Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/vgsTODUN4DNu4XsvZWX7_dDziEU.roa
File:                     vgsTODUN4DNu4XsvZWX7_dDziEU.roa (raw, json)
Hash identifier:          OpvsJv1O2mE0888WpNjBckKl+Q9vODkDoyJf989gi1w=
Subject key identifier:   BE:0B:13:38:35:0D:E0:33:6E:E1:7B:2F:65:65:FB:FD:D0:F3:88:45
Certificate issuer:       /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial:       0194B87868F4D0EE4A8983DBD3D9D8EB8D24
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/vgsTODUN4DNu4XsvZWX7_dDziEU.roa
Signing time:             Thu 30 Jan 2025 18:28:06 +0000
ROA not before:           Thu 30 Jan 2025 18:28:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23506
IP address blocks:        2a14:6781:f156::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b8:78:68:f4:d0:ee:4a:89:83:db:d3:d9:d8:eb:8d:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
        Validity
            Not Before: Jan 30 18:28:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be0b1338350de0336ee17b2f6565fbfdd0f38845
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:d8:8d:1b:2e:30:c5:70:19:1f:ab:ce:2a:3d:
                    97:1f:d8:e7:6c:78:c9:f7:fe:7d:32:a1:75:85:fd:
                    d7:11:19:a9:ba:a4:55:e3:c4:9c:ec:70:69:fd:04:
                    de:8a:a1:b5:b8:ae:e8:9b:cd:7f:d5:89:a7:ba:b9:
                    48:3c:88:cd:1c:ff:4a:bd:88:89:88:28:ac:d6:58:
                    e0:13:23:0c:40:96:a7:82:5e:ff:f2:6b:4f:ae:4c:
                    e8:c4:91:ef:11:f3:3c:ae:59:56:e9:51:a2:4d:c2:
                    89:49:c6:1e:30:99:11:ae:df:1a:f5:95:e7:20:66:
                    26:5c:87:8b:d8:59:ad:7b:38:88:12:44:4e:6b:e2:
                    6a:41:e4:03:cf:54:7c:04:0c:4c:45:22:ca:0e:c3:
                    40:21:40:5c:2b:bc:df:93:f2:85:41:6f:a4:c5:da:
                    0e:80:dc:2a:fa:6f:a8:db:65:4c:89:63:4f:7b:42:
                    00:0f:27:8c:f9:44:bb:1c:5e:00:94:ab:bd:cf:1d:
                    86:95:e9:49:25:19:f0:9b:5e:0a:ae:c1:c0:87:ca:
                    a5:db:46:92:0f:e4:ec:b9:26:35:29:2e:66:67:a8:
                    73:48:0c:f1:8c:75:57:9d:56:54:da:e1:ef:31:d0:
                    9d:2b:89:66:25:c3:ab:d9:5f:c7:86:6b:04:29:e1:
                    7f:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:0B:13:38:35:0D:E0:33:6E:E1:7B:2F:65:65:FB:FD:D0:F3:88:45
            X509v3 Authority Key Identifier:
                keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/vgsTODUN4DNu4XsvZWX7_dDziEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6781:f156::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:b1:e7:b7:2d:f9:44:83:e7:14:34:e2:28:8b:bc:18:1a:e3:
         84:2f:b8:c5:d0:b3:48:4a:c1:f3:6f:20:17:28:ed:bc:41:37:
         37:67:6b:33:70:1b:84:fc:93:26:fa:5c:14:eb:d3:75:e5:61:
         aa:ba:41:f7:32:25:ac:50:93:dc:d6:07:cc:94:70:90:5a:7e:
         eb:c2:e0:d4:27:db:24:8b:89:dc:0b:fd:6b:c4:cd:a8:b7:bb:
         d9:2a:be:47:48:7d:b3:67:51:48:7b:9d:da:50:e1:d8:ca:6e:
         06:20:b2:5c:9f:db:9a:ef:a3:87:c2:99:06:aa:90:a8:00:e7:
         06:3e:de:a0:44:cc:23:e2:ff:fd:69:48:22:9f:e1:7a:51:d2:
         c1:d3:89:ea:6c:07:14:85:28:b7:0b:06:a0:d2:9d:2e:29:70:
         f4:86:4d:5a:29:c3:17:bd:30:99:5c:98:c8:c2:86:e8:bd:7f:
         90:72:56:e1:11:6a:c8:93:28:f9:34:d9:cf:d0:04:79:5d:75:
         6d:9b:f3:de:21:10:8c:7a:13:bb:bd:d1:6f:61:ec:ee:18:c9:
         dd:9d:59:c7:87:6d:74:e7:58:48:d3:68:9e:4c:56:29:a7:1a:
         42:b8:51:6d:4d:4b:8a:0f:c9:9c:f4:ba:53:f9:db:a2:4e:97:
         9e:c2:bf:ee
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZS4eGj00O5KiYPb09nY640kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjUwMTMwMTgyODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTBiMTMzODM1MGRlMDMzNmVlMTdiMmY2NTY1ZmJmZGQwZjM4ODQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3diNGy4wxXAZH6vOKj2XH9jnbHjJ
9/59MqF1hf3XERmpuqRV48Sc7HBp/QTeiqG1uK7om81/1YmnurlIPIjNHP9KvYiJ
iCis1ljgEyMMQJangl7/8mtPrkzoxJHvEfM8rllW6VGiTcKJScYeMJkRrt8a9ZXn
IGYmXIeL2FmteziIEkROa+JqQeQDz1R8BAxMRSLKDsNAIUBcK7zfk/KFQW+kxdoO
gNwq+m+o22VMiWNPe0IADyeM+US7HF4AlKu9zx2GlelJJRnwm14KrsHAh8ql20aS
D+TsuSY1KS5mZ6hzSAzxjHVXnVZU2uHvMdCdK4lmJcOr2V/HhmsEKeF/qwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL4LEzg1DeAzbuF7L2Vl+/3Q84hFMB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvdmdzVE9EVU40RE51NFhzdlpXWDdfZER6aUVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhRngfFW
MA0GCSqGSIb3DQEBCwUAA4IBAQB1see3LflEg+cUNOIoi7wYGuOEL7jF0LNISsHz
byAXKO28QTc3Z2szcBuE/JMm+lwU69N15WGqukH3MiWsUJPc1gfMlHCQWn7rwuDU
J9ski4ncC/1rxM2ot7vZKr5HSH2zZ1FIe53aUOHYym4GILJcn9ua76OHwpkGqpCo
AOcGPt6gRMwj4v/9aUgin+F6UdLB04nqbAcUhSi3Cwag0p0uKXD0hk1aKcMXvTCZ
XJjIwobovX+QclbhEWrIkyj5NNnP0AR5XXVtm/PeIRCMehO7vdFvYezuGMndnVnH
h21051hI02ieTFYppxpCuFFtTUuKD8mc9LpT+duiTpeewr/u
-----END CERTIFICATE-----