Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/gMJHBKKWkwQew8s6v72D5cbZQ9Q.roa
File:                     gMJHBKKWkwQew8s6v72D5cbZQ9Q.roa (raw, json)
Hash identifier:          cm/1cym222youIYn7pnBjs0279tYdcVRAcod+fA+ELE=
Subject key identifier:   80:C2:47:04:A2:96:93:04:1E:C3:CB:3A:BF:BD:83:E5:C6:D9:43:D4
Certificate issuer:       /CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
Certificate serial:       018CC5004B9CC331DD64F13B638885E923C1
Authority key identifier: 93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/gMJHBKKWkwQew8s6v72D5cbZQ9Q.roa
Signing time:             Mon 01 Jan 2024 12:29:40 +0000
ROA not before:           Mon 01 Jan 2024 12:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209262
IP address blocks:        217.113.21.0/24 maxlen: 24
                          217.113.20.0/23 maxlen: 24
                          217.113.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:50:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:4b:9c:c3:31:dd:64:f1:3b:63:88:85:e9:23:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
        Validity
            Not Before: Jan  1 12:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80c24704a29693041ec3cb3abfbd83e5c6d943d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f8:d4:09:55:12:f3:8e:d5:7c:4f:cd:ae:d2:
                    75:e4:90:db:fa:20:ea:93:2a:94:c7:35:7f:9a:5e:
                    9e:48:fd:b2:0a:8a:b4:9d:26:ea:12:15:15:fa:13:
                    06:4b:d6:36:20:18:46:42:fb:7b:5b:a8:fc:14:02:
                    de:42:99:6b:34:9f:cf:f4:1b:3c:e4:5b:c7:7c:8f:
                    dd:b0:17:5a:ad:d9:54:81:6f:64:79:8e:1c:05:da:
                    d7:87:25:74:b1:13:eb:16:b7:28:f3:88:f6:dc:23:
                    e6:ad:29:99:06:01:09:9e:47:f1:ac:85:ca:7a:9e:
                    e9:1a:05:5a:11:4d:e9:84:ae:34:78:fe:cc:c8:4b:
                    07:2a:8e:e4:2c:f0:c6:82:80:a0:35:67:8f:bc:60:
                    a1:81:da:5b:50:a6:cc:88:bc:00:75:ee:9f:d0:1d:
                    cd:2f:e9:75:04:23:f8:74:d8:ae:e9:e4:12:ea:ac:
                    a5:2a:77:4e:bf:0a:c9:ae:ab:62:fb:78:72:ae:51:
                    4d:5a:a1:b6:f5:b3:ec:6f:5f:6f:be:a3:72:46:a6:
                    c3:39:2e:1c:44:c6:fc:62:57:74:14:8c:9a:e7:bf:
                    00:23:c8:f9:a4:95:e5:ed:d5:2e:70:71:fe:cc:58:
                    73:f9:b2:1f:aa:b7:6e:6e:bf:49:49:c9:8e:f9:66:
                    53:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:C2:47:04:A2:96:93:04:1E:C3:CB:3A:BF:BD:83:E5:C6:D9:43:D4
            X509v3 Authority Key Identifier:
                keyid:93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/gMJHBKKWkwQew8s6v72D5cbZQ9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.113.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:9b:c6:c7:c4:09:f2:24:7e:aa:70:b4:fb:b5:22:51:3f:d2:
         d7:bb:3d:e2:fb:6f:9b:a6:38:7f:e1:7d:a5:3d:ce:b5:85:c6:
         35:5d:23:bb:cf:34:31:23:12:f5:c4:42:1a:99:22:5b:bc:17:
         e3:a6:bc:0a:7e:3a:4e:12:99:50:b9:80:c3:7b:be:40:12:69:
         f2:e9:d7:49:bc:f4:bb:da:01:67:fa:27:cf:47:a4:44:53:12:
         1a:dd:9d:5b:09:59:92:21:ed:7c:a3:42:d3:97:d9:f6:9d:20:
         bf:1b:f7:12:3c:01:2e:c6:0d:dd:3d:9d:19:5c:ad:61:b0:1d:
         5b:9d:df:12:6c:80:52:14:4e:ee:a8:83:04:69:19:7b:12:01:
         bc:48:f5:27:a0:fe:6e:fa:6e:17:79:24:b5:9f:c3:d5:84:e5:
         ce:60:ba:d2:d2:07:6c:a8:aa:88:68:5a:65:fc:d2:29:59:4e:
         9e:32:7e:25:0b:f9:8d:b8:53:b6:b7:b6:df:89:48:cd:f3:4c:
         fa:ae:07:a7:7a:ff:c9:4e:47:d1:83:7f:0b:7e:55:34:fb:87:
         4c:1e:a9:77:38:c1:52:72:75:d3:40:e4:5d:28:68:fe:58:c5:
         e7:03:12:a9:de:c4:2d:df:07:dd:dc:bb:70:f3:db:f7:b9:9c:
         c3:2f:6b:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAEucwzHdZPE7Y4iF6SPBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZThmNGVkNWRkMDYzMDFjNDIzOTg4ZTc4NmRhYmY1MWM1
ZjU2NzQwHhcNMjQwMTAxMTIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGMyNDcwNGEyOTY5MzA0MWVjM2NiM2FiZmJkODNlNWM2ZDk0M2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPjUCVUS847VfE/NrtJ15JDb+iDq
kyqUxzV/ml6eSP2yCoq0nSbqEhUV+hMGS9Y2IBhGQvt7W6j8FALeQplrNJ/P9Bs8
5FvHfI/dsBdardlUgW9keY4cBdrXhyV0sRPrFrco84j23CPmrSmZBgEJnkfxrIXK
ep7pGgVaEU3phK40eP7MyEsHKo7kLPDGgoCgNWePvGChgdpbUKbMiLwAde6f0B3N
L+l1BCP4dNiu6eQS6qylKndOvwrJrqti+3hyrlFNWqG29bPsb19vvqNyRqbDOS4c
RMb8Yld0FIya578AI8j5pJXl7dUucHH+zFhz+bIfqrdubr9JScmO+WZT3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIDCRwSilpMEHsPLOr+9g+XG2UPUMB8GA1UdIwQY
MBaAFJPo9O1d0GMBxCOYjnhtq/UcX1Z0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQt
MWZjMTllYTczYTJhLzEvZ01KSEJLS1drd1FldzhzNnY3MkQ1Y2JaUTlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQtMWZjMTllYTczYTJh
LzEvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2XEUMA0G
CSqGSIb3DQEBCwUAA4IBAQBVm8bHxAnyJH6qcLT7tSJRP9LXuz3i+2+bpjh/4X2l
Pc61hcY1XSO7zzQxIxL1xEIamSJbvBfjprwKfjpOEplQuYDDe75AEmny6ddJvPS7
2gFn+ifPR6REUxIa3Z1bCVmSIe18o0LTl9n2nSC/G/cSPAEuxg3dPZ0ZXK1hsB1b
nd8SbIBSFE7uqIMEaRl7EgG8SPUnoP5u+m4XeSS1n8PVhOXOYLrS0gdsqKqIaFpl
/NIpWU6eMn4lC/mNuFO2t7bfiUjN80z6rgenev/JTkfRg38LflU0+4dMHql3OMFS
cnXTQORdKGj+WMXnAxKp3sQt3wfd3Ltw89v3uZzDL2v+
-----END CERTIFICATE-----