Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/c33df9-edd5-463b-b052-0f0bc401e1e1/1/GDYfoKKG3yFaIjJkJ3YCAK8hLqA.roa
File:                     GDYfoKKG3yFaIjJkJ3YCAK8hLqA.roa (raw, json)
Hash identifier:          erb5aM2h7W5I1XqnWYG/lDx7/8zDPLRd0RbZw0dE/qs=
Subject key identifier:   18:36:1F:A0:A2:86:DF:21:5A:22:32:64:27:76:02:00:AF:21:2E:A0
Certificate issuer:       /CN=ffd3c1742fc05a80a2dc6bb0ebe1030a9bbc8c94
Certificate serial:       01942445442C69C473B3C9B32F8A05679238
Authority key identifier: FF:D3:C1:74:2F:C0:5A:80:A2:DC:6B:B0:EB:E1:03:0A:9B:BC:8C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_9PBdC_AWoCi3Guw6-EDCpu8jJQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/c33df9-edd5-463b-b052-0f0bc401e1e1/1/GDYfoKKG3yFaIjJkJ3YCAK8hLqA.roa
Signing time:             Wed 01 Jan 2025 23:48:26 +0000
ROA not before:           Wed 01 Jan 2025 23:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41960
IP address blocks:        193.36.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/c33df9-edd5-463b-b052-0f0bc401e1e1/1/_9PBdC_AWoCi3Guw6-EDCpu8jJQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/c33df9-edd5-463b-b052-0f0bc401e1e1/1/_9PBdC_AWoCi3Guw6-EDCpu8jJQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_9PBdC_AWoCi3Guw6-EDCpu8jJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 22:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:44:2c:69:c4:73:b3:c9:b3:2f:8a:05:67:92:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffd3c1742fc05a80a2dc6bb0ebe1030a9bbc8c94
        Validity
            Not Before: Jan  1 23:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18361fa0a286df215a22326427760200af212ea0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:22:e8:78:65:73:89:0c:c1:d1:60:24:75:a2:
                    70:ea:e6:06:bb:a2:43:e3:6c:0a:87:42:b8:38:c2:
                    71:cc:23:12:63:30:85:a2:30:cd:84:b8:b1:4b:66:
                    74:e8:90:32:b0:8a:3e:07:f9:fb:a7:37:be:df:e1:
                    a4:e7:64:25:c8:19:8a:f1:dc:4e:5f:25:1f:bd:37:
                    d0:ed:63:36:3c:03:6a:dc:11:ae:20:6d:13:74:2e:
                    f2:b0:24:1f:e4:c7:d1:25:5a:90:e8:47:1f:38:97:
                    ca:9a:e3:8d:41:f2:51:06:58:ea:01:e9:93:c0:ca:
                    82:bd:64:06:e6:36:9f:a3:cd:1b:47:0b:4a:fd:0e:
                    e0:7a:d7:6a:ec:c9:fb:b1:4d:b8:0f:6a:21:51:0d:
                    8c:2e:c8:76:30:46:e6:8e:16:98:39:57:d7:9d:b5:
                    62:4f:90:f9:ba:a2:fb:bb:de:b9:39:e6:dd:c6:ff:
                    b6:63:18:d4:41:3e:bd:d5:f7:63:0f:ff:af:36:d3:
                    16:07:04:3e:08:9e:ab:d4:47:5a:f0:d4:dc:d3:95:
                    27:63:59:9c:de:72:6f:65:39:e5:8d:52:0e:86:8e:
                    40:c2:35:08:d7:16:af:4e:70:75:57:74:62:1b:51:
                    13:d6:ae:d8:1c:5c:89:21:e2:4d:4a:81:ab:a8:35:
                    7c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:36:1F:A0:A2:86:DF:21:5A:22:32:64:27:76:02:00:AF:21:2E:A0
            X509v3 Authority Key Identifier:
                keyid:FF:D3:C1:74:2F:C0:5A:80:A2:DC:6B:B0:EB:E1:03:0A:9B:BC:8C:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_9PBdC_AWoCi3Guw6-EDCpu8jJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/c33df9-edd5-463b-b052-0f0bc401e1e1/1/GDYfoKKG3yFaIjJkJ3YCAK8hLqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/c33df9-edd5-463b-b052-0f0bc401e1e1/1/_9PBdC_AWoCi3Guw6-EDCpu8jJQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:96:e7:eb:8c:97:fe:03:ad:db:9a:b6:c4:8c:bd:1e:b3:d1:
         42:56:d8:b9:4e:6f:78:b0:9e:bb:3e:8d:2d:1e:92:88:00:bc:
         d8:03:71:53:eb:39:3a:ef:e3:a9:26:01:02:27:a0:50:09:6a:
         aa:17:ea:ad:a7:17:76:45:9f:67:69:ba:d9:24:63:9d:f8:43:
         24:fb:aa:97:ec:5e:50:27:d6:31:12:e4:00:2f:68:c7:5e:0d:
         70:61:73:15:7c:c6:e6:8b:43:5e:98:0e:ff:c1:fd:6e:be:fd:
         96:83:72:af:52:1b:3e:e2:c9:77:06:4f:e3:1c:17:1a:3a:eb:
         0c:49:e7:38:c7:26:8c:4d:56:18:23:75:6e:18:87:ef:f9:8a:
         c4:96:35:ff:78:f4:a2:b4:34:0a:eb:1a:a4:cd:70:e6:41:b1:
         90:39:45:0d:f2:b0:31:01:9b:a1:c0:d9:ba:a0:c8:ed:51:8f:
         cf:72:95:5c:d3:23:04:af:64:b2:8d:15:39:0a:1c:17:e0:26:
         4b:5b:2c:fa:c0:8e:15:a6:bf:2d:67:6a:d1:6a:c5:a5:da:70:
         1b:f3:ff:90:f8:dd:a2:48:de:a2:b8:1b:ef:52:86:e0:9b:e5:
         90:ee:39:26:31:61:2c:57:73:42:0d:ec:b6:90:e6:04:0d:5b:
         fd:84:ef:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRUQsacRzs8mzL4oFZ5I4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZDNjMTc0MmZjMDVhODBhMmRjNmJiMGViZTEwMzBhOWJi
YzhjOTQwHhcNMjUwMTAxMjM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODM2MWZhMGEyODZkZjIxNWEyMjMyNjQyNzc2MDIwMGFmMjEyZWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCLoeGVziQzB0WAkdaJw6uYGu6JD
42wKh0K4OMJxzCMSYzCFojDNhLixS2Z06JAysIo+B/n7pze+3+Gk52QlyBmK8dxO
XyUfvTfQ7WM2PANq3BGuIG0TdC7ysCQf5MfRJVqQ6EcfOJfKmuONQfJRBljqAemT
wMqCvWQG5jafo80bRwtK/Q7getdq7Mn7sU24D2ohUQ2MLsh2MEbmjhaYOVfXnbVi
T5D5uqL7u965Oebdxv+2YxjUQT691fdjD/+vNtMWBwQ+CJ6r1Eda8NTc05UnY1mc
3nJvZTnljVIOho5AwjUI1xavTnB1V3RiG1ET1q7YHFyJIeJNSoGrqDV8KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBg2H6Ciht8hWiIyZCd2AgCvIS6gMB8GA1UdIwQY
MBaAFP/TwXQvwFqAotxrsOvhAwqbvIyUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzlQQmRDX0FXb0NpM0d1dzYtRURDcHU4akpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9jMzNkZjktZWRkNS00NjNiLWIwNTIt
MGYwYmM0MDFlMWUxLzEvR0RZZm9LS0czeUZhSWpKa0ozWUNBSzhoTHFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9jMzNkZjktZWRkNS00NjNiLWIwNTItMGYwYmM0MDFlMWUx
LzEvXzlQQmRDX0FXb0NpM0d1dzYtRURDcHU4akpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSSxMA0G
CSqGSIb3DQEBCwUAA4IBAQAmlufrjJf+A63bmrbEjL0es9FCVti5Tm94sJ67Po0t
HpKIALzYA3FT6zk67+OpJgECJ6BQCWqqF+qtpxd2RZ9nabrZJGOd+EMk+6qX7F5Q
J9YxEuQAL2jHXg1wYXMVfMbmi0NemA7/wf1uvv2Wg3KvUhs+4sl3Bk/jHBcaOusM
Sec4xyaMTVYYI3VuGIfv+YrEljX/ePSitDQK6xqkzXDmQbGQOUUN8rAxAZuhwNm6
oMjtUY/PcpVc0yMEr2SyjRU5ChwX4CZLWyz6wI4Vpr8tZ2rRasWl2nAb8/+Q+N2i
SN6iuBvvUobgm+WQ7jkmMWEsV3NCDey2kOYEDVv9hO8t
-----END CERTIFICATE-----