Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/gM9YKH8sgoOTd3-WQRdT6H4O0Cg.roa
File:                     gM9YKH8sgoOTd3-WQRdT6H4O0Cg.roa (raw, json)
Hash identifier:          mlWCXV90nTN3MXKtEiBTm3VE80kTKpVrE35mCc75/9U=
Subject key identifier:   80:CF:58:28:7F:2C:82:83:93:77:7F:96:41:17:53:E8:7E:0E:D0:28
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       018EDBD054ABAD05519DBB5C41ECD9A4A003
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/gM9YKH8sgoOTd3-WQRdT6H4O0Cg.roa
Signing time:             Sun 14 Apr 2024 08:54:07 +0000
ROA not before:           Sun 14 Apr 2024 08:54:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        79.98.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:db:d0:54:ab:ad:05:51:9d:bb:5c:41:ec:d9:a4:a0:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Apr 14 08:54:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80cf58287f2c828393777f96411753e87e0ed028
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:73:bc:b9:13:9e:5a:38:9a:51:ac:6c:f0:02:
                    8c:0f:a8:cd:33:3f:7c:3f:87:e7:b0:72:6a:8f:30:
                    4a:af:04:6d:6d:8a:f5:80:d7:78:78:b1:ac:69:d4:
                    a9:8a:88:2f:cc:71:1c:df:93:97:08:c5:6f:31:d3:
                    b9:82:bc:cb:58:1a:9e:f3:50:f4:ad:aa:9d:bb:0a:
                    41:46:d2:92:ef:18:0e:c5:8b:b8:5d:e1:02:93:4c:
                    34:90:73:fb:9b:5c:a8:47:47:27:9f:d9:02:a2:4a:
                    85:43:54:10:a9:2f:c8:a9:a5:39:ec:b2:c6:6e:02:
                    d1:94:61:44:64:13:78:48:3b:bd:7a:56:7c:eb:47:
                    b8:c2:68:7b:6c:73:5b:43:63:57:5f:1e:14:d3:c7:
                    7a:48:26:76:e0:79:da:2c:62:66:28:47:70:8a:38:
                    8c:34:78:a4:3e:de:9a:98:f2:cc:52:ba:c6:09:b4:
                    1d:53:33:02:18:7c:c4:d8:be:be:66:02:26:da:52:
                    de:f2:aa:5d:c3:13:90:57:de:ff:e4:97:f2:a6:81:
                    49:54:d7:86:47:9d:55:2c:d0:f7:de:fc:94:ef:4e:
                    d9:ba:52:f9:c8:44:0a:22:fd:ca:34:a4:ee:a0:88:
                    34:b4:e9:49:b7:55:5f:df:58:b4:0f:ec:a1:7b:f0:
                    42:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:CF:58:28:7F:2C:82:83:93:77:7F:96:41:17:53:E8:7E:0E:D0:28
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/gM9YKH8sgoOTd3-WQRdT6H4O0Cg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.98.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:53:8c:04:dd:b9:aa:e3:34:32:01:45:d1:f4:83:c1:5c:f4:
         58:7a:e6:d7:66:5b:5d:50:d6:32:69:ef:e4:27:81:a7:21:35:
         91:d2:08:94:2a:9f:7b:54:0e:02:88:29:74:60:b2:72:17:66:
         56:aa:2c:c6:47:7e:ec:60:9c:09:04:ab:a9:73:3e:d3:db:3d:
         95:c3:6c:2d:79:88:c3:05:6d:e2:65:1e:c3:80:c8:37:1e:b8:
         94:d7:eb:57:7a:38:50:a2:eb:ea:99:df:36:d5:0a:f9:ab:c1:
         ed:75:dc:69:9b:57:89:54:f5:06:1c:1e:06:7d:08:32:3f:bd:
         0b:9a:09:61:fd:6f:37:55:bb:6f:c8:a1:c9:11:5f:f9:36:31:
         e7:6d:1c:83:87:02:eb:3e:57:3b:7b:42:34:0d:46:39:66:5e:
         e7:8e:a4:f5:85:ef:0d:ef:9b:52:cc:dd:2a:e1:db:8d:58:dd:
         bd:ac:64:66:11:d2:31:f1:13:ae:9c:ca:91:c8:dd:7a:da:45:
         d5:76:ec:9e:14:11:cb:b6:b4:53:61:3a:d8:fb:aa:ae:a4:8a:
         16:0b:e4:12:49:60:e0:a0:44:ad:8c:9a:97:60:b4:c7:ca:ae:
         ff:49:70:7c:42:a7:44:d0:34:c3:06:0f:44:3e:ff:f1:95:c4:
         4b:7d:fb:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7b0FSrrQVRnbtcQezZpKADMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjQwNDE0MDg1NDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGNmNTgyODdmMmM4MjgzOTM3NzdmOTY0MTE3NTNlODdlMGVkMDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXO8uROeWjiaUaxs8AKMD6jNMz98
P4fnsHJqjzBKrwRtbYr1gNd4eLGsadSpiogvzHEc35OXCMVvMdO5grzLWBqe81D0
raqduwpBRtKS7xgOxYu4XeECk0w0kHP7m1yoR0cnn9kCokqFQ1QQqS/IqaU57LLG
bgLRlGFEZBN4SDu9elZ860e4wmh7bHNbQ2NXXx4U08d6SCZ24HnaLGJmKEdwijiM
NHikPt6amPLMUrrGCbQdUzMCGHzE2L6+ZgIm2lLe8qpdwxOQV97/5JfypoFJVNeG
R51VLND33vyU707ZulL5yEQKIv3KNKTuoIg0tOlJt1Vf31i0D+yhe/BCywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIDPWCh/LIKDk3d/lkEXU+h+DtAoMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvZ005WUtIOHNnb09UZDMtV1FSZFQ2SDRPMENnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT2L2MA0G
CSqGSIb3DQEBCwUAA4IBAQCsU4wE3bmq4zQyAUXR9IPBXPRYeubXZltdUNYyae/k
J4GnITWR0giUKp97VA4CiCl0YLJyF2ZWqizGR37sYJwJBKupcz7T2z2Vw2wteYjD
BW3iZR7DgMg3HriU1+tXejhQouvqmd821Qr5q8Htddxpm1eJVPUGHB4GfQgyP70L
mglh/W83VbtvyKHJEV/5NjHnbRyDhwLrPlc7e0I0DUY5Zl7njqT1he8N75tSzN0q
4duNWN29rGRmEdIx8ROunMqRyN162kXVduyeFBHLtrRTYTrY+6qupIoWC+QSSWDg
oEStjJqXYLTHyq7/SXB8QqdE0DTDBg9EPv/xlcRLffsG
-----END CERTIFICATE-----