Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/85f02e-f1ac-44fb-92eb-f05aa229d638/1/gAEvp1-KM4UOuiTMfXLLnP22VsU.roa
File:                     gAEvp1-KM4UOuiTMfXLLnP22VsU.roa (raw, json)
Hash identifier:          TFGDocGw8j0tswS49YYRh7cl9NtHFJdmWzGKm8AHgRg=
Subject key identifier:   80:01:2F:A7:5F:8A:33:85:0E:BA:24:CC:7D:72:CB:9C:FD:B6:56:C5
Certificate issuer:       /CN=d2622fdec8fadfca58e7575c29f10e73ae775715
Certificate serial:       018CC7260138374017684F2087C80B3B610A
Authority key identifier: D2:62:2F:DE:C8:FA:DF:CA:58:E7:57:5C:29:F1:0E:73:AE:77:57:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0mIv3sj638pY51dcKfEOc653VxU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/85f02e-f1ac-44fb-92eb-f05aa229d638/1/gAEvp1-KM4UOuiTMfXLLnP22VsU.roa
Signing time:             Mon 01 Jan 2024 22:30:05 +0000
ROA not before:           Mon 01 Jan 2024 22:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49740
IP address blocks:        85.187.160.0/20 maxlen: 20
                          194.69.202.0/24 maxlen: 24
                          85.187.176.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/85f02e-f1ac-44fb-92eb-f05aa229d638/1/0mIv3sj638pY51dcKfEOc653VxU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/85f02e-f1ac-44fb-92eb-f05aa229d638/1/0mIv3sj638pY51dcKfEOc653VxU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0mIv3sj638pY51dcKfEOc653VxU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:01:38:37:40:17:68:4f:20:87:c8:0b:3b:61:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2622fdec8fadfca58e7575c29f10e73ae775715
        Validity
            Not Before: Jan  1 22:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80012fa75f8a33850eba24cc7d72cb9cfdb656c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:42:6e:64:c8:46:c0:25:b8:12:35:bb:1f:2a:
                    de:d3:10:a1:50:82:05:ed:4a:89:b1:e2:6d:2c:d2:
                    75:aa:51:4e:69:b4:f1:24:30:64:0f:f3:b1:ff:08:
                    0e:d2:30:9c:29:22:c1:9f:03:d5:ef:ba:ad:52:11:
                    87:94:10:88:67:20:3a:ef:ed:1a:5c:36:ee:48:b7:
                    df:10:17:50:90:bd:83:53:b2:ed:9e:94:b3:44:fa:
                    41:61:63:57:d8:3b:0b:81:c5:50:d8:a7:cc:f9:02:
                    24:86:d0:0c:1c:2c:be:63:90:e4:fb:90:4e:e9:94:
                    53:87:65:ea:a4:58:28:1e:a4:16:1c:f4:f3:a5:7e:
                    db:f8:8d:b8:d6:98:24:e0:ff:ea:78:78:fb:81:4a:
                    f2:fd:11:52:ba:6b:cd:67:bc:38:c2:20:53:0a:8f:
                    8e:2a:ab:1b:ce:f9:9d:c3:7a:22:37:02:74:ab:02:
                    c0:a7:40:1d:23:96:ff:9f:de:87:8f:43:75:26:fd:
                    39:db:f3:6e:ea:da:a5:d9:fa:1d:ca:bc:87:83:86:
                    df:5a:eb:44:b0:e6:72:52:d0:d8:bb:16:54:4e:60:
                    4f:a7:04:02:49:27:ba:02:26:51:32:60:b8:a6:9a:
                    c3:11:d4:88:23:8a:39:42:f4:24:79:3d:84:19:50:
                    2d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:01:2F:A7:5F:8A:33:85:0E:BA:24:CC:7D:72:CB:9C:FD:B6:56:C5
            X509v3 Authority Key Identifier:
                keyid:D2:62:2F:DE:C8:FA:DF:CA:58:E7:57:5C:29:F1:0E:73:AE:77:57:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0mIv3sj638pY51dcKfEOc653VxU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/85f02e-f1ac-44fb-92eb-f05aa229d638/1/gAEvp1-KM4UOuiTMfXLLnP22VsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/85f02e-f1ac-44fb-92eb-f05aa229d638/1/0mIv3sj638pY51dcKfEOc653VxU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.187.160.0-85.187.179.255
                  194.69.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:5c:6b:15:4e:5d:42:b1:fb:a7:62:6e:94:60:7e:06:bf:db:
         98:2b:74:12:6e:6a:c8:0e:17:b0:c2:dc:19:34:ec:69:ee:6e:
         39:7a:a6:f4:1c:27:76:b0:02:11:8c:7f:e1:9c:1d:fd:de:4a:
         8e:b9:9b:cd:a7:b9:af:dc:fd:3d:e0:16:f1:c4:0a:80:b4:24:
         be:30:41:67:be:13:e6:ff:df:5a:cd:24:b1:5a:ec:90:fe:8b:
         1c:6c:e5:ba:ef:1e:2f:bd:c0:3a:db:59:65:fb:db:6b:e1:73:
         6a:52:3e:d1:bf:bc:37:10:2f:82:bb:9a:9e:b0:3e:3f:b3:27:
         8b:64:9b:5a:13:41:49:6d:d4:d7:a3:17:93:2a:58:52:61:71:
         ea:42:00:a0:76:bb:a4:71:ec:8b:ba:13:b4:4c:55:a8:81:6f:
         47:ab:39:bd:f1:c6:a6:a1:89:9e:ff:e0:60:c6:7c:89:d7:ec:
         cc:8c:17:84:d5:f1:1d:19:8c:42:b2:d6:a7:cc:4e:6a:a2:2a:
         99:6f:58:65:41:82:11:a1:11:b0:71:a4:91:8d:72:77:ce:47:
         b0:ae:ff:10:c1:f3:57:7c:ef:61:8f:7d:d2:5a:45:55:3a:a3:
         5a:d4:84:bb:57:7b:c2:59:e9:a5:92:b9:b0:23:67:7c:46:22:
         5f:3c:56:46
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzHJgE4N0AXaE8gh8gLO2EKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNjIyZmRlYzhmYWRmY2E1OGU3NTc1YzI5ZjEwZTczYWU3
NzU3MTUwHhcNMjQwMTAxMjIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDAxMmZhNzVmOGEzMzg1MGViYTI0Y2M3ZDcyY2I5Y2ZkYjY1NmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJuZMhGwCW4EjW7Hyre0xChUIIF
7UqJseJtLNJ1qlFOabTxJDBkD/Ox/wgO0jCcKSLBnwPV77qtUhGHlBCIZyA67+0a
XDbuSLffEBdQkL2DU7LtnpSzRPpBYWNX2DsLgcVQ2KfM+QIkhtAMHCy+Y5Dk+5BO
6ZRTh2XqpFgoHqQWHPTzpX7b+I241pgk4P/qeHj7gUry/RFSumvNZ7w4wiBTCo+O
Kqsbzvmdw3oiNwJ0qwLAp0AdI5b/n96Hj0N1Jv052/Nu6tql2fodyryHg4bfWutE
sOZyUtDYuxZUTmBPpwQCSSe6AiZRMmC4pprDEdSII4o5QvQkeT2EGVAt0QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFIABL6dfijOFDrokzH1yy5z9tlbFMB8GA1UdIwQY
MBaAFNJiL97I+t/KWOdXXCnxDnOud1cVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG1JdjNzajYzOHBZNTFkY0tmRU9jNjUzVnhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS84NWYwMmUtZjFhYy00NGZiLTkyZWIt
ZjA1YWEyMjlkNjM4LzEvZ0FFdnAxLUtNNFVPdWlUTWZYTExuUDIyVnNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS84NWYwMmUtZjFhYy00NGZiLTkyZWItZjA1YWEyMjlkNjM4
LzEvMG1JdjNzajYzOHBZNTFkY0tmRU9jNjUzVnhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAVVu6AD
BAJVu7ADBADCRcowDQYJKoZIhvcNAQELBQADggEBAFtcaxVOXUKx+6dibpRgfga/
25grdBJuasgOF7DC3Bk07Gnubjl6pvQcJ3awAhGMf+GcHf3eSo65m82nua/c/T3g
FvHECoC0JL4wQWe+E+b/31rNJLFa7JD+ixxs5brvHi+9wDrbWWX722vhc2pSPtG/
vDcQL4K7mp6wPj+zJ4tkm1oTQUlt1NejF5MqWFJhcepCAKB2u6Rx7Iu6E7RMVaiB
b0erOb3xxqahiZ7/4GDGfInX7MyMF4TV8R0ZjEKy1qfMTmqiKplvWGVBghGhEbBx
pJGNcnfOR7Cu/xDB81d872GPfdJaRVU6o1rUhLtXe8JZ6aWSubAjZ3xGIl88VkY=
-----END CERTIFICATE-----