Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/GTkSynOSR7JJ8hFIh874atQ2kys.roa
File:                     GTkSynOSR7JJ8hFIh874atQ2kys.roa (raw, json)
Hash identifier:          WFZgsIYIpZf3qUaXsQ6Bchk/4++gg/bi1AspWX+Djq8=
Subject key identifier:   19:39:12:CA:73:92:47:B2:49:F2:11:48:87:CE:F8:6A:D4:36:93:2B
Certificate issuer:       /CN=668e9b2eefb205342382b6072a903f9d9837071a
Certificate serial:       0194266BD2EA950D25151A26A8FEE1AB62F5
Authority key identifier: 66:8E:9B:2E:EF:B2:05:34:23:82:B6:07:2A:90:3F:9D:98:37:07:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/GTkSynOSR7JJ8hFIh874atQ2kys.roa
Signing time:             Thu 02 Jan 2025 09:49:48 +0000
ROA not before:           Thu 02 Jan 2025 09:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56676
IP address blocks:        91.237.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:d2:ea:95:0d:25:15:1a:26:a8:fe:e1:ab:62:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=668e9b2eefb205342382b6072a903f9d9837071a
        Validity
            Not Before: Jan  2 09:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=193912ca739247b249f2114887cef86ad436932b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e1:5a:fe:1e:17:9d:42:60:cd:95:20:00:ba:
                    c6:bd:a2:ba:bd:d4:8b:28:46:5d:7b:7f:e6:fd:fb:
                    11:56:82:1b:19:d4:cf:4e:7b:bc:3e:e7:06:f4:bc:
                    34:ce:18:8e:92:3c:ac:28:3c:b0:ed:86:d6:66:e9:
                    43:62:21:3b:5c:a8:37:ad:e5:bf:e2:0e:93:b3:8c:
                    74:70:d2:4f:a6:f6:65:b3:b7:09:b9:ec:a7:a0:81:
                    06:71:08:56:e5:06:b7:61:b6:dd:9f:5c:c7:b4:a0:
                    7c:9c:05:1f:90:6f:1e:f6:81:21:37:e4:3b:5f:3c:
                    93:4b:63:f1:ba:d7:d1:60:31:ff:05:65:d2:2d:e9:
                    3b:24:e4:3d:cd:44:a0:ef:c5:10:5c:d9:f9:ab:4e:
                    82:bf:98:3d:88:2d:ce:21:41:a6:cb:c5:e5:72:dd:
                    5f:6b:dd:22:90:5f:3b:97:85:e2:49:30:1a:87:a8:
                    35:91:90:e1:e7:9d:b1:72:ec:a3:67:e7:a7:11:d6:
                    bf:ba:33:36:ec:e7:66:f7:ad:b6:bb:45:1f:46:4e:
                    f7:67:9e:ac:b7:9c:dd:30:69:cb:dd:40:74:36:23:
                    41:22:bf:ee:53:68:ba:aa:32:d3:1e:23:51:c7:98:
                    45:8c:ae:30:e2:32:79:bc:23:82:37:0c:2b:1f:39:
                    da:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:39:12:CA:73:92:47:B2:49:F2:11:48:87:CE:F8:6A:D4:36:93:2B
            X509v3 Authority Key Identifier:
                keyid:66:8E:9B:2E:EF:B2:05:34:23:82:B6:07:2A:90:3F:9D:98:37:07:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/GTkSynOSR7JJ8hFIh874atQ2kys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4a1305-391c-446c-9a33-4c08ffe10076/1/Zo6bLu-yBTQjgrYHKpA_nZg3Bxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:01:db:26:ed:c5:9f:8e:e7:b0:b7:c0:24:c4:bd:d2:9d:f1:
         f4:38:41:7e:d4:1e:d7:50:22:e3:5e:9c:94:88:c1:98:9c:b6:
         9c:28:c5:3f:ae:ea:d6:2e:e8:de:ad:75:14:b8:bd:d8:25:4d:
         35:a1:04:02:a8:57:12:54:82:33:1b:77:56:e1:72:a7:48:48:
         7c:aa:35:1d:b4:3b:e0:ef:25:e9:1f:6e:fd:99:2d:a4:e6:02:
         9e:62:11:5c:ae:73:fd:28:c6:0e:36:13:0d:54:0f:58:43:7f:
         bd:35:73:60:71:c0:d8:14:a1:03:df:bc:f7:94:60:4d:e1:2c:
         e5:47:be:6f:03:f9:45:99:40:4d:0d:1d:f2:4c:16:06:3c:cd:
         46:8d:7c:33:df:9d:f5:c9:0d:e7:66:46:bf:48:8d:05:8e:ae:
         37:3a:ce:8b:f9:ec:d1:b6:3b:9e:a4:47:29:1a:7a:5e:5c:fe:
         3b:b7:45:b6:11:9c:3c:03:39:b2:48:bf:41:a7:23:cd:f8:aa:
         8a:5d:8f:9d:f2:c4:50:07:58:7d:40:8f:a6:ed:2e:0c:88:88:
         bb:12:dc:08:e6:07:19:b8:72:be:c0:82:68:97:9e:62:1d:61:
         d9:37:3f:97:a3:f6:7d:3a:f1:c6:d1:25:0e:63:d5:49:48:e6:
         ea:59:b1:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma9LqlQ0lFRomqP7hq2L1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OGU5YjJlZWZiMjA1MzQyMzgyYjYwNzJhOTAzZjlkOTgz
NzA3MWEwHhcNMjUwMTAyMDk0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTM5MTJjYTczOTI0N2IyNDlmMjExNDg4N2NlZjg2YWQ0MzY5MzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOFa/h4XnUJgzZUgALrGvaK6vdSL
KEZde3/m/fsRVoIbGdTPTnu8PucG9Lw0zhiOkjysKDyw7YbWZulDYiE7XKg3reW/
4g6Ts4x0cNJPpvZls7cJueynoIEGcQhW5Qa3Ybbdn1zHtKB8nAUfkG8e9oEhN+Q7
XzyTS2PxutfRYDH/BWXSLek7JOQ9zUSg78UQXNn5q06Cv5g9iC3OIUGmy8Xlct1f
a90ikF87l4XiSTAah6g1kZDh552xcuyjZ+enEda/ujM27Odm9622u0UfRk73Z56s
t5zdMGnL3UB0NiNBIr/uU2i6qjLTHiNRx5hFjK4w4jJ5vCOCNwwrHznacwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBk5EspzkkeySfIRSIfO+GrUNpMrMB8GA1UdIwQY
MBaAFGaOmy7vsgU0I4K2ByqQP52YNwcaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm82Ykx1LXlCVFFqZ3JZSEtwQV9uWmczQnhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC80YTEzMDUtMzkxYy00NDZjLTlhMzMt
NGMwOGZmZTEwMDc2LzEvR1RrU3luT1NSN0pKOGhGSWg4NzRhdFEya3lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC80YTEzMDUtMzkxYy00NDZjLTlhMzMtNGMwOGZmZTEwMDc2
LzEvWm82Ykx1LXlCVFFqZ3JZSEtwQV9uWmczQnhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+27MA0G
CSqGSIb3DQEBCwUAA4IBAQClAdsm7cWfjuewt8AkxL3SnfH0OEF+1B7XUCLjXpyU
iMGYnLacKMU/rurWLujerXUUuL3YJU01oQQCqFcSVIIzG3dW4XKnSEh8qjUdtDvg
7yXpH279mS2k5gKeYhFcrnP9KMYONhMNVA9YQ3+9NXNgccDYFKED37z3lGBN4Szl
R75vA/lFmUBNDR3yTBYGPM1GjXwz3531yQ3nZka/SI0Fjq43Os6L+ezRtjuepEcp
GnpeXP47t0W2EZw8AzmySL9BpyPN+KqKXY+d8sRQB1h9QI+m7S4MiIi7EtwI5gcZ
uHK+wIJol55iHWHZNz+Xo/Z9OvHG0SUOY9VJSObqWbGo
-----END CERTIFICATE-----