Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/4e6b43-13d7-4d3b-92ed-d9aebe43ef42/1/GzEFY4FMaNIn9ALjdEIyqJJseSE.roa
File:                     GzEFY4FMaNIn9ALjdEIyqJJseSE.roa (raw, json)
Hash identifier:          A0TZx6QvZikNrmKwA+Q10TiJHkrQxZ4XZGZdjheoj80=
Subject key identifier:   1B:31:05:63:81:4C:68:D2:27:F4:02:E3:74:42:32:A8:92:6C:79:21
Certificate issuer:       /CN=3905b7ec1cb8e895a25bd4ac67bc3166615d8b62
Certificate serial:       01941FFA2A938C607B7C055B148D23584CAB
Authority key identifier: 39:05:B7:EC:1C:B8:E8:95:A2:5B:D4:AC:67:BC:31:66:61:5D:8B:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OQW37By46JWiW9SsZ7wxZmFdi2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/4e6b43-13d7-4d3b-92ed-d9aebe43ef42/1/GzEFY4FMaNIn9ALjdEIyqJJseSE.roa
Signing time:             Wed 01 Jan 2025 03:47:56 +0000
ROA not before:           Wed 01 Jan 2025 03:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59575
IP address blocks:        176.116.146.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/4e6b43-13d7-4d3b-92ed-d9aebe43ef42/1/OQW37By46JWiW9SsZ7wxZmFdi2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/4e6b43-13d7-4d3b-92ed-d9aebe43ef42/1/OQW37By46JWiW9SsZ7wxZmFdi2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OQW37By46JWiW9SsZ7wxZmFdi2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 12:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:2a:93:8c:60:7b:7c:05:5b:14:8d:23:58:4c:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3905b7ec1cb8e895a25bd4ac67bc3166615d8b62
        Validity
            Not Before: Jan  1 03:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b310563814c68d227f402e3744232a8926c7921
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:68:b7:47:c1:8a:07:71:24:45:82:8f:bd:b8:
                    dc:e8:e9:f8:70:66:f3:85:af:68:a2:6a:30:e8:d1:
                    88:02:1d:23:50:e5:c7:b1:6f:51:4a:06:49:3c:04:
                    98:64:0e:c0:36:bf:cf:00:61:c9:13:21:e0:72:ca:
                    c4:4b:21:f3:05:98:73:74:d4:77:0b:1c:aa:7c:24:
                    e4:61:a4:1a:ea:72:03:43:b6:b2:0b:5b:95:3a:84:
                    0a:a4:29:9c:a9:0c:cd:ff:e9:d0:bf:c7:ef:25:32:
                    0d:88:3e:c0:b8:e0:01:24:48:c4:ef:b1:3e:41:97:
                    af:ec:b0:81:84:32:a5:0f:61:3f:40:a8:ee:cc:9b:
                    a2:67:a8:0a:2b:8d:6a:ab:bb:54:d1:bc:86:86:8e:
                    fb:81:9c:ea:df:94:f7:5a:ef:9a:b9:ee:3f:da:e3:
                    af:cc:53:a1:ce:48:79:86:df:65:28:b7:73:5f:0c:
                    d8:13:e6:e5:85:6c:49:c7:00:1b:62:00:a9:72:46:
                    53:87:7b:23:44:de:15:dd:ed:5d:35:ff:ae:c7:bf:
                    86:82:41:e0:94:9d:dd:fc:e7:86:c0:f9:d7:48:bc:
                    c4:ab:33:4e:72:1a:2f:bb:23:65:46:df:29:9f:1a:
                    b6:14:14:55:4b:05:6d:f7:c2:55:9b:7b:1e:64:6e:
                    c2:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:31:05:63:81:4C:68:D2:27:F4:02:E3:74:42:32:A8:92:6C:79:21
            X509v3 Authority Key Identifier:
                keyid:39:05:B7:EC:1C:B8:E8:95:A2:5B:D4:AC:67:BC:31:66:61:5D:8B:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OQW37By46JWiW9SsZ7wxZmFdi2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/4e6b43-13d7-4d3b-92ed-d9aebe43ef42/1/GzEFY4FMaNIn9ALjdEIyqJJseSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/4e6b43-13d7-4d3b-92ed-d9aebe43ef42/1/OQW37By46JWiW9SsZ7wxZmFdi2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.116.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:c8:99:d6:55:e2:2a:29:59:06:f9:00:da:12:9f:53:72:37:
         8b:93:d1:39:49:d4:f4:18:b8:69:41:a3:8e:50:9b:c7:5f:d7:
         b7:ad:76:c7:50:06:e3:00:4c:3a:ba:09:83:52:7b:bb:4f:77:
         65:63:4a:e2:a2:d2:73:ab:73:11:3d:f0:b6:b9:d2:19:4c:b8:
         5d:0f:53:12:c1:cd:94:89:34:12:bd:81:81:65:2f:cc:1c:c5:
         15:0c:f4:98:f4:b2:ee:4a:52:8c:bd:9b:b5:72:f5:e3:07:70:
         b3:c1:a0:02:84:36:13:98:18:f3:63:5a:a2:2b:c6:e5:1a:89:
         2d:ff:ce:3c:21:2b:5e:08:96:da:7f:fc:8a:62:fa:11:0e:33:
         dd:2b:bf:3d:80:e8:d5:52:07:96:e0:3f:40:e4:6e:17:20:9c:
         73:7a:8e:58:c6:d7:e6:56:22:73:c3:14:85:0c:28:43:dd:31:
         d7:28:1c:9d:0f:bf:e1:a4:39:26:80:0d:b3:96:12:f7:b1:0b:
         d7:d6:64:e2:70:c7:90:34:a3:bd:4a:a7:09:bf:a6:1e:d6:fd:
         5c:ba:fc:95:a0:54:2c:59:21:82:62:5c:03:5d:8d:71:43:86:
         3e:85:fc:10:aa:1f:0d:89:8a:5d:7c:12:a3:f8:6e:9d:a6:48:
         1b:a6:81:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+iqTjGB7fAVbFI0jWEyrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MDViN2VjMWNiOGU4OTVhMjViZDRhYzY3YmMzMTY2NjE1
ZDhiNjIwHhcNMjUwMTAxMDM0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjMxMDU2MzgxNGM2OGQyMjdmNDAyZTM3NDQyMzJhODkyNmM3OTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGi3R8GKB3EkRYKPvbjc6On4cGbz
ha9oomow6NGIAh0jUOXHsW9RSgZJPASYZA7ANr/PAGHJEyHgcsrESyHzBZhzdNR3
CxyqfCTkYaQa6nIDQ7ayC1uVOoQKpCmcqQzN/+nQv8fvJTINiD7AuOABJEjE77E+
QZev7LCBhDKlD2E/QKjuzJuiZ6gKK41qq7tU0byGho77gZzq35T3Wu+aue4/2uOv
zFOhzkh5ht9lKLdzXwzYE+blhWxJxwAbYgCpckZTh3sjRN4V3e1dNf+ux7+GgkHg
lJ3d/OeGwPnXSLzEqzNOchovuyNlRt8pnxq2FBRVSwVt98JVm3seZG7CAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBsxBWOBTGjSJ/QC43RCMqiSbHkhMB8GA1UdIwQY
MBaAFDkFt+wcuOiVolvUrGe8MWZhXYtiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1FXMzdCeTQ2SldpVzlTc1o3d3habUZkaTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS80ZTZiNDMtMTNkNy00ZDNiLTkyZWQt
ZDlhZWJlNDNlZjQyLzEvR3pFRlk0Rk1hTkluOUFMamRFSXlxSkpzZVNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS80ZTZiNDMtMTNkNy00ZDNiLTkyZWQtZDlhZWJlNDNlZjQy
LzEvT1FXMzdCeTQ2SldpVzlTc1o3d3habUZkaTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsHSSMA0G
CSqGSIb3DQEBCwUAA4IBAQAkyJnWVeIqKVkG+QDaEp9TcjeLk9E5SdT0GLhpQaOO
UJvHX9e3rXbHUAbjAEw6ugmDUnu7T3dlY0riotJzq3MRPfC2udIZTLhdD1MSwc2U
iTQSvYGBZS/MHMUVDPSY9LLuSlKMvZu1cvXjB3CzwaAChDYTmBjzY1qiK8blGokt
/848ISteCJbaf/yKYvoRDjPdK789gOjVUgeW4D9A5G4XIJxzeo5YxtfmViJzwxSF
DChD3THXKBydD7/hpDkmgA2zlhL3sQvX1mTicMeQNKO9SqcJv6Ye1v1cuvyVoFQs
WSGCYlwDXY1xQ4Y+hfwQqh8NiYpdfBKj+G6dpkgbpoHT
-----END CERTIFICATE-----