Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/kYDLwmm98x_1yLlpyJMnNfkPmuA.roa
File:                     kYDLwmm98x_1yLlpyJMnNfkPmuA.roa (raw, json)
Hash identifier:          gPHwSFRk+O6slUjUAOLsJTQoEwdO9xdzw7/llwJpTWs=
Subject key identifier:   91:80:CB:C2:69:BD:F3:1F:F5:C8:B9:69:C8:93:27:35:F9:0F:9A:E0
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       018EE066F3309057C6411F4638E09E3AF9D8
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/kYDLwmm98x_1yLlpyJMnNfkPmuA.roa
Signing time:             Mon 15 Apr 2024 06:17:06 +0000
ROA not before:           Mon 15 Apr 2024 06:17:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     152179
IP address blocks:        185.179.218.0/23 maxlen: 24
                          188.64.104.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e0:66:f3:30:90:57:c6:41:1f:46:38:e0:9e:3a:f9:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Apr 15 06:17:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9180cbc269bdf31ff5c8b969c8932735f90f9ae0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:48:e2:9e:41:3a:6b:51:23:6a:7a:bf:c8:79:
                    7e:44:ca:dd:c9:31:f9:36:c2:bc:e4:26:d9:a0:88:
                    5e:cf:6a:af:ac:1e:84:02:59:55:62:ec:af:82:40:
                    7c:77:7d:e6:d3:63:d4:31:94:46:63:cb:da:2c:45:
                    63:70:43:73:19:d7:3f:19:06:9f:de:fc:88:13:4e:
                    81:59:04:e6:42:5f:f4:fc:a9:cb:bb:53:90:2c:28:
                    4c:3e:17:d9:57:48:06:c0:f3:b7:d2:71:dd:c5:04:
                    e4:41:77:5e:43:4e:80:5c:7e:de:57:cd:d8:03:35:
                    d0:22:95:75:32:94:e2:d1:c3:6c:b4:e0:df:aa:9e:
                    7f:bf:b1:b9:ba:aa:46:23:4d:9f:6d:23:5f:ce:e2:
                    ac:90:c9:bf:e6:18:4c:2d:d6:c3:1a:17:5f:fc:96:
                    3f:0b:ee:40:d2:47:8a:49:89:2f:e0:56:1d:3c:f9:
                    72:fd:e0:ec:6f:44:90:9e:f1:60:04:a0:4b:73:83:
                    75:f0:98:58:be:f2:61:c2:f7:24:2b:8f:22:16:81:
                    5f:9c:24:ce:c0:77:93:cb:35:0c:2a:4f:7e:c0:a1:
                    ba:3e:e5:95:0b:f4:ce:ce:71:42:61:f4:e5:e1:6c:
                    b3:e9:a3:d0:ed:cf:8b:c6:42:60:ee:67:32:99:42:
                    6f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:80:CB:C2:69:BD:F3:1F:F5:C8:B9:69:C8:93:27:35:F9:0F:9A:E0
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/kYDLwmm98x_1yLlpyJMnNfkPmuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.218.0/23
                  188.64.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a3:db:17:4c:01:b0:89:db:99:ed:0c:f6:63:34:0b:d5:77:b3:
         8e:64:2b:9a:e3:9c:23:4c:7b:3f:47:af:14:2f:e1:4f:14:1e:
         44:18:41:1c:fd:e9:9d:9d:e5:46:69:89:c4:79:61:1d:85:4d:
         7c:09:67:12:99:0a:c8:5f:d1:e1:e2:49:a1:35:e0:3b:94:fe:
         dd:99:8c:14:93:93:15:d2:9b:56:04:ac:2b:58:8e:99:f4:5a:
         0a:7e:a0:73:9a:16:46:9c:de:e5:cc:08:f5:ab:5e:6b:e1:1e:
         4f:36:77:c1:1a:c4:55:8c:79:53:62:00:2b:ac:fe:b2:83:aa:
         18:52:3d:1f:a1:af:d3:d6:bb:08:d0:7a:ad:2e:73:28:bf:9c:
         90:e3:5d:34:60:50:40:e9:c1:39:c2:e5:37:85:cc:8f:da:5c:
         4a:f8:d7:86:ff:56:8b:f2:08:58:d1:69:a9:ed:52:84:ed:3e:
         1a:02:21:a8:24:aa:79:98:94:b5:ca:ac:32:b6:f2:5e:ac:25:
         a3:57:6d:b6:2a:81:de:88:42:b4:a0:73:1c:07:5b:cd:62:2e:
         12:75:62:36:bd:5b:f5:3f:a8:59:cf:fa:bf:b5:83:15:d7:0d:
         b2:06:cf:94:c4:ee:e4:67:70:37:49:80:4d:92:e4:cc:32:e1:
         c9:04:5f:eb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7gZvMwkFfGQR9GOOCeOvnYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjQwNDE1MDYxNzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTgwY2JjMjY5YmRmMzFmZjVjOGI5NjljODkzMjczNWY5MGY5YWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUjinkE6a1Ejanq/yHl+RMrdyTH5
NsK85CbZoIhez2qvrB6EAllVYuyvgkB8d33m02PUMZRGY8vaLEVjcENzGdc/GQaf
3vyIE06BWQTmQl/0/KnLu1OQLChMPhfZV0gGwPO30nHdxQTkQXdeQ06AXH7eV83Y
AzXQIpV1MpTi0cNstODfqp5/v7G5uqpGI02fbSNfzuKskMm/5hhMLdbDGhdf/JY/
C+5A0keKSYkv4FYdPPly/eDsb0SQnvFgBKBLc4N18JhYvvJhwvckK48iFoFfnCTO
wHeTyzUMKk9+wKG6PuWVC/TOznFCYfTl4Wyz6aPQ7c+LxkJg7mcymUJvuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJGAy8JpvfMf9ci5aciTJzX5D5rgMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEva1lETHdtbTk4eF8xeUxscHlKTW5OZmtQbXVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBubPaAwQC
vEBoMA0GCSqGSIb3DQEBCwUAA4IBAQCj2xdMAbCJ25ntDPZjNAvVd7OOZCua45wj
THs/R68UL+FPFB5EGEEc/emdneVGaYnEeWEdhU18CWcSmQrIX9Hh4kmhNeA7lP7d
mYwUk5MV0ptWBKwrWI6Z9FoKfqBzmhZGnN7lzAj1q15r4R5PNnfBGsRVjHlTYgAr
rP6yg6oYUj0foa/T1rsI0HqtLnMov5yQ4100YFBA6cE5wuU3hcyP2lxK+NeG/1aL
8ghY0Wmp7VKE7T4aAiGoJKp5mJS1yqwytvJerCWjV222KoHeiEK0oHMcB1vNYi4S
dWI2vVv1P6hZz/q/tYMV1w2yBs+UxO7kZ3A3SYBNkuTMMuHJBF/r
-----END CERTIFICATE-----