Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/GFxsTGRc6lwrbeiKMvqO73tvW9M.roa
File:                     GFxsTGRc6lwrbeiKMvqO73tvW9M.roa (raw, json)
Hash identifier:          WPoYac112CDAtH+vCBXRBpy9Olgu32ZQACBiKGNrBpo=
Subject key identifier:   18:5C:6C:4C:64:5C:EA:5C:2B:6D:E8:8A:32:FA:8E:EF:7B:6F:5B:D3
Certificate issuer:       /CN=41f5a10e4fd2655adbbb40ede18b2615ac558ea9
Certificate serial:       018CC9BB03A7537917943D3273A3987E93BE
Authority key identifier: 41:F5:A1:0E:4F:D2:65:5A:DB:BB:40:ED:E1:8B:26:15:AC:55:8E:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/GFxsTGRc6lwrbeiKMvqO73tvW9M.roa
Signing time:             Tue 02 Jan 2024 10:32:05 +0000
ROA not before:           Tue 02 Jan 2024 10:32:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197705
IP address blocks:        94.26.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:03:a7:53:79:17:94:3d:32:73:a3:98:7e:93:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41f5a10e4fd2655adbbb40ede18b2615ac558ea9
        Validity
            Not Before: Jan  2 10:32:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=185c6c4c645cea5c2b6de88a32fa8eef7b6f5bd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:78:da:41:7c:fa:7b:04:fe:ac:a3:31:28:af:
                    a8:f9:57:36:fe:67:79:63:78:b1:d6:f2:f2:86:32:
                    85:2d:95:77:31:d8:50:0d:53:3c:7f:69:36:67:7b:
                    bc:28:ea:df:e5:44:0d:60:03:13:c1:a8:ac:98:54:
                    5a:8b:ee:87:95:d4:87:bf:a6:59:2b:d5:aa:e4:c2:
                    43:c3:34:0c:2d:10:17:b2:f6:e5:14:b1:28:cc:3d:
                    86:89:6a:35:3f:b6:00:6a:9b:94:a1:1b:92:cf:7c:
                    f9:83:18:8a:0e:19:31:25:bc:e7:40:0e:9a:92:38:
                    74:2b:83:92:1f:86:17:c2:db:08:dc:74:5f:b6:eb:
                    91:6c:8f:08:cb:b6:75:03:9c:a7:6a:a2:df:1a:a5:
                    f1:20:66:c0:7f:bd:79:de:d0:48:7e:27:53:08:1f:
                    23:1e:85:44:68:ac:46:bc:b0:8c:9c:33:28:8a:76:
                    e4:30:57:15:3f:51:48:b0:a3:11:2b:ad:7c:21:95:
                    45:14:46:06:09:4c:ad:e2:69:63:d4:5f:ae:7e:7e:
                    94:3d:3c:fa:42:2e:ef:cf:9a:cf:1b:92:ca:f1:78:
                    40:56:b7:e4:7b:87:ab:b6:34:c8:b2:e1:89:b3:2e:
                    38:0f:1d:33:e1:ae:b8:10:96:70:be:96:12:e0:3c:
                    30:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:5C:6C:4C:64:5C:EA:5C:2B:6D:E8:8A:32:FA:8E:EF:7B:6F:5B:D3
            X509v3 Authority Key Identifier:
                keyid:41:F5:A1:0E:4F:D2:65:5A:DB:BB:40:ED:E1:8B:26:15:AC:55:8E:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/GFxsTGRc6lwrbeiKMvqO73tvW9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.26.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:b9:78:55:77:9a:2a:ba:49:92:76:3e:2b:8e:aa:ad:c8:f7:
         b5:29:7b:a4:e0:bd:4d:14:72:97:06:58:1b:5a:f4:7e:98:10:
         7c:06:5e:5e:04:35:11:96:35:6a:01:a5:b1:5a:d7:a4:57:2c:
         76:ca:39:0f:f8:48:73:13:c2:f7:19:1d:f5:63:6e:9c:e3:ba:
         65:63:91:d1:c4:ec:a1:ce:89:c0:2f:0c:75:7a:5e:f4:b9:d2:
         98:8c:36:f5:a4:23:9f:10:df:54:61:9d:de:27:ed:97:5f:4a:
         0a:19:86:73:f6:79:b5:4d:8b:88:78:c0:f6:76:e3:7d:0e:21:
         16:a4:28:13:60:15:3f:0b:e0:f0:66:af:8e:9f:b1:14:29:2c:
         1b:d9:8c:94:50:3e:6f:fc:56:a6:44:fd:93:05:70:92:d6:8b:
         aa:36:dc:bb:9a:ce:28:81:12:15:a4:59:bf:f7:32:4f:7f:74:
         e9:fa:b3:c5:a9:7f:54:3c:dd:14:c8:1d:35:29:f7:7b:a4:d7:
         51:d9:0c:67:2c:d1:e2:e4:22:08:41:09:d2:5c:48:27:71:34:
         cf:13:7c:a5:00:23:3c:4b:de:ee:1e:fd:42:e3:76:de:9b:c7:
         8a:58:ea:cc:5f:b5:74:40:a1:4a:7a:73:16:ee:ea:5d:49:4e:
         6b:c7:00:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuwOnU3kXlD0yc6OYfpO+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZjVhMTBlNGZkMjY1NWFkYmJiNDBlZGUxOGIyNjE1YWM1
NThlYTkwHhcNMjQwMTAyMTAzMjA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODVjNmM0YzY0NWNlYTVjMmI2ZGU4OGEzMmZhOGVlZjdiNmY1YmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgHjaQXz6ewT+rKMxKK+o+Vc2/md5
Y3ix1vLyhjKFLZV3MdhQDVM8f2k2Z3u8KOrf5UQNYAMTwaismFRai+6HldSHv6ZZ
K9Wq5MJDwzQMLRAXsvblFLEozD2GiWo1P7YAapuUoRuSz3z5gxiKDhkxJbznQA6a
kjh0K4OSH4YXwtsI3HRftuuRbI8Iy7Z1A5ynaqLfGqXxIGbAf7153tBIfidTCB8j
HoVEaKxGvLCMnDMoinbkMFcVP1FIsKMRK618IZVFFEYGCUyt4mlj1F+ufn6UPTz6
Qi7vz5rPG5LK8XhAVrfke4ertjTIsuGJsy44Dx0z4a64EJZwvpYS4DwwaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBhcbExkXOpcK23oijL6ju97b1vTMB8GA1UdIwQY
MBaAFEH1oQ5P0mVa27tA7eGLJhWsVY6pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWZXaERrX1NaVnJidTBEdDRZc21GYXhWanFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi84ZDNjODItZTQwMy00ZGE2LWIzMTUt
ODc5MDIwNmYwZDc0LzEvR0Z4c1RHUmM2bHdyYmVpS012cU83M3R2VzlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi84ZDNjODItZTQwMy00ZGE2LWIzMTUtODc5MDIwNmYwZDc0
LzEvUWZXaERrX1NaVnJidTBEdDRZc21GYXhWanFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXhomMA0G
CSqGSIb3DQEBCwUAA4IBAQCYuXhVd5oqukmSdj4rjqqtyPe1KXuk4L1NFHKXBlgb
WvR+mBB8Bl5eBDURljVqAaWxWtekVyx2yjkP+EhzE8L3GR31Y26c47plY5HRxOyh
zonALwx1el70udKYjDb1pCOfEN9UYZ3eJ+2XX0oKGYZz9nm1TYuIeMD2duN9DiEW
pCgTYBU/C+DwZq+On7EUKSwb2YyUUD5v/FamRP2TBXCS1ouqNty7ms4ogRIVpFm/
9zJPf3Tp+rPFqX9UPN0UyB01Kfd7pNdR2QxnLNHi5CIIQQnSXEgncTTPE3ylACM8
S97uHv1C43bem8eKWOrMX7V0QKFKenMW7updSU5rxwAU
-----END CERTIFICATE-----