Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/ZRpAC-jGxlGBX0TpAicAbhbJP7s.roa
File:                     ZRpAC-jGxlGBX0TpAicAbhbJP7s.roa (raw, json)
Hash identifier:          AYh7o4pPNeSE82/KXuBs2qGeurfhiF1NFTbsPaoM8YM=
Subject key identifier:   65:1A:40:0B:E8:C6:C6:51:81:5F:44:E9:02:27:00:6E:16:C9:3F:BB
Certificate issuer:       /CN=6d069e19e12c104004e8b4b75f8a7789b7e11396
Certificate serial:       019427B59FF564A0D41551F4BE65F83458E9
Authority key identifier: 6D:06:9E:19:E1:2C:10:40:04:E8:B4:B7:5F:8A:77:89:B7:E1:13:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/ZRpAC-jGxlGBX0TpAicAbhbJP7s.roa
Signing time:             Thu 02 Jan 2025 15:50:01 +0000
ROA not before:           Thu 02 Jan 2025 15:50:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16243
IP address blocks:        144.43.240.0/21 maxlen: 24
                          144.43.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:9f:f5:64:a0:d4:15:51:f4:be:65:f8:34:58:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d069e19e12c104004e8b4b75f8a7789b7e11396
        Validity
            Not Before: Jan  2 15:50:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=651a400be8c6c651815f44e90227006e16c93fbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:3d:cf:75:58:60:76:85:80:e0:06:b3:84:3f:
                    d1:d4:a4:cd:6a:d9:62:87:1f:e4:82:e2:83:84:58:
                    23:9d:e1:52:e0:82:61:2e:f0:c6:93:ee:57:57:0f:
                    92:9e:a9:fa:54:80:3b:b7:b0:57:bf:d9:1c:87:3b:
                    a5:83:d8:3c:04:fc:1d:64:bf:09:a5:db:50:c7:54:
                    cb:c6:6b:6d:fe:3c:2b:dc:5a:e2:d2:2e:3e:a8:ae:
                    26:f0:5d:6b:db:27:77:41:e5:fe:76:87:85:f0:7d:
                    49:19:73:7a:97:d5:8a:c7:2a:6e:50:83:c1:05:6b:
                    1c:6c:73:a9:b4:19:0f:17:84:6b:6b:9a:e9:2a:13:
                    4b:f8:78:01:bb:1e:22:a2:17:7c:23:cd:01:ed:8a:
                    68:17:dc:54:aa:39:ca:bb:89:4e:23:7e:6e:31:f8:
                    f3:28:35:fa:5d:1c:82:dc:ec:f8:d3:30:4f:c1:97:
                    74:8b:79:b1:1a:74:a5:14:4a:e6:26:13:07:d0:26:
                    e4:3c:4e:9a:f9:b8:47:14:1d:9e:ec:9f:76:1b:6c:
                    00:8b:09:89:8b:f4:76:1f:e5:9e:cd:70:14:09:94:
                    90:bc:8e:dc:4f:cd:4a:a9:07:88:7d:66:ce:42:17:
                    12:b1:86:d8:11:93:96:cd:67:3d:3b:a7:8a:30:1d:
                    77:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:1A:40:0B:E8:C6:C6:51:81:5F:44:E9:02:27:00:6E:16:C9:3F:BB
            X509v3 Authority Key Identifier:
                keyid:6D:06:9E:19:E1:2C:10:40:04:E8:B4:B7:5F:8A:77:89:B7:E1:13:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/ZRpAC-jGxlGBX0TpAicAbhbJP7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.43.240.0/21
                  144.43.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         07:d5:44:b4:70:cd:cb:8d:69:5a:e3:ff:23:e3:fd:be:8f:0e:
         a1:14:93:db:79:10:ad:d6:5d:88:5f:be:95:3d:99:78:c0:16:
         6d:ed:d8:93:14:88:cd:36:b1:d6:da:93:4f:ce:f4:6a:2e:27:
         32:32:c7:ce:0a:52:76:25:bf:34:86:2b:79:ef:a5:db:cc:3e:
         fd:fb:a5:aa:f6:4b:fd:3b:67:36:40:e0:45:a0:10:39:19:27:
         00:1d:2e:e6:da:6e:91:3c:7a:66:6d:d3:27:04:e4:c1:87:d2:
         d0:4e:ac:da:54:f7:30:a0:c2:37:1b:c1:b3:7d:4c:a6:82:bb:
         c1:62:32:95:8f:bd:23:2c:1e:ad:05:3a:0d:28:46:74:1f:53:
         c7:9a:61:32:37:7b:77:37:9e:a2:d6:7e:b4:13:b7:da:31:e2:
         94:f0:f2:59:be:e7:93:3e:5f:bb:7d:90:92:69:18:d4:d7:66:
         33:53:8b:f2:dd:b2:1f:8e:a5:01:52:b8:98:8d:4b:5d:af:62:
         e1:0e:b9:a3:c0:01:f0:88:06:a7:06:93:f7:f1:c5:8b:38:fb:
         59:3a:23:09:96:6d:60:02:b7:ac:de:73:24:bc:bb:94:64:20:
         4d:3e:a2:6d:ac:4a:bc:1e:f6:32:8c:ea:f1:64:9a:c4:bf:ad:
         e5:3a:3e:fd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntZ/1ZKDUFVH0vmX4NFjpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDY5ZTE5ZTEyYzEwNDAwNGU4YjRiNzVmOGE3Nzg5Yjdl
MTEzOTYwHhcNMjUwMTAyMTU1MDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTFhNDAwYmU4YzZjNjUxODE1ZjQ0ZTkwMjI3MDA2ZTE2YzkzZmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArz3PdVhgdoWA4AazhD/R1KTNatli
hx/kguKDhFgjneFS4IJhLvDGk+5XVw+Snqn6VIA7t7BXv9kchzulg9g8BPwdZL8J
pdtQx1TLxmtt/jwr3Fri0i4+qK4m8F1r2yd3QeX+doeF8H1JGXN6l9WKxypuUIPB
BWscbHOptBkPF4Rra5rpKhNL+HgBux4iohd8I80B7YpoF9xUqjnKu4lOI35uMfjz
KDX6XRyC3Oz40zBPwZd0i3mxGnSlFErmJhMH0CbkPE6a+bhHFB2e7J92G2wAiwmJ
i/R2H+WezXAUCZSQvI7cT81KqQeIfWbOQhcSsYbYEZOWzWc9O6eKMB13NwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGUaQAvoxsZRgV9E6QInAG4WyT+7MB8GA1UdIwQY
MBaAFG0GnhnhLBBABOi0t1+Kd4m34ROWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFhZUdlRXNFRUFFNkxTM1g0cDNpYmZoRTVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jZjY0ZjYtMDc4OS00M2UzLWJkNmIt
N2JmZjI5NmM2YjAyLzEvWlJwQUMtakd4bEdCWDBUcEFpY0FiaGJKUDdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jZjY0ZjYtMDc4OS00M2UzLWJkNmItN2JmZjI5NmM2YjAy
LzEvYlFhZUdlRXNFRUFFNkxTM1g0cDNpYmZoRTVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDkCvwAwQC
kCv8MA0GCSqGSIb3DQEBCwUAA4IBAQAH1US0cM3LjWla4/8j4/2+jw6hFJPbeRCt
1l2IX76VPZl4wBZt7diTFIjNNrHW2pNPzvRqLicyMsfOClJ2Jb80hit576XbzD79
+6Wq9kv9O2c2QOBFoBA5GScAHS7m2m6RPHpmbdMnBOTBh9LQTqzaVPcwoMI3G8Gz
fUymgrvBYjKVj70jLB6tBToNKEZ0H1PHmmEyN3t3N56i1n60E7faMeKU8PJZvueT
Pl+7fZCSaRjU12YzU4vy3bIfjqUBUriYjUtdr2LhDrmjwAHwiAanBpP38cWLOPtZ
OiMJlm1gAres3nMkvLuUZCBNPqJtrEq8HvYyjOrxZJrEv63lOj79
-----END CERTIFICATE-----