Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/b40f26-4af4-439d-a3d0-5c30734acb38/1/gmKoR83phZubO3oVnuhYSnpzNC8.roa
File:                     gmKoR83phZubO3oVnuhYSnpzNC8.roa (raw, json)
Hash identifier:          XNNTEh9oWXGcHOkMDL3eErQ6wJWO8zzjc5KtaO2aly8=
Subject key identifier:   82:62:A8:47:CD:E9:85:9B:9B:3B:7A:15:9E:E8:58:4A:7A:73:34:2F
Certificate issuer:       /CN=67a14f24304875ff154fe2b2b2cb6eba0af94523
Certificate serial:       018CC94D2A35750C0E06C4B730F21E9D76EC
Authority key identifier: 67:A1:4F:24:30:48:75:FF:15:4F:E2:B2:B2:CB:6E:BA:0A:F9:45:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z6FPJDBIdf8VT-Kysstuugr5RSM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/b40f26-4af4-439d-a3d0-5c30734acb38/1/gmKoR83phZubO3oVnuhYSnpzNC8.roa
Signing time:             Tue 02 Jan 2024 08:32:06 +0000
ROA not before:           Tue 02 Jan 2024 08:32:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202105
IP address blocks:        185.11.121.0/24 maxlen: 24
                          185.11.122.0/24 maxlen: 24
                          185.11.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/b40f26-4af4-439d-a3d0-5c30734acb38/1/Z6FPJDBIdf8VT-Kysstuugr5RSM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/b40f26-4af4-439d-a3d0-5c30734acb38/1/Z6FPJDBIdf8VT-Kysstuugr5RSM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z6FPJDBIdf8VT-Kysstuugr5RSM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 08:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:2a:35:75:0c:0e:06:c4:b7:30:f2:1e:9d:76:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67a14f24304875ff154fe2b2b2cb6eba0af94523
        Validity
            Not Before: Jan  2 08:32:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8262a847cde9859b9b3b7a159ee8584a7a73342f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:a3:1a:ff:a1:96:6f:83:eb:26:f9:ac:cc:43:
                    41:ed:82:fd:77:72:84:25:b9:37:61:c5:f3:0a:56:
                    25:ee:45:6c:8a:3d:ce:c0:cc:63:92:48:1f:ac:29:
                    b5:63:5f:c0:36:66:8c:f0:a3:7a:be:e3:a6:2a:ef:
                    f6:c2:fd:72:68:84:4c:b7:ff:6b:94:8f:77:93:5c:
                    9b:c1:3c:9c:dd:bc:b6:13:0b:04:a2:6f:dc:8a:de:
                    29:5e:d1:b3:36:8b:34:9b:24:7d:b4:b7:3c:f8:c0:
                    57:38:4f:48:b3:ce:2d:f9:34:34:71:75:5e:b7:62:
                    82:52:d0:77:18:90:00:e5:2e:cd:f6:c3:01:0c:d4:
                    84:4c:b3:fb:89:b9:45:ca:31:10:6b:f5:73:a9:48:
                    f4:2b:7f:8b:c1:eb:2e:71:26:af:da:9e:5b:c1:21:
                    98:7b:72:4c:53:d3:ab:88:a0:ea:1f:fe:1c:09:63:
                    ac:20:b9:ae:b8:9e:dc:ba:3c:4c:ea:d5:45:f5:a3:
                    31:b3:7f:f5:e2:4b:33:e7:66:13:42:28:d0:e0:e9:
                    25:9b:0a:51:ca:17:ea:8b:52:59:51:8e:4a:f2:4f:
                    14:0b:2e:19:1b:ae:16:1f:3d:26:b4:d2:ed:b6:d6:
                    aa:cc:8a:37:89:17:fc:c1:a4:f3:0a:ff:c3:0d:db:
                    b5:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:62:A8:47:CD:E9:85:9B:9B:3B:7A:15:9E:E8:58:4A:7A:73:34:2F
            X509v3 Authority Key Identifier:
                keyid:67:A1:4F:24:30:48:75:FF:15:4F:E2:B2:B2:CB:6E:BA:0A:F9:45:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z6FPJDBIdf8VT-Kysstuugr5RSM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/b40f26-4af4-439d-a3d0-5c30734acb38/1/gmKoR83phZubO3oVnuhYSnpzNC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/b40f26-4af4-439d-a3d0-5c30734acb38/1/Z6FPJDBIdf8VT-Kysstuugr5RSM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.11.121.0-185.11.123.255

    Signature Algorithm: sha256WithRSAEncryption
         62:dd:78:15:15:16:f8:b6:92:fe:3c:bc:83:28:2f:ba:66:f4:
         82:ef:73:2c:1c:7a:96:4d:02:3f:7b:f0:55:aa:7f:bf:a7:c5:
         1c:c3:b1:fc:e5:1f:c1:42:69:14:bb:92:b0:96:f3:85:96:c5:
         ff:bd:c0:c7:5f:fa:9b:4a:bf:e0:55:fe:b7:e3:5b:d6:bb:86:
         98:f9:e5:84:65:6d:a0:9b:84:00:49:b0:bd:4e:ca:4d:cc:78:
         1c:25:34:56:5c:52:5d:92:04:3a:cf:3a:85:a6:1e:4f:d8:e4:
         9d:12:d6:10:41:2c:6c:03:aa:47:fe:b8:20:3c:53:0f:4e:49:
         45:82:ed:b6:a8:fa:89:cc:4e:91:3f:1f:98:47:ee:a9:26:88:
         84:a9:b7:b1:a6:c0:82:63:17:8c:df:2e:67:fd:ca:c3:3a:2c:
         aa:08:af:f4:33:c5:90:0c:ce:19:8c:f5:3e:d8:12:9d:c7:31:
         5f:61:3e:70:7e:5e:7b:5d:3b:39:a7:33:31:f7:46:b9:23:91:
         a6:dd:f1:10:29:4d:d8:93:aa:e1:7e:b2:dd:78:51:9a:12:ec:
         34:21:65:36:ee:50:7a:31:6a:d4:11:ec:a8:4d:7e:99:11:7c:
         4c:0e:d4:bd:3c:f0:41:b7:d0:c7:2b:f6:8c:de:1b:f8:e2:9a:
         be:f4:6f:0a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJTSo1dQwOBsS3MPIenXbsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YTE0ZjI0MzA0ODc1ZmYxNTRmZTJiMmIyY2I2ZWJhMGFm
OTQ1MjMwHhcNMjQwMTAyMDgzMjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjYyYTg0N2NkZTk4NTliOWIzYjdhMTU5ZWU4NTg0YTdhNzMzNDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6Ma/6GWb4PrJvmszENB7YL9d3KE
Jbk3YcXzClYl7kVsij3OwMxjkkgfrCm1Y1/ANmaM8KN6vuOmKu/2wv1yaIRMt/9r
lI93k1ybwTyc3by2EwsEom/cit4pXtGzNos0myR9tLc8+MBXOE9Is84t+TQ0cXVe
t2KCUtB3GJAA5S7N9sMBDNSETLP7iblFyjEQa/VzqUj0K3+LwesucSav2p5bwSGY
e3JMU9OriKDqH/4cCWOsILmuuJ7cujxM6tVF9aMxs3/14ksz52YTQijQ4OklmwpR
yhfqi1JZUY5K8k8UCy4ZG64WHz0mtNLtttaqzIo3iRf8waTzCv/DDdu1UQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIJiqEfN6YWbmzt6FZ7oWEp6czQvMB8GA1UdIwQY
MBaAFGehTyQwSHX/FU/isrLLbroK+UUjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjZGUEpEQklkZjhWVC1LeXNzdHV1Z3I1UlNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9iNDBmMjYtNGFmNC00MzlkLWEzZDAt
NWMzMDczNGFjYjM4LzEvZ21Lb1I4M3BoWnViTzNvVm51aFlTbnB6TkM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9iNDBmMjYtNGFmNC00MzlkLWEzZDAtNWMzMDczNGFjYjM4
LzEvWjZGUEpEQklkZjhWVC1LeXNzdHV1Z3I1UlNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5C3kD
BAK5C3gwDQYJKoZIhvcNAQELBQADggEBAGLdeBUVFvi2kv48vIMoL7pm9ILvcywc
epZNAj978FWqf7+nxRzDsfzlH8FCaRS7krCW84WWxf+9wMdf+ptKv+BV/rfjW9a7
hpj55YRlbaCbhABJsL1Oyk3MeBwlNFZcUl2SBDrPOoWmHk/Y5J0S1hBBLGwDqkf+
uCA8Uw9OSUWC7bao+onMTpE/H5hH7qkmiISpt7GmwIJjF4zfLmf9ysM6LKoIr/Qz
xZAMzhmM9T7YEp3HMV9hPnB+XntdOzmnMzH3Rrkjkabd8RApTdiTquF+st14UZoS
7DQhZTbuUHoxatQR7KhNfpkRfEwO1L088EG30Mcr9ozeG/jimr70bwo=
-----END CERTIFICATE-----