Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/gpcFyDpodvvG8bRVbQxQyHPkoFw.roa
File:                     gpcFyDpodvvG8bRVbQxQyHPkoFw.roa (raw, json)
Hash identifier:          HGd0eBZbfT9oqiOrc+EqdjDFiCfwK89NoRJLP1e2Lvg=
Subject key identifier:   82:97:05:C8:3A:68:76:FB:C6:F1:B4:55:6D:0C:50:C8:73:E4:A0:5C
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       018FA7F5EADF5FAE2EC234FDFAC99E8EE1AB
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/gpcFyDpodvvG8bRVbQxQyHPkoFw.roa
Signing time:             Fri 24 May 2024 00:17:42 +0000
ROA not before:           Fri 24 May 2024 00:17:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215042
IP address blocks:        95.164.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a7:f5:ea:df:5f:ae:2e:c2:34:fd:fa:c9:9e:8e:e1:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: May 24 00:17:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=829705c83a6876fbc6f1b4556d0c50c873e4a05c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:47:75:92:fb:db:0b:74:23:f3:ca:ca:07:6c:
                    12:ac:4a:e1:b2:3a:97:89:65:90:a1:30:f1:f3:87:
                    16:27:ad:70:1d:25:6b:f0:4d:4a:5f:e1:e5:63:8a:
                    ad:cd:08:72:26:3a:e6:65:c2:13:7d:12:e8:a6:54:
                    50:76:b6:83:40:b5:b5:e1:f5:4c:5a:e5:ac:39:e8:
                    34:c5:cd:14:bf:b0:a9:3a:f9:e6:d9:14:75:cc:1d:
                    b5:7f:9a:9e:80:d5:9c:2a:47:b2:da:04:fb:ed:91:
                    4e:23:b4:4a:81:8c:fa:7e:72:6b:59:6e:53:d1:71:
                    d8:e4:2f:85:76:00:9c:74:62:b0:3e:db:41:70:40:
                    d8:23:67:df:f1:58:c1:86:3c:40:2e:27:2b:64:ee:
                    f0:b7:29:a0:65:f0:ba:0a:01:a4:75:f5:d2:27:1a:
                    a8:82:d4:b5:db:28:16:c3:60:cc:f6:fb:8e:97:17:
                    8d:f5:5d:1e:01:eb:15:49:d7:00:7e:87:51:c8:ae:
                    e0:6b:2d:e2:26:75:2b:47:72:14:0a:a7:02:0d:40:
                    32:1e:f9:8d:f0:47:3c:fb:a6:50:fb:ca:fb:cb:f0:
                    2a:09:e7:49:49:fa:66:4b:fe:0d:96:74:7b:c9:7b:
                    7a:96:52:51:6e:e7:18:87:42:03:b3:6f:d4:f8:7f:
                    0b:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:97:05:C8:3A:68:76:FB:C6:F1:B4:55:6D:0C:50:C8:73:E4:A0:5C
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/gpcFyDpodvvG8bRVbQxQyHPkoFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:74:4a:6f:da:3b:41:5f:82:6e:fa:1e:b7:ad:c9:d7:dc:e3:
         de:32:57:5e:4e:d2:70:d6:10:b0:5b:c6:89:c7:ed:94:b9:68:
         ac:93:e2:ea:c6:30:b2:68:31:45:a4:83:15:15:fa:62:78:11:
         b4:8b:94:44:3d:06:91:b2:5c:1c:cd:88:9d:9e:2a:b8:de:27:
         ea:8d:aa:f3:76:86:be:2b:f7:d3:cd:23:c2:f1:2f:bd:0c:6d:
         7d:34:93:4b:15:16:24:35:23:25:e3:6d:89:d0:8b:d0:59:21:
         bc:cc:48:2f:b9:da:c4:c9:90:c5:cc:b3:f2:82:70:d5:20:2e:
         02:90:bb:bc:bd:86:10:40:61:d8:e6:93:17:50:ba:43:36:9e:
         ad:1b:3b:13:5e:7e:4f:60:57:4e:8e:30:69:15:34:ed:c3:bb:
         3c:3b:6e:2b:72:c4:e0:7e:46:b5:12:13:16:5c:04:3c:3f:c1:
         6f:3b:f7:b6:d8:c6:06:b4:69:d9:50:ef:e5:64:23:51:2b:5d:
         c9:7d:10:9a:20:f8:67:3e:79:75:bc:53:c7:90:95:71:62:64:
         97:bb:50:3f:10:6d:e7:8f:76:07:9f:f9:d5:69:ae:e1:ea:c1:
         27:42:c6:fb:db:e9:7b:7c:54:29:26:5a:46:4b:b2:c2:f4:86:
         2b:22:21:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+n9erfX64uwjT9+smejuGrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwNTI0MDAxNzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mjk3MDVjODNhNjg3NmZiYzZmMWI0NTU2ZDBjNTBjODczZTRhMDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0d1kvvbC3Qj88rKB2wSrErhsjqX
iWWQoTDx84cWJ61wHSVr8E1KX+HlY4qtzQhyJjrmZcITfRLoplRQdraDQLW14fVM
WuWsOeg0xc0Uv7CpOvnm2RR1zB21f5qegNWcKkey2gT77ZFOI7RKgYz6fnJrWW5T
0XHY5C+FdgCcdGKwPttBcEDYI2ff8VjBhjxALicrZO7wtymgZfC6CgGkdfXSJxqo
gtS12ygWw2DM9vuOlxeN9V0eAesVSdcAfodRyK7gay3iJnUrR3IUCqcCDUAyHvmN
8Ec8+6ZQ+8r7y/AqCedJSfpmS/4NlnR7yXt6llJRbucYh0IDs2/U+H8LiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIKXBcg6aHb7xvG0VW0MUMhz5KBcMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvZ3BjRnlEcG9kdnZHOGJSVmJReFF5SFBrb0Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX6QOMA0G
CSqGSIb3DQEBCwUAA4IBAQBFdEpv2jtBX4Ju+h63rcnX3OPeMldeTtJw1hCwW8aJ
x+2UuWisk+LqxjCyaDFFpIMVFfpieBG0i5REPQaRslwczYidniq43ifqjarzdoa+
K/fTzSPC8S+9DG19NJNLFRYkNSMl422J0IvQWSG8zEgvudrEyZDFzLPygnDVIC4C
kLu8vYYQQGHY5pMXULpDNp6tGzsTXn5PYFdOjjBpFTTtw7s8O24rcsTgfka1EhMW
XAQ8P8FvO/e22MYGtGnZUO/lZCNRK13JfRCaIPhnPnl1vFPHkJVxYmSXu1A/EG3n
j3YHn/nVaa7h6sEnQsb72+l7fFQpJlpGS7LC9IYrIiFc
-----END CERTIFICATE-----