Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/1a85a8-e4f8-498b-a5ae-a4be172c76ba/1/0GPVJ08zRt3_JDJPWJ3FSPLiBcs.roa
File:                     0GPVJ08zRt3_JDJPWJ3FSPLiBcs.roa (raw, json)
Hash identifier:          RdUyjJY96WG8x6Qa6Vgbx7gsHdSd5j0VsnsQbRexs54=
Subject key identifier:   D0:63:D5:27:4F:33:46:DD:FF:24:32:4F:58:9D:C5:48:F2:E2:05:CB
Certificate issuer:       /CN=e3f19cc5e38d8f9c1d6547177665f89211dec899
Certificate serial:       018CC7276CEC61973268E279483F5BF9963F
Authority key identifier: E3:F1:9C:C5:E3:8D:8F:9C:1D:65:47:17:76:65:F8:92:11:DE:C8:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4_GcxeONj5wdZUcXdmX4khHeyJk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/1a85a8-e4f8-498b-a5ae-a4be172c76ba/1/0GPVJ08zRt3_JDJPWJ3FSPLiBcs.roa
Signing time:             Mon 01 Jan 2024 22:31:38 +0000
ROA not before:           Mon 01 Jan 2024 22:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61146
IP address blocks:        185.176.184.0/22 maxlen: 22
                          31.216.136.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/1a85a8-e4f8-498b-a5ae-a4be172c76ba/1/4_GcxeONj5wdZUcXdmX4khHeyJk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/1a85a8-e4f8-498b-a5ae-a4be172c76ba/1/4_GcxeONj5wdZUcXdmX4khHeyJk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4_GcxeONj5wdZUcXdmX4khHeyJk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:6c:ec:61:97:32:68:e2:79:48:3f:5b:f9:96:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3f19cc5e38d8f9c1d6547177665f89211dec899
        Validity
            Not Before: Jan  1 22:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d063d5274f3346ddff24324f589dc548f2e205cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:12:29:94:47:bb:0c:22:52:86:94:71:35:b7:
                    49:3a:e5:75:44:3e:ee:93:e3:cc:2b:e2:a6:11:53:
                    9d:ac:49:66:b3:88:7e:ca:5c:a5:2b:db:a9:86:96:
                    a7:a9:ba:45:9c:64:c7:7e:23:e8:0c:2c:34:12:93:
                    c6:aa:75:3d:ea:03:a5:89:21:e3:51:e0:7d:2a:46:
                    95:eb:0d:d7:a5:31:c2:9b:5c:78:a8:4f:2b:e9:f8:
                    6c:d8:04:23:2c:1b:ad:d2:11:f9:aa:27:51:a4:26:
                    f7:91:8a:d6:c9:81:24:38:b4:3d:49:e6:81:a1:63:
                    e8:8e:40:4e:f7:f7:2b:10:ad:0b:08:69:f5:f2:b9:
                    2a:a1:3e:4e:1b:e5:e8:f7:44:f8:58:0c:8b:b1:72:
                    79:20:a9:d0:6f:31:e5:1f:91:71:98:1b:ff:b3:03:
                    51:a0:cd:5f:28:28:fc:67:c0:a9:02:d0:fd:8e:d4:
                    59:bf:e9:14:f6:1b:f1:21:f0:e0:c5:ba:20:57:93:
                    ba:b3:31:74:c6:d2:7a:19:0a:f0:21:7a:f5:52:2d:
                    30:de:74:7b:d4:69:74:25:8e:a5:68:4d:5b:d6:a7:
                    a6:a1:5d:7a:7e:9d:cf:3e:7f:2b:cf:1b:79:6f:ad:
                    9b:1a:d1:bd:1d:65:c2:f2:23:7c:27:52:10:5c:4e:
                    a2:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:63:D5:27:4F:33:46:DD:FF:24:32:4F:58:9D:C5:48:F2:E2:05:CB
            X509v3 Authority Key Identifier:
                keyid:E3:F1:9C:C5:E3:8D:8F:9C:1D:65:47:17:76:65:F8:92:11:DE:C8:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4_GcxeONj5wdZUcXdmX4khHeyJk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/1a85a8-e4f8-498b-a5ae-a4be172c76ba/1/0GPVJ08zRt3_JDJPWJ3FSPLiBcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/1a85a8-e4f8-498b-a5ae-a4be172c76ba/1/4_GcxeONj5wdZUcXdmX4khHeyJk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.216.136.0/21
                  185.176.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:3a:60:ed:bc:57:23:89:5b:10:ac:95:24:a2:48:51:fd:33:
         d6:e1:45:f0:7c:b9:66:34:65:08:01:ac:cb:22:e0:dd:78:e6:
         05:4b:54:00:b7:99:17:01:0f:2e:fc:f0:fd:5f:2a:6f:b0:ca:
         15:77:7a:65:22:b2:b8:97:e7:37:03:fb:d7:97:30:62:ba:94:
         5a:27:ef:e6:d3:71:f0:2b:c4:ec:ce:d2:df:86:66:69:34:4b:
         ee:0a:a6:32:07:e5:e7:2c:17:71:27:63:8b:13:07:90:5d:3e:
         bd:ee:3c:06:4f:0c:f8:89:0a:c7:f0:31:50:3a:ba:86:22:8b:
         52:83:4b:08:88:8a:86:bd:76:8d:65:0d:33:fe:3d:6d:7b:8a:
         ed:b0:0c:d8:cc:c1:40:15:0e:01:5d:e1:53:91:48:47:43:98:
         56:27:ea:a7:dd:ea:86:c6:5c:2b:65:b1:c7:07:f1:5a:e6:11:
         c7:60:c8:c1:c1:f1:cf:8d:fe:fb:4a:ce:f6:4e:af:5d:67:7b:
         2f:2c:58:82:f7:b6:b8:02:eb:2f:e9:9f:d5:b7:3a:31:6a:5c:
         37:5a:e6:fd:bd:20:e3:9f:3e:1f:8f:e1:66:72:fd:c7:83:29:
         ce:34:bd:68:2b:06:15:8b:21:e2:3e:81:bc:53:6f:fc:9b:ba:
         b5:6c:91:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJ2zsYZcyaOJ5SD9b+ZY/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZjE5Y2M1ZTM4ZDhmOWMxZDY1NDcxNzc2NjVmODkyMTFk
ZWM4OTkwHhcNMjQwMTAxMjIzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDYzZDUyNzRmMzM0NmRkZmYyNDMyNGY1ODlkYzU0OGYyZTIwNWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRIplEe7DCJShpRxNbdJOuV1RD7u
k+PMK+KmEVOdrElms4h+ylylK9uphpanqbpFnGTHfiPoDCw0EpPGqnU96gOliSHj
UeB9KkaV6w3XpTHCm1x4qE8r6fhs2AQjLBut0hH5qidRpCb3kYrWyYEkOLQ9SeaB
oWPojkBO9/crEK0LCGn18rkqoT5OG+Xo90T4WAyLsXJ5IKnQbzHlH5FxmBv/swNR
oM1fKCj8Z8CpAtD9jtRZv+kU9hvxIfDgxbogV5O6szF0xtJ6GQrwIXr1Ui0w3nR7
1Gl0JY6laE1b1qemoV16fp3PPn8rzxt5b62bGtG9HWXC8iN8J1IQXE6iSwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNBj1SdPM0bd/yQyT1idxUjy4gXLMB8GA1UdIwQY
MBaAFOPxnMXjjY+cHWVHF3Zl+JIR3siZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNF9HY3hlT05qNXdkWlVjWGRtWDRraEhleUprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8xYTg1YTgtZTRmOC00OThiLWE1YWUt
YTRiZTE3MmM3NmJhLzEvMEdQVkowOHpSdDNfSkRKUFdKM0ZTUExpQmNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8xYTg1YTgtZTRmOC00OThiLWE1YWUtYTRiZTE3MmM3NmJh
LzEvNF9HY3hlT05qNXdkWlVjWGRtWDRraEhleUprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDH9iIAwQC
ubC4MA0GCSqGSIb3DQEBCwUAA4IBAQAbOmDtvFcjiVsQrJUkokhR/TPW4UXwfLlm
NGUIAazLIuDdeOYFS1QAt5kXAQ8u/PD9XypvsMoVd3plIrK4l+c3A/vXlzBiupRa
J+/m03HwK8TsztLfhmZpNEvuCqYyB+XnLBdxJ2OLEweQXT697jwGTwz4iQrH8DFQ
OrqGIotSg0sIiIqGvXaNZQ0z/j1te4rtsAzYzMFAFQ4BXeFTkUhHQ5hWJ+qn3eqG
xlwrZbHHB/Fa5hHHYMjBwfHPjf77Ss72Tq9dZ3svLFiC97a4Ausv6Z/Vtzoxalw3
Wub9vSDjnz4fj+Fmcv3HgynONL1oKwYViyHiPoG8U2/8m7q1bJFH
-----END CERTIFICATE-----