Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/Gzj6kKcg9qe1RnKljgmJRwQ2E6Y.roa
File:                     Gzj6kKcg9qe1RnKljgmJRwQ2E6Y.roa (raw, json)
Hash identifier:          RecP2cen5miZLtb9xVI+wESyYiJy2CNWBcmRfPmzpPY=
Subject key identifier:   1B:38:FA:90:A7:20:F6:A7:B5:46:72:A5:8E:09:89:47:04:36:13:A6
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018E22EB9D0095F00C4024B9351D84A0AEAD
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/Gzj6kKcg9qe1RnKljgmJRwQ2E6Y.roa
Signing time:             Sat 09 Mar 2024 11:14:10 +0000
ROA not before:           Sat 09 Mar 2024 11:14:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     996
IP address blocks:        159.148.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:22:eb:9d:00:95:f0:0c:40:24:b9:35:1d:84:a0:ae:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Mar  9 11:14:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b38fa90a720f6a7b54672a58e098947043613a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:20:99:87:a7:d3:1c:51:11:df:5d:53:06:a0:
                    b3:4f:48:0f:ea:3d:b8:02:2e:db:de:99:3f:50:ff:
                    9f:5e:33:4a:89:97:67:5b:50:91:18:c5:96:6e:a4:
                    c7:85:2a:53:a1:fe:93:4b:41:31:06:76:b7:37:57:
                    73:8a:ed:c1:d2:59:57:a3:80:fa:c4:44:32:65:a9:
                    5d:b6:34:c9:50:1c:fc:f0:06:60:cd:2f:d2:df:a1:
                    b8:0f:0d:aa:03:f6:ac:aa:6c:ca:e6:08:7b:4f:10:
                    1e:d7:2b:41:50:e4:38:3e:79:46:9e:4a:43:ca:81:
                    f1:bd:9d:75:1b:1e:64:bd:9a:23:ae:44:4d:3f:30:
                    f8:84:49:ff:da:67:30:35:95:2c:3a:43:07:4c:ee:
                    17:76:9e:4c:50:cf:b6:3a:48:b2:2e:7e:fb:58:03:
                    91:4f:1e:f5:c7:09:10:48:25:60:f2:b1:2b:ad:3a:
                    c3:61:d5:1d:b3:8f:0d:a6:57:b2:2d:66:a8:a8:d7:
                    22:d5:ea:54:a2:d5:a4:0a:22:08:2a:05:fb:66:72:
                    8c:e8:6c:84:fe:5c:78:86:0a:ca:a4:b7:82:f5:a1:
                    c3:f7:81:d2:11:63:28:60:8b:19:54:71:42:68:29:
                    0d:68:95:42:90:27:87:b9:71:32:bb:43:ef:25:54:
                    a3:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:38:FA:90:A7:20:F6:A7:B5:46:72:A5:8E:09:89:47:04:36:13:A6
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/Gzj6kKcg9qe1RnKljgmJRwQ2E6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:79:3d:16:71:a3:03:f7:78:b2:cc:1c:40:e4:22:9d:46:ea:
         81:43:66:3a:ae:d8:94:38:9c:8d:17:1d:a5:f8:d0:cd:06:b5:
         a1:a5:67:db:01:11:18:46:14:4a:56:8a:ce:2d:c5:7f:52:f0:
         11:eb:b4:6c:14:d4:59:e7:14:e9:fe:65:fb:d1:ba:b3:9e:8c:
         5c:13:07:63:7a:80:7a:c6:3d:a5:ee:7b:e0:ad:da:eb:b3:58:
         06:40:e4:1b:76:4a:f7:55:cd:31:19:e1:69:b3:52:a4:d7:6b:
         ca:a2:67:1a:e6:25:75:49:46:6f:65:09:d1:ed:cf:89:19:2d:
         79:4a:e0:13:ac:9a:d8:25:62:61:22:62:25:92:55:6d:26:13:
         a0:5c:d6:27:ed:25:dd:90:fe:f3:67:55:d9:85:12:c9:5e:e8:
         af:79:38:49:23:29:04:c9:00:51:b1:e1:74:88:e6:8d:0f:4e:
         3f:a4:91:3f:3e:f1:54:cb:c6:63:d5:89:fd:46:a6:3a:d3:e0:
         dc:32:83:ff:3d:b6:07:cd:1e:f9:8f:6a:c9:a3:2d:2d:44:fb:
         38:3b:89:1b:10:74:3b:83:f0:75:f1:74:d4:99:82:ae:bf:fe:
         f8:b2:2b:e1:1c:07:1c:99:81:e6:51:0b:4d:58:38:91:4b:ee:
         06:18:e7:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4i650AlfAMQCS5NR2EoK6tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMzA5MTExNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjM4ZmE5MGE3MjBmNmE3YjU0NjcyYTU4ZTA5ODk0NzA0MzYxM2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgCCZh6fTHFER311TBqCzT0gP6j24
Ai7b3pk/UP+fXjNKiZdnW1CRGMWWbqTHhSpTof6TS0ExBna3N1dziu3B0llXo4D6
xEQyZaldtjTJUBz88AZgzS/S36G4Dw2qA/asqmzK5gh7TxAe1ytBUOQ4PnlGnkpD
yoHxvZ11Gx5kvZojrkRNPzD4hEn/2mcwNZUsOkMHTO4Xdp5MUM+2OkiyLn77WAOR
Tx71xwkQSCVg8rErrTrDYdUds48NpleyLWaoqNci1epUotWkCiIIKgX7ZnKM6GyE
/lx4hgrKpLeC9aHD94HSEWMoYIsZVHFCaCkNaJVCkCeHuXEyu0PvJVSjdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBs4+pCnIPantUZypY4JiUcENhOmMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvR3pqNmtLY2c5cWUxUm5LbGpnbUpSd1EyRTZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn5T1MA0G
CSqGSIb3DQEBCwUAA4IBAQCEeT0WcaMD93iyzBxA5CKdRuqBQ2Y6rtiUOJyNFx2l
+NDNBrWhpWfbAREYRhRKVorOLcV/UvAR67RsFNRZ5xTp/mX70bqznoxcEwdjeoB6
xj2l7nvgrdrrs1gGQOQbdkr3Vc0xGeFps1Kk12vKomca5iV1SUZvZQnR7c+JGS15
SuATrJrYJWJhImIlklVtJhOgXNYn7SXdkP7zZ1XZhRLJXuiveThJIykEyQBRseF0
iOaND04/pJE/PvFUy8Zj1Yn9RqY60+DcMoP/PbYHzR75j2rJoy0tRPs4O4kbEHQ7
g/B18XTUmYKuv/74sivhHAccmYHmUQtNWDiRS+4GGOc9
-----END CERTIFICATE-----