Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/1-Gne3-QLgiIfrD-ViVDhnh0xtE8.roa
File:                     1-Gne3-QLgiIfrD-ViVDhnh0xtE8.roa (raw, json)
Hash identifier:          Q2gskV26N3+8HF77S3P42pmkp7q5Vc0n8jU2JaI1tEQ=
Subject key identifier:   F8:69:DE:DF:E4:0B:82:22:1F:AC:3F:95:89:50:E1:9E:1D:31:B4:4F
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       018CCA2BBE0E1D54D247EBD969E0D3ADE459
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/1-Gne3-QLgiIfrD-ViVDhnh0xtE8.roa
Signing time:             Tue 02 Jan 2024 12:35:13 +0000
ROA not before:           Tue 02 Jan 2024 12:35:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199453
IP address blocks:        213.189.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:be:0e:1d:54:d2:47:eb:d9:69:e0:d3:ad:e4:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 12:35:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f869dedfe40b82221fac3f958950e19e1d31b44f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:8c:a9:e2:0c:ea:bd:1b:ff:ac:d7:a1:8e:04:
                    33:7f:04:62:bf:d4:64:53:c5:1d:a8:53:5f:03:30:
                    1c:c6:cc:17:54:5d:b6:03:34:bb:df:f8:58:57:93:
                    0b:30:4f:84:0b:b2:50:48:32:b2:f0:66:09:a5:4d:
                    ed:cb:5c:ac:68:0f:2e:16:ac:60:34:32:e9:0b:86:
                    fa:02:5c:c4:f5:a7:4c:8e:2d:d0:58:d3:91:84:7d:
                    32:c7:60:a2:18:e8:e4:73:43:ce:43:38:c4:e6:13:
                    d1:84:6a:fe:ea:d1:06:8d:b4:ce:3f:a2:34:57:15:
                    d9:47:6a:d6:8f:0c:38:7d:8c:2f:52:bd:64:3a:d7:
                    fc:40:e2:de:c2:02:d8:77:08:19:26:c0:27:93:49:
                    1e:54:23:86:fd:aa:d6:14:4f:af:d7:6e:3e:0d:59:
                    fa:64:15:99:12:63:b2:bb:0d:71:65:aa:eb:6e:21:
                    0d:ea:39:0c:59:1b:c0:1d:21:bf:85:f8:2b:4c:4e:
                    43:8d:86:6b:5e:7f:8d:06:75:0c:76:93:b1:65:de:
                    31:bd:64:44:8f:24:46:93:34:f1:96:b9:d3:cd:7b:
                    52:bc:e4:8a:76:56:15:a6:0e:8e:b2:5b:93:d1:86:
                    a5:b5:4c:80:a2:42:d2:9e:e8:c4:5a:71:26:53:ea:
                    7f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:69:DE:DF:E4:0B:82:22:1F:AC:3F:95:89:50:E1:9E:1D:31:B4:4F
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/1-Gne3-QLgiIfrD-ViVDhnh0xtE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.189.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:b9:2a:7c:b2:86:87:5c:af:73:a0:a1:a3:13:19:06:c9:12:
         7b:45:47:61:4f:9d:3a:b4:64:04:4b:ff:55:3c:e9:0e:e2:7b:
         6b:1a:4e:86:e1:5c:0f:85:28:7f:cd:28:fc:7d:20:14:a3:5f:
         9b:47:99:05:f7:13:7e:24:80:49:7c:85:38:94:7e:9f:b2:47:
         34:f7:aa:cf:e1:bd:27:62:d0:43:47:6e:39:36:e2:3c:f1:e7:
         5a:b4:f4:0b:0b:ba:49:9a:d8:b1:73:52:6f:4a:7e:f0:bc:fa:
         9f:34:03:a6:8e:01:70:1e:82:29:34:0b:26:f8:45:68:f3:7b:
         12:0a:0a:0d:3f:de:03:be:f7:ca:e7:c8:82:bd:54:d6:91:ce:
         b4:48:5f:fe:d1:d4:44:f9:da:d0:dd:d6:bb:ac:75:5e:12:d8:
         a1:1b:01:fa:2f:c7:67:5a:ef:f5:79:d2:ca:a3:61:30:9b:fa:
         9b:61:c5:63:ba:b2:63:b8:87:2a:29:e3:f2:63:01:8a:e7:14:
         7c:8a:a2:2c:19:ce:7a:58:92:c7:7a:a4:c6:f2:05:ea:84:9a:
         f2:73:d0:8b:60:c7:69:0f:38:99:f3:ff:e3:fa:ed:b7:c8:59:
         2a:02:93:29:d2:7b:43:fc:76:85:69:c3:40:04:18:1b:4c:5c:
         f6:f8:16:7a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKK74OHVTSR+vZaeDTreRZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjQwMTAyMTIzNTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODY5ZGVkZmU0MGI4MjIyMWZhYzNmOTU4OTUwZTE5ZTFkMzFiNDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIyp4gzqvRv/rNehjgQzfwRiv9Rk
U8UdqFNfAzAcxswXVF22AzS73/hYV5MLME+EC7JQSDKy8GYJpU3ty1ysaA8uFqxg
NDLpC4b6AlzE9adMji3QWNORhH0yx2CiGOjkc0POQzjE5hPRhGr+6tEGjbTOP6I0
VxXZR2rWjww4fYwvUr1kOtf8QOLewgLYdwgZJsAnk0keVCOG/arWFE+v124+DVn6
ZBWZEmOyuw1xZarrbiEN6jkMWRvAHSG/hfgrTE5DjYZrXn+NBnUMdpOxZd4xvWRE
jyRGkzTxlrnTzXtSvOSKdlYVpg6OsluT0YaltUyAokLSnujEWnEmU+p/7QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPhp3t/kC4IiH6w/lYlQ4Z4dMbRPMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvMS1HbmUzLVFMZ2lJZnJELVZpVkRobmgweHRFOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTgvZTBmMmY2LTNhOGEtNGRhYS04MjcxLTVkNjY1ZTk5OGY2
YS8xL2FNVVFfSnVHWFpianI4ZkZZRmJ2clpvekRGcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANW9JzAN
BgkqhkiG9w0BAQsFAAOCAQEAs7kqfLKGh1yvc6ChoxMZBskSe0VHYU+dOrRkBEv/
VTzpDuJ7axpOhuFcD4Uof80o/H0gFKNfm0eZBfcTfiSASXyFOJR+n7JHNPeqz+G9
J2LQQ0duOTbiPPHnWrT0Cwu6SZrYsXNSb0p+8Lz6nzQDpo4BcB6CKTQLJvhFaPN7
EgoKDT/eA773yufIgr1U1pHOtEhf/tHURPna0N3Wu6x1XhLYoRsB+i/HZ1rv9XnS
yqNhMJv6m2HFY7qyY7iHKinj8mMBiucUfIqiLBnOeliSx3qkxvIF6oSa8nPQi2DH
aQ84mfP/4/rtt8hZKgKTKdJ7Q/x2hWnDQAQYG0xc9vgWeg==
-----END CERTIFICATE-----