Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/30aIeplMe8B5nuWPNxNW6K-OtBY.roa
File:                     30aIeplMe8B5nuWPNxNW6K-OtBY.roa (raw, json)
Hash identifier:          3pRxuzSCfGIU8i4yLQxNrHj04RZktWd0aRH2mX3pOUo=
Subject key identifier:   DF:46:88:7A:99:4C:7B:C0:79:9E:E5:8F:37:13:56:E8:AF:8E:B4:16
Certificate issuer:       /CN=ae7f747df5f24353154dc4d4bf70d2ddcb53e900
Certificate serial:       01942067EBC8A7FC165BB8EC1F0D94BB4D40
Authority key identifier: AE:7F:74:7D:F5:F2:43:53:15:4D:C4:D4:BF:70:D2:DD:CB:53:E9:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rn90ffXyQ1MVTcTUv3DS3ctT6QA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/30aIeplMe8B5nuWPNxNW6K-OtBY.roa
Signing time:             Wed 01 Jan 2025 05:47:48 +0000
ROA not before:           Wed 01 Jan 2025 05:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204137
IP address blocks:        134.19.128.0/21 maxlen: 21
                          134.19.128.0/23 maxlen: 23
                          134.19.130.0/23 maxlen: 23
                          134.19.132.0/23 maxlen: 23
                          134.19.134.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/rn90ffXyQ1MVTcTUv3DS3ctT6QA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/rn90ffXyQ1MVTcTUv3DS3ctT6QA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rn90ffXyQ1MVTcTUv3DS3ctT6QA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:eb:c8:a7:fc:16:5b:b8:ec:1f:0d:94:bb:4d:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae7f747df5f24353154dc4d4bf70d2ddcb53e900
        Validity
            Not Before: Jan  1 05:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df46887a994c7bc0799ee58f371356e8af8eb416
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:68:62:6c:3c:23:2f:33:eb:f4:51:b8:34:a7:
                    26:91:13:76:ac:02:92:13:32:53:b2:e3:da:5d:9b:
                    bf:90:c5:5d:6f:87:6f:9a:02:fb:56:64:8f:b3:57:
                    d8:6b:6c:f1:61:79:e8:a4:87:cf:12:a4:20:49:43:
                    60:03:b8:24:37:72:12:a4:98:cf:fe:32:81:e0:6b:
                    02:e2:8e:ff:2f:4a:3e:a0:1b:a1:6f:71:eb:4d:8f:
                    44:4a:59:ba:5e:d3:c9:f6:06:98:c6:18:5a:ec:16:
                    03:6b:3b:38:cb:f2:1c:3c:8e:b9:86:dd:08:77:17:
                    6c:bb:f6:a3:87:54:ff:3f:e8:b3:27:98:2f:54:ce:
                    0c:af:57:f0:06:95:20:b4:b2:9a:dc:2f:65:0d:ce:
                    cb:0a:ca:68:26:98:e4:41:ec:ef:39:12:f3:33:9a:
                    5f:6e:28:97:46:a8:ab:37:73:5e:5a:58:61:98:1c:
                    71:d8:4b:ce:a6:94:d6:4e:42:aa:10:5d:df:aa:d0:
                    fa:46:00:df:e8:46:1d:12:74:e9:a7:d9:d9:d2:ff:
                    f0:a4:89:6e:aa:40:d1:32:0a:31:3e:d3:19:9e:be:
                    8d:f5:de:35:1a:01:dc:77:50:f1:1e:bd:d5:dc:c3:
                    de:59:62:73:42:ba:03:2b:a4:95:55:34:91:bf:c7:
                    30:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:46:88:7A:99:4C:7B:C0:79:9E:E5:8F:37:13:56:E8:AF:8E:B4:16
            X509v3 Authority Key Identifier:
                keyid:AE:7F:74:7D:F5:F2:43:53:15:4D:C4:D4:BF:70:D2:DD:CB:53:E9:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rn90ffXyQ1MVTcTUv3DS3ctT6QA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/30aIeplMe8B5nuWPNxNW6K-OtBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/58af24-c454-44b0-a7ca-c6f1e6ac9ba9/1/rn90ffXyQ1MVTcTUv3DS3ctT6QA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.19.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         57:2d:db:9d:ab:6d:66:32:fb:9c:01:31:82:b8:8e:eb:b2:70:
         e3:2e:7a:1a:c0:de:fb:f8:8e:81:d1:b8:2d:a0:82:59:1b:3f:
         e5:10:9b:fa:80:64:72:f9:ae:e4:83:04:34:c1:e2:1a:6f:7c:
         84:9e:c7:59:02:b0:83:6b:11:aa:da:35:8e:94:5d:19:ff:6e:
         d9:8d:3e:d6:27:3c:be:47:4b:ee:fa:64:4a:a4:01:40:52:21:
         d5:3c:f3:0b:66:15:e3:e3:99:3a:da:ff:24:13:58:1d:d5:09:
         41:6c:e1:5f:45:2d:ea:3b:59:8d:ff:77:1b:85:7f:ab:01:c4:
         54:38:10:5a:5d:81:40:b1:d4:3f:ea:63:19:6a:6c:d5:5d:78:
         73:63:51:10:51:0a:ad:f3:02:d3:d4:63:48:9c:fe:df:be:4d:
         1e:52:35:56:9b:0f:e9:14:f2:85:70:04:fa:e3:2c:65:bc:dd:
         76:e4:7b:34:e4:92:af:52:ca:a5:3f:8a:1f:56:21:c5:23:23:
         65:09:41:43:37:8d:93:31:70:fa:81:2c:62:7b:bc:e6:a2:89:
         23:84:4a:0c:ef:29:e7:6b:d7:30:7d:2e:d8:0a:97:a8:f5:97:
         52:f6:58:b1:55:c0:3c:ba:a5:04:75:65:6d:6d:27:71:42:49:
         4a:d1:f5:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ+vIp/wWW7jsHw2Uu01AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlN2Y3NDdkZjVmMjQzNTMxNTRkYzRkNGJmNzBkMmRkY2I1
M2U5MDAwHhcNMjUwMTAxMDU0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjQ2ODg3YTk5NGM3YmMwNzk5ZWU1OGYzNzEzNTZlOGFmOGViNDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGhibDwjLzPr9FG4NKcmkRN2rAKS
EzJTsuPaXZu/kMVdb4dvmgL7VmSPs1fYa2zxYXnopIfPEqQgSUNgA7gkN3ISpJjP
/jKB4GsC4o7/L0o+oBuhb3HrTY9ESlm6XtPJ9gaYxhha7BYDazs4y/IcPI65ht0I
dxdsu/ajh1T/P+izJ5gvVM4Mr1fwBpUgtLKa3C9lDc7LCspoJpjkQezvORLzM5pf
biiXRqirN3NeWlhhmBxx2EvOppTWTkKqEF3fqtD6RgDf6EYdEnTpp9nZ0v/wpIlu
qkDRMgoxPtMZnr6N9d41GgHcd1DxHr3V3MPeWWJzQroDK6SVVTSRv8cwwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN9GiHqZTHvAeZ7ljzcTVuivjrQWMB8GA1UdIwQY
MBaAFK5/dH318kNTFU3E1L9w0t3LU+kAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm45MGZmWHlRMU1WVGNUVXYzRFMzY3RUNlFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi81OGFmMjQtYzQ1NC00NGIwLWE3Y2Et
YzZmMWU2YWM5YmE5LzEvMzBhSWVwbE1lOEI1bnVXUE54Tlc2Sy1PdEJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi81OGFmMjQtYzQ1NC00NGIwLWE3Y2EtYzZmMWU2YWM5YmE5
LzEvcm45MGZmWHlRMU1WVGNUVXYzRFMzY3RUNlFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDhhOAMA0G
CSqGSIb3DQEBCwUAA4IBAQBXLdudq21mMvucATGCuI7rsnDjLnoawN77+I6B0bgt
oIJZGz/lEJv6gGRy+a7kgwQ0weIab3yEnsdZArCDaxGq2jWOlF0Z/27ZjT7WJzy+
R0vu+mRKpAFAUiHVPPMLZhXj45k62v8kE1gd1QlBbOFfRS3qO1mN/3cbhX+rAcRU
OBBaXYFAsdQ/6mMZamzVXXhzY1EQUQqt8wLT1GNInP7fvk0eUjVWmw/pFPKFcAT6
4yxlvN125Hs05JKvUsqlP4ofViHFIyNlCUFDN42TMXD6gSxie7zmookjhEoM7ynn
a9cwfS7YCpeo9ZdS9lixVcA8uqUEdWVtbSdxQklK0fXm
-----END CERTIFICATE-----