Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/ba1987-522e-498c-a359-76a0f7b841dc/1/CGFRZBQUgmR4OWsjEhBfVEftiuU.roa
File:                     CGFRZBQUgmR4OWsjEhBfVEftiuU.roa (raw, json)
Hash identifier:          oLBXpVqC/OcHKYqQusystutyMSHipBs55Qbtl3SLPx8=
Subject key identifier:   08:61:51:64:14:14:82:64:78:39:6B:23:12:10:5F:54:47:ED:8A:E5
Certificate issuer:       /CN=2d634fb681802144f064c1b19f11f6aae7596dcf
Certificate serial:       018CC726CB2250C5753B2384B7AFE2AAA759
Authority key identifier: 2D:63:4F:B6:81:80:21:44:F0:64:C1:B1:9F:11:F6:AA:E7:59:6D:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LWNPtoGAIUTwZMGxnxH2qudZbc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/ba1987-522e-498c-a359-76a0f7b841dc/1/CGFRZBQUgmR4OWsjEhBfVEftiuU.roa
Signing time:             Mon 01 Jan 2024 22:30:57 +0000
ROA not before:           Mon 01 Jan 2024 22:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203358
IP address blocks:        185.253.59.0/24 maxlen: 24
                          2a12:c140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/ba1987-522e-498c-a359-76a0f7b841dc/1/LWNPtoGAIUTwZMGxnxH2qudZbc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/ba1987-522e-498c-a359-76a0f7b841dc/1/LWNPtoGAIUTwZMGxnxH2qudZbc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LWNPtoGAIUTwZMGxnxH2qudZbc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:cb:22:50:c5:75:3b:23:84:b7:af:e2:aa:a7:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d634fb681802144f064c1b19f11f6aae7596dcf
        Validity
            Not Before: Jan  1 22:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=086151641414826478396b2312105f5447ed8ae5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:2f:a5:97:dd:79:a6:7d:c2:59:15:46:93:74:
                    63:1e:36:8f:a2:e7:d9:4e:9f:cf:6b:4c:c3:ac:bf:
                    08:ea:28:4a:b3:e5:23:a0:97:cd:d5:a3:e8:fa:95:
                    7e:7f:d9:52:8b:9c:62:cb:ee:dd:e6:83:5c:e6:98:
                    77:c7:e3:fa:29:69:47:97:6b:40:7a:9e:78:84:5c:
                    bd:d7:65:79:15:06:98:ce:a9:87:e3:08:c9:aa:57:
                    b2:02:6e:13:eb:d9:d8:f9:27:f4:62:68:ad:e5:1e:
                    37:f1:b2:46:50:95:e4:21:91:a3:2b:23:e1:ce:91:
                    55:67:3c:51:7b:7b:d8:20:1e:e2:cc:0e:86:32:04:
                    fb:0f:cc:29:90:80:28:e9:64:e5:e5:23:f3:3e:3e:
                    74:15:48:78:6d:0b:f9:a8:cd:03:f0:ea:17:5a:cc:
                    d7:5e:f7:76:9d:44:9d:23:84:5e:17:64:bf:f3:46:
                    b5:c8:b5:57:0e:ea:61:ff:ac:77:b2:f1:0a:84:fd:
                    7e:6a:f8:a9:40:df:44:08:a8:0c:47:79:5f:fa:b9:
                    15:3a:95:25:3c:68:b2:e4:30:5c:d0:d7:ae:bd:d1:
                    07:0f:15:bd:3b:a8:77:e7:32:07:14:0a:0a:71:be:
                    26:73:67:55:a7:63:dc:3a:b7:66:80:40:fe:13:41:
                    fe:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:61:51:64:14:14:82:64:78:39:6B:23:12:10:5F:54:47:ED:8A:E5
            X509v3 Authority Key Identifier:
                keyid:2D:63:4F:B6:81:80:21:44:F0:64:C1:B1:9F:11:F6:AA:E7:59:6D:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LWNPtoGAIUTwZMGxnxH2qudZbc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/ba1987-522e-498c-a359-76a0f7b841dc/1/CGFRZBQUgmR4OWsjEhBfVEftiuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/ba1987-522e-498c-a359-76a0f7b841dc/1/LWNPtoGAIUTwZMGxnxH2qudZbc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.59.0/24
                IPv6:
                  2a12:c140::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:35:ee:04:fc:b7:33:03:d4:02:1f:e0:28:48:73:56:11:2f:
         da:de:3e:70:fd:4e:66:e0:96:64:e9:82:d0:e6:0c:15:50:6f:
         27:30:9e:31:69:17:97:a4:f0:1a:f0:4a:82:18:ed:e6:85:f1:
         2d:2a:59:70:36:ba:ef:f9:cb:7f:9b:8c:f9:ba:7a:ad:50:3f:
         66:69:96:a0:f6:a2:00:63:f5:70:84:f6:76:16:fc:21:8e:f3:
         c6:eb:2f:13:40:64:e1:44:d2:71:53:c1:c4:e0:4d:c5:12:93:
         bb:be:ec:cb:a4:fb:94:b3:4e:06:f4:79:31:fb:46:67:3a:43:
         ed:bf:08:20:15:d0:b5:d8:5b:c4:0d:81:4b:26:6f:95:53:8b:
         ef:2b:4c:c8:2e:a6:e4:bf:6d:5b:54:3c:f6:1b:f0:06:82:61:
         be:a8:77:92:b0:6b:97:1c:85:4d:0b:01:c8:b8:dd:81:c6:be:
         2f:de:bd:40:b7:a8:d4:60:7b:f5:cb:3f:2e:08:e4:ce:d5:ec:
         2c:b8:cf:19:b3:04:3f:5c:f5:f3:63:fb:4e:6d:c7:c1:07:bb:
         cb:c7:b0:d1:3e:8d:40:17:1c:6b:8f:39:df:91:47:c2:88:2c:
         8f:ac:f9:e6:5d:6a:82:d9:f5:8a:ea:af:08:dc:e5:0a:8b:4f:
         50:b8:41:0a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJssiUMV1OyOEt6/iqqdZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkNjM0ZmI2ODE4MDIxNDRmMDY0YzFiMTlmMTFmNmFhZTc1
OTZkY2YwHhcNMjQwMTAxMjIzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODYxNTE2NDE0MTQ4MjY0NzgzOTZiMjMxMjEwNWY1NDQ3ZWQ4YWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkS+ll915pn3CWRVGk3RjHjaPoufZ
Tp/Pa0zDrL8I6ihKs+UjoJfN1aPo+pV+f9lSi5xiy+7d5oNc5ph3x+P6KWlHl2tA
ep54hFy912V5FQaYzqmH4wjJqleyAm4T69nY+Sf0Ymit5R438bJGUJXkIZGjKyPh
zpFVZzxRe3vYIB7izA6GMgT7D8wpkIAo6WTl5SPzPj50FUh4bQv5qM0D8OoXWszX
Xvd2nUSdI4ReF2S/80a1yLVXDuph/6x3svEKhP1+avipQN9ECKgMR3lf+rkVOpUl
PGiy5DBc0NeuvdEHDxW9O6h35zIHFAoKcb4mc2dVp2PcOrdmgED+E0H+RQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAhhUWQUFIJkeDlrIxIQX1RH7YrlMB8GA1UdIwQY
MBaAFC1jT7aBgCFE8GTBsZ8R9qrnWW3PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFdOUHRvR0FJVVR3Wk1HeG54SDJxdWRaYmM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9iYTE5ODctNTIyZS00OThjLWEzNTkt
NzZhMGY3Yjg0MWRjLzEvQ0dGUlpCUVVnbVI0T1dzakVoQmZWRWZ0aXVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9iYTE5ODctNTIyZS00OThjLWEzNTktNzZhMGY3Yjg0MWRj
LzEvTFdOUHRvR0FJVVR3Wk1HeG54SDJxdWRaYmM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuf07MA0E
AgACMAcDBQMqEsFAMA0GCSqGSIb3DQEBCwUAA4IBAQBPNe4E/LczA9QCH+AoSHNW
ES/a3j5w/U5m4JZk6YLQ5gwVUG8nMJ4xaReXpPAa8EqCGO3mhfEtKllwNrrv+ct/
m4z5unqtUD9maZag9qIAY/VwhPZ2FvwhjvPG6y8TQGThRNJxU8HE4E3FEpO7vuzL
pPuUs04G9Hkx+0ZnOkPtvwggFdC12FvEDYFLJm+VU4vvK0zILqbkv21bVDz2G/AG
gmG+qHeSsGuXHIVNCwHIuN2Bxr4v3r1At6jUYHv1yz8uCOTO1ewsuM8ZswQ/XPXz
Y/tObcfBB7vLx7DRPo1AFxxrjznfkUfCiCyPrPnmXWqC2fWK6q8I3OUKi09QuEEK
-----END CERTIFICATE-----