Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/983b47-47a9-4251-a129-20024918ee66/1/gVQBxfLnZPnjico_NgbsmkLKXh4.roa
File:                     gVQBxfLnZPnjico_NgbsmkLKXh4.roa (raw, json)
Hash identifier:          CZnnuA/umfuB1bSzhyQYaJicrU6nxPubU2e7uizG/u0=
Subject key identifier:   81:54:01:C5:F2:E7:64:F9:E3:89:CA:3F:36:06:EC:9A:42:CA:5E:1E
Certificate issuer:       /CN=779fbaaac6541ab318529eb025613c6520e47646
Certificate serial:       018F3CE6E7B578A199F7510A52075D4B68A9
Authority key identifier: 77:9F:BA:AA:C6:54:1A:B3:18:52:9E:B0:25:61:3C:65:20:E4:76:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d5-6qsZUGrMYUp6wJWE8ZSDkdkY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/983b47-47a9-4251-a129-20024918ee66/1/gVQBxfLnZPnjico_NgbsmkLKXh4.roa
Signing time:             Fri 03 May 2024 05:21:56 +0000
ROA not before:           Fri 03 May 2024 05:21:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39479
IP address blocks:        185.142.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/983b47-47a9-4251-a129-20024918ee66/1/d5-6qsZUGrMYUp6wJWE8ZSDkdkY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/983b47-47a9-4251-a129-20024918ee66/1/d5-6qsZUGrMYUp6wJWE8ZSDkdkY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d5-6qsZUGrMYUp6wJWE8ZSDkdkY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 05:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3c:e6:e7:b5:78:a1:99:f7:51:0a:52:07:5d:4b:68:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=779fbaaac6541ab318529eb025613c6520e47646
        Validity
            Not Before: May  3 05:21:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=815401c5f2e764f9e389ca3f3606ec9a42ca5e1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:cb:d6:59:9b:7f:ef:80:3a:42:06:9a:91:2d:
                    0b:c8:4a:ed:48:75:9d:69:c8:aa:e2:fe:b0:2d:04:
                    f9:18:07:32:e5:7f:ba:3a:e8:a7:d2:ac:30:76:20:
                    ad:59:51:27:7d:61:a2:fa:bd:b9:86:e8:2a:18:4e:
                    c0:de:e1:e3:d5:38:e4:99:0d:c4:9c:32:79:ab:02:
                    3c:9f:3a:e5:cd:77:5f:18:f8:a0:58:73:14:1f:18:
                    dd:f2:f3:b9:ae:2a:bb:86:5a:97:97:63:7c:0b:97:
                    34:3c:2b:e4:46:c0:92:f6:89:21:81:06:99:a3:54:
                    ae:18:cc:94:3a:99:3e:03:a0:67:da:f2:45:53:39:
                    95:23:56:d9:d2:75:8a:6a:a4:22:1f:c5:d4:de:85:
                    2b:9f:69:dd:f9:95:d2:24:f1:50:65:49:f9:bd:72:
                    a9:10:ac:d2:7e:4e:8f:8c:b9:02:7e:ef:e4:3f:99:
                    83:c7:1a:4b:9f:ef:12:99:71:23:ba:e3:9c:45:d5:
                    ee:41:cf:ec:d4:e6:48:9f:ee:e6:62:09:da:99:b0:
                    c6:47:70:46:8e:f3:1d:58:60:18:27:1c:f9:1d:16:
                    9e:10:22:23:e0:09:79:a7:88:10:c3:17:8d:3f:7d:
                    65:7a:3d:94:d6:71:10:73:63:f9:8d:a7:e2:68:83:
                    79:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:54:01:C5:F2:E7:64:F9:E3:89:CA:3F:36:06:EC:9A:42:CA:5E:1E
            X509v3 Authority Key Identifier:
                keyid:77:9F:BA:AA:C6:54:1A:B3:18:52:9E:B0:25:61:3C:65:20:E4:76:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5-6qsZUGrMYUp6wJWE8ZSDkdkY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/983b47-47a9-4251-a129-20024918ee66/1/gVQBxfLnZPnjico_NgbsmkLKXh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/983b47-47a9-4251-a129-20024918ee66/1/d5-6qsZUGrMYUp6wJWE8ZSDkdkY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:5a:6d:28:9e:71:31:38:fb:e3:07:4f:9e:4d:39:45:25:58:
         eb:f0:99:04:8c:76:8b:8e:f6:6c:dd:65:55:f7:4b:c9:4b:f3:
         a6:3a:20:01:39:ee:4f:da:41:11:c8:43:08:80:76:e0:44:be:
         4d:7e:38:6a:52:ba:35:b3:0c:3b:ee:b0:17:dc:a8:17:6f:8d:
         74:05:91:1d:6a:3a:df:73:73:54:3f:5b:93:a2:89:11:50:60:
         f8:23:1e:d1:3a:d3:ff:1b:a9:8d:48:51:ef:a5:dc:e4:ee:2f:
         08:cf:50:c0:d0:48:c4:b7:d3:a7:9c:b2:28:db:05:e3:00:10:
         cb:31:93:91:c5:f1:7a:eb:42:8d:1c:58:fb:21:98:ed:96:db:
         4a:a3:37:40:45:1d:80:1c:68:6c:03:8b:ef:6b:b4:72:bb:ea:
         2a:ad:bf:2e:9d:14:5b:5e:97:35:1f:75:29:b8:15:8a:a8:57:
         08:44:ce:66:de:41:1b:69:fe:12:65:a2:f8:9b:32:d9:35:a4:
         07:cd:c8:4d:7e:3b:8b:5c:00:fe:39:8b:22:73:97:a3:28:d5:
         d0:f9:91:35:de:80:64:5c:95:50:54:df:08:d8:a3:42:be:15:
         b4:d3:c6:24:06:8f:9a:d7:f0:4c:c2:6d:5c:fe:84:13:ea:55:
         8e:e8:ed:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY885ue1eKGZ91EKUgddS2ipMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3OWZiYWFhYzY1NDFhYjMxODUyOWViMDI1NjEzYzY1MjBl
NDc2NDYwHhcNMjQwNTAzMDUyMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTU0MDFjNWYyZTc2NGY5ZTM4OWNhM2YzNjA2ZWM5YTQyY2E1ZTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8vWWZt/74A6QgaakS0LyErtSHWd
aciq4v6wLQT5GAcy5X+6Ouin0qwwdiCtWVEnfWGi+r25hugqGE7A3uHj1TjkmQ3E
nDJ5qwI8nzrlzXdfGPigWHMUHxjd8vO5riq7hlqXl2N8C5c0PCvkRsCS9okhgQaZ
o1SuGMyUOpk+A6Bn2vJFUzmVI1bZ0nWKaqQiH8XU3oUrn2nd+ZXSJPFQZUn5vXKp
EKzSfk6PjLkCfu/kP5mDxxpLn+8SmXEjuuOcRdXuQc/s1OZIn+7mYgnambDGR3BG
jvMdWGAYJxz5HRaeECIj4Al5p4gQwxeNP31lej2U1nEQc2P5jafiaIN5QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIFUAcXy52T544nKPzYG7JpCyl4eMB8GA1UdIwQY
MBaAFHefuqrGVBqzGFKesCVhPGUg5HZGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDUtNnFzWlVHck1ZVXA2d0pXRThaU0RrZGtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi85ODNiNDctNDdhOS00MjUxLWExMjkt
MjAwMjQ5MThlZTY2LzEvZ1ZRQnhmTG5aUG5qaWNvX05nYnNta0xLWGg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi85ODNiNDctNDdhOS00MjUxLWExMjktMjAwMjQ5MThlZTY2
LzEvZDUtNnFzWlVHck1ZVXA2d0pXRThaU0RrZGtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY55MA0G
CSqGSIb3DQEBCwUAA4IBAQCIWm0onnExOPvjB0+eTTlFJVjr8JkEjHaLjvZs3WVV
90vJS/OmOiABOe5P2kERyEMIgHbgRL5NfjhqUro1sww77rAX3KgXb410BZEdajrf
c3NUP1uTookRUGD4Ix7ROtP/G6mNSFHvpdzk7i8Iz1DA0EjEt9OnnLIo2wXjABDL
MZORxfF660KNHFj7IZjtlttKozdARR2AHGhsA4vva7Ryu+oqrb8unRRbXpc1H3Up
uBWKqFcIRM5m3kEbaf4SZaL4mzLZNaQHzchNfjuLXAD+OYsic5ejKNXQ+ZE13oBk
XJVQVN8I2KNCvhW008YkBo+a1/BMwm1c/oQT6lWO6O1t
-----END CERTIFICATE-----