Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/246d03-e090-4325-82f1-0bd095da78ef/1/GASFhUt-DZNW-rJX-hhBZMHHwD4.roa
File:                     GASFhUt-DZNW-rJX-hhBZMHHwD4.roa (raw, json)
Hash identifier:          K4D4GSQlzBFbBj80ceR8/WT5U9obyduN1LiVdStqTmQ=
Subject key identifier:   18:04:85:85:4B:7E:0D:93:56:FA:B2:57:FA:18:41:64:C1:C7:C0:3E
Certificate issuer:       /CN=47bf2ffeda381e54818df07052cf67e222515f89
Certificate serial:       0192B37BF10228AE5C443CE1C3A2880BD5C7
Authority key identifier: 47:BF:2F:FE:DA:38:1E:54:81:8D:F0:70:52:CF:67:E2:22:51:5F:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R78v_to4HlSBjfBwUs9n4iJRX4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/246d03-e090-4325-82f1-0bd095da78ef/1/GASFhUt-DZNW-rJX-hhBZMHHwD4.roa
Signing time:             Tue 22 Oct 2024 09:08:17 +0000
ROA not before:           Tue 22 Oct 2024 09:08:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24819
IP address blocks:        91.216.7.0/24 maxlen: 24
                          193.111.104.0/22 maxlen: 22
                          2001:67c:1778::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/246d03-e090-4325-82f1-0bd095da78ef/1/R78v_to4HlSBjfBwUs9n4iJRX4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/246d03-e090-4325-82f1-0bd095da78ef/1/R78v_to4HlSBjfBwUs9n4iJRX4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R78v_to4HlSBjfBwUs9n4iJRX4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b3:7b:f1:02:28:ae:5c:44:3c:e1:c3:a2:88:0b:d5:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47bf2ffeda381e54818df07052cf67e222515f89
        Validity
            Not Before: Oct 22 09:08:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=180485854b7e0d9356fab257fa184164c1c7c03e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:8e:fe:89:ba:69:45:68:46:e8:a2:1c:7e:f1:
                    1b:e9:b0:b5:a2:e0:92:80:2a:07:8d:19:e3:72:3a:
                    85:7d:b9:85:b6:66:5a:ff:70:60:64:0d:89:ae:67:
                    88:23:74:45:6f:82:97:e2:db:64:b8:65:c0:5c:82:
                    ec:55:bc:04:07:ac:96:58:f6:80:5f:68:6f:c0:0e:
                    e1:b9:b5:f5:76:ed:7f:91:36:d9:79:2b:a4:19:ce:
                    1f:7b:76:c7:36:1d:4c:65:92:29:7b:5d:2f:c8:52:
                    31:ce:07:31:f5:cd:80:77:f3:80:8e:b4:12:c6:23:
                    53:76:9b:9b:dc:35:74:26:75:e3:5e:9d:69:3e:9c:
                    1c:b7:4c:6c:54:cb:98:5d:67:76:f1:52:41:69:89:
                    76:33:6b:cb:cc:80:eb:86:d1:61:94:df:c9:a9:8e:
                    ca:ee:bb:b9:9b:2d:17:51:5a:bf:2b:6c:24:07:b5:
                    1e:97:cb:78:50:d8:4e:08:54:b7:82:39:3f:6c:12:
                    bc:0b:3a:c4:11:71:cc:89:f9:9d:4f:58:61:30:1e:
                    de:f3:5a:c2:df:18:01:95:6d:bd:46:0d:10:72:a9:
                    ee:84:f7:75:28:87:84:45:08:01:6a:06:79:82:a1:
                    4d:a3:9e:b0:c8:d5:f1:88:49:25:db:58:a7:d8:10:
                    e3:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:04:85:85:4B:7E:0D:93:56:FA:B2:57:FA:18:41:64:C1:C7:C0:3E
            X509v3 Authority Key Identifier:
                keyid:47:BF:2F:FE:DA:38:1E:54:81:8D:F0:70:52:CF:67:E2:22:51:5F:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R78v_to4HlSBjfBwUs9n4iJRX4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/246d03-e090-4325-82f1-0bd095da78ef/1/GASFhUt-DZNW-rJX-hhBZMHHwD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/246d03-e090-4325-82f1-0bd095da78ef/1/R78v_to4HlSBjfBwUs9n4iJRX4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.7.0/24
                  193.111.104.0/22
                IPv6:
                  2001:67c:1778::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:a7:cc:8a:90:f1:e3:10:55:0d:74:48:10:8d:9d:a5:cc:ca:
         3a:2c:b8:31:ae:ca:6a:d4:4e:bb:36:6b:ff:6f:ad:30:60:4f:
         f2:4e:5f:bf:e7:51:8a:37:e3:55:52:a6:c5:89:5f:ab:18:f6:
         11:9a:b4:96:2c:be:86:90:eb:70:87:9f:5c:a7:a1:a4:46:f8:
         b1:0e:4e:eb:1a:b1:5a:72:07:f3:a6:15:03:11:a7:4e:c1:bc:
         01:c9:61:00:fc:d3:bc:08:e0:e7:86:ff:2a:8f:f1:93:99:5d:
         fc:f1:bf:c4:16:ac:80:f7:b6:03:9b:35:df:b5:9a:59:ff:12:
         f7:e9:65:db:f1:fb:b9:d4:95:56:11:ac:48:55:73:cd:3c:e4:
         07:31:6a:cb:41:d6:7a:0d:56:be:b0:83:45:3d:33:e8:5f:e9:
         4e:f5:b5:c4:68:3f:bf:a8:25:a9:55:13:55:65:40:43:0a:b8:
         3a:d2:39:48:3b:1a:98:31:34:be:13:27:83:0a:34:36:5c:c2:
         5a:86:63:ba:6c:d3:37:3d:66:71:c8:ac:8f:c3:0b:c9:eb:00:
         69:4a:53:e1:18:9c:48:a7:07:27:fb:f5:bb:8c:d5:a1:cd:2c:
         c6:cf:97:8e:78:96:a6:d5:ed:84:92:16:be:16:06:4e:b9:8c:
         69:a7:24:79
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZKze/ECKK5cRDzhw6KIC9XHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3YmYyZmZlZGEzODFlNTQ4MThkZjA3MDUyY2Y2N2UyMjI1
MTVmODkwHhcNMjQxMDIyMDkwODE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODA0ODU4NTRiN2UwZDkzNTZmYWIyNTdmYTE4NDE2NGMxYzdjMDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA147+ibppRWhG6KIcfvEb6bC1ouCS
gCoHjRnjcjqFfbmFtmZa/3BgZA2JrmeII3RFb4KX4ttkuGXAXILsVbwEB6yWWPaA
X2hvwA7hubX1du1/kTbZeSukGc4fe3bHNh1MZZIpe10vyFIxzgcx9c2Ad/OAjrQS
xiNTdpub3DV0JnXjXp1pPpwct0xsVMuYXWd28VJBaYl2M2vLzIDrhtFhlN/JqY7K
7ru5my0XUVq/K2wkB7Uel8t4UNhOCFS3gjk/bBK8CzrEEXHMifmdT1hhMB7e81rC
3xgBlW29Rg0QcqnuhPd1KIeERQgBagZ5gqFNo56wyNXxiEkl21in2BDjHQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFBgEhYVLfg2TVvqyV/oYQWTBx8A+MB8GA1UdIwQY
MBaAFEe/L/7aOB5UgY3wcFLPZ+IiUV+JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjc4dl90bzRIbFNCamZCd1VzOW40aUpSWDRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy8yNDZkMDMtZTA5MC00MzI1LTgyZjEt
MGJkMDk1ZGE3OGVmLzEvR0FTRmhVdC1EWk5XLXJKWC1oaEJaTUhId0Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy8yNDZkMDMtZTA5MC00MzI1LTgyZjEtMGJkMDk1ZGE3OGVm
LzEvUjc4dl90bzRIbFNCamZCd1VzOW40aUpSWDRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAW9gHAwQC
wW9oMA8EAgACMAkDBwAgAQZ8F3gwDQYJKoZIhvcNAQELBQADggEBAL+nzIqQ8eMQ
VQ10SBCNnaXMyjosuDGuymrUTrs2a/9vrTBgT/JOX7/nUYo341VSpsWJX6sY9hGa
tJYsvoaQ63CHn1ynoaRG+LEOTusasVpyB/OmFQMRp07BvAHJYQD807wI4OeG/yqP
8ZOZXfzxv8QWrID3tgObNd+1mln/EvfpZdvx+7nUlVYRrEhVc8085AcxastB1noN
Vr6wg0U9M+hf6U71tcRoP7+oJalVE1VlQEMKuDrSOUg7GpgxNL4TJ4MKNDZcwlqG
Y7ps0zc9ZnHIrI/DC8nrAGlKU+EYnEinByf79buM1aHNLMbPl454lqbV7YSSFr4W
Bk65jGmnJHk=
-----END CERTIFICATE-----