Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/GpGFJqdP33JTl2DnYNIhXCLvMb0.roa
File:                     GpGFJqdP33JTl2DnYNIhXCLvMb0.roa (raw, json)
Hash identifier:          LW7LyxHMeTgasNxqr6f81sBE0I00dDlLESQzUEqM5Z4=
Subject key identifier:   1A:91:85:26:A7:4F:DF:72:53:97:60:E7:60:D2:21:5C:22:EF:31:BD
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       0194221FCA3947CEEF92937063BA6C36B447
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/GpGFJqdP33JTl2DnYNIhXCLvMb0.roa
Signing time:             Wed 01 Jan 2025 13:48:16 +0000
ROA not before:           Wed 01 Jan 2025 13:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201036
IP address blocks:        94.42.102.0/24 maxlen: 24
                          94.42.176.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:ca:39:47:ce:ef:92:93:70:63:ba:6c:36:b4:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 13:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a918526a74fdf72539760e760d2215c22ef31bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:65:13:47:5e:6e:69:06:00:54:b5:55:c8:b2:
                    49:94:c2:7c:c9:ba:7e:4a:73:5b:e6:60:51:83:6f:
                    66:cf:a2:c0:bb:bc:c2:61:0a:4e:79:f4:bf:22:bc:
                    42:04:f8:70:57:bb:e4:c3:df:d2:05:03:bf:29:40:
                    cb:8b:0a:de:e8:ad:ce:8b:17:b4:e3:5f:55:3f:4a:
                    42:aa:8b:09:93:e3:6d:48:cb:e5:f1:e8:97:40:d1:
                    18:bc:61:03:51:d7:2c:e9:45:81:c9:68:7c:d3:38:
                    09:e1:fa:65:7d:f5:cf:9a:43:be:59:f2:4f:f0:56:
                    41:50:cb:c0:65:ff:54:9c:5e:fc:64:36:f5:0a:09:
                    68:56:fe:d4:8d:62:83:ba:c2:09:a2:31:aa:5d:60:
                    d4:ed:91:4e:56:c4:1a:54:33:85:8b:c2:32:74:b5:
                    22:1c:bf:9c:cd:df:c8:56:39:cc:bd:b8:52:9a:2c:
                    14:a3:be:9a:ca:2c:ea:16:86:d1:48:d7:d4:bd:93:
                    db:ea:17:aa:ae:10:71:9e:85:51:1a:7c:56:af:bb:
                    66:ec:44:a9:13:cf:cc:0d:68:c6:73:04:f9:08:46:
                    dc:e1:f8:3d:90:54:bc:95:04:ff:02:e4:8b:ea:66:
                    93:42:5e:3d:f2:8c:ed:9d:44:46:36:2a:4a:40:b9:
                    cc:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:91:85:26:A7:4F:DF:72:53:97:60:E7:60:D2:21:5C:22:EF:31:BD
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/GpGFJqdP33JTl2DnYNIhXCLvMb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.42.102.0/24
                  94.42.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:d2:8f:d5:0d:d9:6e:d2:7a:76:ad:86:01:3c:70:04:22:fb:
         a8:49:cb:3b:ec:a3:fe:d4:4d:71:15:5a:f1:7c:3f:9b:12:a8:
         26:0a:2e:c1:44:e6:74:7c:45:78:d4:ec:a2:c3:50:eb:03:59:
         6e:e8:91:09:16:dc:f3:16:05:8b:37:6a:87:7c:be:97:c9:b1:
         3b:f0:c5:9e:c7:0b:b3:f1:59:16:41:f9:05:a2:0e:bc:d7:3f:
         d3:e4:3e:c5:ec:59:6c:c3:ae:fe:f1:fc:51:a8:be:f4:0a:15:
         63:84:32:04:b2:dc:2b:46:61:0b:1b:58:bc:8f:9d:9a:ab:63:
         a1:23:bc:89:48:d9:59:5c:b9:58:7d:f5:e4:ad:e9:fd:6f:c2:
         5a:d8:b9:ff:fb:90:db:7f:48:aa:4d:70:f7:e9:cd:e8:7c:fc:
         c5:59:9c:48:ad:24:b6:08:a4:35:df:49:4e:99:d6:b8:b7:f7:
         d6:ee:4b:b1:91:35:59:fe:c0:8e:31:6b:49:35:ac:0b:b2:be:
         ec:8a:22:0d:5e:f2:34:64:3a:58:ba:54:e6:85:97:93:f2:fd:
         a1:65:22:e5:b5:e7:f7:52:15:61:2d:16:d9:ae:a7:e7:e4:92:
         3c:e2:0a:5d:c6:44:d6:d2:ef:ff:43:69:05:1a:e8:1e:58:a0:
         da:93:50:75
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH8o5R87vkpNwY7psNrRHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjUwMTAxMTM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTkxODUyNmE3NGZkZjcyNTM5NzYwZTc2MGQyMjE1YzIyZWYzMWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2UTR15uaQYAVLVVyLJJlMJ8ybp+
SnNb5mBRg29mz6LAu7zCYQpOefS/IrxCBPhwV7vkw9/SBQO/KUDLiwre6K3Oixe0
419VP0pCqosJk+NtSMvl8eiXQNEYvGEDUdcs6UWByWh80zgJ4fplffXPmkO+WfJP
8FZBUMvAZf9UnF78ZDb1CgloVv7UjWKDusIJojGqXWDU7ZFOVsQaVDOFi8IydLUi
HL+czd/IVjnMvbhSmiwUo76ayizqFobRSNfUvZPb6heqrhBxnoVRGnxWr7tm7ESp
E8/MDWjGcwT5CEbc4fg9kFS8lQT/AuSL6maTQl498oztnURGNipKQLnMgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBqRhSanT99yU5dg52DSIVwi7zG9MB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvR3BHRkpxZFAzM0pUbDJEbllOSWhYQ0x2TWIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXipmAwQC
XiqwMA0GCSqGSIb3DQEBCwUAA4IBAQBD0o/VDdlu0np2rYYBPHAEIvuoScs77KP+
1E1xFVrxfD+bEqgmCi7BROZ0fEV41Oyiw1DrA1lu6JEJFtzzFgWLN2qHfL6XybE7
8MWexwuz8VkWQfkFog681z/T5D7F7Flsw67+8fxRqL70ChVjhDIEstwrRmELG1i8
j52aq2OhI7yJSNlZXLlYffXkren9b8Ja2Ln/+5Dbf0iqTXD36c3ofPzFWZxIrSS2
CKQ130lOmda4t/fW7kuxkTVZ/sCOMWtJNawLsr7siiINXvI0ZDpYulTmhZeT8v2h
ZSLltef3UhVhLRbZrqfn5JI84gpdxkTW0u//Q2kFGugeWKDak1B1
-----END CERTIFICATE-----