Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/VxlSINAvzR7Ob8VDOvKk6eIIQew.roa
File:                     VxlSINAvzR7Ob8VDOvKk6eIIQew.roa (raw, json)
Hash identifier:          koUF1RbQB0Zda5jZQx97Sz3V0CRxz+rdKz7e6asENTg=
Subject key identifier:   57:19:52:20:D0:2F:CD:1E:CE:6F:C5:43:3A:F2:A4:E9:E2:08:41:EC
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DACC1CF3BBAE1162FF6E6269EEA7D7
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/VxlSINAvzR7Ob8VDOvKk6eIIQew.roa
Signing time:             Mon 01 Jan 2024 02:29:28 +0000
ROA not before:           Mon 01 Jan 2024 02:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202345
IP address blocks:        194.147.116.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:cc:1c:f3:bb:ae:11:62:ff:6e:62:69:ee:a7:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57195220d02fcd1ece6fc5433af2a4e9e20841ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5b:0c:17:8a:68:0c:fb:c8:26:5d:34:f6:5b:
                    f6:e2:80:db:51:a5:53:af:97:4d:e6:6d:e8:6a:ea:
                    8b:4c:55:44:d5:7e:e0:fe:3a:ec:be:7d:42:5e:c1:
                    c0:65:71:75:1b:00:43:c0:4b:3e:3b:1f:cc:49:66:
                    1f:24:7e:71:25:d9:6c:bf:9f:2b:7d:ae:b2:b0:ce:
                    64:36:0a:3f:5d:a1:f7:2d:89:25:c1:bf:07:38:a3:
                    74:9e:ce:f7:1d:5a:3f:de:77:bb:72:c4:d1:4e:0d:
                    a5:90:96:39:d3:d9:f1:1a:d2:59:d1:d2:bf:8a:a4:
                    44:90:49:27:81:04:ee:af:8e:8a:60:cd:ef:34:f5:
                    ed:8a:15:34:8a:81:58:01:8b:b9:ba:08:9b:b7:1f:
                    01:ca:a2:6c:58:86:a1:5f:cc:1b:58:50:92:65:b8:
                    71:a0:0b:53:47:82:f3:89:02:ac:08:ed:4c:ea:af:
                    a4:b5:7d:32:db:d4:83:b5:a3:ba:c8:42:6f:6f:25:
                    2d:4a:90:1f:6b:e2:60:ef:fc:20:8f:69:f9:af:bd:
                    fe:d9:d7:f5:8a:7e:69:b0:3a:15:83:df:5e:d7:06:
                    9c:d4:ff:c8:f1:9b:96:b9:ff:bf:e6:14:31:66:b3:
                    4d:ca:b2:14:47:83:56:66:72:ee:96:65:16:91:29:
                    c4:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:19:52:20:D0:2F:CD:1E:CE:6F:C5:43:3A:F2:A4:E9:E2:08:41:EC
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/VxlSINAvzR7Ob8VDOvKk6eIIQew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:27:31:3d:ee:a7:63:78:e4:bc:e5:b6:c1:85:61:c3:d4:92:
         a1:58:16:15:40:2c:ca:a4:f6:be:ba:00:ac:6c:53:bd:22:88:
         c9:11:e1:d9:b0:5b:07:22:69:9a:2f:24:4d:23:af:22:5a:be:
         61:f5:36:44:1c:04:54:07:c5:bd:45:12:69:3a:c1:b4:72:1b:
         bb:f1:db:6d:8d:7d:ed:79:16:c5:e6:2d:98:28:0c:16:50:44:
         f4:20:cf:f0:e1:fe:15:39:bb:03:99:d5:c2:57:e1:5c:63:42:
         69:b5:91:ee:81:24:fe:ec:56:f7:be:2a:ab:3b:28:6b:fd:81:
         66:36:27:23:35:ff:e2:cf:80:9b:29:93:5f:98:73:7c:2a:ff:
         87:16:88:f1:e7:1a:da:bb:f6:4a:34:bf:42:ce:06:ff:3c:39:
         f0:9f:db:86:57:e0:6f:df:43:3a:a0:90:0a:9d:2a:20:de:b9:
         fc:a4:65:c6:e7:46:3e:f3:04:14:b9:c1:c8:24:54:6d:2b:fc:
         c5:c4:ed:39:f0:ec:8c:1b:e9:3b:25:0d:4d:0f:3c:f6:32:7c:
         28:cf:e3:3a:77:01:e9:6b:f3:43:d8:34:5a:dd:9d:6f:af:81:
         9c:52:fe:71:fa:62:50:a4:70:07:61:32:c3:81:a8:df:d6:c3:
         c8:7c:c4:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2swc87uuEWL/bmJp7qfXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzE5NTIyMGQwMmZjZDFlY2U2ZmM1NDMzYWYyYTRlOWUyMDg0MWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFsMF4poDPvIJl009lv24oDbUaVT
r5dN5m3oauqLTFVE1X7g/jrsvn1CXsHAZXF1GwBDwEs+Ox/MSWYfJH5xJdlsv58r
fa6ysM5kNgo/XaH3LYklwb8HOKN0ns73HVo/3ne7csTRTg2lkJY509nxGtJZ0dK/
iqREkEkngQTur46KYM3vNPXtihU0ioFYAYu5ugibtx8ByqJsWIahX8wbWFCSZbhx
oAtTR4LziQKsCO1M6q+ktX0y29SDtaO6yEJvbyUtSpAfa+Jg7/wgj2n5r73+2df1
in5psDoVg99e1wac1P/I8ZuWuf+/5hQxZrNNyrIUR4NWZnLulmUWkSnEJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFcZUiDQL80ezm/FQzrypOniCEHsMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvVnhsU0lOQXZ6UjdPYjhWRE92S2s2ZUlJUWV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwpN0MA0G
CSqGSIb3DQEBCwUAA4IBAQBNJzE97qdjeOS85bbBhWHD1JKhWBYVQCzKpPa+ugCs
bFO9IojJEeHZsFsHImmaLyRNI68iWr5h9TZEHARUB8W9RRJpOsG0chu78dttjX3t
eRbF5i2YKAwWUET0IM/w4f4VObsDmdXCV+FcY0JptZHugST+7Fb3viqrOyhr/YFm
NicjNf/iz4CbKZNfmHN8Kv+HFojx5xrau/ZKNL9Czgb/PDnwn9uGV+Bv30M6oJAK
nSog3rn8pGXG50Y+8wQUucHIJFRtK/zFxO058OyMG+k7JQ1NDzz2Mnwoz+M6dwHp
a/ND2DRa3Z1vr4GcUv5x+mJQpHAHYTLDgajf1sPIfMT9
-----END CERTIFICATE-----