Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/tQnr6skCc00o-krcV80lHw_Z1OU.roa
File:                     tQnr6skCc00o-krcV80lHw_Z1OU.roa (raw, json)
Hash identifier:          /g65N2B+NPRqkbqwjOLQiF4y4O9+3XjRzShIQWblLlQ=
Subject key identifier:   B5:09:EB:EA:C9:02:73:4D:28:FA:4A:DC:57:CD:25:1F:0F:D9:D4:E5
Certificate issuer:       /CN=826be1fb71af48d6b318510aa8bdf9a815f33db8
Certificate serial:       0191BCEEA7909710FA7C7CB1ACFE8B271898
Authority key identifier: 82:6B:E1:FB:71:AF:48:D6:B3:18:51:0A:A8:BD:F9:A8:15:F3:3D:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmvh-3GvSNazGFEKqL35qBXzPbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/tQnr6skCc00o-krcV80lHw_Z1OU.roa
Signing time:             Wed 04 Sep 2024 12:07:22 +0000
ROA not before:           Wed 04 Sep 2024 12:07:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58212
IP address blocks:        192.166.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/gmvh-3GvSNazGFEKqL35qBXzPbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/gmvh-3GvSNazGFEKqL35qBXzPbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmvh-3GvSNazGFEKqL35qBXzPbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bc:ee:a7:90:97:10:fa:7c:7c:b1:ac:fe:8b:27:18:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826be1fb71af48d6b318510aa8bdf9a815f33db8
        Validity
            Not Before: Sep  4 12:07:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b509ebeac902734d28fa4adc57cd251f0fd9d4e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f2:e1:ef:71:3e:22:ec:92:1f:27:a9:e4:a6:
                    48:9d:a9:35:b8:a6:1b:95:66:01:de:34:5b:e1:50:
                    de:e9:c1:9b:7b:d8:62:1d:96:60:67:e5:d6:93:ae:
                    57:7f:94:d3:75:b1:99:5f:a8:75:00:ff:15:3f:98:
                    71:3b:bd:92:c3:3e:75:41:8a:8a:fb:94:77:23:a4:
                    0a:1a:99:f7:59:cf:08:8b:1b:51:46:91:24:74:92:
                    88:1e:cc:ac:08:ba:99:27:4e:17:5d:93:06:92:f6:
                    89:e0:5a:19:eb:7b:c2:59:89:98:14:9e:ad:78:7f:
                    7e:0e:b1:ca:1a:a3:b7:94:9e:23:16:86:04:59:19:
                    8a:7e:25:bb:ae:18:cf:85:9d:45:15:f6:bf:e0:e5:
                    12:31:f4:5b:12:05:f7:40:1b:c2:d9:0a:b6:54:fa:
                    ba:97:b9:bb:f3:2f:77:78:3d:15:cc:d8:f8:bd:66:
                    5d:88:2d:37:ec:e8:94:1f:10:0f:3e:10:73:7d:53:
                    8b:2d:ba:bd:90:d9:b1:11:8b:38:22:65:7c:a6:61:
                    ec:ee:08:65:67:69:ea:78:37:46:68:5f:1a:f8:7f:
                    e8:e5:7c:5e:6e:18:3c:06:86:2f:2c:78:2a:cd:82:
                    0a:8d:72:d8:e2:0a:c6:c5:69:3d:3b:63:0c:c8:73:
                    f7:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:09:EB:EA:C9:02:73:4D:28:FA:4A:DC:57:CD:25:1F:0F:D9:D4:E5
            X509v3 Authority Key Identifier:
                keyid:82:6B:E1:FB:71:AF:48:D6:B3:18:51:0A:A8:BD:F9:A8:15:F3:3D:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmvh-3GvSNazGFEKqL35qBXzPbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/tQnr6skCc00o-krcV80lHw_Z1OU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/gmvh-3GvSNazGFEKqL35qBXzPbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:03:da:82:7e:20:e4:60:9d:75:dd:7c:5e:64:ec:53:2d:25:
         97:89:b2:47:71:86:95:b2:24:a9:f4:4a:1d:89:88:68:7c:68:
         67:e1:5e:d6:ad:b4:42:0a:ed:fc:69:2f:6b:25:db:c1:db:7c:
         79:9e:41:c2:12:f4:d9:22:50:33:ac:af:46:a6:a7:df:87:58:
         19:40:a4:0c:04:6a:8f:1e:89:7b:e5:67:bc:cc:3e:7e:97:3f:
         2a:40:9e:ff:96:4c:14:54:96:ca:44:00:9e:2a:3a:c6:4d:a5:
         f3:57:09:1f:65:a3:b3:39:48:9c:63:ca:b9:83:f4:17:73:c7:
         ee:c1:6f:56:a6:ee:c9:b6:ea:3e:da:c7:6f:f2:44:97:ab:62:
         53:62:f3:18:a0:bf:e1:42:c3:c7:cd:e3:57:b4:c0:18:11:f8:
         ef:d3:0c:d7:50:b8:85:c1:55:dd:b6:2e:b4:8e:40:72:85:f7:
         e8:2d:a6:a9:ff:31:a4:9f:f6:8b:79:d1:bf:9a:2b:67:bc:9a:
         f7:31:47:a9:dd:22:29:e8:81:d5:b8:22:1d:ed:58:db:b2:75:
         ca:41:25:58:c2:ca:8a:d2:ac:ae:73:74:24:d2:bf:ff:33:f5:
         2b:ba:4b:37:22:09:9b:9c:ab:eb:1f:3c:12:46:08:26:85:28:
         b1:b3:66:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG87qeQlxD6fHyxrP6LJxiYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNmJlMWZiNzFhZjQ4ZDZiMzE4NTEwYWE4YmRmOWE4MTVm
MzNkYjgwHhcNMjQwOTA0MTIwNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTA5ZWJlYWM5MDI3MzRkMjhmYTRhZGM1N2NkMjUxZjBmZDlkNGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfLh73E+IuySHyep5KZInak1uKYb
lWYB3jRb4VDe6cGbe9hiHZZgZ+XWk65Xf5TTdbGZX6h1AP8VP5hxO72Swz51QYqK
+5R3I6QKGpn3Wc8IixtRRpEkdJKIHsysCLqZJ04XXZMGkvaJ4FoZ63vCWYmYFJ6t
eH9+DrHKGqO3lJ4jFoYEWRmKfiW7rhjPhZ1FFfa/4OUSMfRbEgX3QBvC2Qq2VPq6
l7m78y93eD0VzNj4vWZdiC037OiUHxAPPhBzfVOLLbq9kNmxEYs4ImV8pmHs7ghl
Z2nqeDdGaF8a+H/o5Xxebhg8BoYvLHgqzYIKjXLY4grGxWk9O2MMyHP3/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLUJ6+rJAnNNKPpK3FfNJR8P2dTlMB8GA1UdIwQY
MBaAFIJr4ftxr0jWsxhRCqi9+agV8z24MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ212aC0zR3ZTTmF6R0ZFS3FMMzVxQlh6UGJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9hYzY4OWItMGUzNi00OWZkLThmOWMt
ZGVkNzIwMTQyNzQ0LzEvdFFucjZza0NjMDBvLWtyY1Y4MGxId19aMU9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9hYzY4OWItMGUzNi00OWZkLThmOWMtZGVkNzIwMTQyNzQ0
LzEvZ212aC0zR3ZTTmF6R0ZFS3FMMzVxQlh6UGJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKbjMA0G
CSqGSIb3DQEBCwUAA4IBAQCCA9qCfiDkYJ113XxeZOxTLSWXibJHcYaVsiSp9Eod
iYhofGhn4V7WrbRCCu38aS9rJdvB23x5nkHCEvTZIlAzrK9Gpqffh1gZQKQMBGqP
Hol75We8zD5+lz8qQJ7/lkwUVJbKRACeKjrGTaXzVwkfZaOzOUicY8q5g/QXc8fu
wW9Wpu7Jtuo+2sdv8kSXq2JTYvMYoL/hQsPHzeNXtMAYEfjv0wzXULiFwVXdti60
jkByhffoLaap/zGkn/aLedG/mitnvJr3MUep3SIp6IHVuCId7VjbsnXKQSVYwsqK
0qyuc3Qk0r//M/Uruks3IgmbnKvrHzwSRggmhSixs2Ym
-----END CERTIFICATE-----