Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/vuH-ReNMpWLFWLMVfh-H6AFK4Vc.roa
File:                     vuH-ReNMpWLFWLMVfh-H6AFK4Vc.roa (raw, json)
Hash identifier:          IX4Fwx2Gih0U6e78DS0UFJFIHLlwfsnhBvmIYvKwtbg=
Subject key identifier:   BE:E1:FE:45:E3:4C:A5:62:C5:58:B3:15:7E:1F:87:E8:01:4A:E1:57
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       0190BF7B6A716CCB54545196C486FADCE0D2
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/vuH-ReNMpWLFWLMVfh-H6AFK4Vc.roa
Signing time:             Wed 17 Jul 2024 06:57:34 +0000
ROA not before:           Wed 17 Jul 2024 06:57:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     152179
IP address blocks:        185.126.134.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bf:7b:6a:71:6c:cb:54:54:51:96:c4:86:fa:dc:e0:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Jul 17 06:57:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bee1fe45e34ca562c558b3157e1f87e8014ae157
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:fd:98:d8:2e:7a:cf:74:d3:45:d0:19:07:96:
                    cc:ef:5c:86:3a:54:f2:04:4a:fc:06:63:6c:a8:84:
                    5e:d9:bb:5a:8f:14:f2:2a:00:8c:47:3e:f2:51:6f:
                    c0:55:ae:20:12:bf:19:e7:56:a9:0c:b4:e2:52:82:
                    28:2f:f9:26:c9:34:2a:92:75:b7:ef:55:25:aa:09:
                    00:ef:75:91:c0:c1:68:02:c5:eb:12:d5:79:d7:15:
                    66:c8:c2:a6:d7:b2:0b:8c:c3:50:90:2c:39:6f:38:
                    b0:4e:af:24:c2:c2:ba:f4:62:d3:d9:d6:a5:18:ce:
                    fc:c4:b4:2b:79:db:54:f2:45:d1:91:52:02:a5:90:
                    b1:d2:c8:3d:7d:be:b5:06:fa:66:7e:fa:53:44:d9:
                    6f:e8:99:86:b8:99:7e:aa:7b:79:89:93:a4:7f:60:
                    2e:be:20:ad:a9:c7:40:d2:15:9e:f5:7b:14:d8:a8:
                    c4:ec:94:ab:f8:c4:04:6a:a7:c4:da:b9:14:27:77:
                    d9:65:7c:aa:35:c2:70:d9:45:3d:b8:2c:21:03:7b:
                    23:db:71:34:33:6d:41:9b:d5:43:03:a3:fa:c4:03:
                    eb:ff:da:2b:77:7f:20:a3:5e:dd:d8:f4:e6:e5:c6:
                    c2:25:fe:17:3d:42:ff:6d:87:5a:88:79:55:83:78:
                    e8:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:E1:FE:45:E3:4C:A5:62:C5:58:B3:15:7E:1F:87:E8:01:4A:E1:57
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/vuH-ReNMpWLFWLMVfh-H6AFK4Vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:fd:52:5f:7a:f6:49:9a:37:ad:27:3c:54:6a:dc:ac:00:cd:
         20:7f:f9:fb:4f:bd:87:4a:58:e3:e2:2a:e9:20:a6:ff:77:9b:
         4f:99:c2:1a:6f:1a:5f:a1:a6:ee:9b:fd:28:1f:43:f2:46:78:
         32:ab:d4:ef:e5:31:4e:a0:1e:1c:58:80:26:40:eb:65:e5:a7:
         92:84:cc:85:75:74:79:74:a5:0a:83:56:0f:04:99:39:5f:98:
         d0:b7:47:4c:49:c2:69:1f:d9:68:70:de:78:12:3b:3e:64:17:
         1b:11:be:fe:01:2e:57:30:5a:cc:fd:36:94:8a:40:bd:44:01:
         01:c3:00:6c:05:47:f4:73:a1:26:9f:47:f8:fe:66:46:c5:cf:
         23:ff:00:17:a0:49:d2:72:51:eb:80:c0:f0:c3:be:28:a0:90:
         b8:e2:5e:0e:22:ca:86:c9:79:4b:2d:63:e6:c7:3b:2d:82:ed:
         86:aa:18:64:5d:7b:7a:e0:f5:6e:d3:e5:4e:45:2f:4f:d5:64:
         57:6f:05:1e:09:c4:86:63:30:6e:16:99:03:2b:33:72:96:d7:
         79:d8:2b:a4:d2:8d:ac:37:38:0b:5c:a3:c1:73:3c:83:c7:af:
         e1:d1:91:2e:f6:2a:ab:4d:b9:c0:0b:51:eb:31:60:8f:40:c5:
         15:02:53:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZC/e2pxbMtUVFGWxIb63ODSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjQwNzE3MDY1NzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWUxZmU0NWUzNGNhNTYyYzU1OGIzMTU3ZTFmODdlODAxNGFlMTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1f2Y2C56z3TTRdAZB5bM71yGOlTy
BEr8BmNsqIRe2btajxTyKgCMRz7yUW/AVa4gEr8Z51apDLTiUoIoL/kmyTQqknW3
71UlqgkA73WRwMFoAsXrEtV51xVmyMKm17ILjMNQkCw5bziwTq8kwsK69GLT2dal
GM78xLQredtU8kXRkVICpZCx0sg9fb61BvpmfvpTRNlv6JmGuJl+qnt5iZOkf2Au
viCtqcdA0hWe9XsU2KjE7JSr+MQEaqfE2rkUJ3fZZXyqNcJw2UU9uCwhA3sj23E0
M21Bm9VDA6P6xAPr/9ord38go17d2PTm5cbCJf4XPUL/bYdaiHlVg3jo/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL7h/kXjTKVixVizFX4fh+gBSuFXMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvdnVILVJlTk1wV0xGV0xNVmZoLUg2QUZLNFZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuX6GMA0G
CSqGSIb3DQEBCwUAA4IBAQBc/VJfevZJmjetJzxUatysAM0gf/n7T72HSljj4irp
IKb/d5tPmcIabxpfoabum/0oH0PyRngyq9Tv5TFOoB4cWIAmQOtl5aeShMyFdXR5
dKUKg1YPBJk5X5jQt0dMScJpH9locN54Ejs+ZBcbEb7+AS5XMFrM/TaUikC9RAEB
wwBsBUf0c6Emn0f4/mZGxc8j/wAXoEnSclHrgMDww74ooJC44l4OIsqGyXlLLWPm
xzstgu2GqhhkXXt64PVu0+VORS9P1WRXbwUeCcSGYzBuFpkDKzNyltd52Cuk0o2s
NzgLXKPBczyDx6/h0ZEu9iqrTbnAC1HrMWCPQMUVAlN+
-----END CERTIFICATE-----