Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/_I32ouhbcP7uIlgPiXnpN-afsyU.roa
File:                     _I32ouhbcP7uIlgPiXnpN-afsyU.roa (raw, json)
Hash identifier:          esu4xz3AO+6hl9m1YOif9vfWELQmZoJKQSaoLGoeI/s=
Subject key identifier:   FC:8D:F6:A2:E8:5B:70:FE:EE:22:58:0F:89:79:E9:37:E6:9F:B3:25
Certificate issuer:       /CN=0f21b78ce97b0f5fb3d88bf95cfbb08b2fbea8e5
Certificate serial:       019424B39613B4D2B96CEA66D0A42E2F16A5
Authority key identifier: 0F:21:B7:8C:E9:7B:0F:5F:B3:D8:8B:F9:5C:FB:B0:8B:2F:BE:A8:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DyG3jOl7D1-z2Iv5XPuwiy--qOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/_I32ouhbcP7uIlgPiXnpN-afsyU.roa
Signing time:             Thu 02 Jan 2025 01:48:56 +0000
ROA not before:           Thu 02 Jan 2025 01:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     378
IP address blocks:        132.68.0.0/15 maxlen: 15
                          132.68.0.0/16 maxlen: 16
                          132.69.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/DyG3jOl7D1-z2Iv5XPuwiy--qOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/DyG3jOl7D1-z2Iv5XPuwiy--qOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DyG3jOl7D1-z2Iv5XPuwiy--qOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:96:13:b4:d2:b9:6c:ea:66:d0:a4:2e:2f:16:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f21b78ce97b0f5fb3d88bf95cfbb08b2fbea8e5
        Validity
            Not Before: Jan  2 01:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc8df6a2e85b70feee22580f8979e937e69fb325
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:04:84:57:46:63:51:80:06:a5:aa:f3:21:66:
                    7c:d5:bf:42:22:94:0c:1a:cb:d6:3a:c5:50:9e:3c:
                    08:d2:47:90:60:bd:a3:79:45:57:be:7f:00:a7:8b:
                    c5:54:33:ec:53:39:6a:fc:38:c9:c4:89:00:46:70:
                    cb:78:5f:b8:5e:f6:6b:ad:29:b9:16:d0:5e:9f:aa:
                    11:29:e7:25:35:02:66:24:3d:92:22:3e:1c:92:3a:
                    34:2a:f5:5a:f9:2d:c6:3e:3a:52:8e:aa:07:bb:19:
                    aa:e5:cb:cb:86:1c:0c:28:7a:45:99:fa:da:06:13:
                    e8:1a:c1:15:14:2d:e3:83:17:9b:55:45:dc:d5:e6:
                    5c:0c:c2:75:72:0a:10:4d:bc:99:a1:0c:12:2e:ff:
                    ec:a3:80:95:35:a5:e5:3d:7c:70:00:ed:80:71:9b:
                    b9:0f:fa:1a:bc:36:c2:0b:ed:89:2c:45:39:2c:15:
                    8a:e5:72:77:eb:02:88:1f:2b:9e:b0:8d:e2:2d:f7:
                    77:b4:75:1c:48:cb:09:8b:d8:89:83:25:b4:25:68:
                    3a:c6:22:5e:74:fd:f8:85:b6:3e:28:68:c4:1c:11:
                    48:a5:30:ef:7c:98:e1:36:84:d6:1c:d0:27:39:41:
                    60:85:61:1a:eb:2e:71:14:8a:05:67:83:22:b6:fc:
                    d6:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:8D:F6:A2:E8:5B:70:FE:EE:22:58:0F:89:79:E9:37:E6:9F:B3:25
            X509v3 Authority Key Identifier:
                keyid:0F:21:B7:8C:E9:7B:0F:5F:B3:D8:8B:F9:5C:FB:B0:8B:2F:BE:A8:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DyG3jOl7D1-z2Iv5XPuwiy--qOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/_I32ouhbcP7uIlgPiXnpN-afsyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/0f7594-f048-473d-a39a-ddb9e4db98c6/1/DyG3jOl7D1-z2Iv5XPuwiy--qOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.68.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         1d:25:2f:3f:95:8c:db:ff:b1:4a:89:0b:7a:c1:ab:0c:9d:7b:
         39:c3:88:07:fa:88:d9:b2:0f:3c:83:f5:03:19:5b:d3:29:80:
         4f:56:e7:67:bb:e0:f0:ad:b0:9b:11:d3:57:9e:51:af:ed:65:
         0e:94:19:75:16:c3:62:6b:0b:ac:11:69:6c:75:06:52:4f:ee:
         c3:85:05:5f:b4:85:40:55:3e:02:30:5a:93:16:52:c9:20:54:
         6e:19:7f:44:07:b8:73:f5:fe:97:95:ab:73:c2:a2:3a:c9:f9:
         4c:33:55:bb:63:d1:9b:88:3d:0a:c2:7d:9d:78:f6:67:06:52:
         ae:8e:d9:c8:d9:a6:66:70:40:2a:eb:eb:bb:6b:ec:8b:1d:06:
         60:0c:ea:ec:8e:51:f3:7c:92:aa:a9:53:b4:27:b9:2e:9f:87:
         32:27:6e:f1:f8:58:32:2e:a1:cf:19:60:9e:33:9b:d4:3c:76:
         9f:5a:35:3f:a1:b6:28:28:6c:13:c8:d6:0a:30:9c:9f:a5:11:
         95:46:e8:cf:8d:9d:96:bf:70:ce:ec:84:12:38:cc:c2:47:25:
         6e:8d:01:72:3c:ad:3d:f6:a7:45:23:bc:2c:20:a3:16:9c:58:
         d3:63:d0:53:d0:1b:57:15:38:24:e7:67:f4:2e:d5:16:c3:ca:
         91:4c:e9:de
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQks5YTtNK5bOpm0KQuLxalMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMjFiNzhjZTk3YjBmNWZiM2Q4OGJmOTVjZmJiMDhiMmZi
ZWE4ZTUwHhcNMjUwMTAyMDE0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzhkZjZhMmU4NWI3MGZlZWUyMjU4MGY4OTc5ZTkzN2U2OWZiMzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwSEV0ZjUYAGparzIWZ81b9CIpQM
GsvWOsVQnjwI0keQYL2jeUVXvn8Ap4vFVDPsUzlq/DjJxIkARnDLeF+4XvZrrSm5
FtBen6oRKeclNQJmJD2SIj4ckjo0KvVa+S3GPjpSjqoHuxmq5cvLhhwMKHpFmfra
BhPoGsEVFC3jgxebVUXc1eZcDMJ1cgoQTbyZoQwSLv/so4CVNaXlPXxwAO2AcZu5
D/oavDbCC+2JLEU5LBWK5XJ36wKIHyuesI3iLfd3tHUcSMsJi9iJgyW0JWg6xiJe
dP34hbY+KGjEHBFIpTDvfJjhNoTWHNAnOUFghWEa6y5xFIoFZ4MitvzWywIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFPyN9qLoW3D+7iJYD4l56Tfmn7MlMB8GA1UdIwQY
MBaAFA8ht4zpew9fs9iL+Vz7sIsvvqjlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHlHM2pPbDdEMS16Mkl2NVhQdXdpeS0tcU9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8wZjc1OTQtZjA0OC00NzNkLWEzOWEt
ZGRiOWU0ZGI5OGM2LzEvX0kzMm91aGJjUDd1SWxnUGlYbnBOLWFmc3lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8wZjc1OTQtZjA0OC00NzNkLWEzOWEtZGRiOWU0ZGI5OGM2
LzEvRHlHM2pPbDdEMS16Mkl2NVhQdXdpeS0tcU9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBhEQwDQYJ
KoZIhvcNAQELBQADggEBAB0lLz+VjNv/sUqJC3rBqwydeznDiAf6iNmyDzyD9QMZ
W9MpgE9W52e74PCtsJsR01eeUa/tZQ6UGXUWw2JrC6wRaWx1BlJP7sOFBV+0hUBV
PgIwWpMWUskgVG4Zf0QHuHP1/peVq3PCojrJ+UwzVbtj0ZuIPQrCfZ149mcGUq6O
2cjZpmZwQCrr67tr7IsdBmAM6uyOUfN8kqqpU7QnuS6fhzInbvH4WDIuoc8ZYJ4z
m9Q8dp9aNT+htigobBPI1gownJ+lEZVG6M+NnZa/cM7shBI4zMJHJW6NAXI8rT32
p0UjvCwgoxacWNNj0FPQG1cVOCTnZ/Qu1RbDypFM6d4=
-----END CERTIFICATE-----