Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/rwoagOxaPNjcpSCelg2fi3NBWCE.roa
File:                     rwoagOxaPNjcpSCelg2fi3NBWCE.roa (raw, json)
Hash identifier:          5yCQf0UzFN5vh1V4H0wKSpC6h3bpFVcU8vgEhytELxc=
Subject key identifier:   AF:0A:1A:80:EC:5A:3C:D8:DC:A5:20:9E:96:0D:9F:8B:73:41:58:21
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       0196C68A8ADEC59792989D4FA87DB9FB8540
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/rwoagOxaPNjcpSCelg2fi3NBWCE.roa
Signing time:             Mon 12 May 2025 22:08:10 +0000
ROA not before:           Mon 12 May 2025 22:08:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31715
IP address blocks:        188.209.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c6:8a:8a:de:c5:97:92:98:9d:4f:a8:7d:b9:fb:85:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: May 12 22:08:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af0a1a80ec5a3cd8dca5209e960d9f8b73415821
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ea:0a:c0:12:a1:4a:2c:09:01:00:2a:b0:88:
                    45:39:de:de:6e:00:ec:7f:bb:d6:21:a6:22:60:0d:
                    34:89:c3:48:9b:5b:ba:06:04:e2:c4:49:e0:5b:aa:
                    1a:e3:56:e2:a3:d3:31:73:c4:b7:1d:fe:c1:a2:bd:
                    cc:4e:60:72:6a:a6:19:24:24:fc:df:1b:78:b9:42:
                    f2:d0:3a:41:fd:90:10:a0:49:a1:a8:b8:29:5e:73:
                    c6:11:2e:cc:22:e1:15:37:01:d4:39:dd:51:4a:5e:
                    64:b3:e0:13:5b:bc:1f:b2:98:9d:17:aa:6d:90:88:
                    56:1d:44:7b:27:7e:c1:48:b0:d5:35:f6:9b:6f:8b:
                    6f:0c:58:73:96:5f:ec:dd:0a:cf:b4:7b:83:7e:93:
                    63:9f:2d:f2:2f:fe:d5:eb:d7:1f:7f:45:fa:6b:ac:
                    1c:bf:06:ed:5c:8a:8d:cd:a3:ed:39:fd:df:cc:08:
                    0f:32:a8:13:8f:e8:94:23:74:ae:7c:7c:48:82:31:
                    a7:ff:08:6e:4b:c2:2b:0f:3b:a1:41:e5:f0:9d:8a:
                    e2:8f:85:f4:99:7e:4a:75:9a:19:ca:10:6c:50:25:
                    d7:29:38:aa:fe:ed:25:f2:d0:f7:2d:48:6a:79:bc:
                    55:a8:d3:a8:4c:bd:49:ff:6c:c4:03:e4:30:a9:07:
                    48:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:0A:1A:80:EC:5A:3C:D8:DC:A5:20:9E:96:0D:9F:8B:73:41:58:21
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/rwoagOxaPNjcpSCelg2fi3NBWCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:39:05:15:91:4a:0e:34:15:33:46:99:f8:85:f9:a4:a2:08:
         9b:73:4f:81:33:06:6c:1c:ca:e1:08:b5:b6:ed:52:bd:9e:70:
         67:3c:42:d5:60:88:cb:e1:ea:ae:c0:5b:bb:d0:74:02:7a:34:
         c5:1b:aa:84:0e:d4:f5:3d:73:ca:f0:0d:d3:0d:7d:2b:a0:8b:
         f1:4a:bd:c8:b6:5f:37:07:ff:85:89:0a:33:55:94:79:37:72:
         d1:bb:c1:76:b5:b1:5a:c4:08:a9:72:95:9d:bb:04:f5:f5:de:
         ed:42:6d:54:b0:64:5e:de:03:a2:fa:32:53:a3:9e:f5:52:42:
         9a:18:e8:06:cc:30:65:5f:77:db:be:b7:4b:9b:53:17:fb:24:
         c3:89:aa:ee:29:bc:aa:30:47:49:96:a4:17:f3:70:6b:d0:bd:
         9b:6a:6d:27:6a:54:9e:bf:3d:0c:7e:ce:72:d3:5b:5e:57:0c:
         07:ab:37:3a:f9:d9:c8:3e:e2:63:73:76:35:8f:83:6c:bb:54:
         0f:46:b4:e7:f7:26:64:92:ac:60:ee:b9:cf:b0:5a:4c:c9:73:
         02:92:6c:76:21:0d:1c:c8:aa:bb:b0:0d:da:24:69:c5:86:17:
         c9:26:b7:45:40:9b:db:cb:8f:00:87:27:87:51:b1:d3:03:6d:
         b4:15:70:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbGiorexZeSmJ1PqH25+4VAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUwNTEyMjIwODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjBhMWE4MGVjNWEzY2Q4ZGNhNTIwOWU5NjBkOWY4YjczNDE1ODIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+oKwBKhSiwJAQAqsIhFOd7ebgDs
f7vWIaYiYA00icNIm1u6BgTixEngW6oa41bio9Mxc8S3Hf7Bor3MTmByaqYZJCT8
3xt4uULy0DpB/ZAQoEmhqLgpXnPGES7MIuEVNwHUOd1RSl5ks+ATW7wfspidF6pt
kIhWHUR7J37BSLDVNfabb4tvDFhzll/s3QrPtHuDfpNjny3yL/7V69cff0X6a6wc
vwbtXIqNzaPtOf3fzAgPMqgTj+iUI3SufHxIgjGn/whuS8IrDzuhQeXwnYrij4X0
mX5KdZoZyhBsUCXXKTiq/u0l8tD3LUhqebxVqNOoTL1J/2zEA+QwqQdI9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8KGoDsWjzY3KUgnpYNn4tzQVghMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvcndvYWdPeGFQTmpjcFNDZWxnMmZpM05CV0NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNGAMA0G
CSqGSIb3DQEBCwUAA4IBAQBkOQUVkUoONBUzRpn4hfmkogibc0+BMwZsHMrhCLW2
7VK9nnBnPELVYIjL4equwFu70HQCejTFG6qEDtT1PXPK8A3TDX0roIvxSr3Itl83
B/+FiQozVZR5N3LRu8F2tbFaxAipcpWduwT19d7tQm1UsGRe3gOi+jJTo571UkKa
GOgGzDBlX3fbvrdLm1MX+yTDiaruKbyqMEdJlqQX83Br0L2bam0nalSevz0Mfs5y
01teVwwHqzc6+dnIPuJjc3Y1j4Nsu1QPRrTn9yZkkqxg7rnPsFpMyXMCkmx2IQ0c
yKq7sA3aJGnFhhfJJrdFQJvby48AhyeHUbHTA220FXCb
-----END CERTIFICATE-----