Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/ggs1IDloIgZ4eOP7V4Xb06S-xns.roa
File:                     ggs1IDloIgZ4eOP7V4Xb06S-xns.roa (raw, json)
Hash identifier:          BUSV9fURPsRifkrcN5yJQ87/I0YqMgJm3owtiOQUuiY=
Subject key identifier:   82:0B:35:20:39:68:22:06:78:78:E3:FB:57:85:DB:D3:A4:BE:C6:7B
Certificate issuer:       /CN=126c660b30f5692b2b16e289b24901c518fda520
Certificate serial:       018CC795871015FD4DB46B1EA47FB49F80FE
Authority key identifier: 12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/ggs1IDloIgZ4eOP7V4Xb06S-xns.roa
Signing time:             Tue 02 Jan 2024 00:31:54 +0000
ROA not before:           Tue 02 Jan 2024 00:31:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204860
IP address blocks:        185.217.234.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:87:10:15:fd:4d:b4:6b:1e:a4:7f:b4:9f:80:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=126c660b30f5692b2b16e289b24901c518fda520
        Validity
            Not Before: Jan  2 00:31:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=820b3520396822067878e3fb5785dbd3a4bec67b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:a4:2d:39:49:8f:08:13:f1:e3:8a:9d:b3:37:
                    00:bd:2d:f7:33:69:00:92:25:ac:d4:d4:3b:62:2f:
                    1d:f6:66:7a:07:f4:7f:86:7d:1a:67:3a:e8:50:41:
                    a6:ac:e6:d4:44:05:81:39:a4:18:73:4a:43:9e:28:
                    fd:f4:b6:48:d6:72:34:8e:4d:3d:26:eb:2c:c0:2d:
                    08:18:b4:32:e0:ea:6a:2a:1d:f2:03:8e:f5:e5:16:
                    37:46:0d:18:0d:79:14:ad:41:a9:cd:74:3a:f4:a2:
                    93:cd:50:a9:65:d1:3b:02:27:94:0a:43:16:be:3c:
                    c7:66:6c:27:9d:21:c7:c4:1c:98:bf:6a:60:e4:04:
                    1f:65:fa:4a:32:b9:93:bd:84:3b:9c:20:70:bf:eb:
                    b9:f7:de:e3:27:10:7d:12:bb:05:6c:da:56:0e:97:
                    c0:a0:f5:42:e2:37:81:72:f7:03:03:8b:88:01:9e:
                    4f:21:0a:3c:9b:22:29:48:56:67:bd:81:66:43:51:
                    aa:c3:90:77:04:19:04:53:98:a6:3a:47:51:aa:07:
                    56:d4:e9:72:05:8a:d6:65:81:11:a1:01:5a:3a:27:
                    be:15:6b:0d:ca:0b:05:4d:95:5a:64:4a:37:18:b4:
                    0a:8d:41:1b:ea:50:20:dd:bc:7e:18:27:24:f2:f0:
                    68:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:0B:35:20:39:68:22:06:78:78:E3:FB:57:85:DB:D3:A4:BE:C6:7B
            X509v3 Authority Key Identifier:
                keyid:12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/ggs1IDloIgZ4eOP7V4Xb06S-xns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:79:01:5c:0b:64:ea:84:44:c5:8d:b1:c9:25:58:11:f5:e4:
         e6:44:6f:d8:50:9f:bc:f1:c3:27:34:e2:c2:2e:4e:10:55:de:
         10:dd:2c:d5:99:19:10:b4:a6:2f:f0:2b:fa:2a:1b:80:f9:a1:
         17:66:0d:4c:02:9c:3d:4f:35:00:c2:c0:dc:2b:d1:ba:7e:0a:
         14:68:a3:7c:d1:55:e6:68:9a:e4:62:ad:80:ec:a1:a3:d3:1b:
         e5:95:f0:cc:d3:28:31:5a:84:84:57:8a:8f:bc:72:c2:63:57:
         a5:c6:58:33:b0:d6:05:3e:73:6c:a9:16:19:7e:99:1f:36:aa:
         80:4b:c6:ab:cb:c4:01:26:a9:d4:a5:be:55:97:85:e8:8c:e2:
         0f:50:9b:8a:a8:6f:09:70:09:00:46:e8:7e:6a:7d:44:54:29:
         d7:30:41:ba:d4:52:28:38:f1:14:5a:e3:41:62:e2:7e:98:4c:
         23:c9:6d:6b:af:b2:4e:db:6e:da:62:f8:f0:c1:c3:1d:13:d2:
         a7:03:d9:21:0b:15:40:d5:6a:d9:ef:07:49:b0:4a:e8:74:d5:
         5b:30:a4:2a:2d:f8:a6:3f:da:f9:82:cd:23:33:95:f4:d1:50:
         1c:fb:65:29:ee:4a:7a:bb:0f:78:b0:57:f1:5c:e8:12:6a:c3:
         5f:4b:6b:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlYcQFf1NtGsepH+0n4D+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNmM2NjBiMzBmNTY5MmIyYjE2ZTI4OWIyNDkwMWM1MThm
ZGE1MjAwHhcNMjQwMTAyMDAzMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjBiMzUyMDM5NjgyMjA2Nzg3OGUzZmI1Nzg1ZGJkM2E0YmVjNjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3aQtOUmPCBPx44qdszcAvS33M2kA
kiWs1NQ7Yi8d9mZ6B/R/hn0aZzroUEGmrObURAWBOaQYc0pDnij99LZI1nI0jk09
JusswC0IGLQy4OpqKh3yA4715RY3Rg0YDXkUrUGpzXQ69KKTzVCpZdE7AieUCkMW
vjzHZmwnnSHHxByYv2pg5AQfZfpKMrmTvYQ7nCBwv+u5997jJxB9ErsFbNpWDpfA
oPVC4jeBcvcDA4uIAZ5PIQo8myIpSFZnvYFmQ1Gqw5B3BBkEU5imOkdRqgdW1Oly
BYrWZYERoQFaOie+FWsNygsFTZVaZEo3GLQKjUEb6lAg3bx+GCck8vBoUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIILNSA5aCIGeHjj+1eF29OkvsZ7MB8GA1UdIwQY
MBaAFBJsZgsw9WkrKxbiibJJAcUY/aUgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjIt
NDM4YWNiNzJmYzViLzEvZ2dzMUlEbG9JZ1o0ZU9QN1Y0WGIwNlMteG5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjItNDM4YWNiNzJmYzVi
LzEvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudnqMA0G
CSqGSIb3DQEBCwUAA4IBAQCQeQFcC2TqhETFjbHJJVgR9eTmRG/YUJ+88cMnNOLC
Lk4QVd4Q3SzVmRkQtKYv8Cv6KhuA+aEXZg1MApw9TzUAwsDcK9G6fgoUaKN80VXm
aJrkYq2A7KGj0xvllfDM0ygxWoSEV4qPvHLCY1elxlgzsNYFPnNsqRYZfpkfNqqA
S8ary8QBJqnUpb5Vl4XojOIPUJuKqG8JcAkARuh+an1EVCnXMEG61FIoOPEUWuNB
YuJ+mEwjyW1rr7JO227aYvjwwcMdE9KnA9khCxVA1WrZ7wdJsErodNVbMKQqLfim
P9r5gs0jM5X00VAc+2Up7kp6uw94sFfxXOgSasNfS2sk
-----END CERTIFICATE-----