Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/ea7e61-98b3-4120-83ce-c077e1702bc7/1/gmL2-QmgnlUfyRJGwDCidWDwXGY.roa
File:                     gmL2-QmgnlUfyRJGwDCidWDwXGY.roa (raw, json)
Hash identifier:          Hhr/+ZpToITqpB9ciM8jKIOmHat9Wx/2ZzB3UG3sY8I=
Subject key identifier:   82:62:F6:F9:09:A0:9E:55:1F:C9:12:46:C0:30:A2:75:60:F0:5C:66
Certificate issuer:       /CN=fcea08e8421df2f245c7cb333ee76a14a8882d4a
Certificate serial:       018CC86EFBC09B5A861D3F5321783242D57F
Authority key identifier: FC:EA:08:E8:42:1D:F2:F2:45:C7:CB:33:3E:E7:6A:14:A8:88:2D:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_OoI6EId8vJFx8szPudqFKiILUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/ea7e61-98b3-4120-83ce-c077e1702bc7/1/gmL2-QmgnlUfyRJGwDCidWDwXGY.roa
Signing time:             Tue 02 Jan 2024 04:29:25 +0000
ROA not before:           Tue 02 Jan 2024 04:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42649
IP address blocks:        45.86.105.0/24 maxlen: 24
                          45.86.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/ea7e61-98b3-4120-83ce-c077e1702bc7/1/_OoI6EId8vJFx8szPudqFKiILUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/ea7e61-98b3-4120-83ce-c077e1702bc7/1/_OoI6EId8vJFx8szPudqFKiILUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_OoI6EId8vJFx8szPudqFKiILUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:fb:c0:9b:5a:86:1d:3f:53:21:78:32:42:d5:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fcea08e8421df2f245c7cb333ee76a14a8882d4a
        Validity
            Not Before: Jan  2 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8262f6f909a09e551fc91246c030a27560f05c66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:98:6a:41:63:6b:80:0c:a7:09:e2:47:e9:ba:
                    eb:90:93:33:60:38:d4:d8:b8:78:d8:1a:e0:dd:68:
                    ef:4b:2e:43:ba:b5:2b:77:d6:dc:5d:10:78:9b:52:
                    62:e2:b2:e8:01:04:75:8e:8d:41:37:e4:f6:38:4b:
                    74:02:99:2e:39:14:75:40:08:89:6a:65:29:65:55:
                    24:9a:35:f3:f2:49:33:9b:ac:3a:43:ef:86:14:b9:
                    04:14:08:44:1f:b3:62:14:90:3d:af:00:2c:a0:e4:
                    8f:4c:9e:7a:6c:8d:e6:38:bd:f8:db:36:6a:09:63:
                    4d:32:f4:32:83:8e:08:a4:45:a8:69:60:61:17:3d:
                    36:6b:6d:c3:50:ab:b8:8e:99:c3:e8:d6:06:f3:5b:
                    32:9c:34:07:65:cc:2d:38:ef:16:66:24:84:d4:4b:
                    2b:06:10:dc:80:fa:0f:eb:71:8c:69:a6:fa:2c:a9:
                    25:58:b1:cd:4e:6a:dc:9a:6f:b9:41:84:2a:7c:fe:
                    ec:47:4d:a4:03:85:73:e8:01:19:3c:f2:64:e1:a8:
                    05:72:06:72:ad:60:e9:de:da:ca:c1:7a:62:68:36:
                    df:0b:41:e6:c8:71:08:e8:ce:e7:53:ba:16:cf:52:
                    c1:be:da:46:53:4a:9b:f8:a8:cf:b8:26:8a:4e:d6:
                    7e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:62:F6:F9:09:A0:9E:55:1F:C9:12:46:C0:30:A2:75:60:F0:5C:66
            X509v3 Authority Key Identifier:
                keyid:FC:EA:08:E8:42:1D:F2:F2:45:C7:CB:33:3E:E7:6A:14:A8:88:2D:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_OoI6EId8vJFx8szPudqFKiILUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/ea7e61-98b3-4120-83ce-c077e1702bc7/1/gmL2-QmgnlUfyRJGwDCidWDwXGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/ea7e61-98b3-4120-83ce-c077e1702bc7/1/_OoI6EId8vJFx8szPudqFKiILUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d4:f4:f4:62:9d:70:5d:27:84:f1:1b:97:d1:56:19:a8:c1:b8:
         2c:e0:96:e9:64:14:92:f8:5a:62:27:44:1e:85:38:e0:07:3d:
         86:64:fb:97:2b:d3:10:63:cb:73:df:d2:56:2c:57:0f:60:34:
         0a:21:a2:32:5f:4b:8d:11:b2:61:a8:06:85:b6:6a:04:75:d5:
         0f:ed:07:93:73:80:89:97:42:2f:a0:ef:f7:a5:43:76:c9:47:
         60:73:6b:da:e0:a6:bb:85:05:2c:92:b5:a3:c8:53:68:3a:2f:
         0b:8b:bc:2c:6b:8c:bf:ab:20:72:98:42:b0:14:75:50:19:e2:
         4b:cb:ab:40:ae:75:f3:a8:18:7a:2b:68:b0:57:dd:c4:ba:aa:
         07:85:8d:bc:79:8a:fd:f1:a1:fe:86:53:ff:29:00:bb:76:f0:
         55:e7:2b:88:8c:e9:7a:21:b5:af:1f:fc:99:ac:95:b8:bb:41:
         a7:d0:9f:da:06:00:25:16:5a:70:26:83:2e:8c:53:95:d7:82:
         e6:70:3b:22:47:0f:64:8d:90:db:89:dc:71:11:1d:32:25:7a:
         bf:8c:f3:35:16:32:0c:da:8c:7a:c4:64:4b:6b:c7:d4:ed:ea:
         b7:ec:7e:1c:e3:1a:d3:d5:6f:4d:09:a8:15:1f:22:4a:47:5e:
         13:99:ed:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbvvAm1qGHT9TIXgyQtV/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjZWEwOGU4NDIxZGYyZjI0NWM3Y2IzMzNlZTc2YTE0YTg4
ODJkNGEwHhcNMjQwMTAyMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjYyZjZmOTA5YTA5ZTU1MWZjOTEyNDZjMDMwYTI3NTYwZjA1YzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA05hqQWNrgAynCeJH6brrkJMzYDjU
2Lh42Brg3WjvSy5DurUrd9bcXRB4m1Ji4rLoAQR1jo1BN+T2OEt0ApkuORR1QAiJ
amUpZVUkmjXz8kkzm6w6Q++GFLkEFAhEH7NiFJA9rwAsoOSPTJ56bI3mOL342zZq
CWNNMvQyg44IpEWoaWBhFz02a23DUKu4jpnD6NYG81synDQHZcwtOO8WZiSE1Esr
BhDcgPoP63GMaab6LKklWLHNTmrcmm+5QYQqfP7sR02kA4Vz6AEZPPJk4agFcgZy
rWDp3trKwXpiaDbfC0HmyHEI6M7nU7oWz1LBvtpGU0qb+KjPuCaKTtZ+YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJi9vkJoJ5VH8kSRsAwonVg8FxmMB8GA1UdIwQY
MBaAFPzqCOhCHfLyRcfLMz7nahSoiC1KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX09vSTZFSWQ4dkpGeDhzelB1ZHFGS2lJTFVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9lYTdlNjEtOThiMy00MTIwLTgzY2Ut
YzA3N2UxNzAyYmM3LzEvZ21MMi1RbWdubFVmeVJKR3dEQ2lkV0R3WEdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9lYTdlNjEtOThiMy00MTIwLTgzY2UtYzA3N2UxNzAyYmM3
LzEvX09vSTZFSWQ4dkpGeDhzelB1ZHFGS2lJTFVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVZoMA0G
CSqGSIb3DQEBCwUAA4IBAQDU9PRinXBdJ4TxG5fRVhmowbgs4JbpZBSS+FpiJ0Qe
hTjgBz2GZPuXK9MQY8tz39JWLFcPYDQKIaIyX0uNEbJhqAaFtmoEddUP7QeTc4CJ
l0IvoO/3pUN2yUdgc2va4Ka7hQUskrWjyFNoOi8Li7wsa4y/qyBymEKwFHVQGeJL
y6tArnXzqBh6K2iwV93EuqoHhY28eYr98aH+hlP/KQC7dvBV5yuIjOl6IbWvH/yZ
rJW4u0Gn0J/aBgAlFlpwJoMujFOV14LmcDsiRw9kjZDbidxxER0yJXq/jPM1FjIM
2ox6xGRLa8fU7eq37H4c4xrT1W9NCagVHyJKR14Tme0Y
-----END CERTIFICATE-----