Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/VQxizZ_dkvJ79Chr0TFzFQJF2wc.roa
File:                     VQxizZ_dkvJ79Chr0TFzFQJF2wc.roa (raw, json)
Hash identifier:          LLXCRTFNQ3Wwn4hTvtCaYozMFivLcmNjSOAK0FFtLUg=
Subject key identifier:   55:0C:62:CD:9F:DD:92:F2:7B:F4:28:6B:D1:31:73:15:02:45:DB:07
Certificate issuer:       /CN=cf4a717f8fa1bb0359274223acdae22b70e66bec
Certificate serial:       018CC500208FBE5ACFF8BE7F9D14272FD0E4
Authority key identifier: CF:4A:71:7F:8F:A1:BB:03:59:27:42:23:AC:DA:E2:2B:70:E6:6B:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z0pxf4-huwNZJ0IjrNriK3Dma-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/VQxizZ_dkvJ79Chr0TFzFQJF2wc.roa
Signing time:             Mon 01 Jan 2024 12:29:28 +0000
ROA not before:           Mon 01 Jan 2024 12:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42323
IP address blocks:        109.197.128.0/21 maxlen: 32
                          91.202.140.0/22 maxlen: 32
                          195.238.100.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/z0pxf4-huwNZJ0IjrNriK3Dma-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/z0pxf4-huwNZJ0IjrNriK3Dma-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z0pxf4-huwNZJ0IjrNriK3Dma-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:20:8f:be:5a:cf:f8:be:7f:9d:14:27:2f:d0:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf4a717f8fa1bb0359274223acdae22b70e66bec
        Validity
            Not Before: Jan  1 12:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=550c62cd9fdd92f27bf4286bd13173150245db07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:10:51:8b:3b:92:f8:0f:7a:57:2f:a2:2c:ba:
                    71:cb:c0:ea:15:e3:02:5e:4f:3d:9c:dd:6b:57:1c:
                    1c:39:ed:ce:41:f8:14:d1:a7:c3:33:ff:b6:85:14:
                    51:76:05:2a:4a:b3:61:da:de:6b:d3:4b:a2:05:f6:
                    dd:60:bf:b6:a0:d6:ff:d1:34:03:b5:69:6d:ba:ea:
                    30:d4:40:2c:ca:72:0f:82:be:7f:0d:7d:41:3e:a2:
                    3d:a1:99:13:63:1d:96:2b:31:13:6f:5f:bf:6f:5d:
                    70:fa:3d:43:75:b8:01:bc:41:c4:3e:25:7c:48:56:
                    fb:5b:df:6d:0a:04:03:81:ce:e2:99:a6:af:2b:d9:
                    00:69:83:9a:fe:db:b2:22:44:5e:f8:47:64:f7:03:
                    ef:c3:26:44:20:40:fc:ab:61:d6:af:4e:87:69:5a:
                    6b:a0:ee:64:8b:52:d8:ee:c7:f9:eb:0b:a0:9f:f7:
                    e6:67:ca:66:25:d8:8b:e2:a8:37:27:08:e9:ee:d0:
                    65:19:63:d5:99:e9:c7:d1:17:c9:37:b8:61:82:e3:
                    27:85:6a:eb:7c:17:d8:85:e4:be:17:e1:ad:42:46:
                    79:94:1d:d4:6f:fb:bc:f0:79:2d:39:d3:a0:00:9e:
                    74:78:6c:a3:bf:dd:93:8e:f6:ea:14:31:84:af:87:
                    e1:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:0C:62:CD:9F:DD:92:F2:7B:F4:28:6B:D1:31:73:15:02:45:DB:07
            X509v3 Authority Key Identifier:
                keyid:CF:4A:71:7F:8F:A1:BB:03:59:27:42:23:AC:DA:E2:2B:70:E6:6B:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z0pxf4-huwNZJ0IjrNriK3Dma-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/VQxizZ_dkvJ79Chr0TFzFQJF2wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/z0pxf4-huwNZJ0IjrNriK3Dma-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.202.140.0/22
                  109.197.128.0/21
                  195.238.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:bd:72:28:91:dd:1c:9b:de:a9:69:22:35:a4:f9:68:60:a9:
         9c:be:af:b5:5c:ab:ae:38:e4:c6:34:f4:4a:e9:fb:60:09:40:
         d9:ce:d5:cc:a1:51:1c:58:db:23:04:23:92:bf:c6:66:c4:73:
         39:f4:25:a0:f3:f2:84:c9:e2:f2:15:17:48:51:0b:e9:45:f0:
         a8:97:16:8e:d0:72:01:4a:55:33:97:e7:7d:d9:0e:fc:42:d1:
         a7:7b:1b:8e:07:78:16:e5:96:cd:3a:df:05:ea:fa:e3:07:54:
         0a:37:06:df:61:49:85:2d:a1:9a:c8:32:a4:6f:46:59:f4:b4:
         b7:7e:c7:b4:a6:ce:2f:fe:06:a4:9e:dc:9d:07:46:82:be:86:
         13:32:99:17:5c:4d:6a:0f:f3:9f:2b:10:43:5b:36:a0:18:1b:
         50:3e:d9:6f:c1:73:90:5e:ed:d6:8c:78:73:b0:75:13:3b:e5:
         c8:13:87:7c:b9:90:64:23:94:09:96:a0:d5:e2:1b:de:0f:6b:
         47:df:64:20:bd:92:b2:a6:06:8d:0a:dd:48:3c:d7:f8:81:b1:
         fa:32:56:35:30:2b:37:80:0f:96:c5:23:16:9d:cc:e6:35:9d:
         70:4e:96:a9:8c:e3:24:85:17:a4:cf:f2:c4:9a:38:e8:9c:51:
         63:91:3c:4a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFACCPvlrP+L5/nRQnL9DkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNGE3MTdmOGZhMWJiMDM1OTI3NDIyM2FjZGFlMjJiNzBl
NjZiZWMwHhcNMjQwMTAxMTIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTBjNjJjZDlmZGQ5MmYyN2JmNDI4NmJkMTMxNzMxNTAyNDVkYjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRBRizuS+A96Vy+iLLpxy8DqFeMC
Xk89nN1rVxwcOe3OQfgU0afDM/+2hRRRdgUqSrNh2t5r00uiBfbdYL+2oNb/0TQD
tWltuuow1EAsynIPgr5/DX1BPqI9oZkTYx2WKzETb1+/b11w+j1DdbgBvEHEPiV8
SFb7W99tCgQDgc7imaavK9kAaYOa/tuyIkRe+Edk9wPvwyZEIED8q2HWr06HaVpr
oO5ki1LY7sf56wugn/fmZ8pmJdiL4qg3Jwjp7tBlGWPVmenH0RfJN7hhguMnhWrr
fBfYheS+F+GtQkZ5lB3Ub/u88HktOdOgAJ50eGyjv92TjvbqFDGEr4fhfwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFUMYs2f3ZLye/Qoa9ExcxUCRdsHMB8GA1UdIwQY
MBaAFM9KcX+PobsDWSdCI6za4itw5mvsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejBweGY0LWh1d05aSjBJanJOcmlLM0RtYS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9lNTBmNTQtNmZkZC00ZmU5LTlmZTkt
NmFhYTZiMDIxNjBkLzEvVlF4aXpaX2Rrdko3OUNocjBURnpGUUpGMndjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9lNTBmNTQtNmZkZC00ZmU5LTlmZTktNmFhYTZiMDIxNjBk
LzEvejBweGY0LWh1d05aSjBJanJOcmlLM0RtYS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW8qMAwQD
bcWAAwQCw+5kMA0GCSqGSIb3DQEBCwUAA4IBAQA4vXIokd0cm96paSI1pPloYKmc
vq+1XKuuOOTGNPRK6ftgCUDZztXMoVEcWNsjBCOSv8ZmxHM59CWg8/KEyeLyFRdI
UQvpRfColxaO0HIBSlUzl+d92Q78QtGnexuOB3gW5ZbNOt8F6vrjB1QKNwbfYUmF
LaGayDKkb0ZZ9LS3fse0ps4v/gakntydB0aCvoYTMpkXXE1qD/OfKxBDWzagGBtQ
PtlvwXOQXu3WjHhzsHUTO+XIE4d8uZBkI5QJlqDV4hveD2tH32QgvZKypgaNCt1I
PNf4gbH6MlY1MCs3gA+WxSMWnczmNZ1wTpapjOMkhRekz/LEmjjonFFjkTxK
-----END CERTIFICATE-----