:BD:EF:4E:BE:16:26:25
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018CC5DC968FBC9BC8B55F822F81C3C23C0E
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/nzd75-pS9MC991OTVr3vTr4WJiU.roa
Signing time:             Mon 01 Jan 2024 16:30:17 +0000
ROA not before:           Mon 01 Jan 2024 16:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6830
IP address blocks:        5.178.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:96:8f:bc:9b:c8:b5:5f:82:2f:81:c3:c2:3c:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 16:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f377be7ea52f4c0bdf7539356bdef4ebe162625
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f2:97:41:51:54:9b:c6:b9:10:88:c5:f1:9c:
                    11:ee:64:90:bb:fa:f3:bb:48:22:da:f3:19:d5:fd:
                    a1:83:92:48:12:e1:84:5c:6f:4b:d6:8b:5c:fb:45:
                    c1:ee:97:ca:4f:5d:ef:a2:43:ca:56:9e:fa:cf:71:
                    ad:91:fe:ae:e9:88:3e:12:ed:c7:41:08:f2:dc:24:
                    22:79:05:6f:a6:34:56:c3:8a:1b:87:2b:76:e5:1c:
                    df:c7:b3:39:52:0d:a3:3a:5d:56:6d:b1:98:89:a3:
                    f6:f8:f0:3c:7b:d2:32:c4:65:af:80:68:c6:a9:b1:
                    29:07:a3:fe:bf:a7:b2:dc:cc:d2:fd:03:70:b2:1f:
                    15:05:dd:33:82:50:8d:8c:75:ce:77:be:80:69:b6:
                    bd:bf:c0:5e:90:94:66:f4:d0:b3:35:b3:e2:14:e1:
                    42:e5:84:f0:99:20:60:30:a5:2c:0e:8b:ea:66:cd:
                    70:08:ef:32:b3:95:29:ec:cd:85:bc:e0:72:c2:f8:
                    ce:89:06:b1:ab:f9:c0:19:48:af:45:6e:19:ed:6b:
                    67:0e:7f:ab:60:b0:cd:8d:ce:25:a6:85:08:c5:48:
                    81:27:b2:db:f0:73:fe:8d:37:e3:5f:0e:57:39:a7:
                    cc:9e:05:c8:b6:e4:46:d2:d2:99:3a:14:68:ae:84:
                    be:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:37:7B:E7:EA:52:F4:C0:BD:F7:53:93:56:BD:EF:4E:BE:16:26:25
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/nzd75-pS9MC991OTVr3vTr4WJiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:f3:2c:8d:46:22:6f:5b:83:c7:e3:9e:0e:fe:91:16:e5:74:
         23:81:b3:7e:ce:e3:92:c2:b8:94:ba:bf:7a:93:91:3a:f5:5a:
         52:50:7f:6c:94:92:d4:33:8c:cd:59:b0:32:93:58:1a:b1:38:
         ff:79:63:3b:75:7d:9d:28:8a:c6:b0:00:b2:92:e5:76:d8:5a:
         1b:6a:bc:d1:eb:ed:5e:e2:30:2a:74:73:7d:5c:0b:1c:f5:70:
         ac:8b:b1:69:c1:a2:90:18:b9:6b:26:44:4d:55:a2:fd:dd:51:
         8e:3a:d0:82:19:a1:06:cb:c0:bf:5d:a6:b8:be:37:c3:9c:dc:
         7e:75:24:d9:80:a5:15:c3:02:0a:a6:05:a9:51:d4:46:bf:1b:
         60:cb:d8:2c:5c:6d:2b:da:8a:0c:c4:6b:cb:9e:15:48:97:7f:
         06:4e:9f:3b:1d:b3:b3:8a:5a:90:f7:6f:3d:50:3f:2c:81:eb:
         4c:fe:de:5e:7d:70:7f:ad:98:39:d1:1d:85:67:ff:d7:5e:5c:
         81:f5:4c:c7:27:85:db:0a:7d:3d:ce:3f:ca:9c:5d:12:32:ea:
         50:6a:53:b2:93:75:aa:a8:e9:e9:b1:67:d3:55:13:b4:79:01:
         41:99:03:88:ea:02:96:17:06:7b:46:bc:6b:61:08:22:90:8d:
         bf:d1:54:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3JaPvJvItV+CL4HDwjwOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwMTAxMTYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjM3N2JlN2VhNTJmNGMwYmRmNzUzOTM1NmJkZWY0ZWJlMTYyNjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPKXQVFUm8a5EIjF8ZwR7mSQu/rz
u0gi2vMZ1f2hg5JIEuGEXG9L1otc+0XB7pfKT13vokPKVp76z3Gtkf6u6Yg+Eu3H
QQjy3CQieQVvpjRWw4obhyt25Rzfx7M5Ug2jOl1WbbGYiaP2+PA8e9IyxGWvgGjG
qbEpB6P+v6ey3MzS/QNwsh8VBd0zglCNjHXOd76Aaba9v8BekJRm9NCzNbPiFOFC
5YTwmSBgMKUsDovqZs1wCO8ys5Up7M2FvOBywvjOiQaxq/nAGUivRW4Z7WtnDn+r
YLDNjc4lpoUIxUiBJ7Lb8HP+jTfjXw5XOafMngXItuRG0tKZOhRoroS+gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ83e+fqUvTAvfdTk1a9706+FiYlMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvbnpkNzUtcFM5TUM5OTFPVFZyM3ZUcjRXSmlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbIEMA0G
CSqGSIb3DQEBCwUAA4IBAQCW8yyNRiJvW4PH454O/pEW5XQjgbN+zuOSwriUur96
k5E69VpSUH9slJLUM4zNWbAyk1gasTj/eWM7dX2dKIrGsACykuV22FobarzR6+1e
4jAqdHN9XAsc9XCsi7FpwaKQGLlrJkRNVaL93VGOOtCCGaEGy8C/Xaa4vjfDnNx+
dSTZgKUVwwIKpgWpUdRGvxtgy9gsXG0r2ooMxGvLnhVIl38GTp87HbOzilqQ9289
UD8sgetM/t5efXB/rZg50R2FZ//XXlyB9UzHJ4XbCn09zj/KnF0SMupQalOyk3Wq
qOnpsWfTVRO0eQFBmQOI6gKWFwZ7RrxrYQgikI2/0VQH
-----END CERTIFICATE-----