Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/b8aeef-6889-4614-b7fc-5c75c3f421f5/1/_GvmfomlgkX-2-Xb2uZU6MIYRsM.roa
File:                     _GvmfomlgkX-2-Xb2uZU6MIYRsM.roa (raw, json)
Hash identifier:          2jn8t0qz56m963e0JWcxyGExLcEZI1TeI+EI/x4MF9c=
Subject key identifier:   FC:6B:E6:7E:89:A5:82:45:FE:DB:E5:DB:DA:E6:54:E8:C2:18:46:C3
Certificate issuer:       /CN=c7554fd3e13b4a50c1d87482a7437b81c63e9951
Certificate serial:       018CC6B7E51D8B619D8313B39D74EB782E1A
Authority key identifier: C7:55:4F:D3:E1:3B:4A:50:C1:D8:74:82:A7:43:7B:81:C6:3E:99:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x1VP0-E7SlDB2HSCp0N7gcY-mVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/b8aeef-6889-4614-b7fc-5c75c3f421f5/1/_GvmfomlgkX-2-Xb2uZU6MIYRsM.roa
Signing time:             Mon 01 Jan 2024 20:29:49 +0000
ROA not before:           Mon 01 Jan 2024 20:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208957
IP address blocks:        5.182.168.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/b8aeef-6889-4614-b7fc-5c75c3f421f5/1/x1VP0-E7SlDB2HSCp0N7gcY-mVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/b8aeef-6889-4614-b7fc-5c75c3f421f5/1/x1VP0-E7SlDB2HSCp0N7gcY-mVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x1VP0-E7SlDB2HSCp0N7gcY-mVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:e5:1d:8b:61:9d:83:13:b3:9d:74:eb:78:2e:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7554fd3e13b4a50c1d87482a7437b81c63e9951
        Validity
            Not Before: Jan  1 20:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc6be67e89a58245fedbe5dbdae654e8c21846c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:b8:9d:de:4d:28:cf:c4:05:45:1a:42:12:c6:
                    55:71:a2:c8:41:82:99:4e:05:b1:89:10:bb:3a:97:
                    b8:68:ac:c9:0b:37:a7:02:de:2b:4f:aa:0d:8c:82:
                    eb:1b:51:41:82:f0:1b:de:80:9b:3e:bb:36:0d:49:
                    86:77:df:49:bf:46:c9:32:b9:d2:de:b8:c1:c1:39:
                    44:41:91:9a:f3:57:0e:80:9f:83:a5:ff:47:a2:a7:
                    40:e4:c9:8e:64:44:42:29:89:ce:0b:a6:ce:2a:f2:
                    87:45:44:35:97:6d:ba:ba:e7:67:d9:f7:b2:14:73:
                    a3:96:92:99:80:4c:75:eb:00:6c:3f:c2:48:c1:73:
                    73:97:ea:f7:3e:c8:81:53:23:5d:38:46:e0:3b:45:
                    f3:c1:3a:c3:2a:1a:11:a5:0c:4d:a1:08:e8:59:58:
                    4f:e9:f1:b6:d9:a9:3c:59:b9:b5:8c:ff:d1:4f:05:
                    9f:71:6b:ee:b9:36:0b:fb:44:d8:95:78:08:2b:7d:
                    9b:dc:db:a9:2a:5d:b4:d3:13:7d:1b:2b:aa:7b:20:
                    0f:a0:ec:52:5f:6e:d4:f6:e7:f1:62:b1:e4:6b:9e:
                    23:56:59:f6:d1:d4:69:7d:05:8b:06:85:09:03:90:
                    f4:af:40:e6:41:6d:f9:d3:86:0b:cd:8c:d6:5f:8b:
                    05:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:6B:E6:7E:89:A5:82:45:FE:DB:E5:DB:DA:E6:54:E8:C2:18:46:C3
            X509v3 Authority Key Identifier:
                keyid:C7:55:4F:D3:E1:3B:4A:50:C1:D8:74:82:A7:43:7B:81:C6:3E:99:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x1VP0-E7SlDB2HSCp0N7gcY-mVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/b8aeef-6889-4614-b7fc-5c75c3f421f5/1/_GvmfomlgkX-2-Xb2uZU6MIYRsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/b8aeef-6889-4614-b7fc-5c75c3f421f5/1/x1VP0-E7SlDB2HSCp0N7gcY-mVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c0:1e:81:8a:70:11:1a:a9:bd:53:1e:c9:5d:54:3f:89:6f:80:
         d2:96:76:13:a5:45:d0:c6:89:ae:9e:04:da:f5:02:b5:ed:d4:
         31:a4:27:34:76:1b:6b:97:4e:80:10:31:f9:e8:fa:6b:3f:d7:
         65:da:3a:bb:6c:31:f5:33:37:3c:d7:2b:00:cd:dd:cb:9d:c2:
         11:36:0a:be:c9:35:54:f7:e0:21:a4:a6:3a:a7:fa:f4:f7:f5:
         5c:57:a8:2f:75:f9:f5:a8:ca:d1:df:a0:79:db:e7:b3:99:26:
         39:0f:d1:28:ea:d6:9e:20:3b:62:b7:f8:3b:e1:e6:ff:4a:0f:
         17:c5:3b:da:49:dc:2e:68:07:74:11:7b:c0:8c:a1:b4:6f:3d:
         c9:1b:94:64:a1:51:79:31:ed:48:0e:2e:ac:45:8b:7b:a2:87:
         92:30:c5:e7:a0:4b:c3:2a:ba:ee:94:2c:eb:e1:d5:49:1f:25:
         2d:e1:d4:b4:e7:2f:37:d3:f3:f0:22:c5:51:40:fe:96:5f:39:
         56:2d:8d:88:0e:4b:d0:8a:03:40:fb:73:95:0a:5c:a4:e2:15:
         09:63:60:9c:5b:91:1b:db:03:02:0b:22:d5:74:a8:e8:dd:03:
         2d:c3:24:dc:39:29:40:58:10:22:ed:f1:75:e8:a6:97:8d:5a:
         a7:a5:eb:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt+Udi2GdgxOznXTreC4aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NTU0ZmQzZTEzYjRhNTBjMWQ4NzQ4MmE3NDM3YjgxYzYz
ZTk5NTEwHhcNMjQwMTAxMjAyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzZiZTY3ZTg5YTU4MjQ1ZmVkYmU1ZGJkYWU2NTRlOGMyMTg0NmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrid3k0oz8QFRRpCEsZVcaLIQYKZ
TgWxiRC7Ope4aKzJCzenAt4rT6oNjILrG1FBgvAb3oCbPrs2DUmGd99Jv0bJMrnS
3rjBwTlEQZGa81cOgJ+Dpf9HoqdA5MmOZERCKYnOC6bOKvKHRUQ1l226uudn2fey
FHOjlpKZgEx16wBsP8JIwXNzl+r3PsiBUyNdOEbgO0XzwTrDKhoRpQxNoQjoWVhP
6fG22ak8Wbm1jP/RTwWfcWvuuTYL+0TYlXgIK32b3NupKl200xN9GyuqeyAPoOxS
X27U9ufxYrHka54jVln20dRpfQWLBoUJA5D0r0DmQW3504YLzYzWX4sFNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPxr5n6JpYJF/tvl29rmVOjCGEbDMB8GA1UdIwQY
MBaAFMdVT9PhO0pQwdh0gqdDe4HGPplRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDFWUDAtRTdTbERCMkhTQ3AwTjdnY1ktbVZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9iOGFlZWYtNjg4OS00NjE0LWI3ZmMt
NWM3NWMzZjQyMWY1LzEvX0d2bWZvbWxna1gtMi1YYjJ1WlU2TUlZUnNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9iOGFlZWYtNjg4OS00NjE0LWI3ZmMtNWM3NWMzZjQyMWY1
LzEveDFWUDAtRTdTbERCMkhTQ3AwTjdnY1ktbVZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbaoMA0G
CSqGSIb3DQEBCwUAA4IBAQDAHoGKcBEaqb1THsldVD+Jb4DSlnYTpUXQxomungTa
9QK17dQxpCc0dhtrl06AEDH56PprP9dl2jq7bDH1Mzc81ysAzd3LncIRNgq+yTVU
9+AhpKY6p/r09/VcV6gvdfn1qMrR36B52+ezmSY5D9Eo6taeIDtit/g74eb/Sg8X
xTvaSdwuaAd0EXvAjKG0bz3JG5RkoVF5Me1IDi6sRYt7ooeSMMXnoEvDKrrulCzr
4dVJHyUt4dS05y830/PwIsVRQP6WXzlWLY2IDkvQigNA+3OVClyk4hUJY2CcW5Eb
2wMCCyLVdKjo3QMtwyTcOSlAWBAi7fF16KaXjVqnpeuD
-----END CERTIFICATE-----