Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/GW_QRM5OGf2inycSXy9TO3iFrgY.roa
File:                     GW_QRM5OGf2inycSXy9TO3iFrgY.roa (raw, json)
Hash identifier:          yEjbZqH/07/KoaQ/Z56+9T2NCR6sHbA1ZaITzOcqqeA=
Subject key identifier:   19:6F:D0:44:CE:4E:19:FD:A2:9F:27:12:5F:2F:53:3B:78:85:AE:06
Certificate issuer:       /CN=ab54fe831b6a719f42e6c8486fd03b550be761fb
Certificate serial:       018CC94CA0FA3922D014A2C4E6A8C3F5D931
Authority key identifier: AB:54:FE:83:1B:6A:71:9F:42:E6:C8:48:6F:D0:3B:55:0B:E7:61:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/GW_QRM5OGf2inycSXy9TO3iFrgY.roa
Signing time:             Tue 02 Jan 2024 08:31:31 +0000
ROA not before:           Tue 02 Jan 2024 08:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201735
IP address blocks:        213.162.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:a0:fa:39:22:d0:14:a2:c4:e6:a8:c3:f5:d9:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab54fe831b6a719f42e6c8486fd03b550be761fb
        Validity
            Not Before: Jan  2 08:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=196fd044ce4e19fda29f27125f2f533b7885ae06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:6d:28:2b:fb:dd:6e:59:b1:11:9b:48:5c:89:
                    ff:08:21:38:b1:f4:12:b3:04:bc:06:8c:d5:05:59:
                    9c:1e:5d:e2:8b:e6:3f:7c:d2:6e:c9:28:c5:46:6b:
                    e8:0f:89:9f:ec:11:95:95:03:54:45:52:81:ac:b8:
                    cc:98:ce:2e:57:43:b0:38:d4:cb:6f:18:0d:29:19:
                    dd:5b:a3:37:a1:75:7e:0a:c6:09:57:22:53:34:94:
                    23:b6:6c:a4:c7:a4:1f:19:0a:2e:7b:b4:73:08:3e:
                    1d:60:5d:e6:c8:d6:a0:16:a6:ec:1d:01:45:27:e6:
                    5b:ab:27:bc:b3:3e:52:11:73:43:33:2c:85:22:c2:
                    86:d0:a7:44:84:8b:a7:a8:f2:79:a0:b6:68:55:dc:
                    0d:5e:1b:9c:4b:d4:a3:96:d1:1f:96:8a:09:68:39:
                    c6:0b:aa:c2:3b:a8:25:f3:cd:43:11:fd:8a:da:56:
                    42:cb:ea:1f:61:25:41:6b:6e:1f:23:9f:00:f2:aa:
                    27:38:f0:86:b9:01:1d:93:7b:fe:34:e3:74:0c:ff:
                    ff:fb:1e:b8:05:5e:45:43:d1:b8:39:dd:f0:a0:5f:
                    6d:92:e1:92:b7:2a:5e:aa:b5:e8:4e:0c:6c:49:a2:
                    f5:e6:aa:e9:cd:29:5c:66:3a:d3:53:45:f0:f3:f7:
                    59:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:6F:D0:44:CE:4E:19:FD:A2:9F:27:12:5F:2F:53:3B:78:85:AE:06
            X509v3 Authority Key Identifier:
                keyid:AB:54:FE:83:1B:6A:71:9F:42:E6:C8:48:6F:D0:3B:55:0B:E7:61:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/GW_QRM5OGf2inycSXy9TO3iFrgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.162.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:5c:e5:13:04:ad:24:3d:e0:a7:77:8c:97:37:65:a8:31:aa:
         47:8b:79:e3:18:06:a2:8f:dd:ee:ba:e4:25:37:9a:ae:11:6c:
         2b:6b:f8:a4:09:f4:1d:04:3d:ea:20:ee:2d:78:55:bd:17:00:
         70:6a:67:f0:58:d5:07:44:cc:4e:04:4b:69:5d:8a:46:10:67:
         59:90:39:93:13:1d:18:eb:ee:f8:10:ba:74:8a:a8:4c:74:ac:
         f6:10:af:44:d6:66:da:09:06:d1:e3:ca:f3:4d:39:c7:6d:db:
         9c:7c:bf:82:06:ba:8c:cb:12:70:aa:4b:aa:08:0e:8d:e0:69:
         73:d0:4f:1c:75:5c:ff:c0:18:97:3e:a8:8f:a5:a2:0a:49:2c:
         ad:74:d0:71:b4:b5:1d:6e:cd:2b:39:51:a2:ed:9a:85:9f:69:
         5d:21:d2:11:96:c4:69:2d:3f:34:3c:03:14:80:6b:8f:e9:9f:
         9e:7b:57:2f:f7:ed:53:c1:e4:4f:c0:a0:1b:99:2e:8e:de:6e:
         9f:fe:32:76:d5:c6:57:09:56:ee:dc:ca:6d:93:76:a2:6b:9a:
         c2:14:7c:1a:e2:fa:c0:bd:38:e1:8c:eb:7e:19:e6:6b:32:25:
         62:4d:5d:61:a0:25:92:04:61:df:07:09:b2:61:c7:d5:7f:15:
         a1:ea:64:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTKD6OSLQFKLE5qjD9dkxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNTRmZTgzMWI2YTcxOWY0MmU2Yzg0ODZmZDAzYjU1MGJl
NzYxZmIwHhcNMjQwMTAyMDgzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTZmZDA0NGNlNGUxOWZkYTI5ZjI3MTI1ZjJmNTMzYjc4ODVhZTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiG0oK/vdblmxEZtIXIn/CCE4sfQS
swS8BozVBVmcHl3ii+Y/fNJuySjFRmvoD4mf7BGVlQNURVKBrLjMmM4uV0OwONTL
bxgNKRndW6M3oXV+CsYJVyJTNJQjtmykx6QfGQoue7RzCD4dYF3myNagFqbsHQFF
J+Zbqye8sz5SEXNDMyyFIsKG0KdEhIunqPJ5oLZoVdwNXhucS9SjltEflooJaDnG
C6rCO6gl881DEf2K2lZCy+ofYSVBa24fI58A8qonOPCGuQEdk3v+NON0DP//+x64
BV5FQ9G4Od3woF9tkuGStypeqrXoTgxsSaL15qrpzSlcZjrTU0Xw8/dZhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBlv0ETOThn9op8nEl8vUzt4ha4GMB8GA1UdIwQY
MBaAFKtU/oMbanGfQubISG/QO1UL52H7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTFULWd4dHFjWjlDNXNoSWI5QTdWUXZuWWZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81ZWFhYTctMzEwNy00MjY4LWFhZDYt
NmZkOTc4OTIwNWJhLzEvR1dfUVJNNU9HZjJpbnljU1h5OVRPM2lGcmdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS81ZWFhYTctMzEwNy00MjY4LWFhZDYtNmZkOTc4OTIwNWJh
LzEvcTFULWd4dHFjWjlDNXNoSWI5QTdWUXZuWWZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1aLcMA0G
CSqGSIb3DQEBCwUAA4IBAQBBXOUTBK0kPeCnd4yXN2WoMapHi3njGAaij93uuuQl
N5quEWwra/ikCfQdBD3qIO4teFW9FwBwamfwWNUHRMxOBEtpXYpGEGdZkDmTEx0Y
6+74ELp0iqhMdKz2EK9E1mbaCQbR48rzTTnHbducfL+CBrqMyxJwqkuqCA6N4Glz
0E8cdVz/wBiXPqiPpaIKSSytdNBxtLUdbs0rOVGi7ZqFn2ldIdIRlsRpLT80PAMU
gGuP6Z+ee1cv9+1TweRPwKAbmS6O3m6f/jJ21cZXCVbu3Mptk3aia5rCFHwa4vrA
vTjhjOt+GeZrMiViTV1hoCWSBGHfBwmyYcfVfxWh6mTW
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:22:55 2024 by rpki-client on console-fra.rpki-client.org