Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/gFDkLEoNGPkC6KJxSik-IM60J-8.roa
File:                     gFDkLEoNGPkC6KJxSik-IM60J-8.roa (raw, json)
Hash identifier:          x6WXtv44F/Myz+mIHyIjVso+a5Mf+ozPX7z83J/sszU=
Subject key identifier:   80:50:E4:2C:4A:0D:18:F9:02:E8:A2:71:4A:29:3E:20:CE:B4:27:EF
Certificate issuer:       /CN=e8b3eed1c7aca636d6245852b802e0e73754df63
Certificate serial:       018EEFD2137DA6A5BA5002D82CF655049FD9
Authority key identifier: E8:B3:EE:D1:C7:AC:A6:36:D6:24:58:52:B8:02:E0:E7:37:54:DF:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/gFDkLEoNGPkC6KJxSik-IM60J-8.roa
Signing time:             Thu 18 Apr 2024 06:08:25 +0000
ROA not before:           Thu 18 Apr 2024 06:08:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        37.148.218.0/23 maxlen: 24
                          185.11.142.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 03:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ef:d2:13:7d:a6:a5:ba:50:02:d8:2c:f6:55:04:9f:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8b3eed1c7aca636d6245852b802e0e73754df63
        Validity
            Not Before: Apr 18 06:08:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8050e42c4a0d18f902e8a2714a293e20ceb427ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:33:d3:57:02:3e:fe:cd:b7:41:56:6c:3f:43:
                    96:ed:d3:9d:7a:ed:15:cf:05:c8:26:5c:5a:5c:19:
                    21:34:82:3e:a0:c8:fe:66:64:37:00:76:41:6b:0d:
                    8f:9a:96:07:9b:11:2a:e1:86:67:a2:93:38:f4:a5:
                    84:28:47:1a:d7:31:d6:dd:23:02:01:19:d6:03:d6:
                    39:63:46:9d:1c:7e:02:9c:3e:5a:70:d7:bd:23:6f:
                    d9:89:e1:37:20:d0:3c:d4:be:28:ce:4c:6c:0d:e5:
                    19:ae:9b:cd:89:db:35:48:4a:dd:1b:f5:f9:d0:de:
                    b6:9d:16:64:fc:53:e9:72:30:cb:7d:6d:6b:c1:50:
                    6b:f1:62:7f:a1:6f:cd:b4:ac:9a:24:9b:8e:1b:2b:
                    9b:f6:fb:7a:c8:08:12:a7:9d:1e:e2:3a:6c:01:b9:
                    9b:e6:c9:9d:48:90:3c:a0:4f:68:67:61:af:4c:f0:
                    84:db:ab:f4:8d:85:98:ea:5f:99:1b:40:a6:bc:13:
                    89:35:68:78:a8:81:2d:33:2c:33:ef:18:47:76:ee:
                    11:1c:00:7b:e1:49:54:23:20:d3:99:e3:f1:4b:f6:
                    0e:3d:23:94:74:ec:f5:79:aa:cd:f8:39:09:7f:3b:
                    34:b3:43:8e:a1:43:d6:e2:36:0c:ec:36:29:07:e1:
                    26:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:50:E4:2C:4A:0D:18:F9:02:E8:A2:71:4A:29:3E:20:CE:B4:27:EF
            X509v3 Authority Key Identifier:
                keyid:E8:B3:EE:D1:C7:AC:A6:36:D6:24:58:52:B8:02:E0:E7:37:54:DF:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/gFDkLEoNGPkC6KJxSik-IM60J-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.148.218.0/23
                  185.11.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         53:50:44:af:b0:6f:25:bb:dc:67:c0:44:36:bd:c4:10:7c:47:
         36:4a:3b:bb:cd:d7:7e:07:73:d5:c2:2c:75:72:01:9a:50:de:
         12:c8:28:e2:2d:20:a6:2d:e5:48:41:aa:8a:77:d2:31:f4:11:
         a2:90:01:ee:95:2e:5e:da:33:a4:9b:2b:4b:91:ad:5c:eb:08:
         5c:1d:04:d8:cd:41:f3:32:98:df:db:73:cc:27:e8:04:46:e2:
         1a:ae:df:27:46:c7:aa:7c:ac:b7:b6:92:15:90:93:1f:a6:48:
         20:95:af:c4:00:d5:48:b6:0d:e4:b9:03:1c:8a:53:a5:ab:9c:
         cb:32:14:9f:f8:c0:78:21:e6:b6:35:31:b2:9c:48:0c:a2:49:
         d9:c9:4d:9b:b9:9e:b4:93:02:f0:0b:4d:9a:9e:9b:09:b9:75:
         9c:b7:76:23:07:b0:b9:05:57:5a:4c:95:41:b7:62:27:17:ed:
         0d:8f:34:15:ec:70:85:fe:6a:d6:46:4e:a0:7f:cc:c2:ef:94:
         14:54:f6:81:b4:d4:95:96:d4:82:5f:67:fe:08:02:92:35:73:
         d0:58:3d:9b:39:16:d5:3e:70:e6:de:05:0d:9f:4b:35:af:2c:
         d9:b4:43:a8:c3:9c:56:52:2d:29:e8:93:22:26:4b:28:aa:6a:
         c3:8b:ac:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7v0hN9pqW6UALYLPZVBJ/ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YjNlZWQxYzdhY2E2MzZkNjI0NTg1MmI4MDJlMGU3Mzc1
NGRmNjMwHhcNMjQwNDE4MDYwODI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDUwZTQyYzRhMGQxOGY5MDJlOGEyNzE0YTI5M2UyMGNlYjQyN2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjPTVwI+/s23QVZsP0OW7dOdeu0V
zwXIJlxaXBkhNII+oMj+ZmQ3AHZBaw2PmpYHmxEq4YZnopM49KWEKEca1zHW3SMC
ARnWA9Y5Y0adHH4CnD5acNe9I2/ZieE3INA81L4ozkxsDeUZrpvNids1SErdG/X5
0N62nRZk/FPpcjDLfW1rwVBr8WJ/oW/NtKyaJJuOGyub9vt6yAgSp50e4jpsAbmb
5smdSJA8oE9oZ2GvTPCE26v0jYWY6l+ZG0CmvBOJNWh4qIEtMywz7xhHdu4RHAB7
4UlUIyDTmePxS/YOPSOUdOz1earN+DkJfzs0s0OOoUPW4jYM7DYpB+EmPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIBQ5CxKDRj5AuiicUopPiDOtCfvMB8GA1UdIwQY
MBaAFOiz7tHHrKY21iRYUrgC4Oc3VN9jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkxQdTBjZXNwamJXSkZoU3VBTGc1emRVMzJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8xNzczMjktMjhjZC00ODY0LTllMTYt
OTQ2NDA0ZWMxYWE0LzEvZ0ZEa0xFb05HUGtDNktKeFNpay1JTTYwSi04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8xNzczMjktMjhjZC00ODY0LTllMTYtOTQ2NDA0ZWMxYWE0
LzEvNkxQdTBjZXNwamJXSkZoU3VBTGc1emRVMzJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBJZTaAwQB
uQuOMA0GCSqGSIb3DQEBCwUAA4IBAQBTUESvsG8lu9xnwEQ2vcQQfEc2Sju7zdd+
B3PVwix1cgGaUN4SyCjiLSCmLeVIQaqKd9Ix9BGikAHulS5e2jOkmytLka1c6whc
HQTYzUHzMpjf23PMJ+gERuIart8nRseqfKy3tpIVkJMfpkggla/EANVItg3kuQMc
ilOlq5zLMhSf+MB4Iea2NTGynEgMoknZyU2buZ60kwLwC02anpsJuXWct3YjB7C5
BVdaTJVBt2InF+0NjzQV7HCF/mrWRk6gf8zC75QUVPaBtNSVltSCX2f+CAKSNXPQ
WD2bORbVPnDm3gUNn0s1ryzZtEOow5xWUi0p6JMiJksoqmrDi6xZ
-----END CERTIFICATE-----