Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/GBm_VAZMm95tvGvpR8c8CkKdzyw.roa
File:                     GBm_VAZMm95tvGvpR8c8CkKdzyw.roa (raw, json)
Hash identifier:          /MkVaXn8Lh0U59FVf0qSK7VZuxTGbFM8GznUiwatBTk=
Subject key identifier:   18:19:BF:54:06:4C:9B:DE:6D:BC:6B:E9:47:C7:3C:0A:42:9D:CF:2C
Certificate issuer:       /CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
Certificate serial:       0194228D2AA650DA472A9C18902A0603A5B6
Authority key identifier: 7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/GBm_VAZMm95tvGvpR8c8CkKdzyw.roa
Signing time:             Wed 01 Jan 2025 15:47:44 +0000
ROA not before:           Wed 01 Jan 2025 15:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42637
IP address blocks:        86.106.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 07:29:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:2a:a6:50:da:47:2a:9c:18:90:2a:06:03:a5:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
        Validity
            Not Before: Jan  1 15:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1819bf54064c9bde6dbc6be947c73c0a429dcf2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a4:b9:08:38:cb:d2:62:ab:54:f5:8c:da:89:
                    c1:6b:14:4b:c7:a5:53:91:68:31:32:69:94:e0:68:
                    6f:d9:ac:24:9d:3a:83:f0:86:1d:e8:98:09:29:c1:
                    7f:7a:94:a6:13:72:0e:3a:10:27:7b:95:5d:26:59:
                    93:54:bb:dd:c5:9b:10:19:68:53:2a:87:e3:4a:69:
                    80:81:23:e1:69:7f:26:99:ff:ce:f9:59:d5:76:d5:
                    c4:e6:03:7b:85:3d:ff:a1:5b:cd:ab:c5:59:33:ae:
                    04:95:14:80:9c:87:e6:cb:30:37:42:ff:62:90:7a:
                    01:31:79:a6:9d:5f:d1:f3:46:69:02:a9:5e:1a:fd:
                    34:d8:c5:c9:3f:91:ae:6c:17:36:86:b0:43:6d:f9:
                    bc:18:d8:db:ae:e9:29:aa:15:e2:5d:7b:2f:1c:6d:
                    b6:96:61:74:bb:32:7f:16:71:6c:43:83:0e:38:5f:
                    93:9d:96:66:04:cb:aa:96:dd:0b:80:86:5b:03:d9:
                    03:04:b7:2b:7b:93:7c:c6:eb:75:74:39:e6:fd:26:
                    05:fe:71:99:2d:b6:98:80:98:69:73:88:7a:56:1b:
                    17:23:bd:f0:35:f8:21:c2:6a:79:37:12:3f:23:f6:
                    fa:5b:42:18:0e:67:78:c5:bc:d2:96:f1:46:c3:7e:
                    83:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:19:BF:54:06:4C:9B:DE:6D:BC:6B:E9:47:C7:3C:0A:42:9D:CF:2C
            X509v3 Authority Key Identifier:
                keyid:7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/GBm_VAZMm95tvGvpR8c8CkKdzyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.106.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:aa:41:f4:8a:e3:db:01:80:c0:a4:78:99:01:e7:c5:a9:b3:
         20:8f:32:a4:ff:1f:f7:5a:31:34:72:40:0e:cf:e1:87:a4:8b:
         d1:24:fa:44:4d:88:2f:fb:38:8e:fd:2d:1e:c0:80:b5:78:b0:
         ed:eb:62:ca:a4:d5:89:92:54:05:44:f3:53:1b:81:c4:43:f3:
         15:9c:0b:42:df:30:80:52:65:0c:53:dd:ec:f2:56:f0:b7:29:
         77:d8:83:b5:4d:2e:49:db:a0:41:cc:3f:da:7e:90:d2:0f:1f:
         81:eb:ea:03:0b:0a:83:de:bf:61:7e:98:76:13:be:38:9d:8f:
         c5:e9:6b:b4:de:fe:89:75:10:0b:02:72:a5:11:bc:9e:d7:24:
         f8:80:91:a7:83:76:57:78:95:d6:4e:c0:ab:30:9d:c2:02:3e:
         17:79:64:92:13:b8:af:9c:82:65:d3:fe:2c:06:37:40:38:36:
         4e:c8:77:53:89:ff:15:91:d1:75:e8:e0:cc:d7:77:00:7f:ae:
         50:97:b4:04:55:c9:85:fc:fe:2d:57:45:9c:25:cf:11:a5:ba:
         7b:f7:02:b8:c5:6b:a6:77:19:e9:54:6d:6e:d7:86:3c:65:ab:
         69:2a:83:c8:35:81:3e:2d:c6:00:6d:1a:ea:fc:f8:6b:c7:f3:
         b7:a0:b9:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijSqmUNpHKpwYkCoGA6W2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZWYwNjllN2UzZWQ1YmY3MGY2ODJjZTQwYzU4MTBmZjNl
NWUzNzgwHhcNMjUwMTAxMTU0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODE5YmY1NDA2NGM5YmRlNmRiYzZiZTk0N2M3M2MwYTQyOWRjZjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKS5CDjL0mKrVPWM2onBaxRLx6VT
kWgxMmmU4Ghv2awknTqD8IYd6JgJKcF/epSmE3IOOhAne5VdJlmTVLvdxZsQGWhT
KofjSmmAgSPhaX8mmf/O+VnVdtXE5gN7hT3/oVvNq8VZM64ElRSAnIfmyzA3Qv9i
kHoBMXmmnV/R80ZpAqleGv002MXJP5GubBc2hrBDbfm8GNjbrukpqhXiXXsvHG22
lmF0uzJ/FnFsQ4MOOF+TnZZmBMuqlt0LgIZbA9kDBLcre5N8xut1dDnm/SYF/nGZ
LbaYgJhpc4h6VhsXI73wNfghwmp5NxI/I/b6W0IYDmd4xbzSlvFGw36DBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBgZv1QGTJvebbxr6UfHPApCnc8sMB8GA1UdIwQY
MBaAFHrvBp5+PtW/cPaCzkDFgQ/z5eN4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmIt
OTAwMDM0ZjAwZDllLzEvR0JtX1ZBWk1tOTV0dkd2cFI4YzhDa0tkenl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmItOTAwMDM0ZjAwZDll
LzEvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVmqFMA0G
CSqGSIb3DQEBCwUAA4IBAQAfqkH0iuPbAYDApHiZAefFqbMgjzKk/x/3WjE0ckAO
z+GHpIvRJPpETYgv+ziO/S0ewIC1eLDt62LKpNWJklQFRPNTG4HEQ/MVnAtC3zCA
UmUMU93s8lbwtyl32IO1TS5J26BBzD/afpDSDx+B6+oDCwqD3r9hfph2E744nY/F
6Wu03v6JdRALAnKlEbye1yT4gJGng3ZXeJXWTsCrMJ3CAj4XeWSSE7ivnIJl0/4s
BjdAODZOyHdTif8VkdF16ODM13cAf65Ql7QEVcmF/P4tV0WcJc8Rpbp79wK4xWum
dxnpVG1u14Y8ZatpKoPINYE+LcYAbRrq/Phrx/O3oLlc
-----END CERTIFICATE-----