Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/e6845d-1c3c-48d6-a6b2-d605c53a35be/1/gYQ-1qIh-UzRZlY5ivJD1QNwnek.roa
File:                     gYQ-1qIh-UzRZlY5ivJD1QNwnek.roa (raw, json)
Hash identifier:          0Wm/SqP17ajbIJd4t2GwDAx1IhcA/ruJWIh3lhfTRhA=
Subject key identifier:   81:84:3E:D6:A2:21:F9:4C:D1:66:56:39:8A:F2:43:D5:03:70:9D:E9
Certificate issuer:       /CN=86e1aba600cde5ec318319b15594b68ab96c956c
Certificate serial:       018CCA99F1394D83C565F16A776D9A06E49F
Authority key identifier: 86:E1:AB:A6:00:CD:E5:EC:31:83:19:B1:55:94:B6:8A:B9:6C:95:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/huGrpgDN5ewxgxmxVZS2irlslWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/e6845d-1c3c-48d6-a6b2-d605c53a35be/1/gYQ-1qIh-UzRZlY5ivJD1QNwnek.roa
Signing time:             Tue 02 Jan 2024 14:35:35 +0000
ROA not before:           Tue 02 Jan 2024 14:35:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207586
IP address blocks:        176.126.116.0/24 maxlen: 24
                          2a11:d540:530::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/e6845d-1c3c-48d6-a6b2-d605c53a35be/1/huGrpgDN5ewxgxmxVZS2irlslWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/e6845d-1c3c-48d6-a6b2-d605c53a35be/1/huGrpgDN5ewxgxmxVZS2irlslWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/huGrpgDN5ewxgxmxVZS2irlslWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:f1:39:4d:83:c5:65:f1:6a:77:6d:9a:06:e4:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86e1aba600cde5ec318319b15594b68ab96c956c
        Validity
            Not Before: Jan  2 14:35:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81843ed6a221f94cd16656398af243d503709de9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:03:c5:47:f3:e9:2d:56:43:cb:83:9d:3c:2b:
                    b2:fd:4a:8a:84:6d:25:9d:d2:22:79:77:7f:39:cc:
                    a8:e1:9f:b8:95:20:a5:40:c5:dd:36:ee:56:23:a1:
                    c3:b3:d7:8f:ed:d4:3f:cb:4d:dc:85:3b:e0:92:19:
                    eb:a4:e8:28:e7:90:4e:83:6c:b8:54:34:10:c0:44:
                    d9:7e:66:31:d4:9f:dc:7d:7a:c7:61:1b:83:2c:8a:
                    1f:af:76:76:b7:51:a3:b3:87:74:ea:1b:f3:4c:14:
                    c2:e8:76:fc:8f:b0:d6:9f:17:c3:e6:03:77:4c:50:
                    4e:ed:36:02:fd:0a:4c:79:3e:64:22:a4:34:72:46:
                    f4:c3:77:1f:8e:e9:31:90:e0:d8:e7:1d:82:57:cb:
                    7a:d0:2e:f1:3f:e5:2e:f8:1c:6e:6a:a8:cc:de:21:
                    ae:d3:32:0f:7a:e6:be:4b:c8:e2:f9:d9:0e:69:3b:
                    29:f7:3b:bb:ce:6e:78:83:c2:7b:cb:dd:99:1d:69:
                    e6:d6:0b:e1:6a:82:36:c6:7e:77:ec:99:f6:54:38:
                    b7:7d:31:a5:2e:4d:e8:fe:f4:60:39:14:fb:0c:81:
                    4e:57:4e:40:98:66:43:a0:d8:27:d9:a8:f0:91:fc:
                    72:39:bc:5b:3d:0e:ac:03:8f:2c:14:82:21:6b:94:
                    c5:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:84:3E:D6:A2:21:F9:4C:D1:66:56:39:8A:F2:43:D5:03:70:9D:E9
            X509v3 Authority Key Identifier:
                keyid:86:E1:AB:A6:00:CD:E5:EC:31:83:19:B1:55:94:B6:8A:B9:6C:95:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/huGrpgDN5ewxgxmxVZS2irlslWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/e6845d-1c3c-48d6-a6b2-d605c53a35be/1/gYQ-1qIh-UzRZlY5ivJD1QNwnek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/e6845d-1c3c-48d6-a6b2-d605c53a35be/1/huGrpgDN5ewxgxmxVZS2irlslWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.126.116.0/24
                IPv6:
                  2a11:d540:530::/44

    Signature Algorithm: sha256WithRSAEncryption
         4a:16:93:40:8a:fe:a9:06:ab:e2:7f:dc:86:3b:f0:82:a4:16:
         8a:a4:55:34:96:79:40:7b:88:13:18:e3:6e:54:7c:a9:9c:f9:
         6b:91:90:f2:ba:ba:c1:bc:18:40:ad:1e:d6:10:ce:7c:bd:da:
         69:f5:00:8a:6e:64:30:ab:24:4d:d6:63:2e:d3:90:08:87:34:
         22:2c:fb:16:e1:7e:1c:c2:35:3e:f6:3f:be:e3:da:d1:26:2f:
         5a:68:06:e3:98:68:06:a0:a6:9e:59:f8:92:cf:2a:68:e3:d4:
         be:b9:8c:ff:56:ff:06:3b:f5:dd:62:ee:43:95:ea:94:46:93:
         c9:3a:a8:05:ed:db:ec:3e:30:2c:fa:7c:9e:bc:c6:d6:3b:bd:
         d1:b6:5e:43:42:ce:79:b7:ad:e8:4d:a7:5e:0c:2c:18:80:e0:
         4b:05:95:21:7d:d4:be:c6:3c:21:0f:05:a7:85:90:f6:f9:f9:
         8f:56:a9:12:85:b2:a2:94:c8:a3:af:ce:1e:12:54:e2:29:4a:
         6c:60:60:1f:09:8c:54:68:ad:2f:ce:71:d5:6f:a2:a3:31:86:
         69:df:fc:89:30:0d:3a:57:7f:d9:ac:61:34:1b:bd:66:60:f9:
         ac:c6:ec:c5:51:9c:b4:18:1a:1c:82:dd:2d:3f:ae:b8:89:ee:
         c6:a2:e7:31
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKmfE5TYPFZfFqd22aBuSfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZTFhYmE2MDBjZGU1ZWMzMTgzMTliMTU1OTRiNjhhYjk2
Yzk1NmMwHhcNMjQwMTAyMTQzNTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTg0M2VkNmEyMjFmOTRjZDE2NjU2Mzk4YWYyNDNkNTAzNzA5ZGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5QPFR/PpLVZDy4OdPCuy/UqKhG0l
ndIieXd/Ocyo4Z+4lSClQMXdNu5WI6HDs9eP7dQ/y03chTvgkhnrpOgo55BOg2y4
VDQQwETZfmYx1J/cfXrHYRuDLIofr3Z2t1Gjs4d06hvzTBTC6Hb8j7DWnxfD5gN3
TFBO7TYC/QpMeT5kIqQ0ckb0w3cfjukxkODY5x2CV8t60C7xP+Uu+BxuaqjM3iGu
0zIPeua+S8ji+dkOaTsp9zu7zm54g8J7y92ZHWnm1gvhaoI2xn537Jn2VDi3fTGl
Lk3o/vRgORT7DIFOV05AmGZDoNgn2ajwkfxyObxbPQ6sA48sFIIha5TFmwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIGEPtaiIflM0WZWOYryQ9UDcJ3pMB8GA1UdIwQY
MBaAFIbhq6YAzeXsMYMZsVWUtoq5bJVsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHVHcnBnRE41ZXd4Z3hteFZaUzJpcmxzbFd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9lNjg0NWQtMWMzYy00OGQ2LWE2YjIt
ZDYwNWM1M2EzNWJlLzEvZ1lRLTFxSWgtVXpSWmxZNWl2SkQxUU53bmVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9lNjg0NWQtMWMzYy00OGQ2LWE2YjItZDYwNWM1M2EzNWJl
LzEvaHVHcnBnRE41ZXd4Z3hteFZaUzJpcmxzbFd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAsH50MA8E
AgACMAkDBwQqEdVABTAwDQYJKoZIhvcNAQELBQADggEBAEoWk0CK/qkGq+J/3IY7
8IKkFoqkVTSWeUB7iBMY425UfKmc+WuRkPK6usG8GECtHtYQzny92mn1AIpuZDCr
JE3WYy7TkAiHNCIs+xbhfhzCNT72P77j2tEmL1poBuOYaAagpp5Z+JLPKmjj1L65
jP9W/wY79d1i7kOV6pRGk8k6qAXt2+w+MCz6fJ68xtY7vdG2XkNCznm3rehNp14M
LBiA4EsFlSF91L7GPCEPBaeFkPb5+Y9WqRKFsqKUyKOvzh4SVOIpSmxgYB8JjFRo
rS/OcdVvoqMxhmnf/IkwDTpXf9msYTQbvWZg+azG7MVRnLQYGhyC3S0/rriJ7sai
5zE=
-----END CERTIFICATE-----