Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/9TFFKUlnXHBTxv-oHwJMp7dDxkU.roa
File:                     9TFFKUlnXHBTxv-oHwJMp7dDxkU.roa (raw, json)
Hash identifier:          0iI/jDQZonalsRJvT1KkSfy+K9s0PwhitH0CUj3CIaI=
Subject key identifier:   F5:31:45:29:49:67:5C:70:53:C6:FF:A8:1F:02:4C:A7:B7:43:C6:45
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018EE5F9576815577BDBDF6591060AB9CFFB
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/9TFFKUlnXHBTxv-oHwJMp7dDxkU.roa
Signing time:             Tue 16 Apr 2024 08:15:07 +0000
ROA not before:           Tue 16 Apr 2024 08:15:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212384
IP address blocks:        217.28.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:03:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e5:f9:57:68:15:57:7b:db:df:65:91:06:0a:b9:cf:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr 16 08:15:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f531452949675c7053c6ffa81f024ca7b743c645
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:2a:da:8d:a9:ba:70:85:4d:53:ff:80:ac:90:
                    f5:0e:97:0e:43:1a:b1:ba:c4:5e:5b:d5:00:2f:07:
                    e9:ea:a6:51:69:8f:be:5e:a0:9f:15:79:70:de:0e:
                    a2:7d:ca:77:70:16:e7:a9:53:9d:16:c9:69:61:ef:
                    f0:88:fc:a8:64:bf:62:d0:7c:0f:de:73:bb:d2:02:
                    cc:9a:de:a9:da:dc:cf:e4:f3:b9:64:11:75:ef:af:
                    1f:27:7a:df:a0:8c:b6:53:ac:8b:0d:da:c5:15:05:
                    84:0f:d2:3a:5f:2f:c5:55:e4:06:1a:ce:0a:d2:3e:
                    02:b0:41:81:52:78:f8:d2:21:bf:64:ee:9a:8c:28:
                    83:b0:32:c4:bd:4a:70:85:8e:f9:45:8a:f8:68:45:
                    5b:f5:41:d5:33:bf:ca:b0:34:51:fd:f1:5c:b1:d7:
                    86:84:eb:d9:4f:36:f2:fe:a1:72:7b:71:05:96:60:
                    f0:26:bc:8f:24:21:96:b0:ad:2d:d9:bf:a6:57:ef:
                    cd:f1:15:52:36:dc:e4:84:fd:9f:1d:51:e4:50:86:
                    49:af:53:48:f2:c5:f4:f7:02:f7:f4:e3:53:a1:3f:
                    eb:47:3c:cf:1d:e9:16:ca:f4:77:e2:fd:ec:75:89:
                    b7:2d:cc:2f:9d:3e:30:21:aa:d4:e0:65:6c:e2:f3:
                    ff:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:31:45:29:49:67:5C:70:53:C6:FF:A8:1F:02:4C:A7:B7:43:C6:45
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/9TFFKUlnXHBTxv-oHwJMp7dDxkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.28.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:87:71:d1:7f:7a:3c:6b:da:ed:ed:e2:1f:a2:4b:f0:2c:2a:
         8f:b4:58:01:75:d6:7b:81:30:e8:08:18:7d:f5:45:99:e1:17:
         19:ad:05:6d:a5:20:06:f6:a4:d3:25:b4:58:28:94:3c:6f:b8:
         39:83:79:78:23:d5:9e:3a:2f:c5:05:49:ff:0b:e8:5a:49:07:
         69:cb:6b:f4:87:51:43:1f:69:1f:3d:58:48:37:3a:16:41:36:
         f9:de:7c:8e:f5:0b:2d:2d:30:be:69:1f:43:aa:fd:7a:6d:cd:
         88:e2:8e:9b:ec:2b:c6:b8:09:97:ae:ed:0e:d8:2d:e9:05:13:
         96:e6:0e:ea:10:3c:fb:23:a6:03:f0:6a:1c:d1:8d:d3:24:76:
         b0:f6:c7:5e:05:82:0e:a8:79:7b:89:36:45:a1:5f:89:db:be:
         51:32:f9:cd:2c:61:9c:5d:77:40:87:8e:d4:c1:5b:97:d6:e9:
         8c:88:18:0f:4e:a6:95:45:01:fe:1f:19:a7:24:d3:17:d2:2f:
         e9:06:5b:94:cd:ba:6b:63:d8:be:50:50:f6:a9:0a:75:63:88:
         a0:e9:3b:ae:7b:42:24:5d:de:dd:bf:ff:90:d0:91:b6:f5:2d:
         1b:63:16:69:21:b2:13:9d:2c:c4:ec:7c:ff:27:a7:ce:54:56:
         25:ca:c7:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7l+VdoFVd7299lkQYKuc/7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwNDE2MDgxNTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTMxNDUyOTQ5Njc1YzcwNTNjNmZmYTgxZjAyNGNhN2I3NDNjNjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgSrajam6cIVNU/+ArJD1DpcOQxqx
usReW9UALwfp6qZRaY++XqCfFXlw3g6ifcp3cBbnqVOdFslpYe/wiPyoZL9i0HwP
3nO70gLMmt6p2tzP5PO5ZBF1768fJ3rfoIy2U6yLDdrFFQWED9I6Xy/FVeQGGs4K
0j4CsEGBUnj40iG/ZO6ajCiDsDLEvUpwhY75RYr4aEVb9UHVM7/KsDRR/fFcsdeG
hOvZTzby/qFye3EFlmDwJryPJCGWsK0t2b+mV+/N8RVSNtzkhP2fHVHkUIZJr1NI
8sX09wL39ONToT/rRzzPHekWyvR34v3sdYm3LcwvnT4wIarU4GVs4vP/WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPUxRSlJZ1xwU8b/qB8CTKe3Q8ZFMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvOVRGRktVbG5YSEJUeHYtb0h3Sk1wN2REeGtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RyAMA0G
CSqGSIb3DQEBCwUAA4IBAQBhh3HRf3o8a9rt7eIfokvwLCqPtFgBddZ7gTDoCBh9
9UWZ4RcZrQVtpSAG9qTTJbRYKJQ8b7g5g3l4I9WeOi/FBUn/C+haSQdpy2v0h1FD
H2kfPVhINzoWQTb53nyO9QstLTC+aR9Dqv16bc2I4o6b7CvGuAmXru0O2C3pBROW
5g7qEDz7I6YD8Goc0Y3TJHaw9sdeBYIOqHl7iTZFoV+J275RMvnNLGGcXXdAh47U
wVuX1umMiBgPTqaVRQH+HxmnJNMX0i/pBluUzbprY9i+UFD2qQp1Y4ig6Tuue0Ik
Xd7dv/+Q0JG29S0bYxZpIbITnSzE7Hz/J6fOVFYlysd/
-----END CERTIFICATE-----