Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/28-uwfDVLpaahAp5_g4gOqonJRE.roa
File:                     28-uwfDVLpaahAp5_g4gOqonJRE.roa (raw, json)
Hash identifier:          ZiFvqyNcFNQjj1MRiXrgYLhWSDf2EOuub9eyPgFwZ5w=
Subject key identifier:   DB:CF:AE:C1:F0:D5:2E:96:9A:84:0A:79:FE:0E:20:3A:AA:27:25:11
Certificate issuer:       /CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
Certificate serial:       0196C8201F06E412D11A0AF6223A8CE0A44C
Authority key identifier: DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/28-uwfDVLpaahAp5_g4gOqonJRE.roa
Signing time:             Tue 13 May 2025 05:31:10 +0000
ROA not before:           Tue 13 May 2025 05:31:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208046
IP address blocks:        193.142.146.0/24 maxlen: 24
                          2a0f:ca80:1200::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Jun 2025 06:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c8:20:1f:06:e4:12:d1:1a:0a:f6:22:3a:8c:e0:a4:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbe6ab8e0c46e841b44d2b9c6b03bb65f5621db1
        Validity
            Not Before: May 13 05:31:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbcfaec1f0d52e969a840a79fe0e203aaa272511
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:02:d3:72:04:f0:12:8e:54:8d:bf:d7:4c:f9:
                    77:90:57:93:a5:a3:b7:76:e8:93:5c:99:29:10:45:
                    fd:ec:91:83:b0:c4:a8:64:42:18:8c:26:b2:31:46:
                    7a:a2:d2:56:30:e6:15:0c:e0:a7:76:5c:c1:dd:ae:
                    23:31:dc:fc:81:54:03:48:a0:3d:2b:5b:cf:99:ea:
                    85:dc:75:e2:07:a0:34:87:65:be:a6:d6:61:93:b7:
                    0a:17:9b:c9:fe:ac:d3:b6:6b:3e:1d:e7:09:71:ed:
                    84:1b:da:26:3f:af:b8:da:35:b3:a6:d8:52:21:23:
                    3f:e1:63:a0:95:a2:cf:a0:ba:b5:91:ac:e6:89:0c:
                    ba:7e:f2:93:d3:a6:3b:bb:fb:88:44:9a:2e:28:f8:
                    96:03:bd:05:27:b5:4a:a7:b0:9c:f2:10:84:51:f8:
                    4c:d4:2b:84:bf:02:8f:98:7e:d5:ac:56:82:49:76:
                    31:54:f4:c1:65:f6:49:e7:e2:68:d5:6e:f7:90:61:
                    69:71:e1:f3:57:03:e7:ab:c9:e6:fd:8f:5a:47:bc:
                    a7:9b:fb:83:09:76:17:df:c6:75:00:21:1f:89:92:
                    21:17:8f:22:f7:71:5a:58:bd:b6:76:2d:c4:f3:54:
                    f9:f9:e8:46:30:60:a1:ef:89:6d:eb:32:12:5f:4a:
                    d7:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:CF:AE:C1:F0:D5:2E:96:9A:84:0A:79:FE:0E:20:3A:AA:27:25:11
            X509v3 Authority Key Identifier:
                keyid:DB:E6:AB:8E:0C:46:E8:41:B4:4D:2B:9C:6B:03:BB:65:F5:62:1D:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2-arjgxG6EG0TSucawO7ZfViHbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/28-uwfDVLpaahAp5_g4gOqonJRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/96436c-f6fa-40ba-a27c-fb1030651067/1/2-arjgxG6EG0TSucawO7ZfViHbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.146.0/24
                IPv6:
                  2a0f:ca80:1200::/40

    Signature Algorithm: sha256WithRSAEncryption
         23:f6:8d:0a:74:6a:cd:61:4b:1e:b5:76:31:e7:ae:42:04:c9:
         06:89:0f:f7:78:20:5f:98:05:6a:af:61:ce:ff:fb:61:b0:63:
         23:91:26:72:1a:80:e9:27:1a:29:07:29:a6:01:57:09:5f:a8:
         b3:0e:e7:07:51:35:82:34:4e:ee:6a:79:47:ba:c4:98:e3:65:
         c7:fc:77:46:74:40:9c:90:fc:4c:c5:e0:6f:d7:b6:3b:ee:89:
         9a:cb:64:ba:39:4f:52:6e:d6:8f:52:d3:43:f0:98:3c:95:f3:
         a3:dd:18:11:f0:9c:cd:bf:45:3a:e3:1d:4c:cb:85:9b:16:87:
         5c:df:34:5b:37:8c:52:bc:fb:be:2b:59:f4:a1:e6:47:89:c0:
         94:39:66:80:30:84:06:a3:97:66:f3:df:52:1c:8b:81:b9:2c:
         6d:3a:e3:d3:b7:eb:65:c1:3f:7a:8f:d4:70:c0:c1:1d:48:a7:
         4e:3f:ce:77:ae:35:80:45:45:5e:6a:6e:19:31:35:d5:c3:83:
         05:cd:c2:16:06:22:49:f1:ee:b4:35:07:1e:52:74:90:e2:60:
         03:03:0a:cb:07:a7:f9:f0:1e:12:9b:b7:5d:c7:ee:b4:7a:3e:
         75:68:7c:99:0c:2c:fb:8b:19:aa:3f:da:81:3b:c9:1f:da:68:
         70:b6:7b:ce
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZbIIB8G5BLRGgr2IjqM4KRMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZTZhYjhlMGM0NmU4NDFiNDRkMmI5YzZiMDNiYjY1ZjU2
MjFkYjEwHhcNMjUwNTEzMDUzMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmNmYWVjMWYwZDUyZTk2OWE4NDBhNzlmZTBlMjAzYWFhMjcyNTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4gLTcgTwEo5Ujb/XTPl3kFeTpaO3
duiTXJkpEEX97JGDsMSoZEIYjCayMUZ6otJWMOYVDOCndlzB3a4jMdz8gVQDSKA9
K1vPmeqF3HXiB6A0h2W+ptZhk7cKF5vJ/qzTtms+HecJce2EG9omP6+42jWzpthS
ISM/4WOglaLPoLq1kazmiQy6fvKT06Y7u/uIRJouKPiWA70FJ7VKp7Cc8hCEUfhM
1CuEvwKPmH7VrFaCSXYxVPTBZfZJ5+Jo1W73kGFpceHzVwPnq8nm/Y9aR7ynm/uD
CXYX38Z1ACEfiZIhF48i93FaWL22di3E81T5+ehGMGCh74lt6zISX0rXpQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFNvPrsHw1S6WmoQKef4OIDqqJyURMB8GA1UdIwQY
MBaAFNvmq44MRuhBtE0rnGsDu2X1Yh2xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2Mt
ZmIxMDMwNjUxMDY3LzEvMjgtdXdmRFZMcGFhaEFwNV9nNGdPcW9uSlJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS85NjQzNmMtZjZmYS00MGJhLWEyN2MtZmIxMDMwNjUxMDY3
LzEvMi1hcmpneEc2RUcwVFN1Y2F3TzdaZlZpSGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAwY6SMA4E
AgACMAgDBgAqD8qAEjANBgkqhkiG9w0BAQsFAAOCAQEAI/aNCnRqzWFLHrV2Meeu
QgTJBokP93ggX5gFaq9hzv/7YbBjI5EmchqA6ScaKQcppgFXCV+osw7nB1E1gjRO
7mp5R7rEmONlx/x3RnRAnJD8TMXgb9e2O+6JmstkujlPUm7Wj1LTQ/CYPJXzo90Y
EfCczb9FOuMdTMuFmxaHXN80WzeMUrz7vitZ9KHmR4nAlDlmgDCEBqOXZvPfUhyL
gbksbTrj07frZcE/eo/UcMDBHUinTj/Od641gEVFXmpuGTE11cODBc3CFgYiSfHu
tDUHHlJ0kOJgAwMKywen+fAeEpu3XcfutHo+dWh8mQws+4sZqj/agTvJH9pocLZ7
zg==
-----END CERTIFICATE-----