Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Gbs36tjbRvxGTNp41Zp8U18Dk1Q.roa
File:                     Gbs36tjbRvxGTNp41Zp8U18Dk1Q.roa (raw, json)
Hash identifier:          Ik0wUUbWOGs9pxG9dma4OgWTqb5K+aw2uHSfxn7l1jw=
Subject key identifier:   19:BB:37:EA:D8:DB:46:FC:46:4C:DA:78:D5:9A:7C:53:5F:03:93:54
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       018E9E4CEC72E58F13228BECB85D6147DFDF
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Gbs36tjbRvxGTNp41Zp8U18Dk1Q.roa
Signing time:             Tue 02 Apr 2024 10:13:45 +0000
ROA not before:           Tue 02 Apr 2024 10:13:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        45.150.32.0/23 maxlen: 23
                          45.150.34.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9e:4c:ec:72:e5:8f:13:22:8b:ec:b8:5d:61:47:df:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Apr  2 10:13:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19bb37ead8db46fc464cda78d59a7c535f039354
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:4f:37:1a:6f:87:07:45:74:33:66:d6:a4:6f:
                    20:f3:16:9a:d3:e5:2f:ca:6e:b2:3f:86:ac:7a:82:
                    da:42:c6:90:ee:92:7a:43:12:c3:86:3c:b4:0f:5d:
                    7a:fb:ee:48:06:c2:44:62:1e:97:ff:27:b2:94:38:
                    6f:96:7e:22:53:b4:d3:55:b5:f4:8e:d8:1e:ec:3d:
                    89:01:8e:f4:b2:0e:9d:b2:d3:98:e5:a4:cd:dd:e1:
                    91:31:69:2b:4f:ec:2e:d9:ee:57:a7:bb:04:a1:51:
                    82:16:c2:dc:c0:65:fc:b5:9c:b3:77:00:9c:48:76:
                    cb:70:3c:33:c9:2b:7e:be:86:d2:0d:09:e4:15:51:
                    7a:57:ae:1c:d8:8d:be:e7:60:a4:12:77:6a:e3:b1:
                    fb:f5:dc:d8:e7:21:d7:10:d8:f4:ea:51:4c:7a:68:
                    48:e4:3d:7d:6e:73:b7:90:7c:70:e3:53:d6:dc:bb:
                    ca:49:80:0d:5b:0f:a8:81:e8:2a:cb:dd:c3:53:03:
                    71:a0:79:55:00:70:c7:a8:b3:29:a0:d6:5d:61:4c:
                    85:d1:e7:46:2e:57:f0:8d:34:e0:d3:1e:87:be:a9:
                    86:8c:ab:0b:80:11:9d:fc:25:12:d5:5d:e2:de:ad:
                    cc:d3:dc:6b:ff:69:a8:8c:04:6f:3d:0b:dc:d7:bc:
                    04:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:BB:37:EA:D8:DB:46:FC:46:4C:DA:78:D5:9A:7C:53:5F:03:93:54
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Gbs36tjbRvxGTNp41Zp8U18Dk1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:1c:20:32:6f:32:01:96:62:82:25:24:95:5e:a8:52:1a:14:
         f0:6d:81:9e:0a:01:70:31:6b:16:62:31:fe:6a:63:93:ab:3a:
         bf:42:00:6c:48:ff:86:36:c3:0c:b7:90:d2:d4:d5:43:9f:93:
         c1:ad:60:81:f4:98:f6:3f:f0:fb:9a:2f:a3:63:2b:16:93:31:
         ee:20:4b:51:fb:e8:69:d2:5d:83:ed:60:54:34:bf:6e:b6:de:
         20:b8:4a:54:e3:99:1f:9b:c5:7f:63:4c:1c:82:1a:15:dc:67:
         96:7c:fa:3c:aa:ba:03:d6:f2:3f:06:92:b7:b1:b6:0e:9f:d8:
         41:cb:27:36:1b:aa:7a:0c:17:1e:5f:c1:ab:bd:d3:b0:54:2f:
         71:50:77:22:f1:49:39:fe:e7:24:f4:66:85:74:f7:2c:3a:8f:
         45:5f:7f:4e:47:ce:d1:7d:0d:ef:6c:41:03:fc:35:75:ef:34:
         ff:03:64:73:c6:b9:52:68:1c:11:9a:62:85:32:36:66:6a:7a:
         aa:36:0c:72:7f:31:c5:0a:d6:d7:76:ac:62:d2:0a:a3:25:11:
         56:3d:eb:66:50:4b:74:ba:dc:d8:f8:59:e4:3b:9d:8c:8c:a3:
         30:03:21:7d:6f:2a:87:08:99:d7:7e:f3:3e:fc:2b:3c:ce:25:
         58:ae:bf:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6eTOxy5Y8TIovsuF1hR9/fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwNDAyMTAxMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWJiMzdlYWQ4ZGI0NmZjNDY0Y2RhNzhkNTlhN2M1MzVmMDM5MzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu083Gm+HB0V0M2bWpG8g8xaa0+Uv
ym6yP4aseoLaQsaQ7pJ6QxLDhjy0D116++5IBsJEYh6X/yeylDhvln4iU7TTVbX0
jtge7D2JAY70sg6dstOY5aTN3eGRMWkrT+wu2e5Xp7sEoVGCFsLcwGX8tZyzdwCc
SHbLcDwzySt+vobSDQnkFVF6V64c2I2+52CkEndq47H79dzY5yHXENj06lFMemhI
5D19bnO3kHxw41PW3LvKSYANWw+ogegqy93DUwNxoHlVAHDHqLMpoNZdYUyF0edG
LlfwjTTg0x6HvqmGjKsLgBGd/CUS1V3i3q3M09xr/2mojARvPQvc17wEGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBm7N+rY20b8RkzaeNWafFNfA5NUMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvR2JzMzZ0amJSdnhHVE5wNDFacDhVMThEazFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZYgMA0G
CSqGSIb3DQEBCwUAA4IBAQBmHCAybzIBlmKCJSSVXqhSGhTwbYGeCgFwMWsWYjH+
amOTqzq/QgBsSP+GNsMMt5DS1NVDn5PBrWCB9Jj2P/D7mi+jYysWkzHuIEtR++hp
0l2D7WBUNL9utt4guEpU45kfm8V/Y0wcghoV3GeWfPo8qroD1vI/BpK3sbYOn9hB
yyc2G6p6DBceX8GrvdOwVC9xUHci8Uk5/uck9GaFdPcsOo9FX39OR87RfQ3vbEED
/DV17zT/A2RzxrlSaBwRmmKFMjZmanqqNgxyfzHFCtbXdqxi0gqjJRFWPetmUEt0
utzY+FnkO52MjKMwAyF9byqHCJnXfvM+/Cs8ziVYrr+E
-----END CERTIFICATE-----