Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/v0zpICY_uoCuRiUkbkV3gIcVsJc.roa
File:                     v0zpICY_uoCuRiUkbkV3gIcVsJc.roa (raw, json)
Hash identifier:          Si17y5ue90xdRHIJlv/yhy0krenuqvWH0CAz2+KJOps=
Subject key identifier:   BF:4C:E9:20:26:3F:BA:80:AE:46:25:24:6E:45:77:80:87:15:B0:97
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       018EE628F2F72F61C045492B21A38F993ED7
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/v0zpICY_uoCuRiUkbkV3gIcVsJc.roa
Signing time:             Tue 16 Apr 2024 09:07:07 +0000
ROA not before:           Tue 16 Apr 2024 09:07:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56322
IP address blocks:        217.28.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e6:28:f2:f7:2f:61:c0:45:49:2b:21:a3:8f:99:3e:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Apr 16 09:07:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf4ce920263fba80ae4625246e4577808715b097
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f8:a8:84:74:63:f0:31:83:56:79:19:2b:86:
                    6b:c0:db:96:b6:fe:16:d4:c8:9b:c9:b2:a9:ab:dc:
                    46:a6:2f:f4:d3:07:2d:ad:b0:e8:be:0a:50:82:eb:
                    cf:40:51:ba:d4:b6:ee:34:2a:d2:6a:2a:43:b7:97:
                    7c:72:18:03:45:4d:b4:ee:3d:4d:92:f6:65:e3:05:
                    ed:e3:b0:c2:c1:69:36:08:e0:14:d4:a4:14:77:b4:
                    f6:20:76:22:aa:86:c3:61:e1:4d:f8:d9:ff:79:6c:
                    a3:52:4f:4d:f3:a6:41:a1:cd:8b:b4:ca:0a:05:70:
                    2b:61:3c:5b:aa:b3:f7:35:5d:c9:bf:2b:04:98:6a:
                    d5:47:8c:29:fb:07:67:76:63:8f:34:db:e3:16:66:
                    3f:97:98:ba:ae:60:aa:be:e9:e6:c2:5f:62:38:39:
                    80:b8:cc:cf:72:7d:e5:2a:ce:5b:6f:19:9b:a6:f3:
                    9d:37:2f:b2:0b:0b:68:23:24:91:1d:d1:a6:8d:aa:
                    aa:2a:b4:ef:6d:8c:a3:0a:d5:f8:fe:24:8f:9b:c5:
                    88:ee:3e:56:f6:79:7f:62:c5:57:c9:d4:45:66:4e:
                    de:c5:be:93:dc:f2:78:8c:bb:19:89:47:a9:5e:18:
                    0d:e9:47:f6:ab:11:bf:86:c0:42:4d:c7:19:6e:a1:
                    6e:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:4C:E9:20:26:3F:BA:80:AE:46:25:24:6E:45:77:80:87:15:B0:97
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/v0zpICY_uoCuRiUkbkV3gIcVsJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.28.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:79:4c:01:b3:36:77:2e:a9:81:f5:07:49:78:b0:08:09:5b:
         e2:51:92:7b:c1:0b:5f:60:58:32:d1:e8:51:92:66:e1:59:11:
         4b:2f:36:f2:6a:c8:24:0b:36:6c:ff:6a:05:c1:66:c6:09:26:
         f6:e2:4f:fc:89:53:95:b5:1e:d3:fb:ce:df:84:82:b2:16:fd:
         35:bb:2c:41:97:57:cb:2c:94:9e:28:f3:7c:03:ad:9a:9c:37:
         08:51:55:d7:0c:cc:96:a4:78:eb:32:71:17:6b:e1:e0:88:ba:
         9e:ef:a5:2f:66:24:ef:2c:17:8e:b2:fa:f8:69:1c:58:a5:b2:
         f8:79:ce:00:16:bd:1d:31:74:6a:b7:dd:b0:e6:ad:a4:b6:c9:
         ae:47:9c:72:93:53:f2:3e:13:91:b2:f0:84:38:19:0d:90:11:
         50:6e:90:5e:10:24:a5:26:f7:64:84:ac:44:ce:ac:97:16:8b:
         bd:58:07:5a:63:94:55:63:82:48:7f:f2:1e:8a:1d:9b:16:9c:
         71:54:d2:65:7d:0e:29:0f:9d:36:a2:7c:62:51:48:aa:d5:0f:
         29:9a:0e:8b:36:e2:f2:02:91:e6:14:95:db:8c:15:ca:d7:f4:
         3b:8d:17:57:86:b4:1d:5a:9f:db:c5:a9:04:c1:05:75:a6:7d:
         73:2f:95:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7mKPL3L2HARUkrIaOPmT7XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjQwNDE2MDkwNzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjRjZTkyMDI2M2ZiYTgwYWU0NjI1MjQ2ZTQ1Nzc4MDg3MTViMDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/iohHRj8DGDVnkZK4ZrwNuWtv4W
1MibybKpq9xGpi/00wctrbDovgpQguvPQFG61LbuNCrSaipDt5d8chgDRU207j1N
kvZl4wXt47DCwWk2COAU1KQUd7T2IHYiqobDYeFN+Nn/eWyjUk9N86ZBoc2LtMoK
BXArYTxbqrP3NV3JvysEmGrVR4wp+wdndmOPNNvjFmY/l5i6rmCqvunmwl9iODmA
uMzPcn3lKs5bbxmbpvOdNy+yCwtoIySRHdGmjaqqKrTvbYyjCtX4/iSPm8WI7j5W
9nl/YsVXydRFZk7exb6T3PJ4jLsZiUepXhgN6Uf2qxG/hsBCTccZbqFuRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9M6SAmP7qArkYlJG5Fd4CHFbCXMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvdjB6cElDWV91b0N1UmlVa2JrVjNnSWNWc0pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RyCMA0G
CSqGSIb3DQEBCwUAA4IBAQAHeUwBszZ3LqmB9QdJeLAICVviUZJ7wQtfYFgy0ehR
kmbhWRFLLzbyasgkCzZs/2oFwWbGCSb24k/8iVOVtR7T+87fhIKyFv01uyxBl1fL
LJSeKPN8A62anDcIUVXXDMyWpHjrMnEXa+HgiLqe76UvZiTvLBeOsvr4aRxYpbL4
ec4AFr0dMXRqt92w5q2ktsmuR5xyk1PyPhORsvCEOBkNkBFQbpBeECSlJvdkhKxE
zqyXFou9WAdaY5RVY4JIf/Ieih2bFpxxVNJlfQ4pD502onxiUUiq1Q8pmg6LNuLy
ApHmFJXbjBXK1/Q7jRdXhrQdWp/bxakEwQV1pn1zL5VZ
-----END CERTIFICATE-----