Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/5cfc47-2210-4739-a964-cef01362c4a8/1/zateVzh1zBRiX9I7-2sJJP-ixaw.roa
File:                     zateVzh1zBRiX9I7-2sJJP-ixaw.roa (raw, json)
Hash identifier:          D1z2ejbCilyyxDKWxlKERJpO4jG2GVN94SZIYtniJO4=
Subject key identifier:   CD:AB:5E:57:38:75:CC:14:62:5F:D2:3B:FB:6B:09:24:FF:A2:C5:AC
Certificate issuer:       /CN=87ae0af282dd4e9bc1b82194aed3b19693d87298
Certificate serial:       018CC5DC49FB608F209BFB92F9202B8BD1E7
Authority key identifier: 87:AE:0A:F2:82:DD:4E:9B:C1:B8:21:94:AE:D3:B1:96:93:D8:72:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h64K8oLdTpvBuCGUrtOxlpPYcpg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/5cfc47-2210-4739-a964-cef01362c4a8/1/zateVzh1zBRiX9I7-2sJJP-ixaw.roa
Signing time:             Mon 01 Jan 2024 16:29:57 +0000
ROA not before:           Mon 01 Jan 2024 16:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        78.108.124.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/5cfc47-2210-4739-a964-cef01362c4a8/1/h64K8oLdTpvBuCGUrtOxlpPYcpg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/5cfc47-2210-4739-a964-cef01362c4a8/1/h64K8oLdTpvBuCGUrtOxlpPYcpg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h64K8oLdTpvBuCGUrtOxlpPYcpg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 19:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:49:fb:60:8f:20:9b:fb:92:f9:20:2b:8b:d1:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87ae0af282dd4e9bc1b82194aed3b19693d87298
        Validity
            Not Before: Jan  1 16:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cdab5e573875cc14625fd23bfb6b0924ffa2c5ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:cf:47:7e:e4:e9:dd:0e:df:b1:a7:8c:22:37:
                    b1:ee:a1:58:06:6b:68:72:95:2a:1a:fc:85:6f:05:
                    bc:10:4b:61:b6:d3:3c:df:02:31:c9:a7:2c:92:e9:
                    1a:08:19:3b:53:86:66:6e:44:72:4c:6f:b6:be:2c:
                    a6:6f:7b:e3:c2:35:59:0f:af:0b:74:af:74:03:10:
                    15:1a:0f:a7:e3:51:4c:52:1e:0a:95:d7:21:b1:c8:
                    cc:19:ab:c6:c7:1a:12:49:c5:9a:1a:d6:4f:7f:30:
                    07:46:54:d9:48:a7:d0:36:2d:b2:22:11:2a:69:d3:
                    28:6b:da:57:75:62:de:a6:58:9f:7c:c3:64:6b:a2:
                    ad:e4:7d:04:e6:52:4e:db:3a:ec:2f:bf:9d:9e:41:
                    45:ca:c9:cf:c0:a2:b6:18:e6:49:c7:48:9e:90:c3:
                    fb:3d:3e:fa:be:19:e3:5a:a6:d9:6f:19:26:49:4f:
                    4d:98:26:ac:8c:00:77:ee:bb:34:c3:de:64:de:35:
                    c4:ce:f2:a3:d5:5a:08:51:2f:db:28:04:0f:44:a5:
                    da:e0:c0:ae:63:9a:0d:a4:c9:1d:fd:3a:96:57:a1:
                    ce:d4:72:2f:ac:fc:18:a6:a4:9c:3e:cf:2a:d2:74:
                    88:82:7b:53:44:8c:a9:fe:59:7a:25:b5:81:ed:4f:
                    4e:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:AB:5E:57:38:75:CC:14:62:5F:D2:3B:FB:6B:09:24:FF:A2:C5:AC
            X509v3 Authority Key Identifier:
                keyid:87:AE:0A:F2:82:DD:4E:9B:C1:B8:21:94:AE:D3:B1:96:93:D8:72:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h64K8oLdTpvBuCGUrtOxlpPYcpg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/5cfc47-2210-4739-a964-cef01362c4a8/1/zateVzh1zBRiX9I7-2sJJP-ixaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/5cfc47-2210-4739-a964-cef01362c4a8/1/h64K8oLdTpvBuCGUrtOxlpPYcpg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:73:44:fb:69:93:e4:66:1b:57:94:40:08:94:d2:c8:a1:c5:
         4a:37:57:df:c9:0e:56:0d:b2:b0:8b:b4:24:9d:06:a6:c1:de:
         2f:ac:8d:db:e5:e1:bc:98:c6:3c:2f:63:f3:15:c7:33:a8:bd:
         a4:0b:51:78:31:07:2e:14:77:70:61:30:a1:b3:aa:d1:fc:1f:
         28:e8:6f:3c:a7:82:8c:58:e6:e8:87:ae:0e:b7:a3:0d:7f:14:
         d4:d4:3e:71:cc:35:3c:d1:ff:3d:fd:c8:cd:2c:f3:9d:6d:d9:
         3c:29:3c:5e:10:e6:de:75:7c:c7:d8:01:19:59:bf:87:4c:51:
         c8:4f:79:84:af:d6:97:b7:21:30:84:02:85:8b:0f:1b:95:a4:
         b2:8d:61:3d:39:ee:b7:bd:e7:47:d4:9e:b8:6c:de:00:3b:98:
         82:5b:9d:64:86:84:3e:29:6a:fd:33:4c:b1:81:d1:69:a3:51:
         a4:88:61:50:e6:a3:4c:24:db:cc:dd:ca:b5:15:8f:e5:c3:69:
         e9:76:fc:91:79:0f:66:81:01:ff:da:86:25:d6:d8:a3:85:d2:
         f8:f5:6b:d5:61:1b:e3:99:9d:98:95:7b:9b:29:a3:54:7b:9e:
         6d:b6:3f:e5:1d:0a:5f:28:9a:94:56:cc:29:e8:e7:62:cb:20:
         93:3e:5f:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3En7YI8gm/uS+SAri9HnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3YWUwYWYyODJkZDRlOWJjMWI4MjE5NGFlZDNiMTk2OTNk
ODcyOTgwHhcNMjQwMTAxMTYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGFiNWU1NzM4NzVjYzE0NjI1ZmQyM2JmYjZiMDkyNGZmYTJjNWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp89HfuTp3Q7fsaeMIjex7qFYBmto
cpUqGvyFbwW8EEthttM83wIxyacskukaCBk7U4ZmbkRyTG+2viymb3vjwjVZD68L
dK90AxAVGg+n41FMUh4KldchscjMGavGxxoSScWaGtZPfzAHRlTZSKfQNi2yIhEq
adMoa9pXdWLepliffMNka6Kt5H0E5lJO2zrsL7+dnkFFysnPwKK2GOZJx0iekMP7
PT76vhnjWqbZbxkmSU9NmCasjAB37rs0w95k3jXEzvKj1VoIUS/bKAQPRKXa4MCu
Y5oNpMkd/TqWV6HO1HIvrPwYpqScPs8q0nSIgntTRIyp/ll6JbWB7U9OUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM2rXlc4dcwUYl/SO/trCST/osWsMB8GA1UdIwQY
MBaAFIeuCvKC3U6bwbghlK7TsZaT2HKYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDY0SzhvTGRUcHZCdUNHVXJ0T3hscFBZY3BnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS81Y2ZjNDctMjIxMC00NzM5LWE5NjQt
Y2VmMDEzNjJjNGE4LzEvemF0ZVZ6aDF6QlJpWDlJNy0yc0pKUC1peGF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS81Y2ZjNDctMjIxMC00NzM5LWE5NjQtY2VmMDEzNjJjNGE4
LzEvaDY0SzhvTGRUcHZCdUNHVXJ0T3hscFBZY3BnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTmx8MA0G
CSqGSIb3DQEBCwUAA4IBAQBAc0T7aZPkZhtXlEAIlNLIocVKN1ffyQ5WDbKwi7Qk
nQamwd4vrI3b5eG8mMY8L2PzFcczqL2kC1F4MQcuFHdwYTChs6rR/B8o6G88p4KM
WOboh64Ot6MNfxTU1D5xzDU80f89/cjNLPOdbdk8KTxeEObedXzH2AEZWb+HTFHI
T3mEr9aXtyEwhAKFiw8blaSyjWE9Oe63vedH1J64bN4AO5iCW51khoQ+KWr9M0yx
gdFpo1GkiGFQ5qNMJNvM3cq1FY/lw2npdvyReQ9mgQH/2oYl1tijhdL49WvVYRvj
mZ2YlXubKaNUe55ttj/lHQpfKJqUVswp6OdiyyCTPl/E
-----END CERTIFICATE-----