Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/f20071-22a1-461d-b6bf-4fd0e1b9c12f/1/GN5ooKWmubFblC_XJKzwUF6yxHg.roa
File:                     GN5ooKWmubFblC_XJKzwUF6yxHg.roa (raw, json)
Hash identifier:          ox/84r+Ls8W5QoXkvwuKkZbXHujdPD0R00KGe0e9ab8=
Subject key identifier:   18:DE:68:A0:A5:A6:B9:B1:5B:94:2F:D7:24:AC:F0:50:5E:B2:C4:78
Certificate issuer:       /CN=e00c7ac56b11e104abb167bb1ab3792b3fa7c3d3
Certificate serial:       018CC425001812978BF5E3FFB62E50919B1D
Authority key identifier: E0:0C:7A:C5:6B:11:E1:04:AB:B1:67:BB:1A:B3:79:2B:3F:A7:C3:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Ax6xWsR4QSrsWe7GrN5Kz-nw9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/f20071-22a1-461d-b6bf-4fd0e1b9c12f/1/GN5ooKWmubFblC_XJKzwUF6yxHg.roa
Signing time:             Mon 01 Jan 2024 08:30:08 +0000
ROA not before:           Mon 01 Jan 2024 08:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39584
IP address blocks:        193.200.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/f20071-22a1-461d-b6bf-4fd0e1b9c12f/1/4Ax6xWsR4QSrsWe7GrN5Kz-nw9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/f20071-22a1-461d-b6bf-4fd0e1b9c12f/1/4Ax6xWsR4QSrsWe7GrN5Kz-nw9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Ax6xWsR4QSrsWe7GrN5Kz-nw9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 13:02:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:00:18:12:97:8b:f5:e3:ff:b6:2e:50:91:9b:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e00c7ac56b11e104abb167bb1ab3792b3fa7c3d3
        Validity
            Not Before: Jan  1 08:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18de68a0a5a6b9b15b942fd724acf0505eb2c478
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:ad:33:b7:c8:13:f0:27:9b:7f:56:f7:53:05:
                    6f:87:11:47:d9:13:46:f1:fd:35:85:9b:74:f6:7c:
                    57:5b:f7:7b:18:46:fe:5c:53:52:63:e3:1c:cf:99:
                    83:c3:33:5a:ff:13:7c:73:f7:08:c9:c4:07:0c:2e:
                    41:f5:ff:dc:f3:78:30:e7:e4:59:b8:3d:0c:33:91:
                    9a:40:28:18:db:34:8e:f1:a0:e5:21:f1:dd:66:09:
                    61:59:01:3f:a3:bb:de:70:43:95:e7:bd:61:c4:24:
                    9f:61:3e:0e:c7:bb:66:d8:c3:4f:2f:f6:e2:53:99:
                    06:96:3d:7e:b0:4a:71:db:b8:f3:e1:9b:72:bd:6e:
                    1e:81:e7:dd:1e:b4:e4:a7:80:3c:c5:cd:7a:e4:b8:
                    88:e2:f6:f0:cd:98:e4:36:46:e8:66:5b:d3:b2:d8:
                    f9:55:23:4c:c0:f4:6d:93:ce:49:12:d9:db:49:71:
                    06:f0:d6:32:14:c4:40:5c:82:be:eb:e7:52:42:e1:
                    a4:98:45:e5:3a:7b:26:1c:97:ac:95:35:7a:f8:61:
                    7c:9c:c0:0a:9c:de:17:5d:6a:09:a0:e3:f9:b4:3a:
                    ee:79:0b:02:34:77:c4:ac:f3:e4:44:9a:db:4a:c9:
                    c0:69:65:9e:4f:0d:3e:15:79:54:4d:93:21:73:d1:
                    37:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:DE:68:A0:A5:A6:B9:B1:5B:94:2F:D7:24:AC:F0:50:5E:B2:C4:78
            X509v3 Authority Key Identifier:
                keyid:E0:0C:7A:C5:6B:11:E1:04:AB:B1:67:BB:1A:B3:79:2B:3F:A7:C3:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Ax6xWsR4QSrsWe7GrN5Kz-nw9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/f20071-22a1-461d-b6bf-4fd0e1b9c12f/1/GN5ooKWmubFblC_XJKzwUF6yxHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/f20071-22a1-461d-b6bf-4fd0e1b9c12f/1/4Ax6xWsR4QSrsWe7GrN5Kz-nw9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:c1:f6:a7:65:9e:6c:94:58:ff:7c:9e:e2:1e:e2:3c:24:2e:
         79:f9:5a:41:90:c8:bd:8e:e2:ca:4c:18:4c:40:a1:30:09:6c:
         20:33:d7:37:70:9a:bb:ae:b9:08:dc:ec:e0:11:1f:d2:62:ab:
         19:c0:ce:e0:25:29:78:d6:ab:2c:a2:a9:56:dd:e0:6b:35:c1:
         43:dc:6b:fd:52:70:d3:6c:b1:94:66:c8:32:c4:17:95:59:bf:
         e0:7a:dd:02:f4:3c:dd:42:ef:07:c7:d3:9e:f2:ca:08:19:f6:
         6b:51:1e:58:6a:8f:3e:70:e1:54:48:f3:4d:ce:8c:02:38:92:
         b0:9d:5d:cd:cb:dd:19:11:58:81:2b:29:74:f8:b9:08:50:75:
         18:69:06:e8:b1:3e:d6:14:e1:a2:53:d7:0e:39:1a:a6:a3:0d:
         2a:52:f5:a0:fe:dd:60:ca:8b:aa:58:32:fe:5e:24:58:54:ae:
         64:6b:09:2e:52:06:90:86:09:66:d7:74:97:4f:5b:6a:ad:52:
         fd:77:4a:46:b2:ec:95:06:5a:bb:a0:9c:83:53:b7:9e:d4:43:
         4d:3a:c1:48:15:b4:87:7e:28:af:39:be:7d:db:56:25:e4:70:
         f2:a4:1a:6c:b7:f1:e3:7d:d5:3e:cc:a1:43:c8:d0:87:6a:a6:
         e6:45:ea:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJQAYEpeL9eP/ti5QkZsdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwMGM3YWM1NmIxMWUxMDRhYmIxNjdiYjFhYjM3OTJiM2Zh
N2MzZDMwHhcNMjQwMTAxMDgzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGRlNjhhMGE1YTZiOWIxNWI5NDJmZDcyNGFjZjA1MDVlYjJjNDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl60zt8gT8Cebf1b3UwVvhxFH2RNG
8f01hZt09nxXW/d7GEb+XFNSY+Mcz5mDwzNa/xN8c/cIycQHDC5B9f/c83gw5+RZ
uD0MM5GaQCgY2zSO8aDlIfHdZglhWQE/o7vecEOV571hxCSfYT4Ox7tm2MNPL/bi
U5kGlj1+sEpx27jz4ZtyvW4egefdHrTkp4A8xc165LiI4vbwzZjkNkboZlvTstj5
VSNMwPRtk85JEtnbSXEG8NYyFMRAXIK+6+dSQuGkmEXlOnsmHJeslTV6+GF8nMAK
nN4XXWoJoOP5tDrueQsCNHfErPPkRJrbSsnAaWWeTw0+FXlUTZMhc9E3SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBjeaKClprmxW5Qv1ySs8FBessR4MB8GA1UdIwQY
MBaAFOAMesVrEeEEq7FnuxqzeSs/p8PTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEF4NnhXc1I0UVNyc1dlN0dyTjVLei1udzlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9mMjAwNzEtMjJhMS00NjFkLWI2YmYt
NGZkMGUxYjljMTJmLzEvR041b29LV211YkZibENfWEpLendVRjZ5eEhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9mMjAwNzEtMjJhMS00NjFkLWI2YmYtNGZkMGUxYjljMTJm
LzEvNEF4NnhXc1I0UVNyc1dlN0dyTjVLei1udzlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwciwMA0G
CSqGSIb3DQEBCwUAA4IBAQBgwfanZZ5slFj/fJ7iHuI8JC55+VpBkMi9juLKTBhM
QKEwCWwgM9c3cJq7rrkI3OzgER/SYqsZwM7gJSl41qssoqlW3eBrNcFD3Gv9UnDT
bLGUZsgyxBeVWb/get0C9DzdQu8Hx9Oe8soIGfZrUR5Yao8+cOFUSPNNzowCOJKw
nV3Ny90ZEViBKyl0+LkIUHUYaQbosT7WFOGiU9cOORqmow0qUvWg/t1gyouqWDL+
XiRYVK5kawkuUgaQhglm13SXT1tqrVL9d0pGsuyVBlq7oJyDU7ee1ENNOsFIFbSH
fiivOb5921Yl5HDypBpst/HjfdU+zKFDyNCHaqbmReq/
-----END CERTIFICATE-----