Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/df8b06-5d61-4ffd-a949-048b5f5bfa81/1/GqdYxxm-z9v5v0Yj8m-6Y9VXjjg.roa
File:                     GqdYxxm-z9v5v0Yj8m-6Y9VXjjg.roa (raw, json)
Hash identifier:          KYzjTpHmjuq4/Y/CcyOvng8tF2cucBkxu+/DmHWpgIE=
Subject key identifier:   1A:A7:58:C7:19:BE:CF:DB:F9:BF:46:23:F2:6F:BA:63:D5:57:8E:38
Certificate issuer:       /CN=3bc88e93d895033164bcef97539d8c89d6717dab
Certificate serial:       018CC49332CB009239EC24AD3A5F16A5C3DB
Authority key identifier: 3B:C8:8E:93:D8:95:03:31:64:BC:EF:97:53:9D:8C:89:D6:71:7D:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O8iOk9iVAzFkvO-XU52MidZxfas.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/df8b06-5d61-4ffd-a949-048b5f5bfa81/1/GqdYxxm-z9v5v0Yj8m-6Y9VXjjg.roa
Signing time:             Mon 01 Jan 2024 10:30:30 +0000
ROA not before:           Mon 01 Jan 2024 10:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48347
IP address blocks:        185.148.36.0/24 maxlen: 24
                          185.148.37.0/24 maxlen: 24
                          185.148.38.0/24 maxlen: 24
                          185.148.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/df8b06-5d61-4ffd-a949-048b5f5bfa81/1/O8iOk9iVAzFkvO-XU52MidZxfas.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/df8b06-5d61-4ffd-a949-048b5f5bfa81/1/O8iOk9iVAzFkvO-XU52MidZxfas.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O8iOk9iVAzFkvO-XU52MidZxfas.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:32:cb:00:92:39:ec:24:ad:3a:5f:16:a5:c3:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bc88e93d895033164bcef97539d8c89d6717dab
        Validity
            Not Before: Jan  1 10:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1aa758c719becfdbf9bf4623f26fba63d5578e38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:5d:33:3e:35:c5:04:82:df:88:82:29:7b:4b:
                    cd:13:c1:62:4c:1e:1b:d8:86:05:42:b2:94:a9:dd:
                    83:b1:d8:d8:f2:23:24:7e:c8:e6:5e:c2:4c:93:b6:
                    1f:b0:db:12:10:f0:9f:71:27:d0:33:4f:2f:25:17:
                    83:c5:65:bc:e5:57:ab:bd:58:55:90:1b:17:bf:46:
                    7d:f6:0f:1c:c9:f9:fd:71:dd:09:58:28:94:31:0d:
                    41:c6:d9:b0:b7:02:eb:58:e9:6c:a4:d5:b1:75:7e:
                    55:82:89:cc:1a:5a:a4:d0:58:5a:85:23:28:b8:94:
                    52:8b:a0:a2:1e:0e:fa:d0:0a:d6:84:8b:92:86:d0:
                    29:f1:b0:f4:86:94:c3:67:13:0d:94:b5:f5:51:1f:
                    d7:8a:7a:83:75:cd:c8:a0:b4:b6:f1:32:bf:75:e4:
                    5e:96:a5:0e:32:96:f3:24:70:45:0a:fa:89:44:c8:
                    d1:cc:05:4a:4c:27:d9:1a:6d:34:1d:2d:7d:9f:22:
                    b7:f6:8d:fd:f5:ff:87:13:94:0b:e2:58:6d:9c:9a:
                    bd:81:5e:98:56:1e:b8:9f:c8:f2:82:e0:9d:f4:1c:
                    3e:04:79:6f:53:53:3e:ea:a6:dc:8b:95:15:4c:c5:
                    e9:99:1e:30:05:82:84:db:b0:bc:e5:0d:80:c0:ce:
                    c5:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:A7:58:C7:19:BE:CF:DB:F9:BF:46:23:F2:6F:BA:63:D5:57:8E:38
            X509v3 Authority Key Identifier:
                keyid:3B:C8:8E:93:D8:95:03:31:64:BC:EF:97:53:9D:8C:89:D6:71:7D:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O8iOk9iVAzFkvO-XU52MidZxfas.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/df8b06-5d61-4ffd-a949-048b5f5bfa81/1/GqdYxxm-z9v5v0Yj8m-6Y9VXjjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/df8b06-5d61-4ffd-a949-048b5f5bfa81/1/O8iOk9iVAzFkvO-XU52MidZxfas.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.148.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:9d:d2:78:be:eb:c2:f7:fc:37:f1:ea:b5:a1:c6:2f:2c:7d:
         c7:68:8e:78:24:0c:1b:5b:e9:0d:a3:12:4d:a0:04:6a:63:e5:
         83:a4:51:35:28:a1:47:3b:43:f3:13:2c:20:e6:92:dd:63:d2:
         9e:70:32:b9:7b:9c:10:b1:cf:d1:3d:0b:9d:1f:0a:a1:f5:34:
         34:fb:66:06:b1:a5:7a:eb:ba:29:1b:99:2a:f8:2e:8f:34:36:
         97:15:0e:97:27:38:79:44:c1:7b:55:71:a7:d8:2c:64:58:2f:
         4b:ac:a0:97:29:42:5b:f7:80:02:ab:4b:ce:1f:26:59:73:09:
         4d:9c:5e:be:cc:ae:69:10:57:75:9c:f4:02:fd:90:59:d4:06:
         2d:30:4e:5b:66:5b:20:0b:d3:4a:99:0c:1a:5e:b2:47:e6:d5:
         31:10:5e:b4:df:29:16:10:f2:3c:4b:06:02:84:a7:db:a8:3b:
         9a:ae:b2:2b:67:82:b4:85:e9:04:96:c4:77:fe:cd:10:bf:3d:
         3e:57:11:e5:e1:b9:02:95:62:87:31:fe:c5:d3:0d:73:a2:4d:
         f4:9c:ab:89:92:d4:45:21:87:5f:39:4b:80:15:8c:4f:04:5c:
         4a:49:1b:b0:4f:ec:53:2a:3a:58:34:6e:98:72:36:1c:2c:84:
         0b:38:0d:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkzLLAJI57CStOl8WpcPbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiYzg4ZTkzZDg5NTAzMzE2NGJjZWY5NzUzOWQ4Yzg5ZDY3
MTdkYWIwHhcNMjQwMTAxMTAzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWE3NThjNzE5YmVjZmRiZjliZjQ2MjNmMjZmYmE2M2Q1NTc4ZTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkF0zPjXFBILfiIIpe0vNE8FiTB4b
2IYFQrKUqd2DsdjY8iMkfsjmXsJMk7YfsNsSEPCfcSfQM08vJReDxWW85VervVhV
kBsXv0Z99g8cyfn9cd0JWCiUMQ1BxtmwtwLrWOlspNWxdX5VgonMGlqk0FhahSMo
uJRSi6CiHg760ArWhIuShtAp8bD0hpTDZxMNlLX1UR/XinqDdc3IoLS28TK/deRe
lqUOMpbzJHBFCvqJRMjRzAVKTCfZGm00HS19nyK39o399f+HE5QL4lhtnJq9gV6Y
Vh64n8jyguCd9Bw+BHlvU1M+6qbci5UVTMXpmR4wBYKE27C85Q2AwM7FAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBqnWMcZvs/b+b9GI/JvumPVV444MB8GA1UdIwQY
MBaAFDvIjpPYlQMxZLzvl1OdjInWcX2rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzhpT2s5aVZBekZrdk8tWFU1Mk1pZFp4ZmFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9kZjhiMDYtNWQ2MS00ZmZkLWE5NDkt
MDQ4YjVmNWJmYTgxLzEvR3FkWXh4bS16OXY1djBZajhtLTZZOVZYampnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9kZjhiMDYtNWQ2MS00ZmZkLWE5NDktMDQ4YjVmNWJmYTgx
LzEvTzhpT2s5aVZBekZrdk8tWFU1Mk1pZFp4ZmFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZQkMA0G
CSqGSIb3DQEBCwUAA4IBAQAQndJ4vuvC9/w38eq1ocYvLH3HaI54JAwbW+kNoxJN
oARqY+WDpFE1KKFHO0PzEywg5pLdY9KecDK5e5wQsc/RPQudHwqh9TQ0+2YGsaV6
67opG5kq+C6PNDaXFQ6XJzh5RMF7VXGn2CxkWC9LrKCXKUJb94ACq0vOHyZZcwlN
nF6+zK5pEFd1nPQC/ZBZ1AYtME5bZlsgC9NKmQwaXrJH5tUxEF603ykWEPI8SwYC
hKfbqDuarrIrZ4K0hekElsR3/s0Qvz0+VxHl4bkClWKHMf7F0w1zok30nKuJktRF
IYdfOUuAFYxPBFxKSRuwT+xTKjpYNG6YcjYcLIQLOA3h
-----END CERTIFICATE-----