Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/2b9f01-a56e-4be9-ad32-38ed7155995c/1/gz1neCZ7yaZGLOZTRpS6_DqN568.roa
File:                     gz1neCZ7yaZGLOZTRpS6_DqN568.roa (raw, json)
Hash identifier:          /gJWKD/YvuKj3Q1J82zlj7LirC9h8rd/TIzu9wVRH7c=
Subject key identifier:   83:3D:67:78:26:7B:C9:A6:46:2C:E6:53:46:94:BA:FC:3A:8D:E7:AF
Certificate issuer:       /CN=924532b4f743cf95cbec18681ba67ac5db854f33
Certificate serial:       018CCA994C3748BAE7B799D65706CDF3EFD8
Authority key identifier: 92:45:32:B4:F7:43:CF:95:CB:EC:18:68:1B:A6:7A:C5:DB:85:4F:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kkUytPdDz5XL7BhoG6Z6xduFTzM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/2b9f01-a56e-4be9-ad32-38ed7155995c/1/gz1neCZ7yaZGLOZTRpS6_DqN568.roa
Signing time:             Tue 02 Jan 2024 14:34:53 +0000
ROA not before:           Tue 02 Jan 2024 14:34:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199744
IP address blocks:        185.48.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/2b9f01-a56e-4be9-ad32-38ed7155995c/1/kkUytPdDz5XL7BhoG6Z6xduFTzM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/2b9f01-a56e-4be9-ad32-38ed7155995c/1/kkUytPdDz5XL7BhoG6Z6xduFTzM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kkUytPdDz5XL7BhoG6Z6xduFTzM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:4c:37:48:ba:e7:b7:99:d6:57:06:cd:f3:ef:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=924532b4f743cf95cbec18681ba67ac5db854f33
        Validity
            Not Before: Jan  2 14:34:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=833d6778267bc9a6462ce6534694bafc3a8de7af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:4b:ec:7b:9e:00:93:b6:bf:c0:4c:fb:09:61:
                    71:dd:1d:95:9e:a3:dc:61:f1:44:bf:3c:c5:9e:03:
                    e8:b7:b4:3a:25:b2:40:7e:47:43:2b:9a:03:b7:cc:
                    88:cc:45:fc:b4:91:e8:32:bd:96:d5:73:4d:a0:7f:
                    7b:cb:39:8b:58:12:05:6d:41:2f:e6:70:dd:aa:6d:
                    6a:d7:6b:4d:fa:4b:10:57:2d:d0:e9:01:fd:91:a6:
                    04:9d:58:f8:3c:ab:7d:6f:70:58:83:45:bc:78:b6:
                    ba:65:fb:8d:b8:23:72:74:90:4f:39:ea:67:6c:5f:
                    fa:96:69:09:f2:2e:30:ae:d4:92:47:96:f9:38:c8:
                    6a:e2:ac:7c:d4:cd:84:3f:8b:fd:19:7c:fd:68:af:
                    ea:27:b7:e6:88:4c:73:27:b6:52:fc:c6:53:70:27:
                    2c:23:3e:61:07:0f:5a:3e:20:1b:a1:9f:92:65:5b:
                    8a:58:a0:97:9b:86:da:02:f2:d7:1e:cc:96:eb:e2:
                    20:14:2c:ee:28:90:ba:2d:bb:33:ed:5e:8e:e0:b2:
                    2b:18:5e:00:51:3d:88:18:b1:a0:05:8e:50:06:08:
                    66:54:ec:be:b7:13:a6:16:b9:76:70:88:7d:a3:b2:
                    86:da:0a:33:b4:3a:f1:05:14:fd:43:3f:60:86:6b:
                    aa:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:3D:67:78:26:7B:C9:A6:46:2C:E6:53:46:94:BA:FC:3A:8D:E7:AF
            X509v3 Authority Key Identifier:
                keyid:92:45:32:B4:F7:43:CF:95:CB:EC:18:68:1B:A6:7A:C5:DB:85:4F:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kkUytPdDz5XL7BhoG6Z6xduFTzM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/2b9f01-a56e-4be9-ad32-38ed7155995c/1/gz1neCZ7yaZGLOZTRpS6_DqN568.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/2b9f01-a56e-4be9-ad32-38ed7155995c/1/kkUytPdDz5XL7BhoG6Z6xduFTzM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.48.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:e6:52:51:74:12:90:1d:92:28:5c:ee:fe:25:70:f2:0b:98:
         22:e2:12:8e:4b:82:00:b5:06:b4:76:c2:3f:60:0b:89:39:74:
         8e:e5:43:f1:0c:2b:b3:e6:fb:01:e8:e0:21:4a:79:7c:f3:90:
         3f:1e:0d:ba:23:2a:2f:26:9d:24:4d:50:74:8a:89:be:cc:1c:
         02:de:ae:0f:19:be:10:11:41:4c:4b:9e:ff:71:d2:87:be:ae:
         0b:ce:8e:ed:fc:53:2c:5f:b2:1f:8d:de:0e:82:2c:7d:b7:b1:
         5c:18:88:7a:11:a4:34:e1:a4:ae:e9:7a:06:ce:61:90:a9:66:
         d5:f2:25:49:95:b3:bb:d2:1c:1b:85:d2:d0:b5:9d:d0:53:68:
         01:6f:c5:31:79:94:0c:5a:d7:6f:3a:ae:0c:20:ea:04:58:25:
         df:89:74:32:4e:ef:7b:15:1f:d7:94:f0:c9:e2:1b:cd:50:12:
         f3:88:34:3d:9b:a4:e7:9a:d2:02:73:03:08:88:13:60:99:95:
         cd:22:ce:cb:08:b0:48:60:ff:0f:fa:bd:47:bb:81:6c:55:f6:
         10:25:dc:31:55:0f:e6:08:13:0a:d1:3e:3d:47:c4:24:72:fe:
         80:3a:b2:ab:e5:2e:74:4b:d0:22:dc:68:9e:42:c7:d1:f8:05:
         11:b9:0f:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmUw3SLrnt5nWVwbN8+/YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNDUzMmI0Zjc0M2NmOTVjYmVjMTg2ODFiYTY3YWM1ZGI4
NTRmMzMwHhcNMjQwMTAyMTQzNDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzNkNjc3ODI2N2JjOWE2NDYyY2U2NTM0Njk0YmFmYzNhOGRlN2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiEvse54Ak7a/wEz7CWFx3R2VnqPc
YfFEvzzFngPot7Q6JbJAfkdDK5oDt8yIzEX8tJHoMr2W1XNNoH97yzmLWBIFbUEv
5nDdqm1q12tN+ksQVy3Q6QH9kaYEnVj4PKt9b3BYg0W8eLa6ZfuNuCNydJBPOepn
bF/6lmkJ8i4wrtSSR5b5OMhq4qx81M2EP4v9GXz9aK/qJ7fmiExzJ7ZS/MZTcCcs
Iz5hBw9aPiAboZ+SZVuKWKCXm4baAvLXHsyW6+IgFCzuKJC6Lbsz7V6O4LIrGF4A
UT2IGLGgBY5QBghmVOy+txOmFrl2cIh9o7KG2goztDrxBRT9Qz9ghmuqGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIM9Z3gme8mmRizmU0aUuvw6jeevMB8GA1UdIwQY
MBaAFJJFMrT3Q8+Vy+wYaBumesXbhU8zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2tVeXRQZER6NVhMN0Job0c2WjZ4ZHVGVHpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8yYjlmMDEtYTU2ZS00YmU5LWFkMzIt
MzhlZDcxNTU5OTVjLzEvZ3oxbmVDWjd5YVpHTE9aVFJwUzZfRHFONTY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8yYjlmMDEtYTU2ZS00YmU5LWFkMzItMzhlZDcxNTU5OTVj
LzEva2tVeXRQZER6NVhMN0Job0c2WjZ4ZHVGVHpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTCNMA0G
CSqGSIb3DQEBCwUAA4IBAQAP5lJRdBKQHZIoXO7+JXDyC5gi4hKOS4IAtQa0dsI/
YAuJOXSO5UPxDCuz5vsB6OAhSnl885A/Hg26IyovJp0kTVB0iom+zBwC3q4PGb4Q
EUFMS57/cdKHvq4Lzo7t/FMsX7Ifjd4Ogix9t7FcGIh6EaQ04aSu6XoGzmGQqWbV
8iVJlbO70hwbhdLQtZ3QU2gBb8UxeZQMWtdvOq4MIOoEWCXfiXQyTu97FR/XlPDJ
4hvNUBLziDQ9m6TnmtICcwMIiBNgmZXNIs7LCLBIYP8P+r1Hu4FsVfYQJdwxVQ/m
CBMK0T49R8Qkcv6AOrKr5S50S9Ai3GieQsfR+AURuQ+l
-----END CERTIFICATE-----