Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/cf4ab4-e914-40e1-82df-14dc7ec0495d/1/gKjRoJufT0XO9onmh9u9gyc84KA.roa
File:                     gKjRoJufT0XO9onmh9u9gyc84KA.roa (raw, json)
Hash identifier:          DsBL54Ff7QvPbJj91FhZSvzcjqpgmjzEt2mcohbuX60=
Subject key identifier:   80:A8:D1:A0:9B:9F:4F:45:CE:F6:89:E6:87:DB:BD:83:27:3C:E0:A0
Certificate issuer:       /CN=fcd7a721eda459ebdf98e029f87c90a980e81d94
Certificate serial:       018CC26D03EB65B7754DCAC4D812E21B7C32
Authority key identifier: FC:D7:A7:21:ED:A4:59:EB:DF:98:E0:29:F8:7C:90:A9:80:E8:1D:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_NenIe2kWevfmOAp-HyQqYDoHZQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/cf4ab4-e914-40e1-82df-14dc7ec0495d/1/gKjRoJufT0XO9onmh9u9gyc84KA.roa
Signing time:             Mon 01 Jan 2024 00:29:33 +0000
ROA not before:           Mon 01 Jan 2024 00:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        46.235.152.0/21 maxlen: 21
                          185.180.48.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/cf4ab4-e914-40e1-82df-14dc7ec0495d/1/_NenIe2kWevfmOAp-HyQqYDoHZQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/cf4ab4-e914-40e1-82df-14dc7ec0495d/1/_NenIe2kWevfmOAp-HyQqYDoHZQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_NenIe2kWevfmOAp-HyQqYDoHZQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:03:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:03:eb:65:b7:75:4d:ca:c4:d8:12:e2:1b:7c:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fcd7a721eda459ebdf98e029f87c90a980e81d94
        Validity
            Not Before: Jan  1 00:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80a8d1a09b9f4f45cef689e687dbbd83273ce0a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:75:47:b4:5b:c4:8b:fd:e8:68:d8:99:1a:27:
                    65:18:5d:48:d7:08:ed:ac:6e:a1:3b:90:e6:9d:0e:
                    8e:a9:9e:d4:cf:74:f0:17:96:3e:3f:07:b7:b4:05:
                    75:75:c3:fb:10:a4:46:ab:85:b9:ad:2d:20:20:d9:
                    28:4e:c9:4e:18:db:f0:21:01:23:04:c7:a9:df:d2:
                    73:35:d2:3b:20:fd:df:03:1a:f9:2d:5b:2e:ba:e1:
                    53:c4:df:74:28:46:0d:0f:8e:6a:59:10:e6:5d:14:
                    aa:35:da:bf:ec:d0:1a:7c:63:39:66:af:0f:41:02:
                    16:ff:88:85:0a:a5:ea:de:72:f5:ce:b4:a9:77:3d:
                    f7:cc:93:d9:75:3a:d7:80:d3:41:e6:e0:e3:30:8d:
                    d1:aa:d7:39:d8:63:2b:c4:b6:0d:4f:a4:d8:b5:ff:
                    2d:e7:3d:d4:cf:ac:ec:fd:84:ec:16:af:72:9e:55:
                    8d:6a:ed:4e:46:af:d9:8e:43:d3:01:bd:b1:8a:79:
                    e2:1c:7a:d7:8f:f5:27:30:7c:b7:0b:69:43:1c:03:
                    56:d2:89:04:18:6c:2d:2b:3a:80:b1:89:12:62:7f:
                    d4:47:ad:6a:ad:3a:3f:de:bf:5c:c5:a1:b9:88:22:
                    a9:66:79:e7:b2:e2:a5:75:ca:8b:fb:c5:49:7e:aa:
                    0b:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:A8:D1:A0:9B:9F:4F:45:CE:F6:89:E6:87:DB:BD:83:27:3C:E0:A0
            X509v3 Authority Key Identifier:
                keyid:FC:D7:A7:21:ED:A4:59:EB:DF:98:E0:29:F8:7C:90:A9:80:E8:1D:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_NenIe2kWevfmOAp-HyQqYDoHZQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/cf4ab4-e914-40e1-82df-14dc7ec0495d/1/gKjRoJufT0XO9onmh9u9gyc84KA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/cf4ab4-e914-40e1-82df-14dc7ec0495d/1/_NenIe2kWevfmOAp-HyQqYDoHZQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.235.152.0/21
                  185.180.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:ca:5a:e6:6a:25:e0:60:44:ec:00:1f:24:c8:4a:3e:85:6a:
         6a:d4:a7:16:85:70:00:c4:d7:b6:bb:34:14:5b:cf:db:5d:3b:
         14:3d:fb:a6:3d:24:93:74:ca:37:e7:86:f4:e6:bb:01:73:d2:
         cd:a5:58:25:4e:da:68:36:a3:0c:7b:f5:c9:79:a0:b7:4d:14:
         33:bb:7b:c6:fc:d9:d0:98:a5:bc:1b:54:9a:8f:51:a8:48:4e:
         6d:19:4b:bd:81:e0:52:4d:3a:f8:cc:ae:a9:0f:7e:1e:c5:55:
         b1:ff:d7:d9:64:cd:e3:ab:ff:4f:f3:64:d6:a1:4e:39:83:21:
         e2:e6:dd:5e:b5:91:71:3a:7a:f1:95:4c:2b:2f:de:98:78:28:
         54:c1:3d:44:ce:b0:52:e2:64:01:5b:f0:14:e3:9a:be:b0:43:
         47:fa:bf:2e:48:77:d7:f1:be:1c:96:ba:36:c6:58:e3:0c:2a:
         99:f6:11:5f:77:56:15:0b:57:df:10:18:1c:95:41:b8:69:60:
         9b:c2:32:d9:3a:1a:3e:0c:c6:69:aa:f4:e4:98:74:26:64:67:
         2c:9a:82:da:f7:d9:77:1d:e3:e3:e1:85:bd:34:6b:bc:97:be:
         90:fa:8a:4e:e5:1c:38:5c:02:ad:26:92:15:0b:53:bd:08:e9:
         2e:c3:3d:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbQPrZbd1TcrE2BLiG3wyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjZDdhNzIxZWRhNDU5ZWJkZjk4ZTAyOWY4N2M5MGE5ODBl
ODFkOTQwHhcNMjQwMTAxMDAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGE4ZDFhMDliOWY0ZjQ1Y2VmNjg5ZTY4N2RiYmQ4MzI3M2NlMGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnVHtFvEi/3oaNiZGidlGF1I1wjt
rG6hO5DmnQ6OqZ7Uz3TwF5Y+Pwe3tAV1dcP7EKRGq4W5rS0gINkoTslOGNvwIQEj
BMep39JzNdI7IP3fAxr5LVsuuuFTxN90KEYND45qWRDmXRSqNdq/7NAafGM5Zq8P
QQIW/4iFCqXq3nL1zrSpdz33zJPZdTrXgNNB5uDjMI3Rqtc52GMrxLYNT6TYtf8t
5z3Uz6zs/YTsFq9ynlWNau1ORq/ZjkPTAb2xinniHHrXj/UnMHy3C2lDHANW0okE
GGwtKzqAsYkSYn/UR61qrTo/3r9cxaG5iCKpZnnnsuKldcqL+8VJfqoL+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFICo0aCbn09FzvaJ5ofbvYMnPOCgMB8GA1UdIwQY
MBaAFPzXpyHtpFnr35jgKfh8kKmA6B2UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX05lbkllMmtXZXZmbU9BcC1IeVFxWURvSFpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9jZjRhYjQtZTkxNC00MGUxLTgyZGYt
MTRkYzdlYzA0OTVkLzEvZ0tqUm9KdWZUMFhPOW9ubWg5dTlneWM4NEtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9jZjRhYjQtZTkxNC00MGUxLTgyZGYtMTRkYzdlYzA0OTVk
LzEvX05lbkllMmtXZXZmbU9BcC1IeVFxWURvSFpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLuuYAwQC
ubQwMA0GCSqGSIb3DQEBCwUAA4IBAQB6ylrmaiXgYETsAB8kyEo+hWpq1KcWhXAA
xNe2uzQUW8/bXTsUPfumPSSTdMo354b05rsBc9LNpVglTtpoNqMMe/XJeaC3TRQz
u3vG/NnQmKW8G1Saj1GoSE5tGUu9geBSTTr4zK6pD34exVWx/9fZZM3jq/9P82TW
oU45gyHi5t1etZFxOnrxlUwrL96YeChUwT1EzrBS4mQBW/AU45q+sENH+r8uSHfX
8b4clro2xljjDCqZ9hFfd1YVC1ffEBgclUG4aWCbwjLZOho+DMZpqvTkmHQmZGcs
moLa99l3HePj4YW9NGu8l76Q+opO5Rw4XAKtJpIVC1O9COkuwz0R
-----END CERTIFICATE-----