Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/gxO-7p1H5eoPRXfN9zH2o8e7_Hg.roa
File:                     gxO-7p1H5eoPRXfN9zH2o8e7_Hg.roa (raw, json)
Hash identifier:          9z7wQOE2cddAenU8w84OLtWqHskAziTM/G5XopRmfK4=
Subject key identifier:   83:13:BE:EE:9D:47:E5:EA:0F:45:77:CD:F7:31:F6:A3:C7:BB:FC:78
Certificate issuer:       /CN=95a5adf6af1fcc0570adf858fd5bfbe28791a186
Certificate serial:       018CC64B3520246F39D9B1A77E40337132D8
Authority key identifier: 95:A5:AD:F6:AF:1F:CC:05:70:AD:F8:58:FD:5B:FB:E2:87:91:A1:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/laWt9q8fzAVwrfhY_Vv74oeRoYY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/gxO-7p1H5eoPRXfN9zH2o8e7_Hg.roa
Signing time:             Mon 01 Jan 2024 18:31:06 +0000
ROA not before:           Mon 01 Jan 2024 18:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1221
IP address blocks:        185.144.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/laWt9q8fzAVwrfhY_Vv74oeRoYY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/laWt9q8fzAVwrfhY_Vv74oeRoYY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/laWt9q8fzAVwrfhY_Vv74oeRoYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:35:20:24:6f:39:d9:b1:a7:7e:40:33:71:32:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95a5adf6af1fcc0570adf858fd5bfbe28791a186
        Validity
            Not Before: Jan  1 18:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8313beee9d47e5ea0f4577cdf731f6a3c7bbfc78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:32:29:e4:f3:ae:c9:4b:39:fe:1c:de:cf:af:
                    42:48:9a:45:b3:cd:29:f3:d7:13:13:4a:39:99:ab:
                    3e:31:f1:3a:d7:99:43:82:26:c4:9b:45:6c:74:5a:
                    fd:6e:d0:b6:8f:1b:7f:12:4b:9b:a1:ca:a5:6a:d1:
                    5a:e3:43:bc:8a:6b:7b:98:f9:3c:f8:03:7f:6e:3d:
                    6b:cd:d3:a6:2e:8e:fb:ff:54:59:b9:44:fd:f6:92:
                    69:6d:c3:d6:b9:4f:72:8e:96:c9:bc:87:62:35:61:
                    d1:79:6e:a7:9d:e6:8d:7d:80:ad:33:0e:0d:e0:39:
                    5f:02:2e:1c:44:35:6d:40:60:e8:7a:c8:a4:b9:f5:
                    44:44:f3:f6:78:f8:e0:9c:72:a6:f6:e8:09:14:06:
                    6f:5c:72:1e:54:d5:06:6f:d9:33:9d:2c:a9:6a:95:
                    0d:a9:fe:8c:52:80:b2:63:06:f4:32:98:2a:ea:7e:
                    63:3b:ba:f3:64:0e:54:df:c7:f2:eb:ca:5e:a0:f0:
                    1a:7b:69:0c:87:80:55:c7:cb:c1:00:8e:87:17:cd:
                    9b:b6:9f:e1:4c:35:22:b5:7e:92:72:e5:c6:bf:87:
                    57:f0:3f:87:f5:72:4f:e6:bb:40:0c:c0:8f:2c:11:
                    7a:98:26:3d:a4:42:aa:43:ac:aa:d3:53:25:28:55:
                    3d:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:13:BE:EE:9D:47:E5:EA:0F:45:77:CD:F7:31:F6:A3:C7:BB:FC:78
            X509v3 Authority Key Identifier:
                keyid:95:A5:AD:F6:AF:1F:CC:05:70:AD:F8:58:FD:5B:FB:E2:87:91:A1:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/laWt9q8fzAVwrfhY_Vv74oeRoYY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/gxO-7p1H5eoPRXfN9zH2o8e7_Hg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/laWt9q8fzAVwrfhY_Vv74oeRoYY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:58:4d:49:57:9b:72:13:bf:3b:3b:a6:dc:9d:ef:89:4d:1c:
         f4:ea:a8:3c:98:81:78:9b:25:52:24:c7:af:43:9a:e4:a6:bb:
         48:e2:e6:61:50:a5:71:03:df:82:ce:6a:20:96:96:1b:ab:99:
         34:c6:39:e9:d7:1d:10:80:2c:54:88:cc:b0:26:ce:f6:91:a3:
         cf:f5:fe:c2:fc:e3:33:42:ac:7c:30:f5:9d:76:97:6c:93:33:
         a9:b2:03:21:5f:bc:95:76:2f:bd:ac:80:c3:60:b8:82:65:92:
         a0:f8:d4:06:20:4f:d7:55:ca:b6:69:ae:bf:98:57:70:80:f9:
         38:65:99:27:e6:c9:80:87:02:fa:c3:69:fe:d6:03:02:86:5e:
         94:90:10:47:ef:f0:8e:b8:c5:74:8e:ea:b6:16:d8:24:f2:0f:
         11:70:b0:4d:e0:6a:fb:ca:eb:3b:81:b7:70:59:eb:ae:ae:20:
         4b:a6:e2:24:1d:45:83:ae:2f:a4:44:4e:fd:c3:fa:ca:e0:69:
         95:66:99:01:fe:4a:b8:ce:ef:94:df:3e:b6:1e:94:df:ab:07:
         03:08:03:1d:ba:b7:4e:bd:ff:12:dc:fe:68:85:fc:18:12:7a:
         60:0a:d1:e0:69:21:96:b9:26:16:e6:46:e0:37:f7:dc:ca:61:
         8c:4a:5b:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSzUgJG852bGnfkAzcTLYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1YTVhZGY2YWYxZmNjMDU3MGFkZjg1OGZkNWJmYmUyODc5
MWExODYwHhcNMjQwMTAxMTgzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzEzYmVlZTlkNDdlNWVhMGY0NTc3Y2RmNzMxZjZhM2M3YmJmYzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzIp5POuyUs5/hzez69CSJpFs80p
89cTE0o5mas+MfE615lDgibEm0VsdFr9btC2jxt/EkubocqlatFa40O8imt7mPk8
+AN/bj1rzdOmLo77/1RZuUT99pJpbcPWuU9yjpbJvIdiNWHReW6nneaNfYCtMw4N
4DlfAi4cRDVtQGDoesikufVERPP2ePjgnHKm9ugJFAZvXHIeVNUGb9kznSypapUN
qf6MUoCyYwb0Mpgq6n5jO7rzZA5U38fy68peoPAae2kMh4BVx8vBAI6HF82btp/h
TDUitX6ScuXGv4dX8D+H9XJP5rtADMCPLBF6mCY9pEKqQ6yq01MlKFU9fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMTvu6dR+XqD0V3zfcx9qPHu/x4MB8GA1UdIwQY
MBaAFJWlrfavH8wFcK34WP1b++KHkaGGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGFXdDlxOGZ6QVZ3cmZoWV9Wdjc0b2VSb1lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9kM2YxYmEtZDllNS00NWM1LWJjYTIt
MTYxOWQwOGM2OTY1LzEvZ3hPLTdwMUg1ZW9QUlhmTjl6SDJvOGU3X0hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9kM2YxYmEtZDllNS00NWM1LWJjYTItMTYxOWQwOGM2OTY1
LzEvbGFXdDlxOGZ6QVZ3cmZoWV9Wdjc0b2VSb1lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZBvMA0G
CSqGSIb3DQEBCwUAA4IBAQCLWE1JV5tyE787O6bcne+JTRz06qg8mIF4myVSJMev
Q5rkprtI4uZhUKVxA9+CzmoglpYbq5k0xjnp1x0QgCxUiMywJs72kaPP9f7C/OMz
Qqx8MPWddpdskzOpsgMhX7yVdi+9rIDDYLiCZZKg+NQGIE/XVcq2aa6/mFdwgPk4
ZZkn5smAhwL6w2n+1gMChl6UkBBH7/COuMV0juq2Ftgk8g8RcLBN4Gr7yus7gbdw
WeuuriBLpuIkHUWDri+kRE79w/rK4GmVZpkB/kq4zu+U3z62HpTfqwcDCAMdurdO
vf8S3P5ohfwYEnpgCtHgaSGWuSYW5kbgN/fcymGMSlsN
-----END CERTIFICATE-----