Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/649e81-cca2-404c-98a5-962758a3d5ea/1/VJejrkbQcGz8ZtoJmN8x1bw4bkc.roa
File:                     VJejrkbQcGz8ZtoJmN8x1bw4bkc.roa (raw, json)
Hash identifier:          fTHkpU+4ZrTAo/sH1aFITBDz8Ocuvc9wBymMbgUJLms=
Subject key identifier:   54:97:A3:AE:46:D0:70:6C:FC:66:DA:09:98:DF:31:D5:BC:38:6E:47
Certificate issuer:       /CN=ca01df493936a62e2ec9a9805a8fa36b8335bd50
Certificate serial:       0194266C056131B5D5604E96104F5ABA3313
Authority key identifier: CA:01:DF:49:39:36:A6:2E:2E:C9:A9:80:5A:8F:A3:6B:83:35:BD:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ygHfSTk2pi4uyamAWo-ja4M1vVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/649e81-cca2-404c-98a5-962758a3d5ea/1/VJejrkbQcGz8ZtoJmN8x1bw4bkc.roa
Signing time:             Thu 02 Jan 2025 09:50:00 +0000
ROA not before:           Thu 02 Jan 2025 09:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56407
IP address blocks:        188.190.128.0/21 maxlen: 21
                          188.190.136.0/21 maxlen: 21
                          188.190.144.0/21 maxlen: 21
                          188.190.152.0/22 maxlen: 22
                          188.190.156.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/649e81-cca2-404c-98a5-962758a3d5ea/1/ygHfSTk2pi4uyamAWo-ja4M1vVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/649e81-cca2-404c-98a5-962758a3d5ea/1/ygHfSTk2pi4uyamAWo-ja4M1vVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ygHfSTk2pi4uyamAWo-ja4M1vVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:05:61:31:b5:d5:60:4e:96:10:4f:5a:ba:33:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca01df493936a62e2ec9a9805a8fa36b8335bd50
        Validity
            Not Before: Jan  2 09:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5497a3ae46d0706cfc66da0998df31d5bc386e47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:8f:d1:d1:6d:b6:7f:9a:f1:6c:11:1e:ba:eb:
                    2d:68:4b:80:56:e0:f5:0c:e7:fb:aa:d7:11:99:47:
                    22:ef:81:ef:fe:08:2c:26:40:98:b1:6c:ce:22:a7:
                    f8:d8:af:1f:c6:31:02:a2:0a:f5:d3:3e:9f:3b:aa:
                    03:e7:cb:3d:32:60:93:29:c7:21:42:b5:9f:5e:41:
                    fe:d2:aa:1f:88:0f:55:59:21:e7:05:4f:cd:21:f3:
                    97:26:c6:1c:86:34:40:4d:f5:ea:70:1b:73:20:3e:
                    26:c2:b5:3a:4e:38:50:8e:87:a6:32:3d:e4:41:36:
                    3b:b8:18:37:46:df:fa:c3:c6:fd:64:53:75:41:52:
                    d2:99:54:cc:4c:44:cf:aa:6f:0e:1b:ee:3c:92:c1:
                    24:95:3f:07:dd:67:a9:6a:5a:07:3b:74:c8:7a:47:
                    9a:17:f5:ff:3d:26:8b:2f:20:cc:7f:87:21:47:3f:
                    65:31:c9:a1:88:eb:c4:6f:3f:07:bd:a9:73:51:8d:
                    65:da:5e:49:cd:ae:f8:ba:86:64:7c:54:40:be:5c:
                    82:bc:30:be:e2:0f:78:1e:40:81:7f:0a:40:e0:b5:
                    6b:a6:31:28:27:02:9d:39:bf:f6:bf:b2:c4:f8:d9:
                    9f:86:bc:25:89:0e:d9:c8:7f:52:ad:28:2b:d7:5a:
                    16:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:97:A3:AE:46:D0:70:6C:FC:66:DA:09:98:DF:31:D5:BC:38:6E:47
            X509v3 Authority Key Identifier:
                keyid:CA:01:DF:49:39:36:A6:2E:2E:C9:A9:80:5A:8F:A3:6B:83:35:BD:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ygHfSTk2pi4uyamAWo-ja4M1vVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/649e81-cca2-404c-98a5-962758a3d5ea/1/VJejrkbQcGz8ZtoJmN8x1bw4bkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/649e81-cca2-404c-98a5-962758a3d5ea/1/ygHfSTk2pi4uyamAWo-ja4M1vVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.190.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         17:1d:40:28:f0:8d:9a:31:03:4b:2e:00:ee:e0:95:c2:42:61:
         e2:ac:1b:86:66:af:6f:7d:11:8d:8f:72:54:33:fa:e6:68:b7:
         67:9f:7a:da:46:ce:ff:f4:1b:f8:0a:23:73:b9:a1:7b:1b:07:
         c8:e4:16:92:85:f5:df:7c:60:55:a7:b3:c4:7b:5f:35:61:2f:
         bf:fd:c5:b2:75:0c:59:43:54:54:7c:1f:ed:20:84:dc:a0:b3:
         89:07:8c:4a:6b:d5:39:6e:50:02:67:44:73:f4:c2:9b:80:59:
         a1:47:59:6c:c6:34:3f:43:05:e3:dd:9d:a8:f3:ed:5e:a3:7d:
         cc:e1:8b:27:ee:fe:2a:25:f4:a2:a2:7d:73:c5:63:76:4f:e2:
         30:3b:83:a0:87:4e:98:64:fc:f8:99:73:e7:13:b7:1a:a9:ae:
         34:c4:ea:36:64:03:3a:6c:15:92:c2:13:b9:be:c1:c1:25:20:
         d7:33:19:38:b3:95:33:15:e0:53:05:ad:50:2f:4e:89:94:c8:
         99:57:85:32:3b:0a:6a:67:b1:ac:70:81:d7:f5:b5:77:88:1c:
         d4:14:a7:b9:41:75:a5:51:2d:f3:f1:0e:05:ed:41:4f:a1:9a:
         cb:28:b6:c1:77:30:af:82:04:79:09:94:86:2f:74:b0:f2:17:
         de:a9:82:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbAVhMbXVYE6WEE9aujMTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhMDFkZjQ5MzkzNmE2MmUyZWM5YTk4MDVhOGZhMzZiODMz
NWJkNTAwHhcNMjUwMTAyMDk1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDk3YTNhZTQ2ZDA3MDZjZmM2NmRhMDk5OGRmMzFkNWJjMzg2ZTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Y/R0W22f5rxbBEeuustaEuAVuD1
DOf7qtcRmUci74Hv/ggsJkCYsWzOIqf42K8fxjECogr10z6fO6oD58s9MmCTKcch
QrWfXkH+0qofiA9VWSHnBU/NIfOXJsYchjRATfXqcBtzID4mwrU6TjhQjoemMj3k
QTY7uBg3Rt/6w8b9ZFN1QVLSmVTMTETPqm8OG+48ksEklT8H3WepaloHO3TIekea
F/X/PSaLLyDMf4chRz9lMcmhiOvEbz8HvalzUY1l2l5Jza74uoZkfFRAvlyCvDC+
4g94HkCBfwpA4LVrpjEoJwKdOb/2v7LE+NmfhrwliQ7ZyH9SrSgr11oWowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFSXo65G0HBs/GbaCZjfMdW8OG5HMB8GA1UdIwQY
MBaAFMoB30k5NqYuLsmpgFqPo2uDNb1QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWdIZlNUazJwaTR1eWFtQVdvLWphNE0xdlZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC82NDllODEtY2NhMi00MDRjLTk4YTUt
OTYyNzU4YTNkNWVhLzEvVkplanJrYlFjR3o4WnRvSm1OOHgxYnc0YmtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC82NDllODEtY2NhMi00MDRjLTk4YTUtOTYyNzU4YTNkNWVh
LzEveWdIZlNUazJwaTR1eWFtQVdvLWphNE0xdlZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFvL6AMA0G
CSqGSIb3DQEBCwUAA4IBAQAXHUAo8I2aMQNLLgDu4JXCQmHirBuGZq9vfRGNj3JU
M/rmaLdnn3raRs7/9Bv4CiNzuaF7GwfI5BaShfXffGBVp7PEe181YS+//cWydQxZ
Q1RUfB/tIITcoLOJB4xKa9U5blACZ0Rz9MKbgFmhR1lsxjQ/QwXj3Z2o8+1eo33M
4Ysn7v4qJfSion1zxWN2T+IwO4Ogh06YZPz4mXPnE7caqa40xOo2ZAM6bBWSwhO5
vsHBJSDXMxk4s5UzFeBTBa1QL06JlMiZV4UyOwpqZ7GscIHX9bV3iBzUFKe5QXWl
US3z8Q4F7UFPoZrLKLbBdzCvggR5CZSGL3Sw8hfeqYLP
-----END CERTIFICATE-----