Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/60c7c1-8f0f-4b80-8630-3e4f35b66461/1/G_JDkPr_GVGSENx0gr32Ycd0wTI.roa
File:                     G_JDkPr_GVGSENx0gr32Ycd0wTI.roa (raw, json)
Hash identifier:          0x3dZ2aLobOVCo94iNc0uCO7coMmjtKTBRQHBq0d0cQ=
Subject key identifier:   1B:F2:43:90:FA:FF:19:51:92:10:DC:74:82:BD:F6:61:C7:74:C1:32
Certificate issuer:       /CN=124f16479e4b72aca589baa01039fc8e923b4cc3
Certificate serial:       018CC424880A6CB73FB773A8FED33A6BE804
Authority key identifier: 12:4F:16:47:9E:4B:72:AC:A5:89:BA:A0:10:39:FC:8E:92:3B:4C:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ek8WR55LcqylibqgEDn8jpI7TMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/60c7c1-8f0f-4b80-8630-3e4f35b66461/1/G_JDkPr_GVGSENx0gr32Ycd0wTI.roa
Signing time:             Mon 01 Jan 2024 08:29:37 +0000
ROA not before:           Mon 01 Jan 2024 08:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34624
IP address blocks:        185.71.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/60c7c1-8f0f-4b80-8630-3e4f35b66461/1/Ek8WR55LcqylibqgEDn8jpI7TMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/60c7c1-8f0f-4b80-8630-3e4f35b66461/1/Ek8WR55LcqylibqgEDn8jpI7TMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ek8WR55LcqylibqgEDn8jpI7TMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:02:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:88:0a:6c:b7:3f:b7:73:a8:fe:d3:3a:6b:e8:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=124f16479e4b72aca589baa01039fc8e923b4cc3
        Validity
            Not Before: Jan  1 08:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1bf24390faff19519210dc7482bdf661c774c132
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e5:7b:5d:f5:d0:df:38:d2:87:f1:99:cf:57:
                    79:a2:33:a8:09:fc:d0:c3:0e:10:01:6c:1f:c4:99:
                    fe:0f:dc:33:ed:42:7f:9d:a2:bb:84:f4:f3:fa:80:
                    2b:ff:0d:a0:9e:fe:86:0c:e8:56:42:6e:48:f7:74:
                    f1:e6:85:ea:9e:aa:f9:9c:96:29:d0:a9:9c:c8:00:
                    34:1c:76:cb:5f:c0:67:7a:26:25:8c:cc:23:44:eb:
                    7c:2f:a5:b7:d2:41:60:e0:ab:ae:0a:4b:d3:5d:7d:
                    76:fc:dc:fa:0f:b0:4c:89:75:39:61:35:37:37:c2:
                    76:72:08:75:2f:c7:fb:af:c3:97:cf:ff:75:71:0b:
                    2a:6c:d4:4b:d6:9a:d4:bf:58:73:2c:be:07:36:18:
                    b9:40:20:05:91:a6:4b:b3:e8:64:4d:d1:55:6e:a3:
                    d8:6f:73:34:2a:7d:be:a5:0d:84:0f:cc:f0:2b:1b:
                    4f:f0:bb:50:f5:d3:98:a6:99:3d:c7:df:b6:f1:a9:
                    95:2c:d4:a7:7c:64:c0:5b:1e:62:fd:6c:e5:f5:07:
                    4e:21:bf:15:d6:dd:2c:7a:3e:bf:57:81:90:1c:82:
                    eb:9f:fb:22:da:10:df:be:8d:36:ca:7d:68:9a:b8:
                    01:b3:0b:b5:74:1d:15:7f:fb:a8:28:0d:a5:c4:ee:
                    17:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:F2:43:90:FA:FF:19:51:92:10:DC:74:82:BD:F6:61:C7:74:C1:32
            X509v3 Authority Key Identifier:
                keyid:12:4F:16:47:9E:4B:72:AC:A5:89:BA:A0:10:39:FC:8E:92:3B:4C:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ek8WR55LcqylibqgEDn8jpI7TMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/60c7c1-8f0f-4b80-8630-3e4f35b66461/1/G_JDkPr_GVGSENx0gr32Ycd0wTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/60c7c1-8f0f-4b80-8630-3e4f35b66461/1/Ek8WR55LcqylibqgEDn8jpI7TMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:8a:81:2e:17:fe:ab:db:b7:c0:70:65:f5:7d:f3:c4:08:1f:
         42:bc:ad:53:7c:be:dc:e7:9a:58:18:60:d7:0e:50:ed:49:d1:
         41:66:3c:53:e8:11:c1:f0:16:10:4a:3c:78:23:5c:03:6b:67:
         00:ff:18:cf:8d:e0:85:a8:d1:e6:a3:b2:70:fd:c1:e3:34:84:
         94:8d:22:8f:33:82:a3:d4:99:ee:05:fa:f0:71:3e:31:7d:80:
         4f:05:2a:87:74:1e:1b:66:62:f0:70:c7:ee:9f:27:8c:ca:3f:
         78:ea:31:2d:4a:27:1f:0c:23:5c:70:b4:36:b9:68:0a:9c:3c:
         a7:2a:ff:37:24:7d:8f:cf:64:17:3d:a8:ba:13:ad:8b:32:a3:
         c5:fe:c0:34:c9:85:b1:30:76:84:56:d7:c7:2b:62:26:51:2c:
         8f:a1:f7:54:a1:65:79:b9:1d:62:59:20:2b:a4:b0:b6:77:27:
         a7:7e:38:d2:0b:67:ef:e3:1c:f8:d9:16:98:19:e4:bf:9e:3c:
         0b:5d:af:d9:f4:6d:27:29:a2:7b:83:9d:e6:2f:74:ec:68:67:
         4d:9e:d5:93:6f:be:be:c9:47:f2:97:ed:8d:a2:3c:ed:0c:a2:
         18:88:bc:63:43:29:1a:38:ea:e6:ec:9b:91:5f:b9:13:08:6e:
         0b:d2:a3:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJIgKbLc/t3Oo/tM6a+gEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNGYxNjQ3OWU0YjcyYWNhNTg5YmFhMDEwMzlmYzhlOTIz
YjRjYzMwHhcNMjQwMTAxMDgyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmYyNDM5MGZhZmYxOTUxOTIxMGRjNzQ4MmJkZjY2MWM3NzRjMTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuV7XfXQ3zjSh/GZz1d5ojOoCfzQ
ww4QAWwfxJn+D9wz7UJ/naK7hPTz+oAr/w2gnv6GDOhWQm5I93Tx5oXqnqr5nJYp
0KmcyAA0HHbLX8BneiYljMwjROt8L6W30kFg4KuuCkvTXX12/Nz6D7BMiXU5YTU3
N8J2cgh1L8f7r8OXz/91cQsqbNRL1prUv1hzLL4HNhi5QCAFkaZLs+hkTdFVbqPY
b3M0Kn2+pQ2ED8zwKxtP8LtQ9dOYppk9x9+28amVLNSnfGTAWx5i/Wzl9QdOIb8V
1t0sej6/V4GQHILrn/si2hDfvo02yn1omrgBswu1dB0Vf/uoKA2lxO4XuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvyQ5D6/xlRkhDcdIK99mHHdMEyMB8GA1UdIwQY
MBaAFBJPFkeeS3KspYm6oBA5/I6SO0zDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWs4V1I1NUxjcXlsaWJxZ0VEbjhqcEk3VE1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS82MGM3YzEtOGYwZi00YjgwLTg2MzAt
M2U0ZjM1YjY2NDYxLzEvR19KRGtQcl9HVkdTRU54MGdyMzJZY2Qwd1RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS82MGM3YzEtOGYwZi00YjgwLTg2MzAtM2U0ZjM1YjY2NDYx
LzEvRWs4V1I1NUxjcXlsaWJxZ0VEbjhqcEk3VE1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUd8MA0G
CSqGSIb3DQEBCwUAA4IBAQAfioEuF/6r27fAcGX1ffPECB9CvK1TfL7c55pYGGDX
DlDtSdFBZjxT6BHB8BYQSjx4I1wDa2cA/xjPjeCFqNHmo7Jw/cHjNISUjSKPM4Kj
1JnuBfrwcT4xfYBPBSqHdB4bZmLwcMfunyeMyj946jEtSicfDCNccLQ2uWgKnDyn
Kv83JH2Pz2QXPai6E62LMqPF/sA0yYWxMHaEVtfHK2ImUSyPofdUoWV5uR1iWSAr
pLC2dyenfjjSC2fv4xz42RaYGeS/njwLXa/Z9G0nKaJ7g53mL3TsaGdNntWTb76+
yUfyl+2NojztDKIYiLxjQykaOOrm7JuRX7kTCG4L0qN5
-----END CERTIFICATE-----