Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/gP7JWqklhCGE5Ave00jIJsSyudE.roa
File:                     gP7JWqklhCGE5Ave00jIJsSyudE.roa (raw, json)
Hash identifier:          mBk1/JW6VEdshl2yvR4WltWk8PNbN7WIqJf3FkOXbqw=
Subject key identifier:   80:FE:C9:5A:A9:25:84:21:84:E4:0B:DE:D3:48:C8:26:C4:B2:B9:D1
Certificate issuer:       /CN=09f0dcceb74f1185acd97aeeaac25dda5e9b0936
Certificate serial:       018CCA2A00EF7DD90E250D1117BBBCF46A36
Authority key identifier: 09:F0:DC:CE:B7:4F:11:85:AC:D9:7A:EE:AA:C2:5D:DA:5E:9B:09:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CfDczrdPEYWs2XruqsJd2l6bCTY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/gP7JWqklhCGE5Ave00jIJsSyudE.roa
Signing time:             Tue 02 Jan 2024 12:33:19 +0000
ROA not before:           Tue 02 Jan 2024 12:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201935
IP address blocks:        82.205.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/CfDczrdPEYWs2XruqsJd2l6bCTY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/CfDczrdPEYWs2XruqsJd2l6bCTY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CfDczrdPEYWs2XruqsJd2l6bCTY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:00:ef:7d:d9:0e:25:0d:11:17:bb:bc:f4:6a:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09f0dcceb74f1185acd97aeeaac25dda5e9b0936
        Validity
            Not Before: Jan  2 12:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80fec95aa925842184e40bded348c826c4b2b9d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a8:38:b3:41:70:1f:c3:45:0e:8b:6b:96:70:
                    65:fa:f3:45:7a:80:2f:34:3f:1c:4d:34:8e:27:bf:
                    3b:bf:00:55:37:87:d5:1b:a9:22:28:d3:f8:bf:19:
                    df:4f:d0:14:e8:81:5e:a8:7b:cf:41:9c:e7:fe:c5:
                    5f:5a:38:b2:79:0e:e7:d5:35:6a:76:43:ec:58:95:
                    90:95:3c:90:ba:f4:a0:3e:a5:6e:46:ae:66:a4:5e:
                    ea:f4:73:e8:a4:6e:a6:17:b3:e5:64:02:81:42:2a:
                    6b:fd:9b:0d:30:b3:dd:08:08:46:1f:91:f9:cf:e3:
                    0a:8e:b4:e7:78:f7:a8:0f:e7:fc:dc:a8:a3:e8:0b:
                    e3:10:16:ed:80:e7:41:6c:04:59:5b:c0:64:58:95:
                    d5:7f:07:a6:ba:e8:52:c2:08:1d:d2:07:cb:da:b4:
                    10:cb:de:b8:ff:c8:bf:1e:5a:0b:e4:60:dd:c9:f4:
                    2b:e8:47:c2:20:e8:f1:3b:40:6a:5d:9b:04:4f:e3:
                    ba:47:fc:72:b1:31:ee:35:53:df:96:01:b3:6c:a4:
                    18:6e:a7:a6:1d:a2:22:bb:d7:f5:65:4d:cd:8e:52:
                    fe:9e:8c:bf:2a:b5:f5:4f:fa:d0:e2:3a:00:67:ec:
                    51:1f:e6:6a:3d:ab:a0:9c:b3:2a:23:ec:7f:aa:4e:
                    ea:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:FE:C9:5A:A9:25:84:21:84:E4:0B:DE:D3:48:C8:26:C4:B2:B9:D1
            X509v3 Authority Key Identifier:
                keyid:09:F0:DC:CE:B7:4F:11:85:AC:D9:7A:EE:AA:C2:5D:DA:5E:9B:09:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CfDczrdPEYWs2XruqsJd2l6bCTY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/gP7JWqklhCGE5Ave00jIJsSyudE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/CfDczrdPEYWs2XruqsJd2l6bCTY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.205.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:94:43:9a:ba:82:f8:77:c9:86:2e:ac:18:32:de:d2:78:7c:
         e8:07:24:83:27:3f:d6:ab:c6:5d:5b:1b:f0:3e:36:62:9e:a7:
         6b:50:41:e7:66:f0:5a:c9:07:f5:ac:3d:5d:71:c7:4d:80:ef:
         c4:88:75:ce:7c:9d:e6:27:ef:af:f4:07:36:6d:ef:62:18:c5:
         02:7f:0e:50:dc:83:aa:76:7a:69:03:79:ec:2b:db:8e:e6:9a:
         f8:d7:b1:6b:a2:9d:ce:c1:10:bf:0b:33:23:a9:31:12:af:4f:
         27:84:3a:27:1a:be:37:ad:35:87:e8:68:bc:82:eb:4f:e6:d9:
         ad:af:b9:c2:82:dd:1c:7f:5b:c6:bb:b4:a9:b5:74:4d:89:9e:
         fa:72:87:49:aa:b8:8c:f5:7e:46:fb:d7:df:ee:1c:c7:cd:4b:
         09:5e:65:ec:c9:61:4d:be:2a:de:6d:64:dc:6e:c1:46:e0:75:
         20:67:89:b9:45:26:98:84:23:4a:41:7f:70:7a:2d:4c:ee:e8:
         84:fe:8d:fa:46:3f:3b:ba:e3:3b:2e:cb:3c:a9:3a:0d:b1:17:
         a4:c0:bf:9b:2c:26:dd:db:41:fe:aa:2b:48:58:3b:c7:1d:18:
         a8:8a:ff:ea:24:65:2f:e7:fd:08:56:28:4b:8c:92:51:80:6f:
         cc:06:f2:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKgDvfdkOJQ0RF7u89Go2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZjBkY2NlYjc0ZjExODVhY2Q5N2FlZWFhYzI1ZGRhNWU5
YjA5MzYwHhcNMjQwMTAyMTIzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGZlYzk1YWE5MjU4NDIxODRlNDBiZGVkMzQ4YzgyNmM0YjJiOWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKg4s0FwH8NFDotrlnBl+vNFeoAv
ND8cTTSOJ787vwBVN4fVG6kiKNP4vxnfT9AU6IFeqHvPQZzn/sVfWjiyeQ7n1TVq
dkPsWJWQlTyQuvSgPqVuRq5mpF7q9HPopG6mF7PlZAKBQipr/ZsNMLPdCAhGH5H5
z+MKjrTnePeoD+f83Kij6AvjEBbtgOdBbARZW8BkWJXVfwemuuhSwggd0gfL2rQQ
y964/8i/HloL5GDdyfQr6EfCIOjxO0BqXZsET+O6R/xysTHuNVPflgGzbKQYbqem
HaIiu9f1ZU3NjlL+noy/KrX1T/rQ4joAZ+xRH+ZqPaugnLMqI+x/qk7qPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFID+yVqpJYQhhOQL3tNIyCbEsrnRMB8GA1UdIwQY
MBaAFAnw3M63TxGFrNl67qrCXdpemwk2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2ZEY3pyZFBFWVdzMlhydXFzSmQybDZiQ1RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi80NWFjMGYtMzgzYS00ZWI0LWIxODgt
OTk2MTg5ZjljZTE0LzEvZ1A3Sldxa2xoQ0dFNUF2ZTAwaklKc1N5dWRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi80NWFjMGYtMzgzYS00ZWI0LWIxODgtOTk2MTg5ZjljZTE0
LzEvQ2ZEY3pyZFBFWVdzMlhydXFzSmQybDZiQ1RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUs25MA0G
CSqGSIb3DQEBCwUAA4IBAQBUlEOauoL4d8mGLqwYMt7SeHzoBySDJz/Wq8ZdWxvw
PjZinqdrUEHnZvBayQf1rD1dccdNgO/EiHXOfJ3mJ++v9Ac2be9iGMUCfw5Q3IOq
dnppA3nsK9uO5pr417Frop3OwRC/CzMjqTESr08nhDonGr43rTWH6Gi8gutP5tmt
r7nCgt0cf1vGu7SptXRNiZ76codJqriM9X5G+9ff7hzHzUsJXmXsyWFNvirebWTc
bsFG4HUgZ4m5RSaYhCNKQX9wei1M7uiE/o36Rj87uuM7Lss8qToNsRekwL+bLCbd
20H+qitIWDvHHRioiv/qJGUv5/0IVihLjJJRgG/MBvLt
-----END CERTIFICATE-----