Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/854e86-51bb-458c-a014-6923a7e61a6b/1/GjeSULU6nxXTknmv-PGt2o86kPw.roa
File:                     GjeSULU6nxXTknmv-PGt2o86kPw.roa (raw, json)
Hash identifier:          KVNDix0d37xWfptleKp9Iq8OxuwAAoYOzChZJ6nBwp4=
Subject key identifier:   1A:37:92:50:B5:3A:9F:15:D3:92:79:AF:F8:F1:AD:DA:8F:3A:90:FC
Certificate issuer:       /CN=fc83525d142fbf4b94b3d169445365c66ddfddfd
Certificate serial:       018CC26D7D15511963880F366C2FE4BECDF6
Authority key identifier: FC:83:52:5D:14:2F:BF:4B:94:B3:D1:69:44:53:65:C6:6D:DF:DD:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_INSXRQvv0uUs9FpRFNlxm3f3f0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/854e86-51bb-458c-a014-6923a7e61a6b/1/GjeSULU6nxXTknmv-PGt2o86kPw.roa
Signing time:             Mon 01 Jan 2024 00:30:04 +0000
ROA not before:           Mon 01 Jan 2024 00:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44966
IP address blocks:        185.84.226.0/24 maxlen: 27

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/854e86-51bb-458c-a014-6923a7e61a6b/1/_INSXRQvv0uUs9FpRFNlxm3f3f0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/854e86-51bb-458c-a014-6923a7e61a6b/1/_INSXRQvv0uUs9FpRFNlxm3f3f0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_INSXRQvv0uUs9FpRFNlxm3f3f0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:7d:15:51:19:63:88:0f:36:6c:2f:e4:be:cd:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc83525d142fbf4b94b3d169445365c66ddfddfd
        Validity
            Not Before: Jan  1 00:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a379250b53a9f15d39279aff8f1adda8f3a90fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:da:eb:1e:f0:03:c5:8b:47:23:94:9a:a8:cd:
                    67:4c:ef:a8:fd:9a:0d:53:d4:72:c6:b9:1e:d9:b8:
                    47:b2:29:b5:68:7e:7c:db:5f:da:7d:2c:21:48:d9:
                    81:e9:cb:0a:c2:c3:87:e5:cd:a0:93:65:e0:5e:46:
                    72:03:71:94:fa:26:b7:8c:61:7f:68:38:51:b6:75:
                    63:9d:53:e9:d9:7f:94:5f:3d:7d:b2:bd:6e:19:07:
                    91:ff:48:ca:be:f0:ae:33:0a:e0:20:68:fb:cc:c6:
                    73:40:f4:6d:e5:30:37:72:2f:9c:1d:ac:b7:4d:26:
                    ec:e7:19:4a:55:20:fa:7b:ed:81:9d:1d:8d:75:d3:
                    b0:0c:c5:bb:c8:ea:1c:d8:aa:9c:1a:ec:b7:f9:e9:
                    cf:e7:49:43:f0:03:3f:a7:18:70:9f:81:8b:f5:2e:
                    05:b0:f6:e1:fe:20:3b:20:f0:67:d5:01:e6:af:8f:
                    75:24:35:bb:81:7e:b3:92:23:d9:c1:b9:a5:8d:8f:
                    b4:eb:f3:38:69:d1:15:d8:52:48:40:54:ea:61:db:
                    1e:88:a4:30:11:29:06:fa:2d:30:59:73:1c:27:7d:
                    cd:90:e0:7f:48:df:c1:f6:b8:a6:b0:3b:6f:2f:3a:
                    50:2d:1b:c9:4d:6c:44:c3:e7:9b:0a:5d:e3:af:12:
                    d9:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:37:92:50:B5:3A:9F:15:D3:92:79:AF:F8:F1:AD:DA:8F:3A:90:FC
            X509v3 Authority Key Identifier:
                keyid:FC:83:52:5D:14:2F:BF:4B:94:B3:D1:69:44:53:65:C6:6D:DF:DD:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_INSXRQvv0uUs9FpRFNlxm3f3f0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/854e86-51bb-458c-a014-6923a7e61a6b/1/GjeSULU6nxXTknmv-PGt2o86kPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/854e86-51bb-458c-a014-6923a7e61a6b/1/_INSXRQvv0uUs9FpRFNlxm3f3f0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:d1:4a:49:a7:5b:a3:6c:58:b4:50:83:5d:31:73:87:9e:0d:
         83:96:8a:5b:fc:f9:e1:33:ab:66:20:33:63:cd:e1:48:32:44:
         29:0a:09:08:eb:c7:4f:66:f5:ba:c1:93:bd:38:d4:90:58:38:
         d6:3c:58:bf:91:14:8b:b0:26:c4:7f:86:56:db:9e:93:02:d7:
         13:fc:4a:7f:1f:05:b3:9f:8e:48:ad:06:f7:67:c5:7d:8b:68:
         22:85:d6:28:3c:94:71:1b:9f:bf:11:4d:ba:28:23:33:ad:64:
         a4:72:33:86:85:bd:ec:8f:54:90:6d:e5:bb:c7:72:44:a4:cc:
         1d:9a:c9:f3:53:34:43:10:5c:21:01:8b:00:c9:6f:82:ea:45:
         92:44:cf:dc:0e:34:e2:3c:47:06:2c:f0:5d:07:ce:fc:77:9b:
         7a:c0:7f:43:b0:0d:18:55:f8:54:2e:09:d3:1a:5f:6d:9f:a1:
         7b:fe:6f:59:7e:2f:35:13:9e:01:df:be:98:09:2a:3d:c2:80:
         2f:1c:8a:9c:5a:ea:fa:41:90:24:90:95:da:2a:38:53:39:a0:
         b5:90:b4:b6:8d:74:ff:85:ac:8c:7e:8d:24:59:ca:11:47:81:
         a6:91:55:df:ca:5c:cd:16:9d:92:1c:64:ae:7c:ab:84:c3:fb:
         61:30:75:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbX0VURljiA82bC/kvs32MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjODM1MjVkMTQyZmJmNGI5NGIzZDE2OTQ0NTM2NWM2NmRk
ZmRkZmQwHhcNMjQwMTAxMDAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTM3OTI1MGI1M2E5ZjE1ZDM5Mjc5YWZmOGYxYWRkYThmM2E5MGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdrrHvADxYtHI5SaqM1nTO+o/ZoN
U9Ryxrke2bhHsim1aH5821/afSwhSNmB6csKwsOH5c2gk2XgXkZyA3GU+ia3jGF/
aDhRtnVjnVPp2X+UXz19sr1uGQeR/0jKvvCuMwrgIGj7zMZzQPRt5TA3ci+cHay3
TSbs5xlKVSD6e+2BnR2NddOwDMW7yOoc2KqcGuy3+enP50lD8AM/pxhwn4GL9S4F
sPbh/iA7IPBn1QHmr491JDW7gX6zkiPZwbmljY+06/M4adEV2FJIQFTqYdseiKQw
ESkG+i0wWXMcJ33NkOB/SN/B9rimsDtvLzpQLRvJTWxEw+ebCl3jrxLZMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBo3klC1Op8V05J5r/jxrdqPOpD8MB8GA1UdIwQY
MBaAFPyDUl0UL79LlLPRaURTZcZt3939MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0lOU1hSUXZ2MHVVczlGcFJGTmx4bTNmM2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC84NTRlODYtNTFiYi00NThjLWEwMTQt
NjkyM2E3ZTYxYTZiLzEvR2plU1VMVTZueFhUa25tdi1QR3Qybzg2a1B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC84NTRlODYtNTFiYi00NThjLWEwMTQtNjkyM2E3ZTYxYTZi
LzEvX0lOU1hSUXZ2MHVVczlGcFJGTmx4bTNmM2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVTiMA0G
CSqGSIb3DQEBCwUAA4IBAQBF0UpJp1ujbFi0UINdMXOHng2Dlopb/PnhM6tmIDNj
zeFIMkQpCgkI68dPZvW6wZO9ONSQWDjWPFi/kRSLsCbEf4ZW256TAtcT/Ep/HwWz
n45IrQb3Z8V9i2gihdYoPJRxG5+/EU26KCMzrWSkcjOGhb3sj1SQbeW7x3JEpMwd
msnzUzRDEFwhAYsAyW+C6kWSRM/cDjTiPEcGLPBdB878d5t6wH9DsA0YVfhULgnT
Gl9tn6F7/m9Zfi81E54B376YCSo9woAvHIqcWur6QZAkkJXaKjhTOaC1kLS2jXT/
hayMfo0kWcoRR4GmkVXfylzNFp2SHGSufKuEw/thMHXP
-----END CERTIFICATE-----