Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/83eb09-3a14-455b-8895-ba0a76f43704/1/gwstFiSUeTGT3JYNjdY3jJ7JIT8.roa
File:                     gwstFiSUeTGT3JYNjdY3jJ7JIT8.roa (raw, json)
Hash identifier:          fspcbJGpHwLNKqGe0Cq3mHpXiZQOJHtTb/hqiH2NIQs=
Subject key identifier:   83:0B:2D:16:24:94:79:31:93:DC:96:0D:8D:D6:37:8C:9E:C9:21:3F
Certificate issuer:       /CN=052005bb6c3d6865b89c10f33b0b994b74af963b
Certificate serial:       018E2D6964D5866273C82BD2A7C51D40095E
Authority key identifier: 05:20:05:BB:6C:3D:68:65:B8:9C:10:F3:3B:0B:99:4B:74:AF:96:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BSAFu2w9aGW4nBDzOwuZS3Svljs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/83eb09-3a14-455b-8895-ba0a76f43704/1/gwstFiSUeTGT3JYNjdY3jJ7JIT8.roa
Signing time:             Mon 11 Mar 2024 12:07:45 +0000
ROA not before:           Mon 11 Mar 2024 12:07:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198089
IP address blocks:        185.98.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/83eb09-3a14-455b-8895-ba0a76f43704/1/BSAFu2w9aGW4nBDzOwuZS3Svljs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/83eb09-3a14-455b-8895-ba0a76f43704/1/BSAFu2w9aGW4nBDzOwuZS3Svljs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BSAFu2w9aGW4nBDzOwuZS3Svljs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 12:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2d:69:64:d5:86:62:73:c8:2b:d2:a7:c5:1d:40:09:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=052005bb6c3d6865b89c10f33b0b994b74af963b
        Validity
            Not Before: Mar 11 12:07:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=830b2d162494793193dc960d8dd6378c9ec9213f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0f:5e:ae:bd:1d:72:f0:13:32:12:78:15:49:
                    d4:00:8c:bc:48:cb:51:27:3a:aa:cd:2d:35:bb:cf:
                    a1:36:c1:0a:15:e3:23:af:a8:2d:b3:1a:1e:29:89:
                    08:f7:b3:cf:b9:04:98:7e:60:e0:f8:4f:bc:35:4e:
                    66:07:fd:54:71:e1:2e:e0:f4:bc:cf:06:bb:1d:f6:
                    d9:bd:ea:2a:6d:fa:87:ea:59:53:42:e4:ca:f8:c5:
                    f9:26:e6:4d:d6:8d:0b:00:e5:c8:e5:a7:ac:fa:46:
                    a7:16:dd:6e:2e:3a:b8:98:cf:07:80:4d:de:56:b8:
                    eb:00:f2:05:6c:36:84:e4:a5:97:37:3b:9c:6e:19:
                    3c:a7:c3:d8:4e:a8:10:f1:1c:15:9e:a7:07:0a:d8:
                    ee:90:6e:c6:66:0b:e0:d3:71:f0:12:c3:a9:b7:f3:
                    cb:04:18:57:c9:30:a6:d5:f6:4a:1b:cd:2a:7c:8f:
                    e0:4a:45:d2:17:9c:b1:5d:34:a4:ea:8d:a1:9b:b2:
                    83:cc:2e:8d:27:98:07:c9:84:8a:fe:59:b1:7c:4a:
                    4e:13:17:4f:1e:33:5c:d8:6b:22:9a:b7:32:ec:8f:
                    04:39:84:a8:a4:d1:83:2a:cf:5d:6f:1f:b1:12:44:
                    1a:69:96:5c:be:ce:7f:cc:73:62:a5:9a:ec:d0:ac:
                    50:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:0B:2D:16:24:94:79:31:93:DC:96:0D:8D:D6:37:8C:9E:C9:21:3F
            X509v3 Authority Key Identifier:
                keyid:05:20:05:BB:6C:3D:68:65:B8:9C:10:F3:3B:0B:99:4B:74:AF:96:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BSAFu2w9aGW4nBDzOwuZS3Svljs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/83eb09-3a14-455b-8895-ba0a76f43704/1/gwstFiSUeTGT3JYNjdY3jJ7JIT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/83eb09-3a14-455b-8895-ba0a76f43704/1/BSAFu2w9aGW4nBDzOwuZS3Svljs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:96:a4:17:c0:67:75:97:df:2d:26:9a:9d:c1:3b:d2:3e:b0:
         12:da:cb:db:6a:7f:04:7c:f5:12:72:29:87:df:8a:ee:6e:2e:
         22:be:f0:78:fe:91:7d:05:fa:7a:87:27:87:7e:a6:55:65:51:
         d4:28:34:f7:2d:e7:79:a7:16:c5:e7:03:15:0c:5b:c1:c2:36:
         68:3c:7c:b4:48:79:53:b8:3d:94:37:6c:3b:ff:98:a3:73:ad:
         45:2d:8c:34:45:b0:2b:87:aa:0b:dd:85:5a:29:37:7f:5f:54:
         10:53:02:93:f4:05:eb:05:52:88:53:56:d6:bc:5c:6f:a7:3d:
         0f:35:94:0c:1f:c4:61:f8:d8:47:c2:bc:f1:20:4f:fe:62:ea:
         f1:36:3a:4b:7d:42:d8:51:6a:a0:91:b0:74:35:9b:e1:bc:ee:
         f4:93:82:c2:4c:43:f8:81:49:43:5d:1f:2e:05:85:b2:be:2d:
         25:b6:25:ce:6b:a9:4b:fc:75:e3:86:be:58:4e:e4:89:75:0c:
         d9:30:44:85:85:0c:b2:21:fc:03:36:77:63:56:41:75:97:8d:
         02:dd:00:05:a9:26:6f:d4:66:35:f2:e1:ef:23:65:2d:25:e5:
         2d:8d:e9:ce:75:6e:06:5c:e7:e4:92:b9:c9:75:1a:d8:bc:06:
         04:a2:99:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4taWTVhmJzyCvSp8UdQAleMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MjAwNWJiNmMzZDY4NjViODljMTBmMzNiMGI5OTRiNzRh
Zjk2M2IwHhcNMjQwMzExMTIwNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzBiMmQxNjI0OTQ3OTMxOTNkYzk2MGQ4ZGQ2Mzc4YzllYzkyMTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvw9err0dcvATMhJ4FUnUAIy8SMtR
JzqqzS01u8+hNsEKFeMjr6gtsxoeKYkI97PPuQSYfmDg+E+8NU5mB/1UceEu4PS8
zwa7HfbZveoqbfqH6llTQuTK+MX5JuZN1o0LAOXI5aes+kanFt1uLjq4mM8HgE3e
VrjrAPIFbDaE5KWXNzucbhk8p8PYTqgQ8RwVnqcHCtjukG7GZgvg03HwEsOpt/PL
BBhXyTCm1fZKG80qfI/gSkXSF5yxXTSk6o2hm7KDzC6NJ5gHyYSK/lmxfEpOExdP
HjNc2Gsimrcy7I8EOYSopNGDKs9dbx+xEkQaaZZcvs5/zHNipZrs0KxQZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMLLRYklHkxk9yWDY3WN4yeySE/MB8GA1UdIwQY
MBaAFAUgBbtsPWhluJwQ8zsLmUt0r5Y7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlNBRnUydzlhR1c0bkJEek93dVpTM1N2bGpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi84M2ViMDktM2ExNC00NTViLTg4OTUt
YmEwYTc2ZjQzNzA0LzEvZ3dzdEZpU1VlVEdUM0pZTmpkWTNqSjdKSVQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi84M2ViMDktM2ExNC00NTViLTg4OTUtYmEwYTc2ZjQzNzA0
LzEvQlNBRnUydzlhR1c0bkJEek93dVpTM1N2bGpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWJ+MA0G
CSqGSIb3DQEBCwUAA4IBAQCflqQXwGd1l98tJpqdwTvSPrAS2svban8EfPUScimH
34rubi4ivvB4/pF9Bfp6hyeHfqZVZVHUKDT3Led5pxbF5wMVDFvBwjZoPHy0SHlT
uD2UN2w7/5ijc61FLYw0RbArh6oL3YVaKTd/X1QQUwKT9AXrBVKIU1bWvFxvpz0P
NZQMH8Rh+NhHwrzxIE/+YurxNjpLfULYUWqgkbB0NZvhvO70k4LCTEP4gUlDXR8u
BYWyvi0ltiXOa6lL/HXjhr5YTuSJdQzZMESFhQyyIfwDNndjVkF1l40C3QAFqSZv
1GY18uHvI2UtJeUtjenOdW4GXOfkkrnJdRrYvAYEopkl
-----END CERTIFICATE-----