Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/a9bfb5-162d-4c7e-b700-191b2ae3fa5a/1/GbJx8rSHf1fG8o4WQDe4Qzpophk.roa
File:                     GbJx8rSHf1fG8o4WQDe4Qzpophk.roa (raw, json)
Hash identifier:          bYJDqP4haPuB0S+yl2972iakwx1bzFGXOnQK7MmrzbA=
Subject key identifier:   19:B2:71:F2:B4:87:7F:57:C6:F2:8E:16:40:37:B8:43:3A:68:A6:19
Certificate issuer:       /CN=c0595b6c8ae86cf9069aba3eba6ddf2a68237f08
Certificate serial:       018D59777F0DC6033C9CF1BB59C8436D4C46
Authority key identifier: C0:59:5B:6C:8A:E8:6C:F9:06:9A:BA:3E:BA:6D:DF:2A:68:23:7F:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wFlbbIrobPkGmro-um3fKmgjfwg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/a9bfb5-162d-4c7e-b700-191b2ae3fa5a/1/GbJx8rSHf1fG8o4WQDe4Qzpophk.roa
Signing time:             Tue 30 Jan 2024 08:23:39 +0000
ROA not before:           Tue 30 Jan 2024 08:23:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24953
IP address blocks:        194.153.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/a9bfb5-162d-4c7e-b700-191b2ae3fa5a/1/wFlbbIrobPkGmro-um3fKmgjfwg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/a9bfb5-162d-4c7e-b700-191b2ae3fa5a/1/wFlbbIrobPkGmro-um3fKmgjfwg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wFlbbIrobPkGmro-um3fKmgjfwg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:59:77:7f:0d:c6:03:3c:9c:f1:bb:59:c8:43:6d:4c:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0595b6c8ae86cf9069aba3eba6ddf2a68237f08
        Validity
            Not Before: Jan 30 08:23:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19b271f2b4877f57c6f28e164037b8433a68a619
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:99:32:91:a8:85:54:6b:ec:77:c2:50:12:a2:
                    45:b8:e8:ac:82:26:6a:5e:e9:f7:6c:de:45:13:35:
                    8f:ec:5c:2b:f9:0f:cc:bf:8f:ec:e1:24:3c:55:52:
                    b4:9b:57:51:f7:08:cc:21:2d:dd:84:b5:2c:cd:65:
                    df:e1:49:82:c0:a2:db:c9:4a:ee:ef:64:9a:18:88:
                    f5:52:74:35:15:ac:3a:67:4d:f3:b1:ce:56:15:e6:
                    53:7a:61:86:41:e4:99:ee:73:2d:13:80:37:e8:07:
                    18:8b:b6:e0:47:18:92:74:95:45:72:4e:f5:be:84:
                    4f:6f:1b:5b:94:e8:4b:1a:6d:8d:9a:ec:1f:61:84:
                    43:42:9f:83:f3:80:40:bf:c5:6e:53:b4:83:ae:25:
                    fc:29:30:aa:b8:be:d8:93:b1:ce:0d:5b:ec:06:46:
                    eb:60:69:a7:b9:cc:47:32:17:17:e4:e4:63:ec:66:
                    77:6e:b7:9d:1f:39:bc:a4:d0:46:a4:34:82:e0:87:
                    42:b4:0d:5b:b4:21:00:ad:86:e9:59:de:06:b1:e9:
                    78:62:31:d5:0d:fc:83:8c:4d:5e:71:cd:51:df:29:
                    b4:ba:61:10:e6:bf:32:80:ff:09:69:6c:e2:f3:90:
                    85:49:25:09:94:04:92:0f:e6:c4:72:3a:f6:a5:33:
                    62:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:B2:71:F2:B4:87:7F:57:C6:F2:8E:16:40:37:B8:43:3A:68:A6:19
            X509v3 Authority Key Identifier:
                keyid:C0:59:5B:6C:8A:E8:6C:F9:06:9A:BA:3E:BA:6D:DF:2A:68:23:7F:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wFlbbIrobPkGmro-um3fKmgjfwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9bfb5-162d-4c7e-b700-191b2ae3fa5a/1/GbJx8rSHf1fG8o4WQDe4Qzpophk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9bfb5-162d-4c7e-b700-191b2ae3fa5a/1/wFlbbIrobPkGmro-um3fKmgjfwg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:75:2b:6a:28:27:81:85:ad:c5:44:39:b3:d6:47:b9:36:f6:
         ae:6f:eb:41:a3:e7:9f:b8:c8:ff:da:64:32:33:db:a3:8d:7a:
         30:5d:09:ae:c1:10:53:04:1f:af:63:a6:67:1b:04:3c:ff:2a:
         1f:dd:fa:f8:6c:cb:57:d1:ec:1a:0d:95:c8:a4:bf:a0:ea:50:
         bd:b3:13:95:e7:4a:99:d2:df:ce:20:d4:36:0d:3e:90:b2:09:
         38:9a:bb:53:3e:f5:90:b2:81:bc:84:5c:84:22:b1:74:41:6f:
         47:02:0d:a9:ba:c6:2b:f5:68:92:02:8f:c4:7c:55:d9:25:a0:
         2d:65:77:7a:9f:70:03:8b:ce:73:9f:4e:70:91:b6:09:73:37:
         11:28:80:8f:d3:36:99:13:f5:5e:9f:f5:2c:71:d2:dd:1e:a4:
         47:c3:eb:b8:ff:7e:6d:e3:25:06:f3:3f:4c:c4:62:41:df:c4:
         df:fe:d2:18:c3:b3:f1:12:05:20:5c:2e:df:48:71:a2:1a:bd:
         69:3f:5e:eb:c8:af:3c:23:34:25:8e:d0:fa:ec:c3:ca:91:6f:
         8d:4f:82:13:22:7c:0e:38:78:96:f0:47:49:49:cf:dc:d7:a9:
         ee:36:7b:4b:59:69:f4:ee:15:ba:e9:1c:de:b4:2a:59:cd:f4:
         ae:65:59:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1Zd38NxgM8nPG7WchDbUxGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNTk1YjZjOGFlODZjZjkwNjlhYmEzZWJhNmRkZjJhNjgy
MzdmMDgwHhcNMjQwMTMwMDgyMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWIyNzFmMmI0ODc3ZjU3YzZmMjhlMTY0MDM3Yjg0MzNhNjhhNjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5kykaiFVGvsd8JQEqJFuOisgiZq
Xun3bN5FEzWP7Fwr+Q/Mv4/s4SQ8VVK0m1dR9wjMIS3dhLUszWXf4UmCwKLbyUru
72SaGIj1UnQ1Faw6Z03zsc5WFeZTemGGQeSZ7nMtE4A36AcYi7bgRxiSdJVFck71
voRPbxtblOhLGm2NmuwfYYRDQp+D84BAv8VuU7SDriX8KTCquL7Yk7HODVvsBkbr
YGmnucxHMhcX5ORj7GZ3bredHzm8pNBGpDSC4IdCtA1btCEArYbpWd4Gsel4YjHV
DfyDjE1ecc1R3ym0umEQ5r8ygP8JaWzi85CFSSUJlASSD+bEcjr2pTNiXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBmycfK0h39XxvKOFkA3uEM6aKYZMB8GA1UdIwQY
MBaAFMBZW2yK6Gz5Bpq6Prpt3ypoI38IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0ZsYmJJcm9iUGtHbXJvLXVtM2ZLbWdqZndnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hOWJmYjUtMTYyZC00YzdlLWI3MDAt
MTkxYjJhZTNmYTVhLzEvR2JKeDhyU0hmMWZHOG80V1FEZTRRenBvcGhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hOWJmYjUtMTYyZC00YzdlLWI3MDAtMTkxYjJhZTNmYTVh
LzEvd0ZsYmJJcm9iUGtHbXJvLXVtM2ZLbWdqZndnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpldMA0G
CSqGSIb3DQEBCwUAA4IBAQC9dStqKCeBha3FRDmz1ke5Nvaub+tBo+efuMj/2mQy
M9ujjXowXQmuwRBTBB+vY6ZnGwQ8/yof3fr4bMtX0ewaDZXIpL+g6lC9sxOV50qZ
0t/OINQ2DT6Qsgk4mrtTPvWQsoG8hFyEIrF0QW9HAg2pusYr9WiSAo/EfFXZJaAt
ZXd6n3ADi85zn05wkbYJczcRKICP0zaZE/Ven/UscdLdHqRHw+u4/35t4yUG8z9M
xGJB38Tf/tIYw7PxEgUgXC7fSHGiGr1pP17ryK88IzQljtD67MPKkW+NT4ITInwO
OHiW8EdJSc/c16nuNntLWWn07hW66RzetCpZzfSuZVm0
-----END CERTIFICATE-----