Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/P9xfvowjwUTJ1BeBZWftNJoTRTY.roa
File:                     P9xfvowjwUTJ1BeBZWftNJoTRTY.roa (raw, json)
Hash identifier:          PCS3CVpHKLNPd59/He1D9rndMZygMly1wpKkhCi7M84=
Subject key identifier:   3F:DC:5F:BE:8C:23:C1:44:C9:D4:17:81:65:67:ED:34:9A:13:45:36
Certificate issuer:       /CN=1efa596a3126ace029c6d70d529257e07b38ba06
Certificate serial:       018CC72748FF5C61E0A2240C21D8042BD5DB
Authority key identifier: 1E:FA:59:6A:31:26:AC:E0:29:C6:D7:0D:52:92:57:E0:7B:38:BA:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/P9xfvowjwUTJ1BeBZWftNJoTRTY.roa
Signing time:             Mon 01 Jan 2024 22:31:29 +0000
ROA not before:           Mon 01 Jan 2024 22:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        128.139.0.0/17 maxlen: 17
                          128.139.128.0/17 maxlen: 17

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 19:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:48:ff:5c:61:e0:a2:24:0c:21:d8:04:2b:d5:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1efa596a3126ace029c6d70d529257e07b38ba06
        Validity
            Not Before: Jan  1 22:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fdc5fbe8c23c144c9d417816567ed349a134536
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:b2:ac:02:a7:01:fd:b7:7c:df:40:88:14:92:
                    be:8e:79:63:b3:bc:e5:57:24:5f:65:ed:9b:7b:ea:
                    8c:38:b9:d9:95:9a:5f:8e:8b:2d:d2:2e:02:eb:84:
                    c2:a3:f0:8c:a2:81:3e:6f:9b:0d:2c:4a:ec:20:14:
                    25:7a:c4:17:5f:cb:37:ea:5e:ab:2f:4b:de:c8:14:
                    b8:21:ca:61:a5:35:8e:8d:7a:fb:0e:0f:68:1e:30:
                    90:db:74:84:d9:fc:a1:da:17:3d:ae:e6:41:40:54:
                    2b:71:3c:f3:17:bf:ca:8d:5b:b6:fa:67:2a:76:bf:
                    ad:af:18:f9:19:a8:50:d4:db:e3:f4:2e:38:0f:a6:
                    5c:09:7f:05:85:6c:83:63:a0:4b:06:c7:8b:30:f1:
                    b0:70:a8:30:5c:94:b5:3d:7e:0e:8d:e6:b6:73:47:
                    40:af:f2:37:4c:2a:27:19:b2:0c:6b:2d:c3:d2:fe:
                    7b:04:57:9e:49:4b:29:4e:f0:44:55:5b:b3:e6:3d:
                    89:c1:a7:f5:49:ca:79:a4:88:9f:c3:f8:e4:79:0a:
                    72:db:05:fc:fc:d8:fe:86:13:b5:8b:23:9c:a5:6b:
                    92:2c:a3:45:40:25:49:32:e5:39:25:98:43:ab:3d:
                    40:ea:fc:10:02:31:d1:7d:12:36:df:80:0b:57:a5:
                    9a:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:DC:5F:BE:8C:23:C1:44:C9:D4:17:81:65:67:ED:34:9A:13:45:36
            X509v3 Authority Key Identifier:
                keyid:1E:FA:59:6A:31:26:AC:E0:29:C6:D7:0D:52:92:57:E0:7B:38:BA:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/P9xfvowjwUTJ1BeBZWftNJoTRTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.139.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         8d:76:7c:a3:74:47:c7:90:72:4a:15:e4:d0:ec:86:67:33:cf:
         69:c6:7d:87:62:ef:79:7a:95:94:5f:cc:b7:d6:de:ee:28:f0:
         5e:1d:5a:e3:87:27:1e:96:97:a4:ee:5c:c5:4c:71:5e:95:9a:
         17:14:06:67:10:bc:47:41:b5:f4:11:0d:6c:fc:10:24:7c:35:
         5a:04:2d:b5:46:c2:a7:0c:28:44:79:d8:c8:53:0b:92:ca:5c:
         56:3c:8d:a2:63:c5:10:04:59:be:3a:6b:7f:39:9b:22:ec:29:
         5f:a6:4e:87:64:ea:2e:36:3a:4a:5c:22:aa:55:f0:2e:a8:e5:
         d1:7f:05:f0:79:fb:79:2b:21:e1:5d:c3:53:c2:f8:2b:0e:c8:
         1a:1d:39:b5:31:c8:bc:ec:6f:83:cb:f3:b8:8f:f8:98:80:22:
         a1:0f:a9:a6:76:5a:48:de:bd:70:1d:ce:8a:18:53:35:96:95:
         a7:04:c9:25:67:80:42:62:f3:6d:b8:a6:d8:5e:8d:5a:f2:aa:
         64:35:6e:e0:d2:2b:6e:22:1d:54:e4:79:6b:56:b8:37:e8:c5:
         6b:27:60:cc:08:48:f8:f9:14:45:de:17:3a:c4:db:ed:60:c6:
         f7:87:b8:88:69:1b:06:24:99:1a:40:7f:0d:16:bf:29:b8:eb:
         16:71:73:85
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzHJ0j/XGHgoiQMIdgEK9XbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlZmE1OTZhMzEyNmFjZTAyOWM2ZDcwZDUyOTI1N2UwN2Iz
OGJhMDYwHhcNMjQwMTAxMjIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmRjNWZiZThjMjNjMTQ0YzlkNDE3ODE2NTY3ZWQzNDlhMTM0NTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7KsAqcB/bd830CIFJK+jnljs7zl
VyRfZe2be+qMOLnZlZpfjost0i4C64TCo/CMooE+b5sNLErsIBQlesQXX8s36l6r
L0veyBS4IcphpTWOjXr7Dg9oHjCQ23SE2fyh2hc9ruZBQFQrcTzzF7/KjVu2+mcq
dr+trxj5GahQ1Nvj9C44D6ZcCX8FhWyDY6BLBseLMPGwcKgwXJS1PX4Ojea2c0dA
r/I3TConGbIMay3D0v57BFeeSUspTvBEVVuz5j2Jwaf1Scp5pIifw/jkeQpy2wX8
/Nj+hhO1iyOcpWuSLKNFQCVJMuU5JZhDqz1A6vwQAjHRfRI234ALV6WaxQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFD/cX76MI8FEydQXgWVn7TSaE0U2MB8GA1UdIwQY
MBaAFB76WWoxJqzgKcbXDVKSV+B7OLoGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHZwWmFqRW1yT0FweHRjTlVwSlg0SHM0dWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zY2M3OGEtOGZiNS00NzVhLTg4ODIt
OWQwYzYyMDczNWYxLzEvUDl4ZnZvd2p3VVRKMUJlQlpXZnROSm9UUlRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zY2M3OGEtOGZiNS00NzVhLTg4ODItOWQwYzYyMDczNWYx
LzEvSHZwWmFqRW1yT0FweHRjTlVwSlg0SHM0dWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAgIswDQYJ
KoZIhvcNAQELBQADggEBAI12fKN0R8eQckoV5NDshmczz2nGfYdi73l6lZRfzLfW
3u4o8F4dWuOHJx6Wl6TuXMVMcV6VmhcUBmcQvEdBtfQRDWz8ECR8NVoELbVGwqcM
KER52MhTC5LKXFY8jaJjxRAEWb46a385myLsKV+mTodk6i42OkpcIqpV8C6o5dF/
BfB5+3krIeFdw1PC+CsOyBodObUxyLzsb4PL87iP+JiAIqEPqaZ2WkjevXAdzooY
UzWWlacEySVngEJi8224pthejVryqmQ1buDSK24iHVTkeWtWuDfoxWsnYMwISPj5
FEXeFzrE2+1gxveHuIhpGwYkmRpAfw0Wvym46xZxc4U=
-----END CERTIFICATE-----