Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/4e198e-2f61-46f3-b5f6-06d6e947e38f/1/G1av2SkScdA7pasMTkMgZ9DMDoM.roa
File:                     G1av2SkScdA7pasMTkMgZ9DMDoM.roa (raw, json)
Hash identifier:          DmAapwPH9qBCtwp/hvzAWHKwiBRMX4rOHpllKuQJZCk=
Subject key identifier:   1B:56:AF:D9:29:12:71:D0:3B:A5:AB:0C:4E:43:20:67:D0:CC:0E:83
Certificate issuer:       /CN=0589ee303ff7d0d557599fa04b293dc2b16bb4d4
Certificate serial:       018CC72655E1914E051A5B442D01D3A0B0D9
Authority key identifier: 05:89:EE:30:3F:F7:D0:D5:57:59:9F:A0:4B:29:3D:C2:B1:6B:B4:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BYnuMD_30NVXWZ-gSyk9wrFrtNQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/4e198e-2f61-46f3-b5f6-06d6e947e38f/1/G1av2SkScdA7pasMTkMgZ9DMDoM.roa
Signing time:             Mon 01 Jan 2024 22:30:27 +0000
ROA not before:           Mon 01 Jan 2024 22:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43435
IP address blocks:        78.155.96.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/4e198e-2f61-46f3-b5f6-06d6e947e38f/1/BYnuMD_30NVXWZ-gSyk9wrFrtNQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/4e198e-2f61-46f3-b5f6-06d6e947e38f/1/BYnuMD_30NVXWZ-gSyk9wrFrtNQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BYnuMD_30NVXWZ-gSyk9wrFrtNQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 13:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:55:e1:91:4e:05:1a:5b:44:2d:01:d3:a0:b0:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0589ee303ff7d0d557599fa04b293dc2b16bb4d4
        Validity
            Not Before: Jan  1 22:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b56afd9291271d03ba5ab0c4e432067d0cc0e83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:c5:33:cf:92:23:f7:b1:8e:7e:e5:87:41:96:
                    37:fe:1c:c3:6d:d6:d1:e3:08:60:96:a2:b8:11:41:
                    70:df:1b:35:5b:e7:00:a6:57:ef:94:d1:d8:76:25:
                    44:48:29:35:1e:a4:b2:d1:02:22:44:d3:12:c7:e6:
                    56:ac:64:6a:a2:0c:4b:34:b5:5b:d3:47:32:f5:65:
                    b3:f1:14:98:29:33:c1:aa:b6:94:49:35:01:7b:6b:
                    eb:fc:ad:79:47:7a:9b:f8:ae:62:be:51:fa:a8:ac:
                    2e:1b:e0:95:84:0b:77:bc:5c:0f:ff:ce:e5:63:2a:
                    59:f1:5a:bd:2b:ed:4e:2f:6e:e7:e4:57:f3:f7:93:
                    d1:ed:4a:59:5e:91:50:a7:9d:5b:4a:4e:d4:7c:3c:
                    52:cd:63:64:08:36:84:4f:c7:49:f4:b4:e8:ba:10:
                    56:13:aa:1f:22:c8:2f:12:64:0c:3b:28:36:64:39:
                    65:d7:70:d7:bc:df:e2:da:1c:84:21:21:31:21:16:
                    df:8f:cd:44:e7:56:59:d8:df:6a:19:6c:82:b0:c5:
                    5f:bf:15:61:20:6a:dc:16:4a:72:99:46:69:79:ff:
                    14:ad:d4:8c:28:20:25:be:8c:13:aa:75:13:69:d8:
                    9c:e3:e2:1e:76:91:4c:53:3f:72:f5:ce:60:ad:41:
                    95:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:56:AF:D9:29:12:71:D0:3B:A5:AB:0C:4E:43:20:67:D0:CC:0E:83
            X509v3 Authority Key Identifier:
                keyid:05:89:EE:30:3F:F7:D0:D5:57:59:9F:A0:4B:29:3D:C2:B1:6B:B4:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BYnuMD_30NVXWZ-gSyk9wrFrtNQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/4e198e-2f61-46f3-b5f6-06d6e947e38f/1/G1av2SkScdA7pasMTkMgZ9DMDoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/4e198e-2f61-46f3-b5f6-06d6e947e38f/1/BYnuMD_30NVXWZ-gSyk9wrFrtNQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.155.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         73:0d:54:48:eb:90:6f:ae:5f:c2:84:e2:2d:0c:52:39:5f:9c:
         09:7f:b1:0a:df:3d:78:79:3d:e3:22:af:e6:a8:dc:ee:12:a6:
         1c:47:d6:ce:91:db:c1:b6:1d:b1:18:fe:94:bc:9b:f4:9d:9e:
         b2:f2:03:7a:85:47:c5:a3:20:4d:ca:74:50:a2:74:e7:36:c9:
         3a:21:72:25:f6:45:3e:de:9f:50:c0:e1:2f:0a:d4:e9:32:a1:
         d7:a4:42:b6:3d:13:2c:eb:a8:9b:c1:be:61:b4:7f:2b:02:7f:
         a7:fa:d8:9a:79:9d:a0:70:78:6a:3f:b1:65:85:39:df:5e:ac:
         84:82:e3:0a:6b:ed:fa:ae:24:d3:39:f3:ea:73:66:b2:94:e0:
         bc:fe:13:15:10:3a:c6:f1:8d:61:f1:65:cb:71:f9:e5:06:e0:
         98:67:2d:9b:13:85:8e:e8:b1:26:f5:37:c1:d9:2a:09:80:72:
         77:82:7b:d7:95:a6:57:1a:98:4d:97:a1:50:8e:55:e3:6f:5b:
         a2:62:90:38:16:84:38:ed:78:12:14:04:67:62:a3:38:a2:dc:
         1b:ce:54:ce:aa:7f:ad:d8:7e:3f:c0:38:96:3a:12:1b:dc:93:
         07:27:ad:3b:c7:8d:0b:97:e5:24:fe:0a:3f:8c:1e:7b:d6:10:
         fa:b7:d6:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJlXhkU4FGltELQHToLDZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ODllZTMwM2ZmN2QwZDU1NzU5OWZhMDRiMjkzZGMyYjE2
YmI0ZDQwHhcNMjQwMTAxMjIzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjU2YWZkOTI5MTI3MWQwM2JhNWFiMGM0ZTQzMjA2N2QwY2MwZTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8Uzz5Ij97GOfuWHQZY3/hzDbdbR
4whglqK4EUFw3xs1W+cAplfvlNHYdiVESCk1HqSy0QIiRNMSx+ZWrGRqogxLNLVb
00cy9WWz8RSYKTPBqraUSTUBe2vr/K15R3qb+K5ivlH6qKwuG+CVhAt3vFwP/87l
YypZ8Vq9K+1OL27n5Ffz95PR7UpZXpFQp51bSk7UfDxSzWNkCDaET8dJ9LTouhBW
E6ofIsgvEmQMOyg2ZDll13DXvN/i2hyEISExIRbfj81E51ZZ2N9qGWyCsMVfvxVh
IGrcFkpymUZpef8UrdSMKCAlvowTqnUTadic4+IedpFMUz9y9c5grUGVGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBtWr9kpEnHQO6WrDE5DIGfQzA6DMB8GA1UdIwQY
MBaAFAWJ7jA/99DVV1mfoEspPcKxa7TUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlludU1EXzMwTlZYV1otZ1N5azl3ckZydE5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My80ZTE5OGUtMmY2MS00NmYzLWI1ZjYt
MDZkNmU5NDdlMzhmLzEvRzFhdjJTa1NjZEE3cGFzTVRrTWdaOURNRG9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My80ZTE5OGUtMmY2MS00NmYzLWI1ZjYtMDZkNmU5NDdlMzhm
LzEvQlludU1EXzMwTlZYV1otZ1N5azl3ckZydE5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFTptgMA0G
CSqGSIb3DQEBCwUAA4IBAQBzDVRI65Bvrl/ChOItDFI5X5wJf7EK3z14eT3jIq/m
qNzuEqYcR9bOkdvBth2xGP6UvJv0nZ6y8gN6hUfFoyBNynRQonTnNsk6IXIl9kU+
3p9QwOEvCtTpMqHXpEK2PRMs66ibwb5htH8rAn+n+tiaeZ2gcHhqP7FlhTnfXqyE
guMKa+36riTTOfPqc2aylOC8/hMVEDrG8Y1h8WXLcfnlBuCYZy2bE4WO6LEm9TfB
2SoJgHJ3gnvXlaZXGphNl6FQjlXjb1uiYpA4FoQ47XgSFARnYqM4otwbzlTOqn+t
2H4/wDiWOhIb3JMHJ607x40Ll+Uk/go/jB571hD6t9av
-----END CERTIFICATE-----