Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/gME55grAdW0csfpDqI4X-z1lPB8.roa
File:                     gME55grAdW0csfpDqI4X-z1lPB8.roa (raw, json)
Hash identifier:          Yk24RuTuN+kQwIiTqSqW+TjwkayeuH80Y+g3ReFhIuE=
Subject key identifier:   80:C1:39:E6:0A:C0:75:6D:1C:B1:FA:43:A8:8E:17:FB:3D:65:3C:1F
Certificate issuer:       /CN=9bed36af13da482fdf79fb5403e5074860eecd0d
Certificate serial:       019421B1E16FDED0229BF8C43DF74DC44EE8
Authority key identifier: 9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/gME55grAdW0csfpDqI4X-z1lPB8.roa
Signing time:             Wed 01 Jan 2025 11:48:13 +0000
ROA not before:           Wed 01 Jan 2025 11:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199311
IP address blocks:        134.19.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 23:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:e1:6f:de:d0:22:9b:f8:c4:3d:f7:4d:c4:4e:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bed36af13da482fdf79fb5403e5074860eecd0d
        Validity
            Not Before: Jan  1 11:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80c139e60ac0756d1cb1fa43a88e17fb3d653c1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:80:dd:db:67:79:a0:86:bf:49:70:93:54:9c:
                    ed:58:dc:60:cd:08:9f:61:d0:d6:f6:7e:05:39:d0:
                    91:77:c1:ac:0c:31:85:51:be:eb:46:3c:4e:40:66:
                    fe:10:80:aa:c6:a8:86:25:33:62:9b:c9:9f:4b:5f:
                    e7:d4:bb:2a:32:c1:00:e0:d8:d0:f7:14:50:ed:d3:
                    ef:a1:d5:b4:6d:8c:13:17:d7:c2:c9:b8:26:13:6d:
                    9e:f2:5e:e4:93:e3:0c:34:d3:b0:18:c3:ae:8a:06:
                    c7:fb:68:d8:61:83:54:b9:cb:1a:91:30:0e:b4:1a:
                    f3:c9:6e:b4:0c:44:a8:02:05:14:1f:e2:42:49:25:
                    6c:89:37:7d:b6:22:e1:7c:b9:39:07:2e:85:ba:1e:
                    16:47:86:85:9e:a6:82:e4:60:92:f2:0f:b4:c4:fe:
                    90:50:b7:91:33:13:f7:9d:35:95:3a:16:2e:5a:ea:
                    f5:12:2f:df:b2:be:8e:54:27:8d:66:e9:0a:66:ac:
                    9e:6d:6e:58:f3:76:cd:ec:04:84:3a:22:10:df:72:
                    d3:dd:d6:b4:37:71:88:01:dc:62:52:07:06:fe:0c:
                    e2:ff:18:f4:ef:44:03:ee:ae:b8:c1:b8:c8:30:d5:
                    09:b5:a0:d6:55:11:a3:fb:49:93:33:01:69:63:56:
                    87:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:C1:39:E6:0A:C0:75:6D:1C:B1:FA:43:A8:8E:17:FB:3D:65:3C:1F
            X509v3 Authority Key Identifier:
                keyid:9B:ED:36:AF:13:DA:48:2F:DF:79:FB:54:03:E5:07:48:60:EE:CD:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m-02rxPaSC_feftUA-UHSGDuzQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/gME55grAdW0csfpDqI4X-z1lPB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4b0283-a90c-4d64-8301-d221ebd0818d/1/m-02rxPaSC_feftUA-UHSGDuzQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.19.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:49:22:96:6c:6e:42:33:2d:73:7d:7f:3f:46:c5:da:bf:83:
         64:25:66:c9:ac:4d:b3:7b:d3:9e:82:1a:a8:31:7d:4c:8d:fa:
         7b:75:ee:a3:49:e1:5c:35:a7:c0:f7:fc:04:f9:2a:36:80:ea:
         0f:db:46:16:b1:4f:7a:3f:65:2a:32:79:7c:bc:15:67:4d:96:
         84:99:88:b0:50:7e:75:3f:74:44:cd:9e:bf:1f:82:be:3f:59:
         e7:18:6c:a9:db:04:d4:fa:20:24:44:f2:0e:e1:5b:90:58:e5:
         76:99:30:c4:12:13:b8:f2:21:e2:c6:39:e6:71:8f:2e:d8:3f:
         c8:31:5d:9e:a1:85:a1:04:3e:83:db:be:60:01:28:16:66:d0:
         0a:99:df:0b:24:68:c9:10:a0:8d:17:4f:ef:28:46:ed:7a:e1:
         47:66:ab:3f:dc:95:32:87:e5:56:16:5c:e2:8f:f6:4f:c7:c2:
         53:67:f8:2b:5e:a9:ec:99:39:e8:5d:61:74:c1:96:6e:6f:38:
         4f:9f:a6:fd:3b:66:9e:d4:8e:9a:51:ae:3b:7a:24:06:ca:8a:
         17:88:0f:df:f9:e0:a5:93:2c:90:73:db:08:8c:f3:2e:b2:0a:
         4e:8e:c5:f5:ef:77:38:09:35:a6:2f:14:0c:bc:c7:df:e0:53:
         8d:44:3b:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhseFv3tAim/jEPfdNxE7oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZWQzNmFmMTNkYTQ4MmZkZjc5ZmI1NDAzZTUwNzQ4NjBl
ZWNkMGQwHhcNMjUwMTAxMTE0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGMxMzllNjBhYzA3NTZkMWNiMWZhNDNhODhlMTdmYjNkNjUzYzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7IDd22d5oIa/SXCTVJztWNxgzQif
YdDW9n4FOdCRd8GsDDGFUb7rRjxOQGb+EICqxqiGJTNim8mfS1/n1LsqMsEA4NjQ
9xRQ7dPvodW0bYwTF9fCybgmE22e8l7kk+MMNNOwGMOuigbH+2jYYYNUucsakTAO
tBrzyW60DESoAgUUH+JCSSVsiTd9tiLhfLk5By6Fuh4WR4aFnqaC5GCS8g+0xP6Q
ULeRMxP3nTWVOhYuWur1Ei/fsr6OVCeNZukKZqyebW5Y83bN7ASEOiIQ33LT3da0
N3GIAdxiUgcG/gzi/xj070QD7q64wbjIMNUJtaDWVRGj+0mTMwFpY1aHowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIDBOeYKwHVtHLH6Q6iOF/s9ZTwfMB8GA1UdIwQY
MBaAFJvtNq8T2kgv33n7VAPlB0hg7s0NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEt
ZDIyMWViZDA4MThkLzEvZ01FNTVnckFkVzBjc2ZwRHFJNFgtejFsUEI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni80YjAyODMtYTkwYy00ZDY0LTgzMDEtZDIyMWViZDA4MThk
LzEvbS0wMnJ4UGFTQ19mZWZ0VUEtVUhTR0R1elEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAhhPcMA0G
CSqGSIb3DQEBCwUAA4IBAQBPSSKWbG5CMy1zfX8/RsXav4NkJWbJrE2ze9Oeghqo
MX1Mjfp7de6jSeFcNafA9/wE+So2gOoP20YWsU96P2UqMnl8vBVnTZaEmYiwUH51
P3REzZ6/H4K+P1nnGGyp2wTU+iAkRPIO4VuQWOV2mTDEEhO48iHixjnmcY8u2D/I
MV2eoYWhBD6D275gASgWZtAKmd8LJGjJEKCNF0/vKEbteuFHZqs/3JUyh+VWFlzi
j/ZPx8JTZ/grXqnsmTnoXWF0wZZubzhPn6b9O2ae1I6aUa47eiQGyooXiA/f+eCl
kyyQc9sIjPMusgpOjsX173c4CTWmLxQMvMff4FONRDt4
-----END CERTIFICATE-----