Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/GZgpng6Ot_FGRMQou9o62VcEekY.roa
File:                     GZgpng6Ot_FGRMQou9o62VcEekY.roa (raw, json)
Hash identifier:          LX9b2Js5i118pOJ0Nzr+pm+rZAe5EZDelGHWiSHQOWA=
Subject key identifier:   19:98:29:9E:0E:8E:B7:F1:46:44:C4:28:BB:DA:3A:D9:57:04:7A:46
Certificate issuer:       /CN=0e75fb4f52a829d136e29a9a025c636d19ae328e
Certificate serial:       019424449B6DB53FBECF8C036C25A05DE0C9
Authority key identifier: 0E:75:FB:4F:52:A8:29:D1:36:E2:9A:9A:02:5C:63:6D:19:AE:32:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/GZgpng6Ot_FGRMQou9o62VcEekY.roa
Signing time:             Wed 01 Jan 2025 23:47:43 +0000
ROA not before:           Wed 01 Jan 2025 23:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197497
IP address blocks:        83.139.46.0/24 maxlen: 24
                          83.139.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:9b:6d:b5:3f:be:cf:8c:03:6c:25:a0:5d:e0:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e75fb4f52a829d136e29a9a025c636d19ae328e
        Validity
            Not Before: Jan  1 23:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1998299e0e8eb7f14644c428bbda3ad957047a46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:f8:0b:02:1e:8e:72:2c:9e:73:ab:9d:ac:36:
                    19:ef:1a:6b:28:59:bc:52:91:e7:7a:4f:b1:0a:f3:
                    de:d3:e0:c4:53:37:f6:dc:b1:fa:80:c1:5a:88:1b:
                    4c:8c:a5:e3:92:b8:a8:53:d8:ac:17:f5:11:ea:83:
                    4d:69:6c:35:6f:0b:c4:ca:3d:0d:7d:29:e7:7a:c1:
                    34:ec:89:33:3e:12:f7:05:df:ec:99:28:cc:28:d6:
                    4a:96:51:47:5f:48:52:5b:cb:05:35:bf:ea:5b:2a:
                    0d:a1:1a:ae:88:8f:7f:7e:2e:ec:75:7a:e3:3b:c5:
                    88:9a:6f:bb:50:8e:78:31:58:ed:73:7a:68:bf:39:
                    11:a7:4c:a3:0a:0e:04:47:62:f7:ed:be:3e:e2:8b:
                    11:f0:e7:98:df:5a:05:e9:ff:ab:87:21:b8:12:6c:
                    a2:96:dd:2d:8f:c1:9e:29:24:5c:16:93:b8:b8:96:
                    7a:cd:07:22:66:e6:7c:af:ad:31:40:18:84:5e:7f:
                    9e:d9:d5:c1:0a:b9:e5:92:4e:14:b2:ef:e2:30:b7:
                    46:6d:d4:ec:14:5f:2b:09:81:11:7f:e0:72:d0:ea:
                    21:1e:e1:c2:a4:9f:5f:b9:a7:41:73:89:aa:23:16:
                    1e:5c:66:4e:12:da:1c:17:27:84:4c:82:0f:7a:9c:
                    55:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:98:29:9E:0E:8E:B7:F1:46:44:C4:28:BB:DA:3A:D9:57:04:7A:46
            X509v3 Authority Key Identifier:
                keyid:0E:75:FB:4F:52:A8:29:D1:36:E2:9A:9A:02:5C:63:6D:19:AE:32:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DnX7T1KoKdE24pqaAlxjbRmuMo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/GZgpng6Ot_FGRMQou9o62VcEekY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/5759f6-93e2-4029-a49f-35ba267ded3b/1/DnX7T1KoKdE24pqaAlxjbRmuMo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.139.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:0d:5a:70:b3:fb:e2:7d:20:37:79:f8:82:25:c8:76:05:a6:
         44:01:2f:01:29:50:03:65:48:23:24:5c:75:c1:df:e9:e4:0c:
         a8:91:66:2c:98:27:48:cc:38:c5:b9:c9:0b:a0:de:3a:13:2b:
         4b:d9:73:39:51:75:55:95:3b:16:3d:95:15:8b:8e:d5:17:d3:
         6e:df:c8:45:97:89:ac:0a:b5:38:0c:dc:87:68:28:42:3e:96:
         46:e6:96:5a:c7:9c:19:41:f8:bb:5f:47:ca:aa:82:61:53:6a:
         53:46:f7:e5:e5:fd:87:b7:2b:8b:74:18:7c:9c:7e:ef:df:3d:
         72:f2:8b:10:d1:cc:5f:53:a3:15:bc:a6:7c:9e:ed:ce:ba:36:
         a7:53:7c:35:40:52:4a:0f:4b:56:05:9d:83:4b:78:09:db:3f:
         0a:aa:e7:35:9f:ac:76:00:e1:66:ef:95:44:81:7c:5e:cf:70:
         6b:04:b5:20:66:4c:3e:da:62:df:6a:89:c2:c6:66:18:d2:c8:
         76:25:05:19:26:50:80:ba:7c:af:39:2f:15:fc:06:21:1f:f0:
         ef:b7:72:ba:74:49:eb:7e:b1:63:59:1c:85:da:48:ee:00:69:
         a2:f4:51:21:8b:53:b4:64:6a:bc:60:8d:e1:e6:62:48:f0:35:
         b8:68:72:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRJtttT++z4wDbCWgXeDJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNzVmYjRmNTJhODI5ZDEzNmUyOWE5YTAyNWM2MzZkMTlh
ZTMyOGUwHhcNMjUwMTAxMjM0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTk4Mjk5ZTBlOGViN2YxNDY0NGM0MjhiYmRhM2FkOTU3MDQ3YTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfgLAh6Ociyec6udrDYZ7xprKFm8
UpHnek+xCvPe0+DEUzf23LH6gMFaiBtMjKXjkrioU9isF/UR6oNNaWw1bwvEyj0N
fSnnesE07IkzPhL3Bd/smSjMKNZKllFHX0hSW8sFNb/qWyoNoRquiI9/fi7sdXrj
O8WImm+7UI54MVjtc3povzkRp0yjCg4ER2L37b4+4osR8OeY31oF6f+rhyG4Emyi
lt0tj8GeKSRcFpO4uJZ6zQciZuZ8r60xQBiEXn+e2dXBCrnlkk4Usu/iMLdGbdTs
FF8rCYERf+By0OohHuHCpJ9fuadBc4mqIxYeXGZOEtocFyeETIIPepxVCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBmYKZ4OjrfxRkTEKLvaOtlXBHpGMB8GA1UdIwQY
MBaAFA51+09SqCnRNuKamgJcY20ZrjKOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG5YN1QxS29LZEUyNHBxYUFseGpiUm11TW80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC81NzU5ZjYtOTNlMi00MDI5LWE0OWYt
MzViYTI2N2RlZDNiLzEvR1pncG5nNk90X0ZHUk1Rb3U5bzYyVmNFZWtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC81NzU5ZjYtOTNlMi00MDI5LWE0OWYtMzViYTI2N2RlZDNi
LzEvRG5YN1QxS29LZEUyNHBxYUFseGpiUm11TW80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBU4suMA0G
CSqGSIb3DQEBCwUAA4IBAQABDVpws/vifSA3efiCJch2BaZEAS8BKVADZUgjJFx1
wd/p5AyokWYsmCdIzDjFuckLoN46EytL2XM5UXVVlTsWPZUVi47VF9Nu38hFl4ms
CrU4DNyHaChCPpZG5pZax5wZQfi7X0fKqoJhU2pTRvfl5f2HtyuLdBh8nH7v3z1y
8osQ0cxfU6MVvKZ8nu3OujanU3w1QFJKD0tWBZ2DS3gJ2z8Kquc1n6x2AOFm75VE
gXxez3BrBLUgZkw+2mLfaonCxmYY0sh2JQUZJlCAunyvOS8V/AYhH/Dvt3K6dEnr
frFjWRyF2kjuAGmi9FEhi1O0ZGq8YI3h5mJI8DW4aHIE
-----END CERTIFICATE-----