Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/fGmJGWvvMU-rkGJLJnGfcUXkiuo.roa
File:                     fGmJGWvvMU-rkGJLJnGfcUXkiuo.roa (raw, json)
Hash identifier:          /Brt+QQRyO0PJqFdX9TiS/PXLIRtrz8JjdqXW3XAdpo=
Subject key identifier:   7C:69:89:19:6B:EF:31:4F:AB:90:62:4B:26:71:9F:71:45:E4:8A:EA
Certificate issuer:       /CN=7dc8911682bc5ca71cece1efe3ac135bfdb59dd6
Certificate serial:       018CC64AF5DA13AC239061D401F0A1604634
Authority key identifier: 7D:C8:91:16:82:BC:5C:A7:1C:EC:E1:EF:E3:AC:13:5B:FD:B5:9D:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fciRFoK8XKcc7OHv46wTW_21ndY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/fGmJGWvvMU-rkGJLJnGfcUXkiuo.roa
Signing time:             Mon 01 Jan 2024 18:30:50 +0000
ROA not before:           Mon 01 Jan 2024 18:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32787
IP address blocks:        195.225.135.0/24 maxlen: 26

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/fciRFoK8XKcc7OHv46wTW_21ndY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/fciRFoK8XKcc7OHv46wTW_21ndY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fciRFoK8XKcc7OHv46wTW_21ndY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f5:da:13:ac:23:90:61:d4:01:f0:a1:60:46:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7dc8911682bc5ca71cece1efe3ac135bfdb59dd6
        Validity
            Not Before: Jan  1 18:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c6989196bef314fab90624b26719f7145e48aea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f5:dd:ac:4f:23:0f:5b:84:c1:57:bb:27:15:
                    61:61:8e:0a:7e:f4:6f:68:44:c1:8a:9c:c3:d0:44:
                    b6:b0:41:36:78:79:e9:96:a2:a4:f6:f6:ab:42:8c:
                    72:56:de:69:46:c7:d7:ed:e3:ce:ad:72:a7:4a:43:
                    cf:4d:dd:26:18:e5:a8:5e:1b:f7:12:f3:f3:b3:7e:
                    84:6f:db:ac:a9:56:f1:69:dc:58:35:da:c4:20:db:
                    54:b9:a0:02:9c:c2:4a:42:c6:d5:fc:a5:73:e3:d5:
                    c0:91:37:80:46:21:25:da:cb:2c:5d:e1:b7:66:29:
                    8a:4b:b8:d7:29:92:05:5a:88:55:25:07:98:37:b1:
                    84:9d:cb:4d:7c:5b:7e:14:7d:00:65:48:ba:76:96:
                    51:49:fe:f0:df:b7:2e:6c:c8:8c:ed:ac:e8:b8:5b:
                    a2:c7:47:e6:d9:13:a0:42:ca:39:2a:07:db:11:3b:
                    ed:8b:63:0e:d5:6c:1e:ab:3c:79:ad:93:6b:b6:db:
                    ea:93:60:50:bc:3c:44:8e:dd:a9:fe:d2:8b:29:cb:
                    1b:cf:57:b8:c3:5a:aa:a4:10:9e:6b:5c:8c:bd:eb:
                    32:68:c0:22:08:02:6f:c4:a5:11:52:f7:5e:02:67:
                    d3:fe:a4:85:27:02:e6:45:49:26:bb:44:1e:9b:d2:
                    ec:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:69:89:19:6B:EF:31:4F:AB:90:62:4B:26:71:9F:71:45:E4:8A:EA
            X509v3 Authority Key Identifier:
                keyid:7D:C8:91:16:82:BC:5C:A7:1C:EC:E1:EF:E3:AC:13:5B:FD:B5:9D:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fciRFoK8XKcc7OHv46wTW_21ndY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/fGmJGWvvMU-rkGJLJnGfcUXkiuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/fciRFoK8XKcc7OHv46wTW_21ndY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.225.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:19:9a:bc:16:1b:8c:f6:c8:b5:f8:6e:30:ca:f5:4c:3c:8b:
         05:ff:4f:1d:fc:e2:9b:d0:4e:03:7f:f3:31:04:eb:54:13:12:
         27:df:7c:2f:74:b3:e9:0c:19:0c:16:32:0e:9d:36:b9:fe:41:
         20:bb:01:b6:cb:4b:4e:42:9d:a0:33:ce:b2:c6:16:33:7d:da:
         58:0c:be:80:29:11:06:ef:04:f5:a7:c2:ee:69:e3:4a:5b:de:
         d7:4d:dc:ca:82:76:36:d5:c9:43:a8:8a:5a:94:49:e5:b2:48:
         6b:8d:c0:54:98:50:d4:20:47:4f:aa:62:a8:46:c7:a0:6e:09:
         00:f0:b1:5f:21:74:ba:a2:e4:ab:85:2a:4d:b7:56:d3:07:21:
         66:91:82:cb:a4:09:f1:ce:2d:6a:36:f1:2c:d7:72:85:da:2d:
         6b:0a:b4:94:25:ee:bf:a5:0e:49:5c:87:ef:9b:5b:5f:3b:12:
         e0:d0:e0:92:c3:15:22:87:f2:28:cc:1b:81:9d:4a:1b:5a:41:
         10:5d:ee:03:3f:14:0b:ec:1c:63:ff:dc:ec:87:c8:10:ec:ab:
         a2:2d:cd:0b:b3:78:2b:cb:75:ce:a4:b6:dd:78:4e:06:23:ec:
         48:97:e1:32:4c:b5:4a:82:6c:89:08:31:5d:9e:ba:04:55:25:
         e9:3d:51:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSvXaE6wjkGHUAfChYEY0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYzg5MTE2ODJiYzVjYTcxY2VjZTFlZmUzYWMxMzViZmRi
NTlkZDYwHhcNMjQwMTAxMTgzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzY5ODkxOTZiZWYzMTRmYWI5MDYyNGIyNjcxOWY3MTQ1ZTQ4YWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfXdrE8jD1uEwVe7JxVhYY4KfvRv
aETBipzD0ES2sEE2eHnplqKk9varQoxyVt5pRsfX7ePOrXKnSkPPTd0mGOWoXhv3
EvPzs36Eb9usqVbxadxYNdrEINtUuaACnMJKQsbV/KVz49XAkTeARiEl2sssXeG3
ZimKS7jXKZIFWohVJQeYN7GEnctNfFt+FH0AZUi6dpZRSf7w37cubMiM7azouFui
x0fm2ROgQso5KgfbETvti2MO1Wweqzx5rZNrttvqk2BQvDxEjt2p/tKLKcsbz1e4
w1qqpBCea1yMvesyaMAiCAJvxKURUvdeAmfT/qSFJwLmRUkmu0Qem9LsKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHxpiRlr7zFPq5BiSyZxn3FF5IrqMB8GA1UdIwQY
MBaAFH3IkRaCvFynHOzh7+OsE1v9tZ3WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmNpUkZvSzhYS2NjN09IdjQ2d1RXXzIxbmRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wODMxYmYtMTE4Yy00ZWNlLTkzNGQt
NzUyOTUyNTFiMWU4LzEvZkdtSkdXdnZNVS1ya0dKTEpuR2ZjVVhraXVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wODMxYmYtMTE4Yy00ZWNlLTkzNGQtNzUyOTUyNTFiMWU4
LzEvZmNpUkZvSzhYS2NjN09IdjQ2d1RXXzIxbmRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+GHMA0G
CSqGSIb3DQEBCwUAA4IBAQCUGZq8FhuM9si1+G4wyvVMPIsF/08d/OKb0E4Df/Mx
BOtUExIn33wvdLPpDBkMFjIOnTa5/kEguwG2y0tOQp2gM86yxhYzfdpYDL6AKREG
7wT1p8LuaeNKW97XTdzKgnY21clDqIpalEnlskhrjcBUmFDUIEdPqmKoRsegbgkA
8LFfIXS6ouSrhSpNt1bTByFmkYLLpAnxzi1qNvEs13KF2i1rCrSUJe6/pQ5JXIfv
m1tfOxLg0OCSwxUih/IozBuBnUobWkEQXe4DPxQL7Bxj/9zsh8gQ7KuiLc0Ls3gr
y3XOpLbdeE4GI+xIl+EyTLVKgmyJCDFdnroEVSXpPVFp
-----END CERTIFICATE-----