Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/21a4fd-bd8a-4aa4-8c45-5710305439ec/1/GBaIq9Q0xFK_FpS8t-YRhdxGvi8.roa
File:                     GBaIq9Q0xFK_FpS8t-YRhdxGvi8.roa (raw, json)
Hash identifier:          EHdbpoCkCVPmFsf8k7X5liVRA+AGR0wAVGnYfp99Q+Q=
Subject key identifier:   18:16:88:AB:D4:34:C4:52:BF:16:94:BC:B7:E6:11:85:DC:46:BE:2F
Certificate issuer:       /CN=25292652a9ecd9c6bdc8264b9948df6212207624
Certificate serial:       01905DE7EB4E5B15477DF8D9229646213F5B
Authority key identifier: 25:29:26:52:A9:EC:D9:C6:BD:C8:26:4B:99:48:DF:62:12:20:76:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JSkmUqns2ca9yCZLmUjfYhIgdiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/21a4fd-bd8a-4aa4-8c45-5710305439ec/1/GBaIq9Q0xFK_FpS8t-YRhdxGvi8.roa
Signing time:             Fri 28 Jun 2024 08:13:18 +0000
ROA not before:           Fri 28 Jun 2024 08:13:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        45.156.164.0/24 maxlen: 24
                          45.156.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/21a4fd-bd8a-4aa4-8c45-5710305439ec/1/JSkmUqns2ca9yCZLmUjfYhIgdiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/21a4fd-bd8a-4aa4-8c45-5710305439ec/1/JSkmUqns2ca9yCZLmUjfYhIgdiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JSkmUqns2ca9yCZLmUjfYhIgdiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5d:e7:eb:4e:5b:15:47:7d:f8:d9:22:96:46:21:3f:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25292652a9ecd9c6bdc8264b9948df6212207624
        Validity
            Not Before: Jun 28 08:13:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=181688abd434c452bf1694bcb7e61185dc46be2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:a7:2e:ab:ec:02:81:2a:59:26:cf:41:2a:7a:
                    ef:e1:94:98:47:6f:f2:80:8e:1a:67:30:4b:c5:7a:
                    71:20:23:07:2a:7a:53:bc:52:2c:69:a9:4c:9d:b1:
                    a1:9f:6f:52:98:8f:69:9a:55:4a:7e:87:83:54:9e:
                    6e:38:63:f4:ca:29:40:fa:ee:ef:27:72:18:bb:c4:
                    23:e6:23:9f:16:17:93:a8:b5:4b:55:52:4e:ef:26:
                    8f:6d:42:52:8b:ff:b1:48:b1:72:fb:15:68:41:31:
                    d8:9c:0e:e7:56:bb:18:26:c1:68:23:b4:8b:c4:8f:
                    57:0d:11:80:0a:32:59:37:1a:db:8a:0d:29:c5:e4:
                    1f:9b:02:ec:63:87:47:67:0e:e5:13:5d:1f:3d:86:
                    a6:a6:48:84:4c:46:1e:81:a5:09:f8:66:ec:49:df:
                    50:f2:3d:4c:0d:5b:6a:b4:5c:02:ba:ae:0a:f9:dd:
                    48:44:a6:ad:89:36:b1:3e:57:5a:0e:ea:5f:09:e4:
                    20:5b:47:4c:21:cd:c7:d9:51:ba:17:05:83:77:03:
                    dd:6a:ec:cd:ab:62:02:47:e5:42:e8:8a:11:a3:78:
                    13:8e:2f:5b:31:16:99:62:92:d7:a4:5d:4a:cf:46:
                    52:4d:d3:3a:2f:15:b7:ad:73:09:d9:5e:4c:39:cd:
                    e9:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:16:88:AB:D4:34:C4:52:BF:16:94:BC:B7:E6:11:85:DC:46:BE:2F
            X509v3 Authority Key Identifier:
                keyid:25:29:26:52:A9:EC:D9:C6:BD:C8:26:4B:99:48:DF:62:12:20:76:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JSkmUqns2ca9yCZLmUjfYhIgdiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/21a4fd-bd8a-4aa4-8c45-5710305439ec/1/GBaIq9Q0xFK_FpS8t-YRhdxGvi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/21a4fd-bd8a-4aa4-8c45-5710305439ec/1/JSkmUqns2ca9yCZLmUjfYhIgdiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b1:77:80:3c:70:3b:bd:2d:8c:e5:b9:f4:66:45:94:fa:e9:ee:
         fd:b9:d9:47:e8:6d:51:c2:b7:fe:5e:7b:68:7b:da:83:84:c5:
         f2:a9:52:93:79:90:83:0d:77:a6:33:93:9d:85:b3:4e:6f:d5:
         7a:09:10:62:71:c2:ec:f8:82:90:20:f2:3d:fd:e0:9a:8b:92:
         2c:50:95:d4:ba:d1:87:b5:49:0c:ea:e5:0c:d5:1a:3e:2b:8e:
         37:e7:df:48:90:9a:37:81:44:ea:c4:64:c6:15:09:3f:5b:f0:
         1d:68:8d:42:54:d5:d3:2e:fc:4e:8b:f3:30:ee:f1:c4:c3:11:
         95:70:36:3b:ac:49:6e:23:8b:28:f4:5d:b4:a9:4e:fb:37:61:
         64:01:e9:3e:d4:a0:29:78:01:13:0d:bd:d9:76:fd:2e:4f:b1:
         b6:ef:f5:be:c3:80:bf:68:c7:63:ea:a0:df:d1:e8:69:99:61:
         99:ea:c7:d3:5e:82:73:87:e5:d3:9a:34:af:bf:d2:34:52:c1:
         75:29:d3:f7:d3:36:d6:5e:ea:d7:a9:c3:c8:10:a8:24:dd:b7:
         cd:85:e4:f5:98:fe:f9:f3:9f:cb:01:fa:37:af:39:36:82:b9:
         79:78:8f:51:66:1e:20:9c:79:e5:7e:79:c5:39:e0:14:85:cc:
         79:28:dd:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBd5+tOWxVHffjZIpZGIT9bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1MjkyNjUyYTllY2Q5YzZiZGM4MjY0Yjk5NDhkZjYyMTIy
MDc2MjQwHhcNMjQwNjI4MDgxMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODE2ODhhYmQ0MzRjNDUyYmYxNjk0YmNiN2U2MTE4NWRjNDZiZTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA56cuq+wCgSpZJs9BKnrv4ZSYR2/y
gI4aZzBLxXpxICMHKnpTvFIsaalMnbGhn29SmI9pmlVKfoeDVJ5uOGP0yilA+u7v
J3IYu8Qj5iOfFheTqLVLVVJO7yaPbUJSi/+xSLFy+xVoQTHYnA7nVrsYJsFoI7SL
xI9XDRGACjJZNxrbig0pxeQfmwLsY4dHZw7lE10fPYampkiETEYegaUJ+GbsSd9Q
8j1MDVtqtFwCuq4K+d1IRKatiTaxPldaDupfCeQgW0dMIc3H2VG6FwWDdwPdauzN
q2ICR+VC6IoRo3gTji9bMRaZYpLXpF1Kz0ZSTdM6LxW3rXMJ2V5MOc3ppwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBgWiKvUNMRSvxaUvLfmEYXcRr4vMB8GA1UdIwQY
MBaAFCUpJlKp7NnGvcgmS5lI32ISIHYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlNrbVVxbnMyY2E5eUNaTG1VamZZaElnZGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8yMWE0ZmQtYmQ4YS00YWE0LThjNDUt
NTcxMDMwNTQzOWVjLzEvR0JhSXE5UTB4RktfRnBTOHQtWVJoZHhHdmk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8yMWE0ZmQtYmQ4YS00YWE0LThjNDUtNTcxMDMwNTQzOWVj
LzEvSlNrbVVxbnMyY2E5eUNaTG1VamZZaElnZGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZykMA0G
CSqGSIb3DQEBCwUAA4IBAQCxd4A8cDu9LYzlufRmRZT66e79udlH6G1Rwrf+Xnto
e9qDhMXyqVKTeZCDDXemM5OdhbNOb9V6CRBiccLs+IKQIPI9/eCai5IsUJXUutGH
tUkM6uUM1Ro+K443599IkJo3gUTqxGTGFQk/W/AdaI1CVNXTLvxOi/Mw7vHEwxGV
cDY7rEluI4so9F20qU77N2FkAek+1KApeAETDb3Zdv0uT7G27/W+w4C/aMdj6qDf
0ehpmWGZ6sfTXoJzh+XTmjSvv9I0UsF1KdP30zbWXurXqcPIEKgk3bfNheT1mP75
85/LAfo3rzk2grl5eI9RZh4gnHnlfnnFOeAUhcx5KN0p
-----END CERTIFICATE-----