Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/goii3s0NMjXZvgzEJ4t2oTqxTMw.roa
File:                     goii3s0NMjXZvgzEJ4t2oTqxTMw.roa (raw, json)
Hash identifier:          uuwglb2WYF5U/VpFMklQhE0n2aFPRhiFVKAFstsS2Uo=
Subject key identifier:   82:88:A2:DE:CD:0D:32:35:D9:BE:0C:C4:27:8B:76:A1:3A:B1:4C:CC
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       018CC94D3A17BF6B2694B3321772698FDBC6
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/goii3s0NMjXZvgzEJ4t2oTqxTMw.roa
Signing time:             Tue 02 Jan 2024 08:32:10 +0000
ROA not before:           Tue 02 Jan 2024 08:32:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        195.178.132.0/22 maxlen: 24
                          77.47.152.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:3a:17:bf:6b:26:94:b3:32:17:72:69:8f:db:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan  2 08:32:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8288a2decd0d3235d9be0cc4278b76a13ab14ccc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:66:1b:74:67:b0:0b:9d:d4:f9:f7:3c:0a:e5:
                    ad:50:0e:e2:0f:dc:13:b5:12:dd:81:dd:18:4d:4b:
                    68:34:95:a8:b2:27:da:4f:23:91:24:f6:38:88:75:
                    ca:08:1e:c8:51:c8:77:7a:15:e7:42:1d:6f:e5:70:
                    e6:74:e6:49:42:aa:59:28:56:75:93:55:61:6c:e6:
                    1b:3e:e8:36:2a:db:45:ee:dd:78:fa:67:bd:78:4c:
                    b1:42:96:3c:5a:41:06:3a:02:80:3b:29:5d:48:b9:
                    c6:43:c1:71:5f:42:83:da:a7:5a:e2:32:2d:ec:84:
                    8c:00:17:45:0e:61:8d:36:56:1b:f0:c8:0b:1b:e5:
                    30:10:e0:90:9b:55:b6:70:b0:52:71:48:9d:6d:29:
                    37:c9:66:41:60:7d:a9:08:17:fc:10:46:52:0d:9c:
                    4b:cb:d0:f4:2d:56:2b:04:75:3b:a5:7c:ed:aa:ee:
                    c5:09:2e:a6:ff:22:83:bc:9a:1e:0b:98:72:36:61:
                    7d:21:7f:49:ca:e3:c8:0f:ea:e1:fc:3f:e0:67:e4:
                    66:c9:70:45:c1:f8:ab:40:b2:a6:1d:bc:5c:ef:8a:
                    9f:72:d1:6e:89:6c:1c:fa:b5:fb:f3:24:15:3f:c1:
                    fc:b9:a0:5e:ef:9a:2e:af:88:50:af:87:15:79:f9:
                    62:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:88:A2:DE:CD:0D:32:35:D9:BE:0C:C4:27:8B:76:A1:3A:B1:4C:CC
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/goii3s0NMjXZvgzEJ4t2oTqxTMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.47.152.0/22
                  195.178.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b6:10:f3:91:b1:ec:3d:ab:fa:15:47:85:f4:f8:fd:07:55:f1:
         15:c3:da:f6:36:03:bf:8d:1f:22:b0:c1:59:8b:f6:4f:42:1f:
         97:12:80:f9:b6:3e:c3:ad:14:42:0c:49:a5:49:60:ab:be:03:
         66:02:bc:2a:b7:06:88:43:20:13:eb:4f:6e:eb:12:bd:14:30:
         5a:66:67:36:0c:72:f2:c6:29:01:38:52:27:f0:19:db:dd:b2:
         6e:f3:cb:e5:e6:34:19:da:85:f5:e6:22:82:d8:e9:83:7a:88:
         81:13:ed:86:f0:5c:c2:f8:14:c3:e8:35:30:19:65:03:14:aa:
         b8:cb:fd:ab:87:27:4e:85:f1:ff:94:b1:fb:df:8b:c2:13:7d:
         f9:fe:cf:ff:66:68:da:78:db:15:29:53:03:df:60:b0:16:eb:
         5c:bf:11:de:fa:da:d1:de:a2:4c:4f:f9:2e:be:81:95:5b:93:
         64:e1:df:af:c7:5e:4f:33:49:77:fb:2d:93:53:43:2f:23:70:
         ca:75:91:67:64:22:8f:32:b1:dc:fd:8c:80:12:d9:5c:a7:4c:
         84:16:d2:eb:43:55:e2:d6:54:0d:cd:8e:b0:f8:b2:7b:a3:79:
         18:ae:d5:8a:14:07:3d:3e:5d:0d:e8:7f:7d:76:b1:06:ec:54:
         fb:8d:4c:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTToXv2smlLMyF3Jpj9vGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQwMTAyMDgzMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mjg4YTJkZWNkMGQzMjM1ZDliZTBjYzQyNzhiNzZhMTNhYjE0Y2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWYbdGewC53U+fc8CuWtUA7iD9wT
tRLdgd0YTUtoNJWosifaTyORJPY4iHXKCB7IUch3ehXnQh1v5XDmdOZJQqpZKFZ1
k1VhbOYbPug2KttF7t14+me9eEyxQpY8WkEGOgKAOyldSLnGQ8FxX0KD2qda4jIt
7ISMABdFDmGNNlYb8MgLG+UwEOCQm1W2cLBScUidbSk3yWZBYH2pCBf8EEZSDZxL
y9D0LVYrBHU7pXztqu7FCS6m/yKDvJoeC5hyNmF9IX9JyuPID+rh/D/gZ+RmyXBF
wfirQLKmHbxc74qfctFuiWwc+rX78yQVP8H8uaBe75our4hQr4cVefliTwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIKIot7NDTI12b4MxCeLdqE6sUzMMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvZ29paTNzME5Nalhadmd6RUo0dDJvVHF4VE13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCTS+YAwQC
w7KEMA0GCSqGSIb3DQEBCwUAA4IBAQC2EPORsew9q/oVR4X0+P0HVfEVw9r2NgO/
jR8isMFZi/ZPQh+XEoD5tj7DrRRCDEmlSWCrvgNmArwqtwaIQyAT609u6xK9FDBa
Zmc2DHLyxikBOFIn8Bnb3bJu88vl5jQZ2oX15iKC2OmDeoiBE+2G8FzC+BTD6DUw
GWUDFKq4y/2rhydOhfH/lLH734vCE335/s//ZmjaeNsVKVMD32CwFutcvxHe+trR
3qJMT/kuvoGVW5Nk4d+vx15PM0l3+y2TU0MvI3DKdZFnZCKPMrHc/YyAEtlcp0yE
FtLrQ1Xi1lQNzY6w+LJ7o3kYrtWKFAc9Pl0N6H99drEG7FT7jUwp
-----END CERTIFICATE-----