Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/gosXa3LNgcMV4Z4GkBMtqheasNU.roa
File:                     gosXa3LNgcMV4Z4GkBMtqheasNU.roa (raw, json)
Hash identifier:          V8adT4rqCbWxMri5E68ezvkoa/bF36T4KgrWxPbbVfM=
Subject key identifier:   82:8B:17:6B:72:CD:81:C3:15:E1:9E:06:90:13:2D:AA:17:9A:B0:D5
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC802729166A069D55FE1E169B159AD2A
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/gosXa3LNgcMV4Z4GkBMtqheasNU.roa
Signing time:             Tue 02 Jan 2024 02:30:52 +0000
ROA not before:           Tue 02 Jan 2024 02:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23470
IP address blocks:        45.8.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:72:91:66:a0:69:d5:5f:e1:e1:69:b1:59:ad:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=828b176b72cd81c315e19e0690132daa179ab0d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:d3:59:1a:69:82:06:54:b7:d5:e1:c4:87:3e:
                    ad:82:76:55:9a:b7:73:53:61:6e:86:b4:3f:67:84:
                    c9:f1:07:e9:16:91:df:ad:76:61:0d:29:e1:99:37:
                    85:20:54:f9:46:4a:eb:64:b8:97:81:13:a8:46:c4:
                    76:a2:d0:bd:d3:eb:a9:9b:85:cb:65:d6:f4:92:02:
                    f7:2c:ef:e8:86:d9:73:15:69:4a:d7:98:ae:19:ae:
                    be:ef:db:f2:08:64:57:18:5c:14:c7:28:34:a9:60:
                    02:6e:af:04:a2:46:9d:96:b3:13:f8:8e:c1:bf:67:
                    54:03:d1:58:06:42:45:cc:59:05:6a:58:03:6c:ca:
                    29:f2:44:99:42:b0:5b:66:43:17:e9:46:41:22:8a:
                    1e:a2:f4:37:89:84:0d:40:33:16:11:ff:38:2d:e5:
                    74:21:5a:0c:e5:b8:e0:e0:1f:fc:cb:74:37:a4:cb:
                    cb:ea:0e:f2:34:d0:95:f5:61:e2:f5:77:79:3c:3a:
                    f6:b2:b9:9a:f7:9d:9b:dc:a9:af:3f:f0:e7:dc:c4:
                    d7:5a:c2:f2:d7:38:6c:62:0c:32:0b:80:f1:34:91:
                    72:e5:f1:16:28:9e:ae:ad:3c:b7:5b:26:59:81:ed:
                    1d:2a:55:92:f8:59:da:9d:1a:7a:a0:fd:6d:67:b1:
                    11:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:8B:17:6B:72:CD:81:C3:15:E1:9E:06:90:13:2D:AA:17:9A:B0:D5
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/gosXa3LNgcMV4Z4GkBMtqheasNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:94:b4:28:f3:79:b8:32:16:08:c8:b2:2f:08:70:d7:d5:ad:
         38:5a:e0:26:d8:ea:05:22:3a:5b:b1:12:9b:0e:24:ac:13:f4:
         59:21:0a:38:62:95:31:f6:a3:ee:1e:09:b5:ac:87:b6:b5:0b:
         3e:56:8d:72:c9:98:15:33:42:73:fb:fa:0c:30:36:58:96:96:
         92:2d:7f:d0:fd:25:1f:fc:23:5f:3e:02:e4:03:74:6a:11:d5:
         39:5f:df:a8:1d:6f:32:cf:35:90:60:e1:50:4a:be:80:f3:fe:
         f7:19:00:d9:6d:05:a7:bc:89:4b:ef:97:ec:ad:b9:55:68:f9:
         c7:d7:9d:a6:f7:b3:df:1f:64:d3:b3:2b:b9:00:a0:1d:57:60:
         35:2f:d2:29:32:5d:15:1a:d2:6e:80:bf:8c:78:86:c8:63:dc:
         03:63:3a:23:1e:dd:64:7c:a9:11:be:f3:7d:35:6b:41:64:4f:
         37:ff:c3:11:ad:0e:a7:38:a8:5c:7d:0d:b1:2b:ed:c6:2e:4a:
         dd:43:eb:4c:9d:fa:c6:ce:7b:4f:99:16:dc:44:25:48:36:02:
         50:f4:6f:1e:45:e6:25:e9:ad:8a:38:92:d5:81:87:10:da:d0:
         f4:8c:59:45:89:66:bd:3a:aa:64:df:ac:4d:80:2e:77:58:69:
         f3:52:1c:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAnKRZqBp1V/h4WmxWa0qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjhiMTc2YjcyY2Q4MWMzMTVlMTllMDY5MDEzMmRhYTE3OWFiMGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndNZGmmCBlS31eHEhz6tgnZVmrdz
U2FuhrQ/Z4TJ8QfpFpHfrXZhDSnhmTeFIFT5RkrrZLiXgROoRsR2otC90+upm4XL
Zdb0kgL3LO/ohtlzFWlK15iuGa6+79vyCGRXGFwUxyg0qWACbq8EokadlrMT+I7B
v2dUA9FYBkJFzFkFalgDbMop8kSZQrBbZkMX6UZBIooeovQ3iYQNQDMWEf84LeV0
IVoM5bjg4B/8y3Q3pMvL6g7yNNCV9WHi9Xd5PDr2srma952b3KmvP/Dn3MTXWsLy
1zhsYgwyC4DxNJFy5fEWKJ6urTy3WyZZge0dKlWS+FnanRp6oP1tZ7ERIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIKLF2tyzYHDFeGeBpATLaoXmrDVMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvZ29zWGEzTE5nY01WNFo0R2tCTXRxaGVhc05VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQgWMA0G
CSqGSIb3DQEBCwUAA4IBAQBylLQo83m4MhYIyLIvCHDX1a04WuAm2OoFIjpbsRKb
DiSsE/RZIQo4YpUx9qPuHgm1rIe2tQs+Vo1yyZgVM0Jz+/oMMDZYlpaSLX/Q/SUf
/CNfPgLkA3RqEdU5X9+oHW8yzzWQYOFQSr6A8/73GQDZbQWnvIlL75fsrblVaPnH
152m97PfH2TTsyu5AKAdV2A1L9IpMl0VGtJugL+MeIbIY9wDYzojHt1kfKkRvvN9
NWtBZE83/8MRrQ6nOKhcfQ2xK+3GLkrdQ+tMnfrGzntPmRbcRCVINgJQ9G8eReYl
6a2KOJLVgYcQ2tD0jFlFiWa9Oqpk36xNgC53WGnzUhyK
-----END CERTIFICATE-----