Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/VWUyUYrxBUBQm8U_GjpDzaM_d0M.roa
File:                     VWUyUYrxBUBQm8U_GjpDzaM_d0M.roa (raw, json)
Hash identifier:          DnWyph44y5iJj5u6j2MjM6Rs0v4MJI8RZHnOeiNRgbw=
Subject key identifier:   55:65:32:51:8A:F1:05:40:50:9B:C5:3F:1A:3A:43:CD:A3:3F:77:43
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       019421B1D9218D0312A783BA97437E7B8626
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/VWUyUYrxBUBQm8U_GjpDzaM_d0M.roa
Signing time:             Wed 01 Jan 2025 11:48:11 +0000
ROA not before:           Wed 01 Jan 2025 11:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212494
IP address blocks:        128.127.146.0/24 maxlen: 24
                          128.127.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:d9:21:8d:03:12:a7:83:ba:97:43:7e:7b:86:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 11:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=556532518af10540509bc53f1a3a43cda33f7743
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:44:f7:b4:88:2d:ee:5e:b3:ce:20:9b:bf:b0:
                    a4:e6:ec:7e:bc:45:5c:33:7a:22:d1:67:97:06:6d:
                    7e:c0:24:70:9d:45:9f:72:eb:fc:a7:0b:16:89:bf:
                    24:7b:22:4c:52:86:f6:ae:d9:33:85:85:5e:67:6a:
                    c1:52:04:05:71:5b:31:4c:2c:a3:e7:72:8e:ff:f3:
                    6a:e3:d4:4d:a4:6b:a2:f6:05:97:ab:cc:7e:17:57:
                    9e:6b:8a:96:3e:5c:b1:67:ed:bf:52:fc:8a:54:e4:
                    e9:87:1c:22:26:38:9a:b4:f9:dd:e9:ec:88:2c:eb:
                    bf:ae:ad:cd:87:ff:8d:d3:01:76:a7:1f:43:f1:21:
                    6a:6b:37:51:c3:c9:62:e6:68:c1:be:52:bd:ca:e0:
                    37:c0:52:38:b0:b9:11:e6:73:c2:4a:1f:29:1e:15:
                    4e:e3:af:4b:02:b2:d2:40:35:75:c1:b9:28:77:4b:
                    96:19:08:ac:2d:e6:04:e0:be:30:9d:2f:b9:ba:3b:
                    42:88:0a:3c:67:24:96:da:42:8e:6d:92:d2:b9:1c:
                    98:59:f4:ce:dc:c4:90:25:7f:23:fe:50:de:03:87:
                    a4:cf:67:0e:06:ea:01:bc:fb:98:a2:3c:cf:73:8c:
                    74:67:76:de:97:6a:8a:6e:6b:17:10:8b:ff:73:aa:
                    39:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:65:32:51:8A:F1:05:40:50:9B:C5:3F:1A:3A:43:CD:A3:3F:77:43
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/VWUyUYrxBUBQm8U_GjpDzaM_d0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.127.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a5:dc:fd:4f:fc:3c:41:5f:4d:a7:79:bb:0c:61:53:54:33:7e:
         6c:ad:eb:46:7a:59:76:80:d3:5d:a6:11:4d:c9:ec:21:b0:ec:
         78:50:ce:86:69:b3:73:cc:11:e4:a1:a6:7b:6d:96:0a:e4:78:
         17:3f:d0:b9:e4:64:27:1f:cc:a5:aa:a6:05:a2:1f:dc:8b:9d:
         af:42:ab:dc:73:40:6e:dc:e2:14:98:63:05:9a:6d:22:7b:e4:
         0d:37:14:ee:ba:7e:25:89:bd:1b:0a:36:e8:c1:d2:fd:f7:ef:
         e0:7a:eb:06:48:db:a5:a9:3b:01:ee:63:c4:91:13:39:7b:20:
         aa:b7:f9:82:dd:8c:f1:2e:20:07:ad:74:10:54:6e:1f:b9:9e:
         dc:d6:f3:d8:79:bb:b1:a6:9a:e3:21:1f:66:7a:3b:6b:f6:20:
         d4:e9:a2:17:65:d6:61:0d:e5:ec:8a:ef:a8:d5:a8:9e:f1:ea:
         60:cf:51:89:4c:0a:19:5b:20:a4:96:35:40:00:f0:27:d6:65:
         48:63:88:b1:aa:0a:b0:59:01:1a:db:2f:51:b2:03:ab:58:76:
         59:ac:83:36:f3:a1:70:26:3e:f7:f4:ee:13:7a:a4:bb:28:4a:
         ad:bf:3b:0e:bf:33:52:4b:98:03:dd:23:f2:08:a7:a4:cd:52:
         90:bf:fd:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsdkhjQMSp4O6l0N+e4YmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjUwMTAxMTE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTY1MzI1MThhZjEwNTQwNTA5YmM1M2YxYTNhNDNjZGEzM2Y3NzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz0T3tIgt7l6zziCbv7Ck5ux+vEVc
M3oi0WeXBm1+wCRwnUWfcuv8pwsWib8keyJMUob2rtkzhYVeZ2rBUgQFcVsxTCyj
53KO//Nq49RNpGui9gWXq8x+F1eea4qWPlyxZ+2/UvyKVOTphxwiJjiatPnd6eyI
LOu/rq3Nh/+N0wF2px9D8SFqazdRw8li5mjBvlK9yuA3wFI4sLkR5nPCSh8pHhVO
469LArLSQDV1wbkod0uWGQisLeYE4L4wnS+5ujtCiAo8ZySW2kKObZLSuRyYWfTO
3MSQJX8j/lDeA4ekz2cOBuoBvPuYojzPc4x0Z3bel2qKbmsXEIv/c6o5hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFVlMlGK8QVAUJvFPxo6Q82jP3dDMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvVldVeVVZcnhCVUJRbThVX0dqcER6YU1fZDBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBgH+SMA0G
CSqGSIb3DQEBCwUAA4IBAQCl3P1P/DxBX02nebsMYVNUM35sretGell2gNNdphFN
yewhsOx4UM6GabNzzBHkoaZ7bZYK5HgXP9C55GQnH8ylqqYFoh/ci52vQqvcc0Bu
3OIUmGMFmm0ie+QNNxTuun4lib0bCjbowdL99+/geusGSNulqTsB7mPEkRM5eyCq
t/mC3YzxLiAHrXQQVG4fuZ7c1vPYebuxpprjIR9mejtr9iDU6aIXZdZhDeXsiu+o
1aie8epgz1GJTAoZWyCkljVAAPAn1mVIY4ixqgqwWQEa2y9RsgOrWHZZrIM286Fw
Jj739O4TeqS7KEqtvzsOvzNSS5gD3SPyCKekzVKQv/2+
-----END CERTIFICATE-----