Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/b674bb-0447-4d72-b302-6ec40a381819/1/Gv1z6Ht1a1a_DV01PQJQ4YEE26w.roa
File:                     Gv1z6Ht1a1a_DV01PQJQ4YEE26w.roa (raw, json)
Hash identifier:          P/ppnYfAV3mtimp32QEnEw2fPl2yHc4MDo84w7AlKyk=
Subject key identifier:   1A:FD:73:E8:7B:75:6B:56:BF:0D:5D:35:3D:02:50:E1:81:04:DB:AC
Certificate issuer:       /CN=9e5d484eb6b4b5689a544cf0b13b7ef932457ef1
Certificate serial:       018CC6B78CF383CEED4DD3113DDCD326EAC3
Authority key identifier: 9E:5D:48:4E:B6:B4:B5:68:9A:54:4C:F0:B1:3B:7E:F9:32:45:7E:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nl1ITra0tWiaVEzwsTt--TJFfvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/b674bb-0447-4d72-b302-6ec40a381819/1/Gv1z6Ht1a1a_DV01PQJQ4YEE26w.roa
Signing time:             Mon 01 Jan 2024 20:29:27 +0000
ROA not before:           Mon 01 Jan 2024 20:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35236
IP address blocks:        185.205.136.0/22 maxlen: 24
                          185.205.137.0/24 maxlen: 24
                          2a0b:640::/30 maxlen: 30
                          2a0b:640:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/b674bb-0447-4d72-b302-6ec40a381819/1/nl1ITra0tWiaVEzwsTt--TJFfvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/b674bb-0447-4d72-b302-6ec40a381819/1/nl1ITra0tWiaVEzwsTt--TJFfvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nl1ITra0tWiaVEzwsTt--TJFfvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:8c:f3:83:ce:ed:4d:d3:11:3d:dc:d3:26:ea:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e5d484eb6b4b5689a544cf0b13b7ef932457ef1
        Validity
            Not Before: Jan  1 20:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1afd73e87b756b56bf0d5d353d0250e18104dbac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:3c:ce:49:2a:b1:74:94:70:6e:b7:b1:07:93:
                    f3:b5:75:59:67:b4:ce:94:89:e7:a4:da:fa:78:00:
                    98:c8:70:77:7a:fc:dc:82:73:43:a4:16:35:22:a5:
                    08:66:4a:47:3a:5a:d9:27:03:6d:b8:86:97:79:25:
                    85:0c:f9:28:75:f0:92:ad:f6:e4:67:77:7c:84:ad:
                    e0:29:0e:fc:4a:6f:ff:f4:aa:f0:94:52:cb:a9:e7:
                    8b:7d:c7:78:17:1c:05:ce:86:6b:3c:62:fa:dc:6e:
                    8a:c6:c0:6d:8e:ab:ef:76:91:b8:5e:5b:5c:d3:67:
                    fe:bc:91:98:9e:f1:3f:b9:f8:42:42:27:f1:3e:e6:
                    24:f9:8c:b6:a3:e4:36:8a:f6:1a:40:0c:95:eb:d1:
                    6e:b5:c6:6c:06:b5:b4:71:9b:2b:94:d3:7a:d7:75:
                    71:9b:02:8a:69:fd:46:6c:09:13:b3:a3:a5:c4:9f:
                    4e:c7:a3:57:29:5a:9c:85:5e:1a:6f:47:a7:a3:b5:
                    05:14:ac:50:56:08:62:37:c4:f6:15:3d:38:ea:05:
                    5b:cc:a1:ac:88:de:ab:39:8d:d8:7c:42:f2:15:d5:
                    da:d2:c8:dc:61:90:db:da:45:9f:2d:80:a2:6a:ab:
                    d8:db:64:4c:1f:cc:d9:e3:d7:3a:d7:5d:a4:c9:04:
                    4d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:FD:73:E8:7B:75:6B:56:BF:0D:5D:35:3D:02:50:E1:81:04:DB:AC
            X509v3 Authority Key Identifier:
                keyid:9E:5D:48:4E:B6:B4:B5:68:9A:54:4C:F0:B1:3B:7E:F9:32:45:7E:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nl1ITra0tWiaVEzwsTt--TJFfvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/b674bb-0447-4d72-b302-6ec40a381819/1/Gv1z6Ht1a1a_DV01PQJQ4YEE26w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/b674bb-0447-4d72-b302-6ec40a381819/1/nl1ITra0tWiaVEzwsTt--TJFfvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.136.0/22
                IPv6:
                  2a0b:640::/30

    Signature Algorithm: sha256WithRSAEncryption
         16:f1:1c:97:95:3b:48:85:0f:64:1a:e5:e3:44:61:1d:03:1a:
         29:64:b1:43:40:ba:33:26:0d:61:90:af:63:73:de:21:ae:79:
         8c:99:5e:02:3a:96:d0:1d:68:3e:5a:5e:29:98:fe:7b:5f:2b:
         b1:16:77:8a:c8:5f:24:f6:5c:a4:2d:18:77:0e:8d:52:8d:f9:
         27:46:04:12:5e:9f:b1:21:4f:de:d8:29:c2:29:84:1a:81:ee:
         f0:13:62:b7:ee:1a:a6:02:32:40:2a:8d:da:f5:74:c1:ef:48:
         d4:50:a4:f3:eb:49:3f:8e:af:36:2a:26:08:82:5a:6e:b3:1c:
         23:63:fa:10:7a:b3:80:cd:0c:7a:90:45:00:f6:9e:a3:13:a2:
         d5:89:50:5d:e9:05:bb:70:1b:16:4e:3f:17:41:db:ce:8b:15:
         e9:00:5a:41:a7:8c:dc:3b:7d:9d:3b:93:a1:45:13:09:c4:1d:
         3f:56:27:5e:b0:ea:83:d6:92:06:bb:8a:ab:c4:06:f7:24:15:
         d0:b9:e9:e5:78:d7:7f:29:cb:8e:06:f8:d1:8f:5a:0d:40:f6:
         c6:bc:7e:2e:69:2c:e5:d1:22:df:f2:1b:54:aa:92:2a:7f:0a:
         29:1d:bf:4b:88:c9:10:c2:f2:44:43:e9:c5:9b:13:b4:01:72:
         a0:d6:ef:9b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt4zzg87tTdMRPdzTJurDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNWQ0ODRlYjZiNGI1Njg5YTU0NGNmMGIxM2I3ZWY5MzI0
NTdlZjEwHhcNMjQwMTAxMjAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWZkNzNlODdiNzU2YjU2YmYwZDVkMzUzZDAyNTBlMTgxMDRkYmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjzOSSqxdJRwbrexB5PztXVZZ7TO
lInnpNr6eACYyHB3evzcgnNDpBY1IqUIZkpHOlrZJwNtuIaXeSWFDPkodfCSrfbk
Z3d8hK3gKQ78Sm//9KrwlFLLqeeLfcd4FxwFzoZrPGL63G6KxsBtjqvvdpG4Xltc
02f+vJGYnvE/ufhCQifxPuYk+Yy2o+Q2ivYaQAyV69FutcZsBrW0cZsrlNN613Vx
mwKKaf1GbAkTs6OlxJ9Ox6NXKVqchV4ab0eno7UFFKxQVghiN8T2FT046gVbzKGs
iN6rOY3YfELyFdXa0sjcYZDb2kWfLYCiaqvY22RMH8zZ49c6112kyQRNvwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBr9c+h7dWtWvw1dNT0CUOGBBNusMB8GA1UdIwQY
MBaAFJ5dSE62tLVomlRM8LE7fvkyRX7xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmwxSVRyYTB0V2lhVkV6d3NUdC0tVEpGZnZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9iNjc0YmItMDQ0Ny00ZDcyLWIzMDIt
NmVjNDBhMzgxODE5LzEvR3YxejZIdDFhMWFfRFYwMVBRSlE0WUVFMjZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9iNjc0YmItMDQ0Ny00ZDcyLWIzMDItNmVjNDBhMzgxODE5
LzEvbmwxSVRyYTB0V2lhVkV6d3NUdC0tVEpGZnZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuc2IMA0E
AgACMAcDBQIqCwZAMA0GCSqGSIb3DQEBCwUAA4IBAQAW8RyXlTtIhQ9kGuXjRGEd
AxopZLFDQLozJg1hkK9jc94hrnmMmV4COpbQHWg+Wl4pmP57XyuxFneKyF8k9lyk
LRh3Do1SjfknRgQSXp+xIU/e2CnCKYQage7wE2K37hqmAjJAKo3a9XTB70jUUKTz
60k/jq82KiYIglpusxwjY/oQerOAzQx6kEUA9p6jE6LViVBd6QW7cBsWTj8XQdvO
ixXpAFpBp4zcO32dO5OhRRMJxB0/VidesOqD1pIGu4qrxAb3JBXQuenleNd/KcuO
BvjRj1oNQPbGvH4uaSzl0SLf8htUqpIqfwopHb9LiMkQwvJEQ+nFmxO0AXKg1u+b
-----END CERTIFICATE-----