Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/4b8f5a-24e0-4ede-a4ab-50c78916f8e3/1/GGBQVM4MXflXUHre3OIZoJsJIc4.roa
File:                     GGBQVM4MXflXUHre3OIZoJsJIc4.roa (raw, json)
Hash identifier:          7T2pjG8aAhvJiepfS0wIwFcK9/AZm4UR+BN/ELqPdJ4=
Subject key identifier:   18:60:50:54:CE:0C:5D:F9:57:50:7A:DE:DC:E2:19:A0:9B:09:21:CE
Certificate issuer:       /CN=b83b5cdb65ecc5bd746d8b74982831a6d8dc1053
Certificate serial:       018CC79335F5C013FBC112BE4532A41C7F73
Authority key identifier: B8:3B:5C:DB:65:EC:C5:BD:74:6D:8B:74:98:28:31:A6:D8:DC:10:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uDtc22Xsxb10bYt0mCgxptjcEFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/4b8f5a-24e0-4ede-a4ab-50c78916f8e3/1/GGBQVM4MXflXUHre3OIZoJsJIc4.roa
Signing time:             Tue 02 Jan 2024 00:29:22 +0000
ROA not before:           Tue 02 Jan 2024 00:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60111
IP address blocks:        185.193.236.0/22 maxlen: 22
                          2a0a:4140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/4b8f5a-24e0-4ede-a4ab-50c78916f8e3/1/uDtc22Xsxb10bYt0mCgxptjcEFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/4b8f5a-24e0-4ede-a4ab-50c78916f8e3/1/uDtc22Xsxb10bYt0mCgxptjcEFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uDtc22Xsxb10bYt0mCgxptjcEFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:35:f5:c0:13:fb:c1:12:be:45:32:a4:1c:7f:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b83b5cdb65ecc5bd746d8b74982831a6d8dc1053
        Validity
            Not Before: Jan  2 00:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=18605054ce0c5df957507adedce219a09b0921ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:1f:0a:c3:3f:0a:fe:4b:1e:3e:94:66:55:a6:
                    e8:54:c1:aa:d4:a9:bf:4d:dc:4c:10:75:5f:ed:5c:
                    41:04:3a:64:7e:ad:ec:cf:ce:cb:6e:b4:fc:19:cc:
                    6a:df:23:b5:f4:04:f7:85:35:04:10:59:e5:d8:24:
                    60:7a:c5:3b:7a:67:82:3f:1e:91:e1:2d:07:cb:bf:
                    19:cb:c7:58:d9:f7:6d:8c:18:20:94:d7:02:12:d6:
                    a1:62:69:da:4a:64:45:95:ea:a8:18:42:b4:1f:bf:
                    c0:bf:cb:9e:67:f6:ca:9e:f1:cc:50:cf:af:be:65:
                    7e:7c:ea:ab:9c:8e:87:eb:cc:ba:55:fb:82:6f:e3:
                    eb:d5:89:68:7d:18:cb:9c:8f:13:0e:b5:ca:65:95:
                    e3:66:a6:b9:9f:4a:53:fa:30:be:a4:85:d4:1a:46:
                    31:14:1b:cd:1f:ea:cd:11:2d:3b:c9:c5:10:bc:53:
                    9a:13:03:a6:72:c5:c0:b3:a5:85:01:8f:c5:79:5d:
                    ba:25:21:d2:6f:12:df:05:6d:fd:70:23:71:4d:16:
                    21:a3:06:05:3a:e4:de:f3:46:5f:fc:58:07:df:c0:
                    15:9c:9f:8f:ae:9b:2d:49:52:c0:eb:6e:9f:43:bc:
                    e0:7d:d5:b2:d5:9d:ce:fc:c1:6f:d5:e7:19:df:d0:
                    08:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:60:50:54:CE:0C:5D:F9:57:50:7A:DE:DC:E2:19:A0:9B:09:21:CE
            X509v3 Authority Key Identifier:
                keyid:B8:3B:5C:DB:65:EC:C5:BD:74:6D:8B:74:98:28:31:A6:D8:DC:10:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uDtc22Xsxb10bYt0mCgxptjcEFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/4b8f5a-24e0-4ede-a4ab-50c78916f8e3/1/GGBQVM4MXflXUHre3OIZoJsJIc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/4b8f5a-24e0-4ede-a4ab-50c78916f8e3/1/uDtc22Xsxb10bYt0mCgxptjcEFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.236.0/22
                IPv6:
                  2a0a:4140::/29

    Signature Algorithm: sha256WithRSAEncryption
         bb:28:fc:73:af:8f:2f:63:8f:97:e9:71:53:76:71:1f:e9:be:
         06:60:15:5f:47:6d:29:a2:b6:01:d3:72:7e:ba:b1:b6:dd:a6:
         31:e1:e6:3c:84:d7:96:1e:53:05:63:14:89:32:7f:34:9c:ae:
         54:7f:6c:c5:4c:f9:96:b4:d0:f1:ea:e2:80:70:77:c5:8f:3c:
         49:58:d0:65:1f:94:c0:2d:de:20:48:f3:a5:eb:d0:16:9f:02:
         a2:73:0a:42:7d:e9:de:cd:ff:0e:14:6c:fc:51:a7:96:29:d9:
         a9:b9:9f:aa:84:92:1a:8d:9d:15:3e:6b:df:7f:fe:e8:93:9b:
         24:a2:3c:e8:0b:c5:e9:74:e3:d6:be:9d:a5:28:f2:e7:dd:10:
         df:2c:4e:a5:56:ad:31:b4:a1:a8:cc:64:16:57:1c:74:f2:21:
         a5:fc:8f:46:61:6c:07:1a:59:54:f4:ab:13:97:4c:29:4e:c8:
         22:03:00:38:d1:92:9a:74:4a:32:8b:4a:fd:c3:47:3b:96:43:
         ed:45:79:fd:55:f0:e4:91:f6:35:7e:4d:e5:2c:04:50:f4:af:
         c0:76:ab:ee:41:f7:84:86:d1:86:18:0d:d2:b3:35:2b:f4:13:
         35:ba:c1:f5:e4:d8:da:a3:34:5c:2f:aa:7f:77:00:9f:d6:92:
         c2:64:13:92
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHkzX1wBP7wRK+RTKkHH9zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4M2I1Y2RiNjVlY2M1YmQ3NDZkOGI3NDk4MjgzMWE2ZDhk
YzEwNTMwHhcNMjQwMTAyMDAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODYwNTA1NGNlMGM1ZGY5NTc1MDdhZGVkY2UyMTlhMDliMDkyMWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiB8Kwz8K/ksePpRmVaboVMGq1Km/
TdxMEHVf7VxBBDpkfq3sz87LbrT8Gcxq3yO19AT3hTUEEFnl2CRgesU7emeCPx6R
4S0Hy78Zy8dY2fdtjBgglNcCEtahYmnaSmRFleqoGEK0H7/Av8ueZ/bKnvHMUM+v
vmV+fOqrnI6H68y6VfuCb+Pr1YlofRjLnI8TDrXKZZXjZqa5n0pT+jC+pIXUGkYx
FBvNH+rNES07ycUQvFOaEwOmcsXAs6WFAY/FeV26JSHSbxLfBW39cCNxTRYhowYF
OuTe80Zf/FgH38AVnJ+PrpstSVLA626fQ7zgfdWy1Z3O/MFv1ecZ39AIEQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBhgUFTODF35V1B63tziGaCbCSHOMB8GA1UdIwQY
MBaAFLg7XNtl7MW9dG2LdJgoMabY3BBTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUR0YzIyWHN4YjEwYll0MG1DZ3hwdGpjRUZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS80YjhmNWEtMjRlMC00ZWRlLWE0YWIt
NTBjNzg5MTZmOGUzLzEvR0dCUVZNNE1YZmxYVUhyZTNPSVpvSnNKSWM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS80YjhmNWEtMjRlMC00ZWRlLWE0YWItNTBjNzg5MTZmOGUz
LzEvdUR0YzIyWHN4YjEwYll0MG1DZ3hwdGpjRUZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucHsMA0E
AgACMAcDBQMqCkFAMA0GCSqGSIb3DQEBCwUAA4IBAQC7KPxzr48vY4+X6XFTdnEf
6b4GYBVfR20porYB03J+urG23aYx4eY8hNeWHlMFYxSJMn80nK5Uf2zFTPmWtNDx
6uKAcHfFjzxJWNBlH5TALd4gSPOl69AWnwKicwpCfenezf8OFGz8UaeWKdmpuZ+q
hJIajZ0VPmvff/7ok5skojzoC8XpdOPWvp2lKPLn3RDfLE6lVq0xtKGozGQWVxx0
8iGl/I9GYWwHGllU9KsTl0wpTsgiAwA40ZKadEoyi0r9w0c7lkPtRXn9VfDkkfY1
fk3lLARQ9K/AdqvuQfeEhtGGGA3SszUr9BM1usH15NjaozRcL6p/dwCf1pLCZBOS
-----END CERTIFICATE-----