Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/ddc1aa-5a3a-4163-b5e8-15ea337a7840/1/gsf_92xxJ6uvnirY6hkVd5SDkxg.roa
File:                     gsf_92xxJ6uvnirY6hkVd5SDkxg.roa (raw, json)
Hash identifier:          qjEEl9DqsHIB1+fhEpYjZSgg/raokyhhl847ibXGpw0=
Subject key identifier:   82:C7:FF:F7:6C:71:27:AB:AF:9E:2A:D8:EA:19:15:77:94:83:93:18
Certificate issuer:       /CN=9d3d627c297fe542d8359a86d8e2f9ebd9565a81
Certificate serial:       018CC80187B17AEF73DC7A2F5CAC3DA33703
Authority key identifier: 9D:3D:62:7C:29:7F:E5:42:D8:35:9A:86:D8:E2:F9:EB:D9:56:5A:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nT1ifCl_5ULYNZqG2OL569lWWoE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/ddc1aa-5a3a-4163-b5e8-15ea337a7840/1/gsf_92xxJ6uvnirY6hkVd5SDkxg.roa
Signing time:             Tue 02 Jan 2024 02:29:52 +0000
ROA not before:           Tue 02 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203735
IP address blocks:        94.231.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/ddc1aa-5a3a-4163-b5e8-15ea337a7840/1/nT1ifCl_5ULYNZqG2OL569lWWoE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/ddc1aa-5a3a-4163-b5e8-15ea337a7840/1/nT1ifCl_5ULYNZqG2OL569lWWoE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nT1ifCl_5ULYNZqG2OL569lWWoE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:87:b1:7a:ef:73:dc:7a:2f:5c:ac:3d:a3:37:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d3d627c297fe542d8359a86d8e2f9ebd9565a81
        Validity
            Not Before: Jan  2 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82c7fff76c7127abaf9e2ad8ea19157794839318
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:b0:41:7e:17:05:e4:e7:6b:fa:a9:7e:e9:87:
                    46:e7:e2:24:80:9d:a2:0d:a6:59:a5:ca:d2:30:11:
                    74:88:4e:a0:5a:1e:29:56:8d:87:44:92:56:99:69:
                    b3:e4:d8:ef:e0:00:ae:ab:29:5c:70:f4:66:51:cf:
                    9b:4c:e1:7b:7e:d1:ef:47:b6:37:fe:8d:6f:06:3c:
                    c7:6d:3c:47:1f:75:bc:55:02:05:54:38:91:c7:b8:
                    08:bb:e2:43:14:a9:6c:5d:68:c5:0b:b2:28:37:14:
                    1c:44:27:38:e3:e0:4e:3f:72:04:33:6d:f0:c4:06:
                    95:69:c9:49:b7:01:0f:2e:3b:f4:1b:25:73:0e:82:
                    1a:31:91:4f:d0:47:cf:7f:1d:ca:12:d0:7c:fa:2e:
                    07:0f:d2:48:44:2b:af:a5:eb:16:45:46:1a:9b:79:
                    22:00:d6:d8:67:77:8e:54:7a:4a:31:29:b1:70:62:
                    b4:c4:fc:5f:f0:37:98:e6:92:88:17:e1:85:66:bd:
                    d9:ae:78:4f:fd:b6:46:2c:23:84:40:1b:b0:b0:83:
                    8c:37:71:38:6c:81:84:6d:8b:66:eb:34:9a:a3:42:
                    88:88:76:b7:a1:dc:a0:d5:af:ff:b8:40:f0:e7:d1:
                    84:9a:ee:c5:61:0d:31:7a:cd:e4:cb:0d:2a:cc:d1:
                    16:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:C7:FF:F7:6C:71:27:AB:AF:9E:2A:D8:EA:19:15:77:94:83:93:18
            X509v3 Authority Key Identifier:
                keyid:9D:3D:62:7C:29:7F:E5:42:D8:35:9A:86:D8:E2:F9:EB:D9:56:5A:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nT1ifCl_5ULYNZqG2OL569lWWoE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/ddc1aa-5a3a-4163-b5e8-15ea337a7840/1/gsf_92xxJ6uvnirY6hkVd5SDkxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/ddc1aa-5a3a-4163-b5e8-15ea337a7840/1/nT1ifCl_5ULYNZqG2OL569lWWoE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.231.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:f3:13:6f:7d:55:38:dd:c1:4c:04:b9:8f:c5:9b:77:5f:5f:
         80:f6:b6:06:d5:84:f9:eb:2d:66:99:cc:bd:7c:fc:eb:5e:a1:
         34:0f:87:43:d4:76:84:49:1a:c4:04:b0:21:0b:ca:5a:c4:14:
         83:bf:a9:e2:d2:07:59:b9:db:fe:95:57:53:22:90:20:58:f9:
         74:4a:61:76:2b:b2:42:8c:bb:69:98:33:99:14:a8:ff:f8:20:
         83:d2:e2:55:4a:ea:b3:ac:4f:f2:11:3c:13:3f:57:a6:fc:1c:
         d4:b8:fe:1e:7b:53:d0:02:d8:85:48:9f:b2:2a:4e:01:84:4e:
         2d:5b:d0:f9:9e:a4:cc:fe:e1:9e:75:16:03:51:c3:b6:33:01:
         73:a2:b5:57:25:18:de:b1:56:06:4c:a7:e4:67:c9:ce:43:ab:
         8e:60:33:8b:2b:cf:b0:b5:a4:6d:66:4b:a4:93:ef:26:c8:df:
         a3:22:95:e3:e7:97:24:d6:6f:9d:13:f6:dd:2d:8e:9e:cc:58:
         5c:ab:e4:15:3b:db:d3:ca:e0:b3:dd:b3:67:39:c7:b5:28:69:
         b4:cf:6c:dd:7f:f9:66:95:4c:0b:81:a3:5b:f6:a0:12:2c:5f:
         f5:4a:60:b4:c0:1d:27:7e:0c:05:f5:5f:df:41:cb:3f:0b:9e:
         e6:3e:9b:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAYexeu9z3HovXKw9ozcDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkM2Q2MjdjMjk3ZmU1NDJkODM1OWE4NmQ4ZTJmOWViZDk1
NjVhODEwHhcNMjQwMTAyMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmM3ZmZmNzZjNzEyN2FiYWY5ZTJhZDhlYTE5MTU3Nzk0ODM5MzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrBBfhcF5Odr+ql+6YdG5+IkgJ2i
DaZZpcrSMBF0iE6gWh4pVo2HRJJWmWmz5Njv4ACuqylccPRmUc+bTOF7ftHvR7Y3
/o1vBjzHbTxHH3W8VQIFVDiRx7gIu+JDFKlsXWjFC7IoNxQcRCc44+BOP3IEM23w
xAaVaclJtwEPLjv0GyVzDoIaMZFP0EfPfx3KEtB8+i4HD9JIRCuvpesWRUYam3ki
ANbYZ3eOVHpKMSmxcGK0xPxf8DeY5pKIF+GFZr3ZrnhP/bZGLCOEQBuwsIOMN3E4
bIGEbYtm6zSao0KIiHa3odyg1a//uEDw59GEmu7FYQ0xes3kyw0qzNEWfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILH//dscSerr54q2OoZFXeUg5MYMB8GA1UdIwQY
MBaAFJ09Ynwpf+VC2DWahtji+evZVlqBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblQxaWZDbF81VUxZTlpxRzJPTDU2OWxXV29FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9kZGMxYWEtNWEzYS00MTYzLWI1ZTgt
MTVlYTMzN2E3ODQwLzEvZ3NmXzkyeHhKNnV2bmlyWTZoa1ZkNVNEa3hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9kZGMxYWEtNWEzYS00MTYzLWI1ZTgtMTVlYTMzN2E3ODQw
LzEvblQxaWZDbF81VUxZTlpxRzJPTDU2OWxXV29FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXufHMA0G
CSqGSIb3DQEBCwUAA4IBAQBP8xNvfVU43cFMBLmPxZt3X1+A9rYG1YT56y1mmcy9
fPzrXqE0D4dD1HaESRrEBLAhC8paxBSDv6ni0gdZudv+lVdTIpAgWPl0SmF2K7JC
jLtpmDOZFKj/+CCD0uJVSuqzrE/yETwTP1em/BzUuP4ee1PQAtiFSJ+yKk4BhE4t
W9D5nqTM/uGedRYDUcO2MwFzorVXJRjesVYGTKfkZ8nOQ6uOYDOLK8+wtaRtZkuk
k+8myN+jIpXj55ck1m+dE/bdLY6ezFhcq+QVO9vTyuCz3bNnOce1KGm0z2zdf/lm
lUwLgaNb9qASLF/1SmC0wB0nfgwF9V/fQcs/C57mPpu8
-----END CERTIFICATE-----
Generated at Tue Nov 26 03:12:13 2024 by rpki-client on console-ams.rpki-client.org