Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/9dcc25-5b0a-4c3e-9149-5a8230e7643a/1/GIFrF92NPU5XTTIbNn3vuETTj0I.roa
File:                     GIFrF92NPU5XTTIbNn3vuETTj0I.roa (raw, json)
Hash identifier:          lI4Ezy96OD3L3JGwgmqKncVC9HU2kqwJdx8gIVMnd0o=
Subject key identifier:   18:81:6B:17:DD:8D:3D:4E:57:4D:32:1B:36:7D:EF:B8:44:D3:8F:42
Certificate issuer:       /CN=1502af713e36e52c71866c8a9ebdacf3d8629b68
Certificate serial:       018CC6B915B5D108B002979AD981767B716B
Authority key identifier: 15:02:AF:71:3E:36:E5:2C:71:86:6C:8A:9E:BD:AC:F3:D8:62:9B:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FQKvcT425SxxhmyKnr2s89him2g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/9dcc25-5b0a-4c3e-9149-5a8230e7643a/1/GIFrF92NPU5XTTIbNn3vuETTj0I.roa
Signing time:             Mon 01 Jan 2024 20:31:07 +0000
ROA not before:           Mon 01 Jan 2024 20:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2852
IP address blocks:        146.102.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/9dcc25-5b0a-4c3e-9149-5a8230e7643a/1/FQKvcT425SxxhmyKnr2s89him2g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/9dcc25-5b0a-4c3e-9149-5a8230e7643a/1/FQKvcT425SxxhmyKnr2s89him2g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FQKvcT425SxxhmyKnr2s89him2g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:02:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:15:b5:d1:08:b0:02:97:9a:d9:81:76:7b:71:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1502af713e36e52c71866c8a9ebdacf3d8629b68
        Validity
            Not Before: Jan  1 20:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18816b17dd8d3d4e574d321b367defb844d38f42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:72:1e:fd:ca:f0:d3:6c:d2:e8:c2:67:a6:86:
                    bd:3d:01:ce:22:eb:06:b5:c9:f9:38:22:ef:f3:23:
                    0b:bd:70:ba:3a:14:f9:9f:4a:16:06:88:c0:44:6a:
                    c1:2f:fb:84:4d:25:85:f6:81:ca:be:97:41:65:d9:
                    a2:32:b1:bb:34:4e:08:6f:7e:d2:05:06:99:d0:99:
                    87:c8:f1:5c:48:5e:c8:14:d3:98:0a:a8:b1:a3:43:
                    74:63:ab:76:9a:c9:3e:6f:18:34:e0:b6:5b:83:91:
                    37:eb:86:57:59:17:95:4b:5a:ea:49:84:ec:12:29:
                    ac:49:d0:59:1b:88:0c:04:a2:10:fd:55:90:d9:c6:
                    8a:1d:af:3b:a5:84:8e:e9:17:06:73:eb:15:68:12:
                    9f:e7:19:d8:62:3d:2a:fa:8a:36:c7:56:10:0c:b8:
                    06:d5:2a:e1:66:63:aa:9a:e0:c7:c2:ba:f9:30:89:
                    5a:cc:6b:33:71:43:cc:37:e4:85:10:da:b9:42:d0:
                    a8:ef:28:ae:b1:57:8c:f3:97:12:16:8c:6f:60:23:
                    3b:7d:d2:25:99:34:74:d7:b7:a1:8f:f1:06:d0:bb:
                    ae:23:e4:2a:09:cf:7c:02:6c:83:fd:c2:a4:12:8f:
                    ca:78:e9:43:27:51:37:ff:25:6a:b0:5d:50:61:4c:
                    e5:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:81:6B:17:DD:8D:3D:4E:57:4D:32:1B:36:7D:EF:B8:44:D3:8F:42
            X509v3 Authority Key Identifier:
                keyid:15:02:AF:71:3E:36:E5:2C:71:86:6C:8A:9E:BD:AC:F3:D8:62:9B:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FQKvcT425SxxhmyKnr2s89him2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/9dcc25-5b0a-4c3e-9149-5a8230e7643a/1/GIFrF92NPU5XTTIbNn3vuETTj0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/9dcc25-5b0a-4c3e-9149-5a8230e7643a/1/FQKvcT425SxxhmyKnr2s89him2g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.102.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5c:87:13:5b:27:25:e4:99:a3:a2:7f:10:b0:ce:4c:73:bc:71:
         44:dd:5e:6a:f4:9d:82:53:2d:0b:11:6a:f2:bb:ef:0e:e7:cb:
         4c:38:e5:49:71:d8:c6:01:d8:78:dd:ec:4e:77:b5:d4:ba:6b:
         cc:e9:01:a3:71:92:af:ee:74:1a:68:a5:79:1a:ad:0b:11:fa:
         7f:c4:41:33:b0:ca:dd:58:36:91:b1:34:f5:8c:0d:d6:39:8f:
         f3:58:5d:f8:0b:d9:24:79:f5:88:3c:13:c9:f0:d1:aa:3f:02:
         09:13:50:a0:98:e8:49:10:86:ec:a9:97:25:e6:84:cb:3c:4a:
         c6:bd:53:e2:9a:14:3b:c7:27:47:6d:ab:f9:cd:ab:94:05:f0:
         c8:8f:0f:b0:a6:79:76:d7:05:bf:83:5b:9c:44:0e:4d:5b:2a:
         e8:41:b5:93:11:ae:18:c8:9b:15:3a:df:40:aa:ae:81:5f:94:
         bb:87:07:5e:de:b4:83:8d:6e:57:6f:24:36:fd:e5:a7:49:03:
         33:69:03:95:be:cd:78:4a:5b:8c:07:0e:67:6d:03:ee:24:f9:
         88:62:84:39:a2:d9:90:aa:be:71:02:7e:eb:51:52:a2:29:79:
         ce:a2:a5:30:81:d8:fd:0b:18:1f:8d:b8:7a:b9:03:78:ac:fd:
         36:3e:be:e7
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzGuRW10QiwApea2YF2e3FrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MDJhZjcxM2UzNmU1MmM3MTg2NmM4YTllYmRhY2YzZDg2
MjliNjgwHhcNMjQwMTAxMjAzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODgxNmIxN2RkOGQzZDRlNTc0ZDMyMWIzNjdkZWZiODQ0ZDM4ZjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXIe/crw02zS6MJnpoa9PQHOIusG
tcn5OCLv8yMLvXC6OhT5n0oWBojARGrBL/uETSWF9oHKvpdBZdmiMrG7NE4Ib37S
BQaZ0JmHyPFcSF7IFNOYCqixo0N0Y6t2msk+bxg04LZbg5E364ZXWReVS1rqSYTs
EimsSdBZG4gMBKIQ/VWQ2caKHa87pYSO6RcGc+sVaBKf5xnYYj0q+oo2x1YQDLgG
1SrhZmOqmuDHwrr5MIlazGszcUPMN+SFENq5QtCo7yiusVeM85cSFoxvYCM7fdIl
mTR017ehj/EG0LuuI+QqCc98AmyD/cKkEo/KeOlDJ1E3/yVqsF1QYUzlXwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFBiBaxfdjT1OV00yGzZ977hE049CMB8GA1UdIwQY
MBaAFBUCr3E+NuUscYZsip69rPPYYptoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlFLdmNUNDI1U3h4aG15S25yMnM4OWhpbTJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS85ZGNjMjUtNWIwYS00YzNlLTkxNDkt
NWE4MjMwZTc2NDNhLzEvR0lGckY5Mk5QVTVYVFRJYk5uM3Z1RVRUajBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS85ZGNjMjUtNWIwYS00YzNlLTkxNDktNWE4MjMwZTc2NDNh
LzEvRlFLdmNUNDI1U3h4aG15S25yMnM4OWhpbTJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAkmYwDQYJ
KoZIhvcNAQELBQADggEBAFyHE1snJeSZo6J/ELDOTHO8cUTdXmr0nYJTLQsRavK7
7w7ny0w45Ulx2MYB2Hjd7E53tdS6a8zpAaNxkq/udBpopXkarQsR+n/EQTOwyt1Y
NpGxNPWMDdY5j/NYXfgL2SR59Yg8E8nw0ao/AgkTUKCY6EkQhuyplyXmhMs8Ssa9
U+KaFDvHJ0dtq/nNq5QF8MiPD7CmeXbXBb+DW5xEDk1bKuhBtZMRrhjImxU630Cq
roFflLuHB17etIONbldvJDb95adJAzNpA5W+zXhKW4wHDmdtA+4k+YhihDmi2ZCq
vnECfutRUqIpec6ipTCB2P0LGB+NuHq5A3is/TY+vuc=
-----END CERTIFICATE-----