Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS12129.roa
File:                     AS12129.roa (raw, json)
Hash identifier:          AXAxqBUZI0hh87HtL5cnsSl3YjRtdHMvHjJlhdJDAqc=
Subject key identifier:   33:A8:9B:E9:CA:FC:16:D0:B3:55:01:D4:51:AC:7B:0A:50:B5:BA:44
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       788F4E9B56A3042A261865981DCF6E0DD4C492A6
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS12129.roa
Signing time:             Wed 31 Jan 2024 08:05:10 +0000
ROA not before:           Wed 31 Jan 2024 08:00:10 +0000
ROA not after:            Wed 29 Jan 2025 08:05:10 +0000
asID:                     12129
IP address blocks:        181.214.238.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:8f:4e:9b:56:a3:04:2a:26:18:65:98:1d:cf:6e:0d:d4:c4:92:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 31 08:00:10 2024 GMT
            Not After : Jan 29 08:05:10 2025 GMT
        Subject: CN=33A89BE9CAFC16D0B35501D451AC7B0A50B5BA44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:69:be:99:cd:f7:11:54:e5:26:a7:9e:17:b3:
                    ae:cf:f4:75:09:9e:41:d6:c1:c9:34:3f:e2:75:07:
                    ad:33:26:8a:58:71:47:2a:a8:63:2a:9a:1b:52:43:
                    68:0e:a3:30:21:4c:ff:9b:8c:1c:31:e8:8f:83:58:
                    8c:ab:03:67:75:f4:81:db:8d:7d:52:c6:25:2d:8f:
                    1c:8a:ae:e8:eb:00:ba:a3:14:d3:70:df:32:33:7e:
                    e5:a9:62:57:72:a2:b3:a5:33:2e:b5:ab:50:66:ea:
                    9a:89:ae:f8:65:3f:bb:fa:a6:4b:c0:62:f2:f2:7a:
                    2d:43:fb:a4:ad:b1:0c:43:21:de:3a:48:cf:24:e7:
                    fa:36:15:83:49:7c:0e:07:de:35:1e:cd:e3:95:24:
                    0e:b7:d7:59:55:10:75:7f:97:52:d0:51:4a:af:e0:
                    8b:06:8c:77:ed:ac:02:ec:9d:3c:b9:e8:04:f2:c8:
                    cd:a9:b3:3e:8f:2a:36:cc:d7:8b:49:25:5f:c7:1e:
                    c8:ef:96:c8:8d:05:39:8e:6c:57:08:01:8e:4a:6a:
                    2d:d9:15:38:76:16:f3:ec:d0:68:66:87:f3:8e:f9:
                    16:2c:ab:eb:f7:5c:2b:d3:3f:0c:71:5b:92:a0:fa:
                    11:94:c0:5a:5d:50:3d:7f:07:26:94:cc:e3:67:0d:
                    b9:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:A8:9B:E9:CA:FC:16:D0:B3:55:01:D4:51:AC:7B:0A:50:B5:BA:44
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS12129.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a6:cb:d6:00:6a:8a:67:bd:b4:ae:e4:b2:50:bd:a8:d7:6d:ee:
         00:b0:0d:c0:85:a0:1a:a8:14:44:68:cb:95:fb:d5:c0:ff:63:
         4a:61:16:25:43:9b:f6:d6:c6:f5:5f:57:f8:55:52:ba:15:19:
         20:05:67:4b:4c:7c:74:d5:20:3f:75:80:17:a8:2b:5c:68:cc:
         65:f5:40:59:22:e2:88:d4:b4:90:84:f4:2c:14:db:b3:13:69:
         10:76:14:43:a4:55:2a:b1:9b:20:fc:8a:43:d9:dc:9a:c3:d6:
         26:2e:fc:71:cd:0b:86:0b:eb:57:8b:ce:8f:ed:03:1e:24:dc:
         da:1f:9c:92:7a:d5:b7:85:53:06:0f:36:c0:c6:4e:7c:64:95:
         30:bc:4a:b0:a1:ca:34:54:4b:5c:5b:36:f3:77:cd:4e:35:92:
         8a:d1:bf:52:3e:f3:5f:13:dd:34:f7:49:8e:bb:89:ee:75:f3:
         ae:92:e6:5f:09:d2:12:17:95:8e:7c:18:ad:ef:2b:39:76:0d:
         cb:83:25:47:50:8a:9b:b6:bb:71:5c:86:92:05:0c:57:f2:ce:
         64:2c:1e:b3:06:70:a2:d0:03:f7:77:4b:61:b1:b7:02:1a:4d:
         cb:1e:47:58:2b:65:3a:9c:5c:61:e3:f5:79:8b:b7:8e:1d:45:
         45:bf:0f:d1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUeI9Om1ajBComGGWYHc9uDdTEkqYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAxMzEwODAwMTBaFw0yNTAxMjkwODA1MTBaMDMxMTAvBgNV
BAMTKDMzQTg5QkU5Q0FGQzE2RDBCMzU1MDFENDUxQUM3QjBBNTBCNUJBNDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRab6ZzfcRVOUmp54Xs67P9HUJ
nkHWwck0P+J1B60zJopYcUcqqGMqmhtSQ2gOozAhTP+bjBwx6I+DWIyrA2d19IHb
jX1SxiUtjxyKrujrALqjFNNw3zIzfuWpYldyorOlMy61q1Bm6pqJrvhlP7v6pkvA
YvLyei1D+6StsQxDId46SM8k5/o2FYNJfA4H3jUezeOVJA6311lVEHV/l1LQUUqv
4IsGjHftrALsnTy56ATyyM2psz6PKjbM14tJJV/HHsjvlsiNBTmObFcIAY5Kai3Z
FTh2FvPs0Ghmh/OO+RYsq+v3XCvTPwxxW5Kg+hGUwFpdUD1/ByaUzONnDblrAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUM6ib6cr8FtCzVQHUUax7ClC1ukQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTIxMjkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAG11u4w
DQYJKoZIhvcNAQELBQADggEBAKbL1gBqime9tK7kslC9qNdt7gCwDcCFoBqoFERo
y5X71cD/Y0phFiVDm/bWxvVfV/hVUroVGSAFZ0tMfHTVID91gBeoK1xozGX1QFki
4ojUtJCE9CwU27MTaRB2FEOkVSqxmyD8ikPZ3JrD1iYu/HHNC4YL61eLzo/tAx4k
3NofnJJ61beFUwYPNsDGTnxklTC8SrChyjRUS1xbNvN3zU41korRv1I+818T3TT3
SY67ie51866S5l8J0hIXlY58GK3vKzl2DcuDJUdQipu2u3FchpIFDFfyzmQsHrMG
cKLQA/d3S2GxtwIaTcseR1grZTqcXGHj9XmLt44dRUW/D9E=
-----END CERTIFICATE-----