Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/GiRKTNrorQNftO23guHAbcFTNnQ.roa
File:                     GiRKTNrorQNftO23guHAbcFTNnQ.roa (raw, json)
Hash identifier:          iKq2cDm8KO4bDaKkQi874E3IJmyfmiBfs00QGopGZaQ=
Subject key identifier:   1A:24:4A:4C:DA:E8:AD:03:5F:B4:ED:B7:82:E1:C0:6D:C1:53:36:74
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018CC5DC9C837C94ECAE3A6EAF4FEA1235E8
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/GiRKTNrorQNftO23guHAbcFTNnQ.roa
Signing time:             Mon 01 Jan 2024 16:30:18 +0000
ROA not before:           Mon 01 Jan 2024 16:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200740
IP address blocks:        109.205.215.0/24 maxlen: 24
                          185.81.219.0/24 maxlen: 24
                          185.81.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 13:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:9c:83:7c:94:ec:ae:3a:6e:af:4f:ea:12:35:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 16:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a244a4cdae8ad035fb4edb782e1c06dc1533674
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:0d:d0:e9:27:cd:0a:87:df:e6:ab:ed:63:7a:
                    77:76:e6:c5:81:bc:c6:38:74:d6:61:cd:91:b6:10:
                    96:f7:f1:12:f3:4e:c6:aa:b3:6e:51:5e:f4:1d:2d:
                    7b:5b:1d:e4:fd:5e:78:8d:92:79:e1:77:46:38:b6:
                    61:59:9e:c5:57:85:41:10:8c:34:98:3f:02:32:55:
                    90:6a:b2:72:43:01:71:1f:a4:5d:6d:54:11:07:91:
                    f9:cb:0b:19:00:10:c6:20:4e:41:b1:64:96:16:2b:
                    e5:2b:58:02:82:cc:3e:a2:4c:bd:54:ed:52:c3:c1:
                    e2:aa:c7:65:0c:c0:08:ad:18:ca:5e:21:63:88:3f:
                    4c:ea:f4:07:c0:37:f5:21:de:bf:3e:2b:40:fb:af:
                    11:0e:37:94:bb:06:f2:03:da:f5:f9:8a:f5:f5:de:
                    4e:ea:20:4c:a2:22:96:f2:8d:e3:e5:9e:ba:9c:6f:
                    b6:7b:ff:77:66:5b:be:48:40:ac:58:ae:3f:35:c3:
                    33:f1:43:3e:fd:ab:9c:33:2d:3b:e3:d6:d5:1c:a3:
                    2e:87:3b:7a:a2:11:17:aa:2f:0c:0f:ec:6e:b4:9e:
                    d3:ab:62:45:18:74:13:30:51:d9:90:0c:df:12:16:
                    c5:18:e4:20:47:cd:b7:03:1f:63:11:f6:22:27:d9:
                    55:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:24:4A:4C:DA:E8:AD:03:5F:B4:ED:B7:82:E1:C0:6D:C1:53:36:74
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/GiRKTNrorQNftO23guHAbcFTNnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.215.0/24
                  185.81.216.0/24
                  185.81.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:2d:60:02:cf:d8:d4:d4:26:6e:51:78:6b:a6:26:82:65:75:
         d3:27:35:30:8a:ff:4a:de:f1:48:6a:d7:fe:39:ae:dd:5c:fb:
         51:59:32:b5:2e:9f:96:33:1c:01:88:32:78:93:6d:d9:9e:34:
         d8:8f:51:f1:f6:47:e1:dc:63:a9:c0:66:80:c4:ba:e5:f7:08:
         25:f4:48:b7:a2:8c:d9:ad:50:66:4b:00:68:b0:08:15:b4:3a:
         a4:ff:d9:95:56:bd:a0:1c:da:16:05:c1:16:13:77:86:75:3e:
         ed:2c:70:54:c4:9c:57:17:d1:bd:56:9e:55:b8:bb:f7:84:44:
         4b:e3:39:c6:3e:47:6f:b4:01:b2:ac:d3:79:7c:15:78:d7:3f:
         fa:de:5c:fb:33:5c:41:41:16:06:f5:d8:a8:d2:13:7e:32:68:
         85:6e:44:1f:ef:4a:16:62:df:17:cd:ab:9f:f8:4c:b5:e4:02:
         72:6c:2c:39:f0:6f:63:bc:ea:1a:7c:35:34:24:8f:8e:6f:4b:
         e0:bd:77:78:8c:fc:0a:a9:f5:bb:fb:f9:e9:97:89:b9:c3:c5:
         97:41:2e:fc:1e:03:10:28:05:ca:d2:03:0e:d5:f5:d5:9b:3d:
         58:d6:da:5c:ed:0d:cb:ac:79:54:00:c3:e8:30:64:60:3e:b6:
         60:94:c8:2e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzF3JyDfJTsrjpur0/qEjXoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwMTAxMTYzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTI0NGE0Y2RhZThhZDAzNWZiNGVkYjc4MmUxYzA2ZGMxNTMzNjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4w3Q6SfNCoff5qvtY3p3dubFgbzG
OHTWYc2RthCW9/ES807GqrNuUV70HS17Wx3k/V54jZJ54XdGOLZhWZ7FV4VBEIw0
mD8CMlWQarJyQwFxH6RdbVQRB5H5ywsZABDGIE5BsWSWFivlK1gCgsw+oky9VO1S
w8HiqsdlDMAIrRjKXiFjiD9M6vQHwDf1Id6/PitA+68RDjeUuwbyA9r1+Yr19d5O
6iBMoiKW8o3j5Z66nG+2e/93Zlu+SECsWK4/NcMz8UM+/aucMy0749bVHKMuhzt6
ohEXqi8MD+xutJ7Tq2JFGHQTMFHZkAzfEhbFGOQgR823Ax9jEfYiJ9lVMwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBokSkza6K0DX7Ttt4LhwG3BUzZ0MB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvR2lSS1ROcm9yUU5mdE8yM2d1SEFiY0ZUTm5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAbc3XAwQA
uVHYAwQAuVHbMA0GCSqGSIb3DQEBCwUAA4IBAQCPLWACz9jU1CZuUXhrpiaCZXXT
JzUwiv9K3vFIatf+Oa7dXPtRWTK1Lp+WMxwBiDJ4k23ZnjTYj1Hx9kfh3GOpwGaA
xLrl9wgl9Ei3oozZrVBmSwBosAgVtDqk/9mVVr2gHNoWBcEWE3eGdT7tLHBUxJxX
F9G9Vp5VuLv3hERL4znGPkdvtAGyrNN5fBV41z/63lz7M1xBQRYG9dio0hN+MmiF
bkQf70oWYt8Xzauf+Ey15AJybCw58G9jvOoafDU0JI+Ob0vgvXd4jPwKqfW7+/np
l4m5w8WXQS78HgMQKAXK0gMO1fXVmz1Y1tpc7Q3LrHlUAMPoMGRgPrZglMgu
-----END CERTIFICATE-----