Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/0cf187-ecb3-4b42-91e4-6addfcb18f99/1/VKYp3Gbu93RV_Qz6pgfOsKzHvJ8.roa
File:                     VKYp3Gbu93RV_Qz6pgfOsKzHvJ8.roa (raw, json)
Hash identifier:          RA7DRyC8TMRQhZQ2ZBr8PK1MVu2TGmUbg5TvG8tlCPo=
Subject key identifier:   54:A6:29:DC:66:EE:F7:74:55:FD:0C:FA:A6:07:CE:B0:AC:C7:BC:9F
Certificate issuer:       /CN=9f7432f699cbd249b2e3c9c55bdefaf83986b442
Certificate serial:       018CC726C9F16E5198326177A0ECA6828B54
Authority key identifier: 9F:74:32:F6:99:CB:D2:49:B2:E3:C9:C5:5B:DE:FA:F8:39:86:B4:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n3Qy9pnL0kmy48nFW976-DmGtEI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/0cf187-ecb3-4b42-91e4-6addfcb18f99/1/VKYp3Gbu93RV_Qz6pgfOsKzHvJ8.roa
Signing time:             Mon 01 Jan 2024 22:30:57 +0000
ROA not before:           Mon 01 Jan 2024 22:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43757
IP address blocks:        192.108.126.0/24 maxlen: 24
                          78.31.24.0/21 maxlen: 21
                          2001:67c:1578::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/0cf187-ecb3-4b42-91e4-6addfcb18f99/1/n3Qy9pnL0kmy48nFW976-DmGtEI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/0cf187-ecb3-4b42-91e4-6addfcb18f99/1/n3Qy9pnL0kmy48nFW976-DmGtEI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n3Qy9pnL0kmy48nFW976-DmGtEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:c9:f1:6e:51:98:32:61:77:a0:ec:a6:82:8b:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f7432f699cbd249b2e3c9c55bdefaf83986b442
        Validity
            Not Before: Jan  1 22:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54a629dc66eef77455fd0cfaa607ceb0acc7bc9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:73:e2:00:23:43:90:b4:9a:ec:7c:cc:24:40:
                    97:93:62:d8:7f:81:d7:74:78:86:22:ef:cc:d4:0a:
                    a8:eb:78:a9:ae:67:ad:fd:bd:16:dc:9f:18:ae:4b:
                    36:32:26:7c:eb:7a:5e:14:a4:ae:a0:fb:6b:d6:6d:
                    8d:9a:c2:1e:c2:60:49:37:89:eb:76:90:3e:74:79:
                    73:25:97:bd:45:f9:79:57:27:c1:85:03:75:90:c0:
                    99:37:5b:ea:25:1c:46:2e:bc:38:10:28:7e:bd:a1:
                    c9:a8:33:c4:ce:80:8c:c1:71:e4:90:f4:ef:76:32:
                    0b:6a:77:75:f1:1c:06:45:22:70:33:10:32:ae:a8:
                    99:41:c9:ae:41:68:85:53:dd:91:c5:c2:bc:5b:6c:
                    ac:20:53:03:2d:ca:1c:2c:da:ec:35:9e:74:c6:d1:
                    80:aa:7d:0a:23:9d:9c:34:49:1e:52:52:37:83:c5:
                    41:cc:f3:fe:4e:6a:02:f6:ff:ea:e2:05:3d:9e:2d:
                    f5:b9:55:5c:c4:75:a4:36:ed:7d:38:a2:68:99:22:
                    58:5a:da:18:72:8a:5f:66:2c:6e:4d:5d:1c:6f:b8:
                    8b:23:7b:be:f3:05:63:46:75:89:e2:94:aa:59:32:
                    be:40:da:fa:43:dd:bf:10:10:01:52:bd:57:36:0a:
                    3f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:A6:29:DC:66:EE:F7:74:55:FD:0C:FA:A6:07:CE:B0:AC:C7:BC:9F
            X509v3 Authority Key Identifier:
                keyid:9F:74:32:F6:99:CB:D2:49:B2:E3:C9:C5:5B:DE:FA:F8:39:86:B4:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n3Qy9pnL0kmy48nFW976-DmGtEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/0cf187-ecb3-4b42-91e4-6addfcb18f99/1/VKYp3Gbu93RV_Qz6pgfOsKzHvJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/0cf187-ecb3-4b42-91e4-6addfcb18f99/1/n3Qy9pnL0kmy48nFW976-DmGtEI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.31.24.0/21
                  192.108.126.0/24
                IPv6:
                  2001:67c:1578::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:47:f7:4d:6c:68:61:e6:8b:ca:8a:ec:e2:bf:b2:86:8b:9a:
         7a:61:65:92:92:0c:78:51:51:85:8a:9f:f3:df:53:fa:3f:30:
         8f:e9:7f:cb:2c:75:66:09:70:40:00:31:b3:46:97:ff:75:81:
         d6:70:16:55:99:37:b5:e4:2d:c3:e1:d5:61:e5:2e:d1:e3:e9:
         ef:86:ad:b9:e2:a8:87:c1:ce:44:1a:5d:c1:88:ea:09:92:63:
         0d:ea:cc:bb:8c:3f:6d:3e:76:57:00:50:87:17:ed:05:6a:98:
         4e:91:62:8a:c7:cb:4d:fb:54:c4:02:b8:cc:a5:08:62:8b:87:
         b5:43:16:07:21:81:d1:ae:5e:a4:cb:f0:c2:ed:d2:b3:70:81:
         f2:ec:15:ef:ce:9d:fc:35:18:bb:b2:e5:8c:82:ac:f2:45:83:
         8e:24:e7:f0:60:f8:ba:c7:c2:fc:f8:d6:44:4d:c2:d3:80:44:
         3d:5c:71:31:ec:90:ef:6e:6a:8b:a1:e6:49:49:f6:52:cf:0b:
         81:0f:56:21:c8:d7:08:2a:b8:86:b8:aa:cb:08:55:e0:aa:e3:
         e7:d2:4e:6d:bc:51:17:d4:be:9b:02:29:4d:f8:54:14:e5:d3:
         19:95:22:73:f3:59:49:c5:c3:4d:f3:a0:f5:32:75:f9:4f:f7:
         0b:f1:c9:4c
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzHJsnxblGYMmF3oOymgotUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmNzQzMmY2OTljYmQyNDliMmUzYzljNTViZGVmYWY4Mzk4
NmI0NDIwHhcNMjQwMTAxMjIzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGE2MjlkYzY2ZWVmNzc0NTVmZDBjZmFhNjA3Y2ViMGFjYzdiYzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHPiACNDkLSa7HzMJECXk2LYf4HX
dHiGIu/M1Aqo63iprmet/b0W3J8Yrks2MiZ863peFKSuoPtr1m2NmsIewmBJN4nr
dpA+dHlzJZe9Rfl5VyfBhQN1kMCZN1vqJRxGLrw4ECh+vaHJqDPEzoCMwXHkkPTv
djILand18RwGRSJwMxAyrqiZQcmuQWiFU92RxcK8W2ysIFMDLcocLNrsNZ50xtGA
qn0KI52cNEkeUlI3g8VBzPP+TmoC9v/q4gU9ni31uVVcxHWkNu19OKJomSJYWtoY
copfZixuTV0cb7iLI3u+8wVjRnWJ4pSqWTK+QNr6Q92/EBABUr1XNgo/YQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFFSmKdxm7vd0Vf0M+qYHzrCsx7yfMB8GA1UdIwQY
MBaAFJ90MvaZy9JJsuPJxVve+vg5hrRCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjNReTlwbkwwa215NDhuRlc5NzYtRG1HdEVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8wY2YxODctZWNiMy00YjQyLTkxZTQt
NmFkZGZjYjE4Zjk5LzEvVktZcDNHYnU5M1JWX1F6NnBnZk9zS3pIdko4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8wY2YxODctZWNiMy00YjQyLTkxZTQtNmFkZGZjYjE4Zjk5
LzEvbjNReTlwbkwwa215NDhuRlc5NzYtRG1HdEVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQDTh8YAwQA
wGx+MA8EAgACMAkDBwAgAQZ8FXgwDQYJKoZIhvcNAQELBQADggEBAIpH901saGHm
i8qK7OK/soaLmnphZZKSDHhRUYWKn/PfU/o/MI/pf8ssdWYJcEAAMbNGl/91gdZw
FlWZN7XkLcPh1WHlLtHj6e+GrbniqIfBzkQaXcGI6gmSYw3qzLuMP20+dlcAUIcX
7QVqmE6RYorHy037VMQCuMylCGKLh7VDFgchgdGuXqTL8MLt0rNwgfLsFe/Onfw1
GLuy5YyCrPJFg44k5/Bg+LrHwvz41kRNwtOARD1ccTHskO9uaouh5klJ9lLPC4EP
ViHI1wgquIa4qssIVeCq4+fSTm28URfUvpsCKU34VBTl0xmVInPzWUnFw03zoPUy
dflP9wvxyUw=
-----END CERTIFICATE-----