Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/KX71aYDc7COcBvGYMtW_I8jVEro.roa
File:                     KX71aYDc7COcBvGYMtW_I8jVEro.roa (raw, json)
Hash identifier:          m4mYzz0InD89bmwaO+N//OYVwFvsqF8sbCWbylUSfpU=
Subject key identifier:   29:7E:F5:69:80:DC:EC:23:9C:06:F1:98:32:D5:BF:23:C8:D5:12:BA
Certificate issuer:       /CN=0e0b0dcb6ad0ca816d2bd204e13f1eaf1104274c
Certificate serial:       01942521A3C93821F69A515123EEEFE8E9A5
Authority key identifier: 0E:0B:0D:CB:6A:D0:CA:81:6D:2B:D2:04:E1:3F:1E:AF:11:04:27:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DgsNy2rQyoFtK9IE4T8erxEEJ0w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/KX71aYDc7COcBvGYMtW_I8jVEro.roa
Signing time:             Thu 02 Jan 2025 03:49:09 +0000
ROA not before:           Thu 02 Jan 2025 03:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        185.127.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/DgsNy2rQyoFtK9IE4T8erxEEJ0w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/DgsNy2rQyoFtK9IE4T8erxEEJ0w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DgsNy2rQyoFtK9IE4T8erxEEJ0w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:a3:c9:38:21:f6:9a:51:51:23:ee:ef:e8:e9:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e0b0dcb6ad0ca816d2bd204e13f1eaf1104274c
        Validity
            Not Before: Jan  2 03:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=297ef56980dcec239c06f19832d5bf23c8d512ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:bf:6b:fc:cf:49:b2:dd:8e:6c:1d:cc:38:f2:
                    62:96:3f:0e:13:d1:26:85:b6:62:c5:f5:32:60:23:
                    db:37:90:70:cb:1d:20:32:3b:17:64:7b:49:3c:6e:
                    53:b2:ba:22:72:92:22:95:c8:3f:15:7a:c5:19:3b:
                    94:37:05:7b:c8:7e:c6:14:6e:97:41:a8:e8:50:9a:
                    1a:44:ef:f9:4b:8e:dc:00:0a:77:6f:99:9d:95:8b:
                    17:51:74:aa:f1:d4:a5:01:e8:e4:a7:e9:ee:a9:31:
                    a1:a0:47:ef:01:cd:93:eb:50:98:a9:4d:fe:a6:25:
                    79:d5:98:ce:89:0e:42:f8:04:bd:6a:e5:e7:52:53:
                    68:c1:e6:34:86:60:21:b0:1c:82:70:23:c8:30:ed:
                    6b:b9:fa:07:29:3c:6d:6c:39:c1:aa:a0:b3:c5:40:
                    de:db:d7:97:39:14:c9:6e:d3:ef:48:8e:5c:67:b8:
                    43:04:6d:99:6d:13:6f:56:31:2b:8c:b3:b6:14:c1:
                    fc:fc:a6:83:d9:43:ac:1f:bd:70:01:c4:c4:2d:84:
                    c9:7d:27:ff:1c:01:6e:53:2d:1e:27:aa:7b:3f:f8:
                    7a:08:46:c2:02:cc:e3:c2:26:d8:1f:93:b1:3b:ba:
                    7c:e8:78:54:94:72:99:00:6b:d5:8b:74:f2:c2:6e:
                    34:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:7E:F5:69:80:DC:EC:23:9C:06:F1:98:32:D5:BF:23:C8:D5:12:BA
            X509v3 Authority Key Identifier:
                keyid:0E:0B:0D:CB:6A:D0:CA:81:6D:2B:D2:04:E1:3F:1E:AF:11:04:27:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DgsNy2rQyoFtK9IE4T8erxEEJ0w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/KX71aYDc7COcBvGYMtW_I8jVEro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f19d06-c7fa-40e5-b813-7fe3951a735b/1/DgsNy2rQyoFtK9IE4T8erxEEJ0w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.127.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:9a:77:33:af:ac:83:d0:2c:db:07:a1:b8:f5:45:15:76:f1:
         0e:3d:fb:7e:7a:5d:ac:c4:2c:55:d1:70:ab:63:fc:c4:12:4c:
         e1:db:40:79:f6:36:9e:eb:e4:c5:28:a1:e0:f7:98:d0:a1:c5:
         d3:3c:da:49:84:86:2f:4d:e3:32:07:c9:f2:2d:c1:d0:34:40:
         17:b2:e3:0d:73:45:2f:5d:56:d7:47:6a:1a:5d:d3:fe:4b:fd:
         db:ff:14:a2:18:13:02:86:66:8f:92:84:0b:c4:c8:a6:20:ef:
         e7:8d:c6:70:0a:b8:56:72:cc:3e:21:da:91:2c:3b:4d:99:f9:
         a6:63:a7:79:94:a5:32:b9:4c:86:67:10:07:fb:5a:fe:06:86:
         cc:f7:26:7c:76:5d:cb:0f:f7:3e:be:be:95:7d:b7:8f:96:db:
         b4:37:64:71:8d:45:c1:fb:90:b5:35:62:93:93:e0:3a:ce:07:
         df:2b:a8:fd:d6:07:ee:b5:66:fd:e0:a5:fe:ca:07:63:37:d8:
         14:e1:82:82:59:eb:ac:e5:09:71:c8:30:35:e9:4c:e0:ce:14:
         70:b8:dc:6e:cd:32:e2:a1:51:31:e0:2e:d6:b3:95:bc:8d:7e:
         d7:e3:34:fc:d4:42:aa:91:3f:26:23:c2:19:35:0f:6f:8a:95:
         de:47:de:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIaPJOCH2mlFRI+7v6OmlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMGIwZGNiNmFkMGNhODE2ZDJiZDIwNGUxM2YxZWFmMTEw
NDI3NGMwHhcNMjUwMTAyMDM0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTdlZjU2OTgwZGNlYzIzOWMwNmYxOTgzMmQ1YmYyM2M4ZDUxMmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlb9r/M9Jst2ObB3MOPJilj8OE9Em
hbZixfUyYCPbN5Bwyx0gMjsXZHtJPG5TsroicpIilcg/FXrFGTuUNwV7yH7GFG6X
QajoUJoaRO/5S47cAAp3b5mdlYsXUXSq8dSlAejkp+nuqTGhoEfvAc2T61CYqU3+
piV51ZjOiQ5C+AS9auXnUlNoweY0hmAhsByCcCPIMO1rufoHKTxtbDnBqqCzxUDe
29eXORTJbtPvSI5cZ7hDBG2ZbRNvVjErjLO2FMH8/KaD2UOsH71wAcTELYTJfSf/
HAFuUy0eJ6p7P/h6CEbCAszjwibYH5OxO7p86HhUlHKZAGvVi3Tywm40xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCl+9WmA3OwjnAbxmDLVvyPI1RK6MB8GA1UdIwQY
MBaAFA4LDctq0MqBbSvSBOE/Hq8RBCdMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGdzTnkyclF5b0Z0SzlJRTRUOGVyeEVFSjB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9mMTlkMDYtYzdmYS00MGU1LWI4MTMt
N2ZlMzk1MWE3MzViLzEvS1g3MWFZRGM3Q09jQnZHWU10V19JOGpWRXJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9mMTlkMDYtYzdmYS00MGU1LWI4MTMtN2ZlMzk1MWE3MzVi
LzEvRGdzTnkyclF5b0Z0SzlJRTRUOGVyeEVFSjB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX8cMA0G
CSqGSIb3DQEBCwUAA4IBAQBMmnczr6yD0CzbB6G49UUVdvEOPft+el2sxCxV0XCr
Y/zEEkzh20B59jae6+TFKKHg95jQocXTPNpJhIYvTeMyB8nyLcHQNEAXsuMNc0Uv
XVbXR2oaXdP+S/3b/xSiGBMChmaPkoQLxMimIO/njcZwCrhWcsw+IdqRLDtNmfmm
Y6d5lKUyuUyGZxAH+1r+BobM9yZ8dl3LD/c+vr6VfbePltu0N2RxjUXB+5C1NWKT
k+A6zgffK6j91gfutWb94KX+ygdjN9gU4YKCWeus5QlxyDA16UzgzhRwuNxuzTLi
oVEx4C7Ws5W8jX7X4zT81EKqkT8mI8IZNQ9vipXeR95q
-----END CERTIFICATE-----