Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/Ga7wvivWxzTZGG4tjIKeujxDuiE.roa
File:                     Ga7wvivWxzTZGG4tjIKeujxDuiE.roa (raw, json)
Hash identifier:          uc/r+PsFBJj641PbJPm6emfLb4ltCF2M7NzbmGDeAeI=
Subject key identifier:   19:AE:F0:BE:2B:D6:C7:34:D9:18:6E:2D:8C:82:9E:BA:3C:43:BA:21
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       018CC9BC7074BC564FF4D821FA2FDD4D15FF
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/Ga7wvivWxzTZGG4tjIKeujxDuiE.roa
Signing time:             Tue 02 Jan 2024 10:33:39 +0000
ROA not before:           Tue 02 Jan 2024 10:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208174
IP address blocks:        45.12.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:70:74:bc:56:4f:f4:d8:21:fa:2f:dd:4d:15:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  2 10:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19aef0be2bd6c734d9186e2d8c829eba3c43ba21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:84:d4:d7:ee:69:3f:3e:2b:b2:08:64:be:7a:
                    a1:35:d2:2a:35:03:62:db:71:20:5f:7a:70:ec:49:
                    1e:6f:f0:59:c4:55:e0:10:79:48:ba:b7:55:27:52:
                    a0:1c:3c:ef:dc:8c:bc:93:86:cd:cf:ae:a6:74:56:
                    dd:15:31:9f:7c:7c:a1:77:02:fb:06:ee:ac:fc:74:
                    0c:ab:0a:c2:b2:64:6c:27:dd:7f:54:c6:b9:f8:94:
                    b9:aa:d4:4b:44:f3:e6:22:d8:30:3e:ed:6d:d9:f4:
                    01:77:a6:2e:51:93:a1:95:5b:39:52:0d:00:da:18:
                    9d:8a:66:6d:c5:ff:ab:0b:f5:e2:69:fc:3e:c0:9c:
                    00:4b:e5:ed:7f:2a:9d:ee:47:46:9f:3d:1b:ea:cf:
                    90:11:37:27:8a:fc:19:fa:9a:e9:b2:10:99:c4:16:
                    c1:0f:8b:62:f5:e3:79:34:c8:d3:19:74:e4:af:1d:
                    ea:b0:f8:0d:44:f0:c2:4f:9e:fe:cf:fb:c9:2e:af:
                    07:c8:6d:1e:66:47:50:0a:50:02:14:c2:e0:56:27:
                    b7:1f:03:17:79:87:58:db:3d:2d:e9:e7:bb:94:1a:
                    55:4e:af:f2:95:dd:b5:06:18:70:6c:b7:e6:22:4e:
                    12:cb:c6:b4:ae:bb:41:99:09:b2:27:fc:9b:3a:ab:
                    a7:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:AE:F0:BE:2B:D6:C7:34:D9:18:6E:2D:8C:82:9E:BA:3C:43:BA:21
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/Ga7wvivWxzTZGG4tjIKeujxDuiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:24:53:ec:0e:5a:24:e2:72:1c:6f:b3:b1:26:ea:8a:ac:13:
         8b:e8:24:6e:b2:8f:2e:95:86:b0:21:6c:a7:bf:7c:1e:9e:74:
         22:88:6e:2b:e8:e5:62:c5:70:4c:bd:37:a9:cc:ed:58:79:40:
         37:02:f9:7c:dd:f9:b9:b8:04:85:3f:3f:87:3b:a6:86:d0:b0:
         21:6b:21:67:a1:18:da:be:75:2c:24:2f:33:d0:76:89:d8:a8:
         1b:90:79:56:0f:58:ae:b2:41:35:ac:27:b0:fa:c1:ae:f3:99:
         cd:51:66:cc:d7:0f:84:72:ed:3d:53:10:a4:30:78:86:45:13:
         48:28:fa:19:76:f9:55:40:52:3a:0c:17:ad:ad:83:3f:ea:3d:
         0d:0c:9d:ca:6c:19:0c:7c:94:41:9d:75:b3:fa:2a:cf:63:42:
         a5:8d:fe:d6:5b:d2:4e:0a:71:54:0f:01:87:29:fd:fd:72:33:
         99:47:86:1b:b6:a3:b7:c0:ff:a0:5b:a9:2e:c4:53:36:12:01:
         47:f7:e0:11:8a:b9:25:a6:fe:a0:50:bd:42:13:b4:2c:f3:cd:
         e3:1f:66:e9:b3:2e:23:a3:29:2c:68:87:65:95:01:da:29:70:
         1b:3c:6b:79:6c:4b:28:e2:b5:6d:a6:e4:be:73:1c:8f:c3:c7:
         6c:6b:9c:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvHB0vFZP9Ngh+i/dTRX/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQwMTAyMTAzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWFlZjBiZTJiZDZjNzM0ZDkxODZlMmQ4YzgyOWViYTNjNDNiYTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioTU1+5pPz4rsghkvnqhNdIqNQNi
23EgX3pw7Ekeb/BZxFXgEHlIurdVJ1KgHDzv3Iy8k4bNz66mdFbdFTGffHyhdwL7
Bu6s/HQMqwrCsmRsJ91/VMa5+JS5qtRLRPPmItgwPu1t2fQBd6YuUZOhlVs5Ug0A
2hidimZtxf+rC/Xiafw+wJwAS+Xtfyqd7kdGnz0b6s+QETcnivwZ+prpshCZxBbB
D4ti9eN5NMjTGXTkrx3qsPgNRPDCT57+z/vJLq8HyG0eZkdQClACFMLgVie3HwMX
eYdY2z0t6ee7lBpVTq/yld21BhhwbLfmIk4Sy8a0rrtBmQmyJ/ybOqun8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBmu8L4r1sc02RhuLYyCnro8Q7ohMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvR2E3d3Zpdld4elRaR0c0dGpJS2V1anhEdWlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQwcMA0G
CSqGSIb3DQEBCwUAA4IBAQBaJFPsDlok4nIcb7OxJuqKrBOL6CRuso8ulYawIWyn
v3wennQiiG4r6OVixXBMvTepzO1YeUA3Avl83fm5uASFPz+HO6aG0LAhayFnoRja
vnUsJC8z0HaJ2KgbkHlWD1iuskE1rCew+sGu85nNUWbM1w+Ecu09UxCkMHiGRRNI
KPoZdvlVQFI6DBetrYM/6j0NDJ3KbBkMfJRBnXWz+irPY0Kljf7WW9JOCnFUDwGH
Kf39cjOZR4YbtqO3wP+gW6kuxFM2EgFH9+ARirklpv6gUL1CE7Qs883jH2bpsy4j
oyksaIdllQHaKXAbPGt5bEso4rVtpuS+cxyPw8dsa5yS
-----END CERTIFICATE-----