Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/GFyiZSaTrBz5Sa1N1isSrl0R9jU.roa
File:                     GFyiZSaTrBz5Sa1N1isSrl0R9jU.roa (raw, json)
Hash identifier:          uhyVgZGCrXZALr0Ooqcs2pWB8HN6cjSJARhcBXzTxgg=
Subject key identifier:   18:5C:A2:65:26:93:AC:1C:F9:49:AD:4D:D6:2B:12:AE:5D:11:F6:35
Certificate issuer:       /CN=bdb83e99bf7254f948057a5e981be6fa5c2054dd
Certificate serial:       0192972C3DF79CFA00B3BF24D5315D9A0783
Authority key identifier: BD:B8:3E:99:BF:72:54:F9:48:05:7A:5E:98:1B:E6:FA:5C:20:54:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vbg-mb9yVPlIBXpemBvm-lwgVN0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/GFyiZSaTrBz5Sa1N1isSrl0R9jU.roa
Signing time:             Wed 16 Oct 2024 21:11:51 +0000
ROA not before:           Wed 16 Oct 2024 21:11:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205544
IP address blocks:        92.249.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/vbg-mb9yVPlIBXpemBvm-lwgVN0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/vbg-mb9yVPlIBXpemBvm-lwgVN0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vbg-mb9yVPlIBXpemBvm-lwgVN0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:97:2c:3d:f7:9c:fa:00:b3:bf:24:d5:31:5d:9a:07:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdb83e99bf7254f948057a5e981be6fa5c2054dd
        Validity
            Not Before: Oct 16 21:11:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=185ca2652693ac1cf949ad4dd62b12ae5d11f635
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:fb:6e:c2:e5:8c:90:ec:21:00:75:b4:78:c9:
                    08:59:78:3f:22:ea:c4:d0:a2:56:f5:45:6f:9a:bf:
                    d1:62:19:11:79:bf:6c:7b:ac:05:79:5d:df:67:fc:
                    79:9d:ff:cf:3f:52:fa:08:5e:7f:3d:a4:0f:ba:45:
                    0e:c0:28:ff:40:69:13:db:03:20:6e:83:bb:ce:0c:
                    a8:ec:e0:97:67:2f:c7:3b:04:4f:bb:82:0b:d4:68:
                    f0:94:9d:c0:e9:a7:be:9d:82:c5:86:ec:c2:e0:21:
                    fb:71:19:ae:6e:00:cd:42:0a:29:91:21:ff:00:d4:
                    30:16:80:50:d5:46:2a:cf:36:df:14:85:b4:3b:d5:
                    16:d8:4a:a3:6d:3f:75:3c:97:b3:86:9a:3b:b1:c4:
                    ba:51:07:30:ff:1d:57:6a:5f:65:68:ba:ba:0d:f6:
                    28:ea:f7:95:3f:7c:e8:e0:3f:0c:ff:5f:3a:08:00:
                    a5:6a:29:aa:74:b9:0a:60:a4:b6:41:13:df:c8:6d:
                    50:64:81:27:27:29:12:de:ad:04:97:c5:f6:63:ba:
                    55:07:1a:07:70:55:cf:89:3d:63:86:63:ef:31:51:
                    00:23:3c:45:f0:91:d4:a1:08:b1:d4:11:6d:9d:ad:
                    2d:20:58:f5:c8:80:27:2f:82:4b:46:66:34:61:9b:
                    fc:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:5C:A2:65:26:93:AC:1C:F9:49:AD:4D:D6:2B:12:AE:5D:11:F6:35
            X509v3 Authority Key Identifier:
                keyid:BD:B8:3E:99:BF:72:54:F9:48:05:7A:5E:98:1B:E6:FA:5C:20:54:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vbg-mb9yVPlIBXpemBvm-lwgVN0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/GFyiZSaTrBz5Sa1N1isSrl0R9jU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/vbg-mb9yVPlIBXpemBvm-lwgVN0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.249.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:19:1a:9b:04:a4:ae:1b:fc:60:9b:77:ca:27:02:54:d9:19:
         cb:70:2d:e0:b6:d2:79:88:30:87:2f:de:dc:cf:00:db:6a:0c:
         d9:a5:8c:50:0d:db:c2:fc:13:3d:78:12:05:bb:ea:41:3c:9a:
         9a:94:c8:fe:fd:51:d7:c5:80:95:c5:3f:33:be:d7:6f:ef:bf:
         80:69:25:67:59:7b:7a:09:96:05:e6:2a:ff:5e:c2:b4:9d:62:
         69:fd:01:e3:6b:28:9e:1a:79:3b:02:90:b5:8d:59:9d:ca:01:
         72:77:32:0e:0b:06:87:a0:14:d3:a0:1a:1b:c9:4d:fb:30:f5:
         85:6f:f5:05:80:51:bd:0f:b4:e8:2d:37:81:f9:4f:63:1d:2b:
         e2:a2:10:e8:b8:81:54:a6:60:af:15:05:21:83:c8:58:97:c9:
         b2:b9:bd:2b:28:1f:06:04:d7:63:ec:5c:40:79:7f:37:41:a1:
         c4:bf:9c:c5:38:7e:ae:95:0e:41:74:70:51:de:d8:4c:37:5d:
         bb:1d:69:cb:a1:72:46:f5:8f:60:21:ac:b0:36:a1:92:7e:b5:
         76:e8:bb:dd:24:31:f5:e3:63:11:b1:6a:32:ae:87:59:4e:ab:
         2c:f8:96:e8:2d:91:06:59:e0:bc:ae:10:24:f1:14:13:7f:8b:
         b3:3b:a2:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKXLD33nPoAs78k1TFdmgeDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkYjgzZTk5YmY3MjU0Zjk0ODA1N2E1ZTk4MWJlNmZhNWMy
MDU0ZGQwHhcNMjQxMDE2MjExMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODVjYTI2NTI2OTNhYzFjZjk0OWFkNGRkNjJiMTJhZTVkMTFmNjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvtuwuWMkOwhAHW0eMkIWXg/IurE
0KJW9UVvmr/RYhkReb9se6wFeV3fZ/x5nf/PP1L6CF5/PaQPukUOwCj/QGkT2wMg
boO7zgyo7OCXZy/HOwRPu4IL1GjwlJ3A6ae+nYLFhuzC4CH7cRmubgDNQgopkSH/
ANQwFoBQ1UYqzzbfFIW0O9UW2EqjbT91PJezhpo7scS6UQcw/x1Xal9laLq6DfYo
6veVP3zo4D8M/186CAClaimqdLkKYKS2QRPfyG1QZIEnJykS3q0El8X2Y7pVBxoH
cFXPiT1jhmPvMVEAIzxF8JHUoQix1BFtna0tIFj1yIAnL4JLRmY0YZv8tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBhcomUmk6wc+UmtTdYrEq5dEfY1MB8GA1UdIwQY
MBaAFL24Ppm/clT5SAV6Xpgb5vpcIFTdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmJnLW1iOXlWUGxJQlhwZW1Cdm0tbHdnVk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81ZTIwNWEtZWMwYS00ZmVlLWFlZjEt
ZTQ5NWFhYTBjYWMwLzEvR0Z5aVpTYVRyQno1U2ExTjFpc1NybDBSOWpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81ZTIwNWEtZWMwYS00ZmVlLWFlZjEtZTQ5NWFhYTBjYWMw
LzEvdmJnLW1iOXlWUGxJQlhwZW1Cdm0tbHdnVk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXPkgMA0G
CSqGSIb3DQEBCwUAA4IBAQCUGRqbBKSuG/xgm3fKJwJU2RnLcC3gttJ5iDCHL97c
zwDbagzZpYxQDdvC/BM9eBIFu+pBPJqalMj+/VHXxYCVxT8zvtdv77+AaSVnWXt6
CZYF5ir/XsK0nWJp/QHjayieGnk7ApC1jVmdygFydzIOCwaHoBTToBobyU37MPWF
b/UFgFG9D7ToLTeB+U9jHSviohDouIFUpmCvFQUhg8hYl8myub0rKB8GBNdj7FxA
eX83QaHEv5zFOH6ulQ5BdHBR3thMN127HWnLoXJG9Y9gIaywNqGSfrV26LvdJDH1
42MRsWoyrodZTqss+JboLZEGWeC8rhAk8RQTf4uzO6In
-----END CERTIFICATE-----