Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/79cef8-43a1-4089-809f-dc984265567d/1/L7e4J1RQTn0nIwk--GSUaD-UmoM.roa
File:                     L7e4J1RQTn0nIwk--GSUaD-UmoM.roa (raw, json)
Hash identifier:          2gs+pIrBMmE/Jpl0M+ftbVMtlfnyIgG+tIOj7MBw26s=
Subject key identifier:   2F:B7:B8:27:54:50:4E:7D:27:23:09:3E:F8:64:94:68:3F:94:9A:83
Certificate issuer:       /CN=06c44b821ab5db542cc536c1f88b84baf0621654
Certificate serial:       019425FC8E61E79E7D4EABB685B2ED94FE3E
Authority key identifier: 06:C4:4B:82:1A:B5:DB:54:2C:C5:36:C1:F8:8B:84:BA:F0:62:16:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BsRLghq121QsxTbB-IuEuvBiFlQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/79cef8-43a1-4089-809f-dc984265567d/1/L7e4J1RQTn0nIwk--GSUaD-UmoM.roa
Signing time:             Thu 02 Jan 2025 07:48:16 +0000
ROA not before:           Thu 02 Jan 2025 07:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203653
IP address blocks:        185.128.39.0/24 maxlen: 24
                          2a03:9f60::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/79cef8-43a1-4089-809f-dc984265567d/1/BsRLghq121QsxTbB-IuEuvBiFlQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/79cef8-43a1-4089-809f-dc984265567d/1/BsRLghq121QsxTbB-IuEuvBiFlQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BsRLghq121QsxTbB-IuEuvBiFlQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 22:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:8e:61:e7:9e:7d:4e:ab:b6:85:b2:ed:94:fe:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06c44b821ab5db542cc536c1f88b84baf0621654
        Validity
            Not Before: Jan  2 07:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2fb7b82754504e7d2723093ef86494683f949a83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:2c:84:d1:39:47:ae:43:37:ae:06:36:60:cf:
                    61:2d:72:5f:b7:fa:70:ce:5d:d7:6c:fc:b5:58:af:
                    a7:ef:ed:b6:05:0f:07:eb:d2:20:8f:2d:2f:8b:c0:
                    e1:5f:c2:f7:dd:08:29:46:17:a1:88:f5:47:6d:0d:
                    1c:c1:11:94:bf:b9:ae:67:68:a1:76:2b:85:4c:5d:
                    9b:3b:f4:8d:3b:c7:ca:95:02:e5:e8:8f:1a:90:a5:
                    10:df:1d:0a:82:a0:a2:d3:90:2e:f1:77:7f:8d:2e:
                    c4:4d:27:cf:41:96:68:d9:02:c6:6d:52:13:45:99:
                    39:38:b6:7f:80:6e:e5:92:2a:32:87:b3:d8:63:06:
                    27:4f:84:36:27:43:3d:0f:2e:33:f5:d4:92:44:97:
                    f8:c8:76:3e:74:cd:f7:96:79:48:05:2b:11:be:71:
                    c7:74:19:a6:d6:32:58:81:fa:d8:41:0e:fa:7a:f5:
                    38:f8:04:da:83:98:39:e3:aa:45:e8:08:6d:31:1d:
                    51:db:36:93:85:5b:67:a6:9b:34:8f:9c:6a:03:f8:
                    79:76:a8:6e:ea:1b:25:38:af:ba:3b:80:2d:c2:01:
                    73:80:d5:27:fc:97:83:0b:67:13:e5:88:4c:14:97:
                    d3:ba:2a:8f:6c:67:b8:0f:dc:90:31:dd:13:ce:8e:
                    ca:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:B7:B8:27:54:50:4E:7D:27:23:09:3E:F8:64:94:68:3F:94:9A:83
            X509v3 Authority Key Identifier:
                keyid:06:C4:4B:82:1A:B5:DB:54:2C:C5:36:C1:F8:8B:84:BA:F0:62:16:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BsRLghq121QsxTbB-IuEuvBiFlQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/79cef8-43a1-4089-809f-dc984265567d/1/L7e4J1RQTn0nIwk--GSUaD-UmoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/79cef8-43a1-4089-809f-dc984265567d/1/BsRLghq121QsxTbB-IuEuvBiFlQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.39.0/24
                IPv6:
                  2a03:9f60::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:3a:ae:7e:fc:f1:14:f2:0a:a5:a2:ba:5f:7c:e1:d9:a0:cc:
         b7:4b:cb:c1:68:85:7b:f0:74:ca:c0:c4:9b:fa:5e:dd:da:f2:
         27:89:ee:3d:cb:54:0a:4f:fa:0e:f5:83:ad:ea:cd:a0:76:5b:
         82:9b:90:c1:06:ee:4f:23:e7:9f:c0:56:5d:1d:6b:cf:78:f9:
         bd:6b:a8:2d:43:c2:4f:91:d2:a6:85:05:97:3d:6b:43:20:cf:
         9b:a4:fd:b7:97:2d:dc:a2:8f:3b:79:43:da:ef:c9:79:7e:ef:
         3d:b2:c5:19:84:0e:68:f7:58:9e:b9:f6:80:34:6b:fb:f3:f6:
         79:28:1a:9c:25:1b:ef:2a:d5:22:6d:9e:56:e5:fb:66:f8:3a:
         21:b6:8f:13:b3:03:8e:c3:ae:d2:ba:aa:f1:58:58:0c:f5:89:
         4c:94:84:45:2d:09:d7:3b:18:24:2d:2c:60:4a:af:a1:96:8c:
         dd:8b:97:db:2d:c2:46:ab:e7:b3:d7:48:b0:69:8b:ae:f2:c2:
         6c:33:1a:50:e3:ca:00:c6:24:98:31:ce:eb:1e:62:7a:48:49:
         0d:b7:41:9d:fc:d5:c8:8e:ac:f1:ad:a0:97:1f:2b:a6:03:38:
         a3:30:c8:70:9d:09:25:67:6c:eb:eb:1b:53:22:af:f5:91:46:
         14:9b:f2:07
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/I5h5559Tqu2hbLtlP4+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YzQ0YjgyMWFiNWRiNTQyY2M1MzZjMWY4OGI4NGJhZjA2
MjE2NTQwHhcNMjUwMTAyMDc0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmI3YjgyNzU0NTA0ZTdkMjcyMzA5M2VmODY0OTQ2ODNmOTQ5YTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1iyE0TlHrkM3rgY2YM9hLXJft/pw
zl3XbPy1WK+n7+22BQ8H69Igjy0vi8DhX8L33QgpRhehiPVHbQ0cwRGUv7muZ2ih
diuFTF2bO/SNO8fKlQLl6I8akKUQ3x0KgqCi05Au8Xd/jS7ETSfPQZZo2QLGbVIT
RZk5OLZ/gG7lkioyh7PYYwYnT4Q2J0M9Dy4z9dSSRJf4yHY+dM33lnlIBSsRvnHH
dBmm1jJYgfrYQQ76evU4+ATag5g546pF6AhtMR1R2zaThVtnpps0j5xqA/h5dqhu
6hslOK+6O4AtwgFzgNUn/JeDC2cT5YhMFJfTuiqPbGe4D9yQMd0Tzo7KuQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFC+3uCdUUE59JyMJPvhklGg/lJqDMB8GA1UdIwQY
MBaAFAbES4IatdtULMU2wfiLhLrwYhZUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnNSTGdocTEyMVFzeFRiQi1JdUV1dkJpRmxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi83OWNlZjgtNDNhMS00MDg5LTgwOWYt
ZGM5ODQyNjU1NjdkLzEvTDdlNEoxUlFUbjBuSXdrLS1HU1VhRC1VbW9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi83OWNlZjgtNDNhMS00MDg5LTgwOWYtZGM5ODQyNjU1Njdk
LzEvQnNSTGdocTEyMVFzeFRiQi1JdUV1dkJpRmxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuYAnMA0E
AgACMAcDBQAqA59gMA0GCSqGSIb3DQEBCwUAA4IBAQBHOq5+/PEU8gqlorpffOHZ
oMy3S8vBaIV78HTKwMSb+l7d2vInie49y1QKT/oO9YOt6s2gdluCm5DBBu5PI+ef
wFZdHWvPePm9a6gtQ8JPkdKmhQWXPWtDIM+bpP23ly3coo87eUPa78l5fu89ssUZ
hA5o91ieufaANGv78/Z5KBqcJRvvKtUibZ5W5ftm+Dohto8TswOOw67SuqrxWFgM
9YlMlIRFLQnXOxgkLSxgSq+hlozdi5fbLcJGq+ez10iwaYuu8sJsMxpQ48oAxiSY
Mc7rHmJ6SEkNt0Gd/NXIjqzxraCXHyumAzijMMhwnQklZ2zr6xtTIq/1kUYUm/IH
-----END CERTIFICATE-----