Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/MwaXZahBhKotnPeINlfb6nibK6k.roa
File:                     MwaXZahBhKotnPeINlfb6nibK6k.roa (raw, json)
Hash identifier:          xHrYQZBnykU6l0v2pScAckYcXCZo4bMsSLr9kmKKY+o=
Subject key identifier:   33:06:97:65:A8:41:84:AA:2D:9C:F7:88:36:57:DB:EA:78:9B:2B:A9
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       0194236A59F3F348E142925111A1A98A002D
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/MwaXZahBhKotnPeINlfb6nibK6k.roa
Signing time:             Wed 01 Jan 2025 19:49:19 +0000
ROA not before:           Wed 01 Jan 2025 19:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1147
IP address blocks:        145.127.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 04:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:59:f3:f3:48:e1:42:92:51:11:a1:a9:8a:00:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  1 19:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33069765a84184aa2d9cf7883657dbea789b2ba9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:71:ef:ad:c6:ae:f9:30:db:bf:51:76:f5:15:
                    68:2a:ad:f0:fe:65:a6:68:2c:eb:69:f4:c6:85:25:
                    3d:b6:71:0b:af:38:8d:da:6d:72:35:2f:c2:df:65:
                    7f:f6:52:c8:a3:ad:b1:75:87:15:5c:01:af:ac:b1:
                    d5:ab:35:d2:3d:3c:25:b2:cb:b7:a9:96:c9:c8:61:
                    60:7c:f5:9b:d3:e7:2f:73:67:99:b6:96:29:72:bf:
                    29:1f:8e:af:0e:50:50:bd:02:d9:45:d7:88:4b:3e:
                    b8:9a:e2:f3:bd:9f:1a:29:8b:7c:e9:36:9f:f5:a5:
                    8d:57:8d:e8:86:43:6f:5a:af:6a:f7:dc:03:eb:07:
                    48:62:fa:60:fa:bf:5a:6c:78:7a:69:38:fd:e9:37:
                    2a:b0:41:99:10:ae:dc:ec:0f:e8:b5:41:19:86:b5:
                    df:83:bd:6e:f2:e1:61:39:55:ae:ce:24:ad:0f:84:
                    b7:cc:d7:25:4b:96:cf:9c:d6:09:9a:5c:41:ac:d7:
                    90:8e:2e:6f:31:68:1f:9f:4c:8f:23:75:47:db:a8:
                    d5:6b:8f:22:8e:e8:ea:f4:9f:d9:cc:ce:cd:8b:42:
                    dd:07:62:5c:51:19:c9:28:91:5c:77:fa:85:33:58:
                    08:8b:8f:8e:b7:c8:f1:f4:74:2b:53:81:49:46:40:
                    e5:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:06:97:65:A8:41:84:AA:2D:9C:F7:88:36:57:DB:EA:78:9B:2B:A9
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/MwaXZahBhKotnPeINlfb6nibK6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.127.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         a3:a6:55:39:58:c8:e4:18:5e:18:f8:6b:26:d9:52:5d:56:73:
         ad:f5:9c:03:5f:03:92:f4:b6:61:1b:ee:60:86:ee:86:4d:6b:
         00:a5:87:27:ff:5a:61:e5:38:49:66:e2:79:c4:e2:b1:74:bc:
         d8:8c:6d:08:2c:25:7a:63:18:a2:86:07:d4:a6:70:e3:9c:bb:
         3f:b0:2a:ff:b9:fc:59:10:b4:48:54:3b:96:75:9f:77:84:6d:
         f4:a5:cf:96:ae:56:cf:51:28:4b:fd:1b:51:a6:3d:05:fb:c5:
         ef:79:e5:a7:68:d3:74:f9:01:30:72:08:ef:02:22:36:aa:fd:
         3b:f0:52:ae:f9:7e:b6:6a:ed:13:35:cf:b7:32:d1:af:92:00:
         b7:35:44:8c:24:7a:fd:43:17:4b:68:63:bd:c3:17:99:46:2f:
         10:4b:17:8e:ab:b9:c3:07:25:fe:63:f8:8a:bd:57:e6:01:a4:
         b4:0c:11:45:28:c4:73:8c:18:77:da:3e:7e:49:a5:94:d5:1e:
         ce:e5:74:56:c5:0b:4e:21:2a:c7:c9:0d:27:6e:a0:df:c5:2c:
         ad:c7:57:14:69:22:6a:ff:64:f7:a8:6f:d4:3c:e3:4f:06:97:
         95:1b:12:10:49:18:7a:d7:36:09:5c:27:b4:d0:ca:e7:3b:cd:
         e0:10:4d:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjalnz80jhQpJREaGpigAtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjUwMTAxMTk0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzA2OTc2NWE4NDE4NGFhMmQ5Y2Y3ODgzNjU3ZGJlYTc4OWIyYmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXHvrcau+TDbv1F29RVoKq3w/mWm
aCzrafTGhSU9tnELrziN2m1yNS/C32V/9lLIo62xdYcVXAGvrLHVqzXSPTwlssu3
qZbJyGFgfPWb0+cvc2eZtpYpcr8pH46vDlBQvQLZRdeISz64muLzvZ8aKYt86Taf
9aWNV43ohkNvWq9q99wD6wdIYvpg+r9abHh6aTj96TcqsEGZEK7c7A/otUEZhrXf
g71u8uFhOVWuziStD4S3zNclS5bPnNYJmlxBrNeQji5vMWgfn0yPI3VH26jVa48i
jujq9J/ZzM7Ni0LdB2JcURnJKJFcd/qFM1gIi4+Ot8jx9HQrU4FJRkDlmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMGl2WoQYSqLZz3iDZX2+p4myupMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvTXdhWFphaEJoS290blBlSU5sZmI2bmliSzZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHkX+AMA0G
CSqGSIb3DQEBCwUAA4IBAQCjplU5WMjkGF4Y+Gsm2VJdVnOt9ZwDXwOS9LZhG+5g
hu6GTWsApYcn/1ph5ThJZuJ5xOKxdLzYjG0ILCV6YxiihgfUpnDjnLs/sCr/ufxZ
ELRIVDuWdZ93hG30pc+WrlbPUShL/RtRpj0F+8XveeWnaNN0+QEwcgjvAiI2qv07
8FKu+X62au0TNc+3MtGvkgC3NUSMJHr9QxdLaGO9wxeZRi8QSxeOq7nDByX+Y/iK
vVfmAaS0DBFFKMRzjBh32j5+SaWU1R7O5XRWxQtOISrHyQ0nbqDfxSytx1cUaSJq
/2T3qG/UPONPBpeVGxIQSRh61zYJXCe00MrnO83gEE3Y
-----END CERTIFICATE-----