Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/119b31-774c-4a40-87a0-758fba5a3951/1/Ga7xjXDSDjdOVNrcTGr_g6sBFW8.roa
File:                     Ga7xjXDSDjdOVNrcTGr_g6sBFW8.roa (raw, json)
Hash identifier:          8Y/Mjf2+mYXubhHwDguXMxh+k+JgGQC7Q5HSVi+iXpA=
Subject key identifier:   19:AE:F1:8D:70:D2:0E:37:4E:54:DA:DC:4C:6A:FF:83:AB:01:15:6F
Certificate issuer:       /CN=a81b324ec026121ffe5dca77f0e94a6c087e70d2
Certificate serial:       0194236A29DE46BE2BFF5C1E859A2A2AC64A
Authority key identifier: A8:1B:32:4E:C0:26:12:1F:FE:5D:CA:77:F0:E9:4A:6C:08:7E:70:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qBsyTsAmEh_-Xcp38OlKbAh-cNI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/119b31-774c-4a40-87a0-758fba5a3951/1/Ga7xjXDSDjdOVNrcTGr_g6sBFW8.roa
Signing time:             Wed 01 Jan 2025 19:49:07 +0000
ROA not before:           Wed 01 Jan 2025 19:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12319
IP address blocks:        82.116.160.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/119b31-774c-4a40-87a0-758fba5a3951/1/qBsyTsAmEh_-Xcp38OlKbAh-cNI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/119b31-774c-4a40-87a0-758fba5a3951/1/qBsyTsAmEh_-Xcp38OlKbAh-cNI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qBsyTsAmEh_-Xcp38OlKbAh-cNI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:29:de:46:be:2b:ff:5c:1e:85:9a:2a:2a:c6:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a81b324ec026121ffe5dca77f0e94a6c087e70d2
        Validity
            Not Before: Jan  1 19:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19aef18d70d20e374e54dadc4c6aff83ab01156f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:99:20:a6:bf:f4:87:5e:44:15:10:2c:f9:9a:
                    fd:0e:96:72:2b:20:3e:f5:26:de:6e:2b:4f:d7:68:
                    18:5d:77:af:03:ed:2e:d0:a7:a2:2b:04:bf:68:58:
                    72:02:0e:25:7c:e5:2e:b3:7d:6e:7a:b6:28:e5:39:
                    8d:da:b3:9a:f4:de:ce:56:db:e8:38:9d:c0:86:92:
                    f6:02:3b:b4:df:ca:ef:78:7f:02:36:ce:fb:0d:6b:
                    e3:9c:3f:d9:7e:1b:dc:d4:fb:ba:e8:2f:24:04:09:
                    b3:f8:3f:20:43:23:3d:7f:69:4c:3c:ef:1b:c7:24:
                    d7:f0:34:aa:27:2f:dd:d8:4d:f7:41:75:73:81:7b:
                    7f:8c:f9:a6:61:89:69:d9:c0:7e:5a:43:b9:c3:99:
                    e0:2b:46:ff:62:1a:a0:52:64:3a:9a:16:e4:03:45:
                    9f:0e:d6:0c:d0:13:57:74:22:14:9d:ac:e4:41:64:
                    6a:45:65:36:41:53:79:0a:f1:c4:db:d0:3b:39:99:
                    0f:f4:50:b5:a8:9f:27:d2:2e:ab:e3:ea:b5:12:cc:
                    92:c2:fd:17:f0:9c:a4:bd:40:f5:12:45:e1:6c:c6:
                    2b:47:7a:35:a4:3b:f5:ed:f8:22:2f:95:ba:b7:7d:
                    8e:21:65:66:07:c1:12:67:19:72:50:89:13:4c:58:
                    d3:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:AE:F1:8D:70:D2:0E:37:4E:54:DA:DC:4C:6A:FF:83:AB:01:15:6F
            X509v3 Authority Key Identifier:
                keyid:A8:1B:32:4E:C0:26:12:1F:FE:5D:CA:77:F0:E9:4A:6C:08:7E:70:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qBsyTsAmEh_-Xcp38OlKbAh-cNI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/119b31-774c-4a40-87a0-758fba5a3951/1/Ga7xjXDSDjdOVNrcTGr_g6sBFW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/119b31-774c-4a40-87a0-758fba5a3951/1/qBsyTsAmEh_-Xcp38OlKbAh-cNI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.116.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2e:dc:e6:2e:e6:f2:73:d7:f1:2c:48:f6:17:ef:08:50:6c:a9:
         01:12:81:11:4b:0a:66:81:d5:ce:6e:84:25:fb:da:b1:5d:c7:
         c5:56:4d:18:3e:61:7a:63:76:b7:40:c5:af:b0:ed:fd:4c:84:
         d8:a2:e4:cc:9d:69:1f:4c:0f:39:c2:c8:0d:10:bb:a8:8b:c6:
         f8:43:44:1a:40:14:25:30:d6:e7:e0:1b:b2:86:a8:bf:ce:4a:
         6d:7e:60:d3:16:78:52:96:f0:1f:ce:bd:1c:2a:36:3e:17:ea:
         44:ed:fd:7e:58:d8:69:96:51:ed:ea:ad:42:5b:35:96:21:c8:
         7d:03:7d:7c:11:a6:80:a9:a6:34:f7:57:2d:78:d1:25:90:d5:
         46:6f:4a:cf:9d:36:1d:12:4f:3b:46:e9:06:8a:31:ce:48:51:
         e1:21:77:c3:e8:37:e5:e1:d4:df:7f:5e:6b:80:a8:a0:4d:8a:
         de:b2:56:78:2b:44:56:89:98:68:d6:42:ab:a9:f5:71:b0:96:
         97:9b:7f:d8:c5:8c:78:1e:dd:4e:79:20:c7:7f:23:31:38:74:
         0c:95:a3:29:fa:11:29:8a:b2:32:2e:d2:a8:8c:b8:d0:55:37:
         0c:20:65:56:57:f0:59:b3:a4:5c:2e:4f:22:cd:32:e1:d4:42:
         61:40:d8:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaineRr4r/1wehZoqKsZKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MWIzMjRlYzAyNjEyMWZmZTVkY2E3N2YwZTk0YTZjMDg3
ZTcwZDIwHhcNMjUwMTAxMTk0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWFlZjE4ZDcwZDIwZTM3NGU1NGRhZGM0YzZhZmY4M2FiMDExNTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA35kgpr/0h15EFRAs+Zr9DpZyKyA+
9SbebitP12gYXXevA+0u0KeiKwS/aFhyAg4lfOUus31uerYo5TmN2rOa9N7OVtvo
OJ3AhpL2Aju038rveH8CNs77DWvjnD/Zfhvc1Pu66C8kBAmz+D8gQyM9f2lMPO8b
xyTX8DSqJy/d2E33QXVzgXt/jPmmYYlp2cB+WkO5w5ngK0b/YhqgUmQ6mhbkA0Wf
DtYM0BNXdCIUnazkQWRqRWU2QVN5CvHE29A7OZkP9FC1qJ8n0i6r4+q1EsySwv0X
8JykvUD1EkXhbMYrR3o1pDv17fgiL5W6t32OIWVmB8ESZxlyUIkTTFjTBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBmu8Y1w0g43TlTa3Exq/4OrARVvMB8GA1UdIwQY
MBaAFKgbMk7AJhIf/l3Kd/DpSmwIfnDSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUJzeVRzQW1FaF8tWGNwMzhPbEtiQWgtY05JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8xMTliMzEtNzc0Yy00YTQwLTg3YTAt
NzU4ZmJhNWEzOTUxLzEvR2E3eGpYRFNEamRPVk5yY1RHcl9nNnNCRlc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8xMTliMzEtNzc0Yy00YTQwLTg3YTAtNzU4ZmJhNWEzOTUx
LzEvcUJzeVRzQW1FaF8tWGNwMzhPbEtiQWgtY05JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFUnSgMA0G
CSqGSIb3DQEBCwUAA4IBAQAu3OYu5vJz1/EsSPYX7whQbKkBEoERSwpmgdXOboQl
+9qxXcfFVk0YPmF6Y3a3QMWvsO39TITYouTMnWkfTA85wsgNELuoi8b4Q0QaQBQl
MNbn4Buyhqi/zkptfmDTFnhSlvAfzr0cKjY+F+pE7f1+WNhpllHt6q1CWzWWIch9
A318EaaAqaY091cteNElkNVGb0rPnTYdEk87RukGijHOSFHhIXfD6Dfl4dTff15r
gKigTYreslZ4K0RWiZho1kKrqfVxsJaXm3/YxYx4Ht1OeSDHfyMxOHQMlaMp+hEp
irIyLtKojLjQVTcMIGVWV/BZs6RcLk8izTLh1EJhQNgW
-----END CERTIFICATE-----