Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/45890e-6f71-4d36-988a-65bf79b0a989/1/GP-mcsPVfkxFR6BakAdLWMHzvnk.roa
File:                     GP-mcsPVfkxFR6BakAdLWMHzvnk.roa (raw, json)
Hash identifier:          46Gy5AnSQQR4RzlnLScg9/HmedHrQU8V47NDaOoaI7E=
Subject key identifier:   18:FF:A6:72:C3:D5:7E:4C:45:47:A0:5A:90:07:4B:58:C1:F3:BE:79
Certificate issuer:       /CN=cb66e766345573d7159d6794edaedb739a241f8f
Certificate serial:       019426D9EF94511F58CC1AFA343714F66465
Authority key identifier: CB:66:E7:66:34:55:73:D7:15:9D:67:94:ED:AE:DB:73:9A:24:1F:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y2bnZjRVc9cVnWeU7a7bc5okH48.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/45890e-6f71-4d36-988a-65bf79b0a989/1/GP-mcsPVfkxFR6BakAdLWMHzvnk.roa
Signing time:             Thu 02 Jan 2025 11:50:04 +0000
ROA not before:           Thu 02 Jan 2025 11:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48551
IP address blocks:        185.161.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/45890e-6f71-4d36-988a-65bf79b0a989/1/y2bnZjRVc9cVnWeU7a7bc5okH48.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/45890e-6f71-4d36-988a-65bf79b0a989/1/y2bnZjRVc9cVnWeU7a7bc5okH48.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y2bnZjRVc9cVnWeU7a7bc5okH48.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 16:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:ef:94:51:1f:58:cc:1a:fa:34:37:14:f6:64:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb66e766345573d7159d6794edaedb739a241f8f
        Validity
            Not Before: Jan  2 11:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18ffa672c3d57e4c4547a05a90074b58c1f3be79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f9:ac:31:7d:55:56:f1:f7:f4:d6:b7:1d:6c:
                    3b:33:02:a7:4f:3f:e4:13:6b:05:c9:16:b9:d0:cc:
                    b0:aa:02:8d:30:eb:16:0b:ab:f8:5e:38:db:58:16:
                    80:40:77:03:be:94:91:30:0f:88:a8:d9:9d:21:d9:
                    c9:4e:2c:aa:cf:62:97:ff:28:0c:4e:1c:e1:b1:4e:
                    83:27:30:88:5e:d5:8d:77:40:2d:16:e1:e6:42:76:
                    20:78:95:42:3c:b3:6b:e3:71:05:e0:e8:75:73:ce:
                    55:ec:4d:c8:33:a2:ae:ab:67:89:90:79:41:29:77:
                    5a:2b:d1:c6:93:a9:65:72:8a:0c:79:3e:b0:8f:15:
                    ac:0e:ac:f8:e8:2f:f6:ca:3a:a1:b8:bd:62:99:94:
                    54:56:e3:53:fd:22:43:72:6a:b4:a3:89:39:ed:e3:
                    84:38:ab:5e:6a:4e:7a:c0:f2:4a:09:a5:e6:11:ae:
                    98:20:6b:8e:13:f8:e0:b5:43:c9:98:98:32:8b:40:
                    0e:4f:71:6c:66:be:08:8c:9d:5b:e1:8f:15:14:39:
                    9c:f9:16:92:6f:81:a1:61:2a:81:7e:50:e3:42:36:
                    89:c7:56:b2:c4:48:bb:0c:0c:32:f4:02:a9:4c:02:
                    de:c8:74:55:74:6c:f1:0a:2e:6b:dc:9c:09:4c:11:
                    da:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:FF:A6:72:C3:D5:7E:4C:45:47:A0:5A:90:07:4B:58:C1:F3:BE:79
            X509v3 Authority Key Identifier:
                keyid:CB:66:E7:66:34:55:73:D7:15:9D:67:94:ED:AE:DB:73:9A:24:1F:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y2bnZjRVc9cVnWeU7a7bc5okH48.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/45890e-6f71-4d36-988a-65bf79b0a989/1/GP-mcsPVfkxFR6BakAdLWMHzvnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/45890e-6f71-4d36-988a-65bf79b0a989/1/y2bnZjRVc9cVnWeU7a7bc5okH48.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:4c:2d:95:4e:53:97:6b:92:92:4e:46:73:71:85:41:ba:94:
         ab:03:20:83:b1:73:80:41:b1:a1:76:03:fc:15:c0:fc:50:cf:
         91:7a:9a:3c:38:0b:2c:73:cd:16:18:42:4e:ab:38:53:6b:83:
         9a:6b:87:4d:9a:24:55:23:54:f9:05:d0:67:82:92:f8:7b:f4:
         2a:99:86:e7:b9:29:16:66:7b:fa:0f:22:39:b6:47:9a:18:87:
         49:78:81:55:1c:fe:5e:50:90:c3:95:a5:c4:ae:36:ba:20:10:
         26:8f:b9:65:11:ad:be:2f:69:cf:df:35:85:b1:6e:87:4b:3d:
         51:3b:4c:51:52:bf:a2:06:5a:0f:d3:f5:85:18:77:8b:64:de:
         df:98:55:64:26:c6:d8:7b:0d:2e:db:e8:c4:3f:b2:8f:df:20:
         b2:20:17:83:c7:a3:15:e6:e3:29:b7:1c:71:2a:68:a8:b7:e8:
         ba:8d:c4:e8:cc:bd:a6:ae:46:7e:a2:1c:1e:1a:28:42:e1:c7:
         a7:ad:e3:ac:1e:66:f1:02:53:fb:2a:79:5b:a0:53:72:6a:d4:
         05:ce:58:21:b2:81:d2:81:63:aa:c6:72:ff:d4:09:16:d0:c5:
         c9:27:da:77:65:9f:73:46:39:43:e8:a0:64:97:67:9f:46:c4:
         fc:a7:38:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2e+UUR9YzBr6NDcU9mRlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNjZlNzY2MzQ1NTczZDcxNTlkNjc5NGVkYWVkYjczOWEy
NDFmOGYwHhcNMjUwMTAyMTE1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGZmYTY3MmMzZDU3ZTRjNDU0N2EwNWE5MDA3NGI1OGMxZjNiZTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/msMX1VVvH39Na3HWw7MwKnTz/k
E2sFyRa50MywqgKNMOsWC6v4XjjbWBaAQHcDvpSRMA+IqNmdIdnJTiyqz2KX/ygM
ThzhsU6DJzCIXtWNd0AtFuHmQnYgeJVCPLNr43EF4Oh1c85V7E3IM6Kuq2eJkHlB
KXdaK9HGk6llcooMeT6wjxWsDqz46C/2yjqhuL1imZRUVuNT/SJDcmq0o4k57eOE
OKteak56wPJKCaXmEa6YIGuOE/jgtUPJmJgyi0AOT3FsZr4IjJ1b4Y8VFDmc+RaS
b4GhYSqBflDjQjaJx1ayxEi7DAwy9AKpTALeyHRVdGzxCi5r3JwJTBHa5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBj/pnLD1X5MRUegWpAHS1jB8755MB8GA1UdIwQY
MBaAFMtm52Y0VXPXFZ1nlO2u23OaJB+PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTJiblpqUlZjOWNWbldlVTdhN2JjNW9rSDQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi80NTg5MGUtNmY3MS00ZDM2LTk4OGEt
NjViZjc5YjBhOTg5LzEvR1AtbWNzUFZma3hGUjZCYWtBZExXTUh6dm5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi80NTg5MGUtNmY3MS00ZDM2LTk4OGEtNjViZjc5YjBhOTg5
LzEveTJiblpqUlZjOWNWbldlVTdhN2JjNW9rSDQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaF5MA0G
CSqGSIb3DQEBCwUAA4IBAQCLTC2VTlOXa5KSTkZzcYVBupSrAyCDsXOAQbGhdgP8
FcD8UM+Repo8OAssc80WGEJOqzhTa4Oaa4dNmiRVI1T5BdBngpL4e/QqmYbnuSkW
Znv6DyI5tkeaGIdJeIFVHP5eUJDDlaXErja6IBAmj7llEa2+L2nP3zWFsW6HSz1R
O0xRUr+iBloP0/WFGHeLZN7fmFVkJsbYew0u2+jEP7KP3yCyIBeDx6MV5uMptxxx
Kmiot+i6jcTozL2mrkZ+ohweGihC4cenreOsHmbxAlP7KnlboFNyatQFzlghsoHS
gWOqxnL/1AkW0MXJJ9p3ZZ9zRjlD6KBkl2efRsT8pzhJ
-----END CERTIFICATE-----