Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/3a39e9-3d40-46f8-bb0f-5ba43b118f75/1/GUmaJzfZzAdW94729BVx3bxnvvI.roa
File:                     GUmaJzfZzAdW94729BVx3bxnvvI.roa (raw, json)
Hash identifier:          p1XaNJjmkMbqwOYcM+rF+yV2UbppQupd9kE5HujGvss=
Subject key identifier:   19:49:9A:27:37:D9:CC:07:56:F7:8E:F6:F4:15:71:DD:BC:67:BE:F2
Certificate issuer:       /CN=0a2a157f00515f95b6df5dc0d52eb1b5d43fde5c
Certificate serial:       018CC9BCAE9CC94C526A14E77D1E7630E559
Authority key identifier: 0A:2A:15:7F:00:51:5F:95:B6:DF:5D:C0:D5:2E:B1:B5:D4:3F:DE:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CioVfwBRX5W2313A1S6xtdQ_3lw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/3a39e9-3d40-46f8-bb0f-5ba43b118f75/1/GUmaJzfZzAdW94729BVx3bxnvvI.roa
Signing time:             Tue 02 Jan 2024 10:33:54 +0000
ROA not before:           Tue 02 Jan 2024 10:33:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198102
IP address blocks:        185.211.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/3a39e9-3d40-46f8-bb0f-5ba43b118f75/1/CioVfwBRX5W2313A1S6xtdQ_3lw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/3a39e9-3d40-46f8-bb0f-5ba43b118f75/1/CioVfwBRX5W2313A1S6xtdQ_3lw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CioVfwBRX5W2313A1S6xtdQ_3lw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ae:9c:c9:4c:52:6a:14:e7:7d:1e:76:30:e5:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a2a157f00515f95b6df5dc0d52eb1b5d43fde5c
        Validity
            Not Before: Jan  2 10:33:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19499a2737d9cc0756f78ef6f41571ddbc67bef2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:fe:52:ab:e6:2a:f0:c2:12:da:10:d4:22:f3:
                    68:c5:59:ed:1a:dc:59:7a:71:4a:d0:94:ca:71:9a:
                    43:68:91:24:5e:bc:d7:00:d4:4f:1b:07:16:96:9c:
                    a2:31:70:7e:02:34:f0:4b:6a:61:97:13:44:11:64:
                    aa:d8:88:2a:61:cd:b4:b4:ae:4c:77:6d:e4:5a:81:
                    36:e8:e4:2b:cc:ca:9c:9a:a9:84:fa:12:62:c6:bc:
                    95:9d:4a:0c:15:56:a2:53:a0:70:55:45:e2:4e:a0:
                    14:d1:3a:f0:cb:3f:f1:0e:b2:58:3e:7a:13:a2:49:
                    40:5a:de:f1:ed:ec:09:f3:c8:0a:d3:af:7b:e1:82:
                    50:cd:41:5b:0b:10:95:2b:51:c6:6a:7f:7a:b7:c7:
                    8f:77:d7:96:1a:fc:dd:ea:88:30:46:c1:a5:7f:3f:
                    a7:39:1c:3b:52:ae:50:48:2f:31:e2:a5:45:2f:08:
                    47:6e:9d:a6:63:0f:8c:48:85:87:4d:df:6f:33:2c:
                    52:81:f7:30:ad:01:00:36:d2:f3:99:4a:0a:f5:f8:
                    1a:b1:5a:3f:7c:3c:89:1b:ba:f6:c4:f1:48:de:c6:
                    02:b5:6b:99:fb:62:56:d3:c4:d6:b1:5c:62:52:50:
                    08:28:02:82:d3:8b:34:6b:93:93:a2:01:c3:05:aa:
                    b7:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:49:9A:27:37:D9:CC:07:56:F7:8E:F6:F4:15:71:DD:BC:67:BE:F2
            X509v3 Authority Key Identifier:
                keyid:0A:2A:15:7F:00:51:5F:95:B6:DF:5D:C0:D5:2E:B1:B5:D4:3F:DE:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CioVfwBRX5W2313A1S6xtdQ_3lw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/3a39e9-3d40-46f8-bb0f-5ba43b118f75/1/GUmaJzfZzAdW94729BVx3bxnvvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/3a39e9-3d40-46f8-bb0f-5ba43b118f75/1/CioVfwBRX5W2313A1S6xtdQ_3lw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:22:4e:b8:e6:87:ad:71:d6:4a:99:1e:fc:ab:ca:59:57:6a:
         8d:6e:2b:57:fd:f0:26:28:8d:77:5a:01:ba:c8:ff:79:df:e7:
         43:f2:97:74:21:14:57:7c:8a:29:57:d4:43:4a:7a:e4:2b:3b:
         c0:97:62:71:0a:45:e2:47:b8:f0:fb:9f:62:8e:de:66:ad:75:
         d4:6c:b0:98:c0:2f:cc:32:d1:e5:5c:1a:16:db:b7:b7:23:c7:
         5a:b5:4c:f7:89:12:09:65:f2:34:0d:c8:8b:ef:f5:ac:1f:9b:
         f4:cb:09:bf:48:81:f6:80:a9:0e:25:a3:63:fe:5f:04:05:ee:
         76:88:7b:07:39:38:40:76:79:ba:6c:2f:5f:ca:31:7d:f2:f0:
         42:1c:93:75:66:e0:2e:f4:9d:cc:3f:36:33:4e:fb:bd:db:2a:
         86:d2:8b:fe:d4:af:af:cd:5b:7a:8a:a4:5f:4f:ed:2f:7f:ed:
         52:3f:7f:ce:1a:63:52:5b:27:13:7a:55:82:5a:bb:07:8f:9f:
         81:ad:dc:f9:6a:1c:0b:c7:f8:e6:aa:f5:00:27:09:2b:31:0a:
         63:09:5e:c3:00:12:d2:59:c1:cc:d6:63:8d:b0:bc:e4:fe:2c:
         6e:fd:7d:1f:06:e2:68:9d:4c:8f:5d:a0:07:71:b8:a1:e7:34:
         b3:5d:50:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvK6cyUxSahTnfR52MOVZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMmExNTdmMDA1MTVmOTViNmRmNWRjMGQ1MmViMWI1ZDQz
ZmRlNWMwHhcNMjQwMTAyMTAzMzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTQ5OWEyNzM3ZDljYzA3NTZmNzhlZjZmNDE1NzFkZGJjNjdiZWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAof5Sq+Yq8MIS2hDUIvNoxVntGtxZ
enFK0JTKcZpDaJEkXrzXANRPGwcWlpyiMXB+AjTwS2phlxNEEWSq2IgqYc20tK5M
d23kWoE26OQrzMqcmqmE+hJixryVnUoMFVaiU6BwVUXiTqAU0Trwyz/xDrJYPnoT
oklAWt7x7ewJ88gK06974YJQzUFbCxCVK1HGan96t8ePd9eWGvzd6ogwRsGlfz+n
ORw7Uq5QSC8x4qVFLwhHbp2mYw+MSIWHTd9vMyxSgfcwrQEANtLzmUoK9fgasVo/
fDyJG7r2xPFI3sYCtWuZ+2JW08TWsVxiUlAIKAKC04s0a5OTogHDBaq3AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBlJmic32cwHVveO9vQVcd28Z77yMB8GA1UdIwQY
MBaAFAoqFX8AUV+Vtt9dwNUusbXUP95cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2lvVmZ3QlJYNVcyMzEzQTFTNnh0ZFFfM2x3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8zYTM5ZTktM2Q0MC00NmY4LWJiMGYt
NWJhNDNiMTE4Zjc1LzEvR1VtYUp6Zlp6QWRXOTQ3MjlCVngzYnhudnZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8zYTM5ZTktM2Q0MC00NmY4LWJiMGYtNWJhNDNiMTE4Zjc1
LzEvQ2lvVmZ3QlJYNVcyMzEzQTFTNnh0ZFFfM2x3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudMOMA0G
CSqGSIb3DQEBCwUAA4IBAQAtIk645oetcdZKmR78q8pZV2qNbitX/fAmKI13WgG6
yP953+dD8pd0IRRXfIopV9RDSnrkKzvAl2JxCkXiR7jw+59ijt5mrXXUbLCYwC/M
MtHlXBoW27e3I8datUz3iRIJZfI0DciL7/WsH5v0ywm/SIH2gKkOJaNj/l8EBe52
iHsHOThAdnm6bC9fyjF98vBCHJN1ZuAu9J3MPzYzTvu92yqG0ov+1K+vzVt6iqRf
T+0vf+1SP3/OGmNSWycTelWCWrsHj5+Brdz5ahwLx/jmqvUAJwkrMQpjCV7DABLS
WcHM1mONsLzk/ixu/X0fBuJonUyPXaAHcbih5zSzXVCM
-----END CERTIFICATE-----