Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/6be5a6-eb0e-44b4-b6a7-af1f36811098/1/GxyT6b5uLmmbQltjcFgT6v3Lm44.roa
File:                     GxyT6b5uLmmbQltjcFgT6v3Lm44.roa (raw, json)
Hash identifier:          AQ+xK+ViRb0yzmKXU3t6Xx1753THK+uPnoxc1wH3juo=
Subject key identifier:   1B:1C:93:E9:BE:6E:2E:69:9B:42:5B:63:70:58:13:EA:FD:CB:9B:8E
Certificate issuer:       /CN=464dcfa96399716692d245a804887c09da451f8f
Certificate serial:       0190253BCD408EBF91CCC7A5AC1624A0DADF
Authority key identifier: 46:4D:CF:A9:63:99:71:66:92:D2:45:A8:04:88:7C:09:DA:45:1F:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rk3PqWOZcWaS0kWoBIh8CdpFH48.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/6be5a6-eb0e-44b4-b6a7-af1f36811098/1/GxyT6b5uLmmbQltjcFgT6v3Lm44.roa
Signing time:             Mon 17 Jun 2024 08:06:34 +0000
ROA not before:           Mon 17 Jun 2024 08:06:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206663
IP address blocks:        185.94.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/6be5a6-eb0e-44b4-b6a7-af1f36811098/1/Rk3PqWOZcWaS0kWoBIh8CdpFH48.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/6be5a6-eb0e-44b4-b6a7-af1f36811098/1/Rk3PqWOZcWaS0kWoBIh8CdpFH48.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rk3PqWOZcWaS0kWoBIh8CdpFH48.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:25:3b:cd:40:8e:bf:91:cc:c7:a5:ac:16:24:a0:da:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=464dcfa96399716692d245a804887c09da451f8f
        Validity
            Not Before: Jun 17 08:06:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b1c93e9be6e2e699b425b63705813eafdcb9b8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:4d:a9:eb:02:71:e5:8b:61:3a:4d:b8:92:12:
                    be:83:3c:18:23:4e:44:85:3c:04:1f:5d:83:83:45:
                    68:dd:c7:e1:90:60:77:62:e5:e4:f2:4b:f8:e8:58:
                    c8:d4:1e:2b:e6:e0:49:a2:ea:71:aa:9c:a8:31:b0:
                    5d:be:cd:b2:e4:a9:d5:09:31:66:c0:69:59:53:9e:
                    7e:85:53:6b:f6:69:f4:ff:cc:5e:00:c4:00:e2:c6:
                    21:ee:39:5c:4b:1d:1e:59:ca:91:23:3e:7f:63:05:
                    3f:f8:c7:b5:e1:e8:c1:5b:51:2d:3c:5b:bb:69:08:
                    d2:2d:89:fd:28:f4:81:40:18:d8:16:bc:03:99:0c:
                    be:65:84:b6:9d:2d:88:cf:6e:af:28:76:50:58:63:
                    e4:25:98:e7:3d:c5:29:79:65:24:93:c1:01:87:ac:
                    9e:be:3b:85:5f:3b:57:97:47:cc:51:e7:33:f9:d3:
                    01:3f:00:83:26:bb:7b:91:43:4a:60:56:2d:56:28:
                    b6:b9:cd:8e:22:03:5c:6b:b1:ee:be:6d:00:dc:ac:
                    5a:88:d6:c3:7a:22:d8:92:5a:10:6e:0b:4b:ce:79:
                    92:f3:c1:17:01:2e:88:b4:fb:22:19:c2:ee:79:74:
                    18:7b:af:f5:c6:de:10:b8:6f:c5:3e:84:a8:26:f5:
                    d0:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:1C:93:E9:BE:6E:2E:69:9B:42:5B:63:70:58:13:EA:FD:CB:9B:8E
            X509v3 Authority Key Identifier:
                keyid:46:4D:CF:A9:63:99:71:66:92:D2:45:A8:04:88:7C:09:DA:45:1F:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rk3PqWOZcWaS0kWoBIh8CdpFH48.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6be5a6-eb0e-44b4-b6a7-af1f36811098/1/GxyT6b5uLmmbQltjcFgT6v3Lm44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6be5a6-eb0e-44b4-b6a7-af1f36811098/1/Rk3PqWOZcWaS0kWoBIh8CdpFH48.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.94.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:06:3b:8f:51:35:2f:cb:77:2d:59:5f:fb:ff:1d:48:bf:d7:
         78:3c:b2:c7:56:b1:30:a4:35:57:8b:a9:91:32:87:ed:1f:9f:
         5f:e6:7a:50:69:1b:ff:98:98:52:92:ab:ff:3c:2f:3d:c7:68:
         93:68:84:c6:3f:55:5e:11:3e:ec:b0:8f:be:ef:03:53:40:77:
         12:f6:0e:0b:55:c8:3e:49:b2:6e:30:6e:e1:e9:31:f9:86:08:
         a5:3e:b8:a1:e9:af:39:24:34:63:f5:d3:6b:a9:f9:e8:b9:a1:
         03:cc:56:0b:95:5a:b3:df:4e:0c:07:7b:d8:7c:02:9c:67:da:
         80:2b:91:44:6b:81:d8:1c:62:51:72:d3:0b:87:40:8f:cb:4d:
         5f:3a:54:45:8c:b2:4a:c0:ce:6e:8a:66:af:32:0c:fc:38:49:
         f0:7b:d9:6b:31:5b:1a:36:40:0d:fc:67:90:4e:e0:8a:99:30:
         af:af:53:bd:67:45:ec:fb:b2:fa:84:dd:9c:1d:4f:9f:9f:c7:
         4c:13:79:b5:02:66:cc:1c:99:e5:b2:7b:40:6c:91:52:ca:d9:
         d9:d0:51:0b:32:ef:ca:bc:1f:fe:9b:74:70:36:60:51:d8:91:
         42:bb:47:71:4e:0a:e3:9b:6b:df:7f:91:40:96:6b:e2:c0:ad:
         f4:9f:00:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAlO81Ajr+RzMelrBYkoNrfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NGRjZmE5NjM5OTcxNjY5MmQyNDVhODA0ODg3YzA5ZGE0
NTFmOGYwHhcNMjQwNjE3MDgwNjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjFjOTNlOWJlNmUyZTY5OWI0MjViNjM3MDU4MTNlYWZkY2I5YjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5E2p6wJx5YthOk24khK+gzwYI05E
hTwEH12Dg0Vo3cfhkGB3YuXk8kv46FjI1B4r5uBJoupxqpyoMbBdvs2y5KnVCTFm
wGlZU55+hVNr9mn0/8xeAMQA4sYh7jlcSx0eWcqRIz5/YwU/+Me14ejBW1EtPFu7
aQjSLYn9KPSBQBjYFrwDmQy+ZYS2nS2Iz26vKHZQWGPkJZjnPcUpeWUkk8EBh6ye
vjuFXztXl0fMUecz+dMBPwCDJrt7kUNKYFYtVii2uc2OIgNca7Huvm0A3KxaiNbD
eiLYkloQbgtLznmS88EXAS6ItPsiGcLueXQYe6/1xt4QuG/FPoSoJvXQTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBsck+m+bi5pm0JbY3BYE+r9y5uOMB8GA1UdIwQY
MBaAFEZNz6ljmXFmktJFqASIfAnaRR+PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmszUHFXT1pjV2FTMGtXb0JJaDhDZHBGSDQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS82YmU1YTYtZWIwZS00NGI0LWI2YTct
YWYxZjM2ODExMDk4LzEvR3h5VDZiNXVMbW1iUWx0amNGZ1Q2djNMbTQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS82YmU1YTYtZWIwZS00NGI0LWI2YTctYWYxZjM2ODExMDk4
LzEvUmszUHFXT1pjV2FTMGtXb0JJaDhDZHBGSDQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV4vMA0G
CSqGSIb3DQEBCwUAA4IBAQAuBjuPUTUvy3ctWV/7/x1Iv9d4PLLHVrEwpDVXi6mR
MoftH59f5npQaRv/mJhSkqv/PC89x2iTaITGP1VeET7ssI++7wNTQHcS9g4LVcg+
SbJuMG7h6TH5hgilPrih6a85JDRj9dNrqfnouaEDzFYLlVqz304MB3vYfAKcZ9qA
K5FEa4HYHGJRctMLh0CPy01fOlRFjLJKwM5uimavMgz8OEnwe9lrMVsaNkAN/GeQ
TuCKmTCvr1O9Z0Xs+7L6hN2cHU+fn8dME3m1AmbMHJnlsntAbJFSytnZ0FELMu/K
vB/+m3RwNmBR2JFCu0dxTgrjm2vff5FAlmviwK30nwAD
-----END CERTIFICATE-----