Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/847ee0-ba2a-4fd2-89d7-87fe2e54ba79/1/gzx2bq0LLY864JAPmq9aWAzVMes.roa
File:                     gzx2bq0LLY864JAPmq9aWAzVMes.roa (raw, json)
Hash identifier:          1LQIYnnaDNi4Doxlxn9ovWnFZtxdaKLKDS3cOcVvprk=
Subject key identifier:   83:3C:76:6E:AD:0B:2D:8F:3A:E0:90:0F:9A:AF:5A:58:0C:D5:31:EB
Certificate issuer:       /CN=60077f22c6428bc889b365b006cb5248d4bf61cf
Certificate serial:       018CC8DF4B8131BEEDDAB954935969BCE314
Authority key identifier: 60:07:7F:22:C6:42:8B:C8:89:B3:65:B0:06:CB:52:48:D4:BF:61:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YAd_IsZCi8iJs2WwBstSSNS_Yc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/847ee0-ba2a-4fd2-89d7-87fe2e54ba79/1/gzx2bq0LLY864JAPmq9aWAzVMes.roa
Signing time:             Tue 02 Jan 2024 06:32:06 +0000
ROA not before:           Tue 02 Jan 2024 06:32:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41202
IP address blocks:        95.214.208.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/847ee0-ba2a-4fd2-89d7-87fe2e54ba79/1/YAd_IsZCi8iJs2WwBstSSNS_Yc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/847ee0-ba2a-4fd2-89d7-87fe2e54ba79/1/YAd_IsZCi8iJs2WwBstSSNS_Yc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YAd_IsZCi8iJs2WwBstSSNS_Yc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:4b:81:31:be:ed:da:b9:54:93:59:69:bc:e3:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60077f22c6428bc889b365b006cb5248d4bf61cf
        Validity
            Not Before: Jan  2 06:32:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=833c766ead0b2d8f3ae0900f9aaf5a580cd531eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:1b:2f:1e:34:49:c3:15:5e:4a:db:d8:b5:65:
                    1e:a5:e6:4b:b3:02:7c:6d:e0:af:ac:71:cb:cf:4b:
                    1d:c6:b6:9a:46:ae:d4:de:ad:2c:e9:df:0d:cd:aa:
                    a9:7c:ad:c8:88:d6:12:6a:3c:06:05:e1:e5:be:73:
                    ed:ae:08:8d:1b:7d:b6:f5:94:35:bf:00:3b:99:ab:
                    ab:95:18:08:33:80:78:a4:bf:04:48:b4:17:10:a4:
                    a0:85:56:66:2d:60:00:4e:36:6a:86:68:84:49:c2:
                    e6:5a:e9:18:1b:10:ac:83:22:d5:6d:cb:e0:b8:6e:
                    1e:f6:3e:ea:6f:16:81:e0:a6:dd:4f:79:45:3c:43:
                    9f:42:bb:2d:b7:a6:32:bb:46:1c:1c:0d:f9:26:3e:
                    ca:83:d2:42:58:15:d7:af:e3:0d:94:c9:d6:80:66:
                    3d:76:f8:8f:8f:de:4b:17:8e:50:0f:0d:9c:8f:0a:
                    fc:8c:61:7f:e3:a6:27:17:ab:fd:dc:21:1e:5e:a4:
                    a6:be:79:1d:7d:ad:68:73:ef:36:3a:6c:fa:c5:51:
                    45:dd:59:a6:25:9b:38:69:f6:d5:9c:64:c1:87:b0:
                    39:02:15:d5:af:81:71:f5:3e:98:4e:e4:7f:54:14:
                    4e:8f:a2:2d:ce:80:a8:57:79:9b:b7:84:6c:ea:33:
                    60:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:3C:76:6E:AD:0B:2D:8F:3A:E0:90:0F:9A:AF:5A:58:0C:D5:31:EB
            X509v3 Authority Key Identifier:
                keyid:60:07:7F:22:C6:42:8B:C8:89:B3:65:B0:06:CB:52:48:D4:BF:61:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YAd_IsZCi8iJs2WwBstSSNS_Yc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/847ee0-ba2a-4fd2-89d7-87fe2e54ba79/1/gzx2bq0LLY864JAPmq9aWAzVMes.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/847ee0-ba2a-4fd2-89d7-87fe2e54ba79/1/YAd_IsZCi8iJs2WwBstSSNS_Yc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.214.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:6a:a4:fa:e0:6f:ed:c0:1f:36:35:03:0d:c1:00:be:59:99:
         fc:c0:8a:9d:72:12:e3:8c:56:7e:98:60:c6:6c:3e:a9:9e:8b:
         aa:92:5c:60:7d:26:b7:59:e2:71:4e:a3:24:aa:4c:4b:62:2b:
         a8:6f:62:e4:c8:19:cd:80:03:8d:1b:db:2f:90:db:58:e6:cc:
         19:15:1a:c2:ca:86:19:db:93:de:72:f0:61:e8:0b:03:41:1f:
         33:88:f2:52:4e:87:88:ce:c0:3f:12:30:0a:34:c8:43:fa:f3:
         c5:bc:8e:25:18:79:6e:ef:57:7a:c2:a1:c2:2d:5a:05:f7:2e:
         64:09:ac:f8:02:d8:f8:51:f9:4a:74:dd:a0:5f:a6:4f:12:4f:
         4f:b4:e0:30:17:48:6b:de:91:af:c6:19:78:e2:d0:bd:38:62:
         01:a7:3d:54:98:b7:0c:50:42:89:e7:12:c6:ba:74:dd:09:e8:
         a0:51:25:52:c9:86:4c:e3:77:c5:6d:32:01:ee:c9:95:0b:6d:
         e1:b9:5f:f8:38:81:34:81:b0:27:a8:97:3c:35:40:f3:79:96:
         19:68:16:e9:a5:c3:6d:c0:5e:b8:8a:be:ea:7e:1f:12:a8:8a:
         38:e9:ab:42:19:d0:38:9c:93:f8:34:b1:20:be:7c:52:56:55:
         3c:70:92:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI30uBMb7t2rlUk1lpvOMUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMDc3ZjIyYzY0MjhiYzg4OWIzNjViMDA2Y2I1MjQ4ZDRi
ZjYxY2YwHhcNMjQwMTAyMDYzMjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzNjNzY2ZWFkMGIyZDhmM2FlMDkwMGY5YWFmNWE1ODBjZDUzMWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBsvHjRJwxVeStvYtWUepeZLswJ8
beCvrHHLz0sdxraaRq7U3q0s6d8NzaqpfK3IiNYSajwGBeHlvnPtrgiNG3229ZQ1
vwA7maurlRgIM4B4pL8ESLQXEKSghVZmLWAATjZqhmiEScLmWukYGxCsgyLVbcvg
uG4e9j7qbxaB4KbdT3lFPEOfQrstt6Yyu0YcHA35Jj7Kg9JCWBXXr+MNlMnWgGY9
dviPj95LF45QDw2cjwr8jGF/46YnF6v93CEeXqSmvnkdfa1oc+82Omz6xVFF3Vmm
JZs4afbVnGTBh7A5AhXVr4Fx9T6YTuR/VBROj6ItzoCoV3mbt4Rs6jNgnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIM8dm6tCy2POuCQD5qvWlgM1THrMB8GA1UdIwQY
MBaAFGAHfyLGQovIibNlsAbLUkjUv2HPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUFkX0lzWkNpOGlKczJXd0JzdFNTTlNfWWM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC84NDdlZTAtYmEyYS00ZmQyLTg5ZDct
ODdmZTJlNTRiYTc5LzEvZ3p4MmJxMExMWTg2NEpBUG1xOWFXQXpWTWVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC84NDdlZTAtYmEyYS00ZmQyLTg5ZDctODdmZTJlNTRiYTc5
LzEvWUFkX0lzWkNpOGlKczJXd0JzdFNTTlNfWWM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX9bQMA0G
CSqGSIb3DQEBCwUAA4IBAQAqaqT64G/twB82NQMNwQC+WZn8wIqdchLjjFZ+mGDG
bD6pnouqklxgfSa3WeJxTqMkqkxLYiuob2LkyBnNgAONG9svkNtY5swZFRrCyoYZ
25PecvBh6AsDQR8ziPJSToeIzsA/EjAKNMhD+vPFvI4lGHlu71d6wqHCLVoF9y5k
Caz4Atj4UflKdN2gX6ZPEk9PtOAwF0hr3pGvxhl44tC9OGIBpz1UmLcMUEKJ5xLG
unTdCeigUSVSyYZM43fFbTIB7smVC23huV/4OIE0gbAnqJc8NUDzeZYZaBbppcNt
wF64ir7qfh8SqIo46atCGdA4nJP4NLEgvnxSVlU8cJKN
-----END CERTIFICATE-----