Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/32fe0f-bcc9-42bc-9226-0bce80d4dff9/1/Ajvlgk29yZFTcQvAbsIrCSzw6Bs.roa
File:                     Ajvlgk29yZFTcQvAbsIrCSzw6Bs.roa (raw, json)
Hash identifier:          4L/k51BNzKihGUV7xUoInBQ548iErhf2q88rgV12xSo=
Subject key identifier:   02:3B:E5:82:4D:BD:C9:91:53:71:0B:C0:6E:C2:2B:09:2C:F0:E8:1B
Certificate issuer:       /CN=fff37e6144be7f5dd93adb9babd83d48d51894fd
Certificate serial:       018CC3B6F1278AFB37E6D39AC753BC88B81D
Authority key identifier: FF:F3:7E:61:44:BE:7F:5D:D9:3A:DB:9B:AB:D8:3D:48:D5:18:94:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/__N-YUS-f13ZOtubq9g9SNUYlP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/32fe0f-bcc9-42bc-9226-0bce80d4dff9/1/Ajvlgk29yZFTcQvAbsIrCSzw6Bs.roa
Signing time:             Mon 01 Jan 2024 06:29:55 +0000
ROA not before:           Mon 01 Jan 2024 06:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13079
IP address blocks:        213.168.128.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/32fe0f-bcc9-42bc-9226-0bce80d4dff9/1/__N-YUS-f13ZOtubq9g9SNUYlP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/32fe0f-bcc9-42bc-9226-0bce80d4dff9/1/__N-YUS-f13ZOtubq9g9SNUYlP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/__N-YUS-f13ZOtubq9g9SNUYlP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f1:27:8a:fb:37:e6:d3:9a:c7:53:bc:88:b8:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fff37e6144be7f5dd93adb9babd83d48d51894fd
        Validity
            Not Before: Jan  1 06:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=023be5824dbdc99153710bc06ec22b092cf0e81b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ec:59:97:2e:82:a6:73:d6:c4:4f:35:9e:67:
                    e6:a6:d0:62:17:55:21:06:e5:66:90:60:ab:c8:cd:
                    0b:c3:7c:2a:45:f6:5f:12:6e:d8:6b:27:11:5b:df:
                    50:d0:05:25:22:3b:f3:28:f1:2a:e6:7d:a4:fe:3b:
                    4a:40:18:cd:99:87:6e:73:23:3e:7b:02:03:06:30:
                    51:73:d7:24:47:15:fd:1b:2e:98:83:b9:dc:be:f8:
                    87:51:8f:8e:9f:30:8d:b5:2c:e7:5f:cb:27:f8:0f:
                    65:21:47:45:09:e0:45:96:a8:95:8b:7f:8a:00:e5:
                    28:f6:82:6f:22:e1:49:7a:17:5d:cb:1d:b0:f4:e6:
                    d1:7f:b4:b3:36:2e:a2:de:3a:a0:1b:c2:af:c8:70:
                    e4:45:8a:22:86:2c:47:12:13:19:a7:4b:f3:82:97:
                    24:88:88:1c:1f:31:28:30:15:0b:86:58:78:c4:d0:
                    3a:9b:ed:15:b3:25:b3:4a:5a:43:2a:1e:15:d5:c9:
                    30:c7:d9:26:2e:db:d2:9f:9b:05:34:64:03:29:3d:
                    84:1d:dc:b7:07:42:d0:1b:9f:28:1b:49:3d:16:2e:
                    3e:61:90:a8:eb:a9:37:b8:4b:94:0b:e8:20:2e:45:
                    ab:68:73:50:80:e0:2a:98:ae:d4:af:d2:69:bd:b0:
                    0f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:3B:E5:82:4D:BD:C9:91:53:71:0B:C0:6E:C2:2B:09:2C:F0:E8:1B
            X509v3 Authority Key Identifier:
                keyid:FF:F3:7E:61:44:BE:7F:5D:D9:3A:DB:9B:AB:D8:3D:48:D5:18:94:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/__N-YUS-f13ZOtubq9g9SNUYlP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/32fe0f-bcc9-42bc-9226-0bce80d4dff9/1/Ajvlgk29yZFTcQvAbsIrCSzw6Bs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/32fe0f-bcc9-42bc-9226-0bce80d4dff9/1/__N-YUS-f13ZOtubq9g9SNUYlP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.168.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         02:8c:d1:f3:06:af:f2:3b:fe:6b:a4:c7:e3:19:57:d3:80:de:
         6d:38:df:01:a5:44:91:e6:cf:29:09:7f:01:20:95:f3:d1:98:
         ce:a9:2a:76:24:00:d6:5a:62:f6:c7:c8:1a:77:73:df:ef:83:
         c0:51:93:34:35:83:21:5a:a2:32:48:be:c2:68:6c:89:56:f8:
         f6:23:d2:8d:2f:b8:05:67:ae:65:50:75:3d:4f:67:f8:80:32:
         18:c3:66:4a:b3:dd:50:1b:ca:e7:ed:cf:1e:cc:db:c7:6b:e3:
         83:aa:f2:12:bb:9e:29:f9:35:b9:2f:4b:3c:1e:6f:d8:66:6d:
         4f:1b:32:58:39:5d:f3:8b:d3:a6:4e:0a:0c:79:f2:e2:c2:f4:
         1d:8e:7c:9f:0c:c7:39:23:a9:72:62:83:56:37:97:d4:54:02:
         3b:b8:f6:8f:22:45:78:b7:aa:63:8d:1e:23:fd:ab:f5:f5:37:
         43:ff:59:e0:11:45:5d:31:6b:58:48:be:9c:e1:39:1a:a3:ed:
         5e:a8:e4:3a:71:54:88:32:77:f0:9a:ff:29:1a:34:1b:43:42:
         86:21:10:af:b1:9b:e0:c4:0f:c8:a4:7d:79:4d:66:f3:0a:f6:
         a8:ad:10:23:6e:a2:ed:f0:5f:10:06:42:d3:a9:cd:cb:e0:3c:
         c8:17:39:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvEnivs35tOax1O8iLgdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZjM3ZTYxNDRiZTdmNWRkOTNhZGI5YmFiZDgzZDQ4ZDUx
ODk0ZmQwHhcNMjQwMTAxMDYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjNiZTU4MjRkYmRjOTkxNTM3MTBiYzA2ZWMyMmIwOTJjZjBlODFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOxZly6CpnPWxE81nmfmptBiF1Uh
BuVmkGCryM0Lw3wqRfZfEm7YaycRW99Q0AUlIjvzKPEq5n2k/jtKQBjNmYducyM+
ewIDBjBRc9ckRxX9Gy6Yg7ncvviHUY+OnzCNtSznX8sn+A9lIUdFCeBFlqiVi3+K
AOUo9oJvIuFJehddyx2w9ObRf7SzNi6i3jqgG8KvyHDkRYoihixHEhMZp0vzgpck
iIgcHzEoMBULhlh4xNA6m+0VsyWzSlpDKh4V1ckwx9kmLtvSn5sFNGQDKT2EHdy3
B0LQG58oG0k9Fi4+YZCo66k3uEuUC+ggLkWraHNQgOAqmK7Ur9JpvbAP0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAI75YJNvcmRU3ELwG7CKwks8OgbMB8GA1UdIwQY
MBaAFP/zfmFEvn9d2Trbm6vYPUjVGJT9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX19OLVlVUy1mMTNaT3R1YnE5ZzlTTlVZbFAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zMmZlMGYtYmNjOS00MmJjLTkyMjYt
MGJjZTgwZDRkZmY5LzEvQWp2bGdrMjl5WkZUY1F2QWJzSXJDU3p3NkJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zMmZlMGYtYmNjOS00MmJjLTkyMjYtMGJjZTgwZDRkZmY5
LzEvX19OLVlVUy1mMTNaT3R1YnE5ZzlTTlVZbFAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1aiAMA0G
CSqGSIb3DQEBCwUAA4IBAQACjNHzBq/yO/5rpMfjGVfTgN5tON8BpUSR5s8pCX8B
IJXz0ZjOqSp2JADWWmL2x8gad3Pf74PAUZM0NYMhWqIySL7CaGyJVvj2I9KNL7gF
Z65lUHU9T2f4gDIYw2ZKs91QG8rn7c8ezNvHa+ODqvISu54p+TW5L0s8Hm/YZm1P
GzJYOV3zi9OmTgoMefLiwvQdjnyfDMc5I6lyYoNWN5fUVAI7uPaPIkV4t6pjjR4j
/av19TdD/1ngEUVdMWtYSL6c4Tkao+1eqOQ6cVSIMnfwmv8pGjQbQ0KGIRCvsZvg
xA/IpH15TWbzCvaorRAjbqLt8F8QBkLTqc3L4DzIFzka
-----END CERTIFICATE-----