Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/GFO9e3G0qnOC-B2cLfOes1NGI_I.roa
File:                     GFO9e3G0qnOC-B2cLfOes1NGI_I.roa (raw, json)
Hash identifier:          CZuKGqThhgWg/xSsX3rT4vQvQnpCP0qaYIEiUL0pKa0=
Subject key identifier:   18:53:BD:7B:71:B4:AA:73:82:F8:1D:9C:2D:F3:9E:B3:53:46:23:F2
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       018CF7582F9D08E2F38C430030516FADABDD
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/GFO9e3G0qnOC-B2cLfOes1NGI_I.roa
Signing time:             Thu 11 Jan 2024 07:06:40 +0000
ROA not before:           Thu 11 Jan 2024 07:06:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211373
IP address blocks:        146.19.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:03:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f7:58:2f:9d:08:e2:f3:8c:43:00:30:51:6f:ad:ab:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jan 11 07:06:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1853bd7b71b4aa7382f81d9c2df39eb3534623f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:a9:b1:45:9d:4a:85:ba:e2:be:08:38:f5:7a:
                    9d:f0:ab:43:c9:ba:22:09:9e:a2:1c:8a:52:58:21:
                    e4:89:97:6a:1e:07:9e:61:97:db:85:d6:88:b9:33:
                    c0:89:1d:6c:35:38:4f:46:e0:48:b0:c1:0a:3b:98:
                    80:12:da:2b:c6:d9:2a:c8:3f:e1:ec:e2:c2:25:67:
                    63:ff:b9:73:8d:cc:0e:cb:c6:57:60:97:83:cd:ee:
                    3a:41:9e:22:e8:c0:97:be:0a:97:b6:78:e1:7c:33:
                    20:cf:4a:79:f9:66:28:74:8b:ec:b7:d4:80:41:63:
                    d3:2f:41:9b:9e:e7:54:42:ea:f0:8f:74:f3:13:17:
                    42:d0:42:9e:4f:db:91:da:80:7c:59:6d:cc:42:98:
                    af:bc:97:bf:07:6b:3d:0d:f1:27:b1:a1:ac:7e:79:
                    c4:cd:fd:a3:15:63:e8:af:3a:bd:26:d8:84:fe:00:
                    3a:ae:d4:c9:18:10:23:e9:55:77:fb:0a:bf:e7:9f:
                    8b:26:79:27:70:ea:cd:cd:03:62:66:62:b2:0a:30:
                    27:42:72:d4:3a:da:20:40:70:11:32:ff:c9:ff:ee:
                    d2:2f:4c:f1:a1:cd:c8:cd:1b:83:68:c4:b3:ff:fc:
                    33:4a:11:23:89:4f:48:85:35:67:95:3b:28:66:39:
                    be:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:53:BD:7B:71:B4:AA:73:82:F8:1D:9C:2D:F3:9E:B3:53:46:23:F2
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/GFO9e3G0qnOC-B2cLfOes1NGI_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:7a:9f:1e:eb:05:9d:78:d7:00:4e:38:b2:d5:5b:55:84:b1:
         67:2a:1b:40:50:ce:05:f8:02:30:52:fd:36:3c:4f:4f:db:b4:
         9d:7e:26:64:25:c5:91:8e:ce:cc:d4:88:27:b6:01:f3:22:d3:
         25:62:f0:eb:b5:1e:9c:50:68:e0:1e:ee:f8:fa:89:e2:26:d2:
         c4:d7:c7:ef:30:3f:b0:74:e6:6b:e1:a4:f5:fd:ee:85:c0:4d:
         86:4e:4c:8b:cd:e8:a4:81:c6:08:92:38:18:ac:d3:b7:4f:8d:
         82:bd:be:f1:54:51:e3:49:3c:d9:d9:83:e1:d0:19:34:12:12:
         54:09:4c:6b:93:23:ed:e0:e2:72:42:96:cd:e5:55:57:87:6c:
         09:4d:43:b5:d7:de:84:93:3b:c9:76:d0:35:5b:a8:f9:89:b4:
         4a:bc:c0:8f:74:0d:8b:09:73:0a:e2:a6:a7:c4:79:b5:9c:0b:
         74:a7:69:fd:27:b6:69:6e:c8:b3:93:77:12:00:b0:ed:92:fc:
         d8:e3:d3:83:f3:2b:7d:a0:ef:f5:c3:3e:8c:93:55:2f:29:f0:
         7a:9b:7b:4e:ca:06:02:2a:d1:df:a5:f1:3f:de:00:7f:f2:56:
         1e:ce:b3:d0:51:ca:b1:c2:62:fd:ba:e2:55:d6:69:0b:e4:f4:
         4c:52:35:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYz3WC+dCOLzjEMAMFFvravdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjQwMTExMDcwNjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODUzYmQ3YjcxYjRhYTczODJmODFkOWMyZGYzOWViMzUzNDYyM2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiamxRZ1Khbrivgg49Xqd8KtDyboi
CZ6iHIpSWCHkiZdqHgeeYZfbhdaIuTPAiR1sNThPRuBIsMEKO5iAEtorxtkqyD/h
7OLCJWdj/7lzjcwOy8ZXYJeDze46QZ4i6MCXvgqXtnjhfDMgz0p5+WYodIvst9SA
QWPTL0GbnudUQurwj3TzExdC0EKeT9uR2oB8WW3MQpivvJe/B2s9DfEnsaGsfnnE
zf2jFWPorzq9JtiE/gA6rtTJGBAj6VV3+wq/55+LJnkncOrNzQNiZmKyCjAnQnLU
OtogQHARMv/J/+7SL0zxoc3IzRuDaMSz//wzShEjiU9IhTVnlTsoZjm+fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBhTvXtxtKpzgvgdnC3znrNTRiPyMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvR0ZPOWUzRzBxbk9DLUIyY0xmT2VzMU5HSV9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhOaMA0G
CSqGSIb3DQEBCwUAA4IBAQAiep8e6wWdeNcATjiy1VtVhLFnKhtAUM4F+AIwUv02
PE9P27SdfiZkJcWRjs7M1IgntgHzItMlYvDrtR6cUGjgHu74+oniJtLE18fvMD+w
dOZr4aT1/e6FwE2GTkyLzeikgcYIkjgYrNO3T42Cvb7xVFHjSTzZ2YPh0Bk0EhJU
CUxrkyPt4OJyQpbN5VVXh2wJTUO1196EkzvJdtA1W6j5ibRKvMCPdA2LCXMK4qan
xHm1nAt0p2n9J7Zpbsizk3cSALDtkvzY49OD8yt9oO/1wz6Mk1UvKfB6m3tOygYC
KtHfpfE/3gB/8lYezrPQUcqxwmL9uuJV1mkL5PRMUjXR
-----END CERTIFICATE-----