Route Origin Authorization

$ rpki-client -vvf rpki.services.vm.a-x1.w420.net/repo/warpnet/0/326130343a356138303a3a2f32392d3332203d3e20313939393138.roa
File:                     326130343a356138303a3a2f32392d3332203d3e20313939393138.roa (raw, json)
Hash identifier:          m3+C29M3MzZ9IgcgbROMKjFIE1YcZVhOKqKmBShd7Vo=
Subject key identifier:   00:19:44:48:53:C2:29:18:15:2E:7F:F4:BA:35:88:4F:73:58:D1:15
Certificate issuer:       /CN=0a0c8a94d3bc04c23ceea78a10cf218f1bf0ec79
Certificate serial:       49D05B8498CD974A8851C6AE52D6738CC02F0A39
Authority key identifier: 0A:0C:8A:94:D3:BC:04:C2:3C:EE:A7:8A:10:CF:21:8F:1B:F0:EC:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CgyKlNO8BMI87qeKEM8hjxvw7Hk.cer
Subject info access:      rsync://rpki.services.vm.a-x1.w420.net/repo/warpnet/0/326130343a356138303a3a2f32392d3332203d3e20313939393138.roa
Signing time:             Sat 09 Mar 2024 10:53:03 +0000
ROA not before:           Sat 09 Mar 2024 10:48:03 +0000
ROA not after:            Sat 08 Mar 2025 10:53:03 +0000
asID:                     199918
IP address blocks:        2a04:5a80::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.services.vm.a-x1.w420.net/repo/warpnet/0/0A0C8A94D3BC04C23CEEA78A10CF218F1BF0EC79.crl
                          rsync://rpki.services.vm.a-x1.w420.net/repo/warpnet/0/0A0C8A94D3BC04C23CEEA78A10CF218F1BF0EC79.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CgyKlNO8BMI87qeKEM8hjxvw7Hk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:d0:5b:84:98:cd:97:4a:88:51:c6:ae:52:d6:73:8c:c0:2f:0a:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a0c8a94d3bc04c23ceea78a10cf218f1bf0ec79
        Validity
            Not Before: Mar  9 10:48:03 2024 GMT
            Not After : Mar  8 10:53:03 2025 GMT
        Subject: CN=0019444853C22918152E7FF4BA35884F7358D115
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:14:48:4c:1a:29:6b:b3:4b:11:09:f6:8f:ce:
                    5e:02:a2:1a:6c:21:f8:2f:0b:e7:30:b7:ab:49:8a:
                    b3:0d:90:4e:b4:ab:f1:6f:9a:fe:b0:a3:e5:c2:c6:
                    6c:67:f8:20:5e:99:40:40:79:46:a0:93:3f:3b:2d:
                    a7:c7:01:8f:72:04:dc:d9:1e:f4:ed:59:71:4e:3a:
                    cc:e0:ff:4b:0d:ef:3c:c7:5e:44:94:92:99:63:47:
                    95:7f:cc:2b:62:b8:1c:20:81:dd:45:68:60:ba:66:
                    c3:fb:bd:92:a6:a9:db:af:68:b6:f7:52:e0:06:dd:
                    f6:81:68:e6:25:0f:4e:c3:5d:51:fd:ea:3e:84:be:
                    ad:2e:b9:a4:fa:51:48:9c:4d:d5:34:71:e5:50:58:
                    75:b2:12:ef:db:5f:bc:0f:4a:c7:36:93:1c:b3:69:
                    6e:03:5e:22:49:17:c7:ae:77:44:0d:24:f0:70:fd:
                    15:f8:90:93:78:74:8c:8e:7e:d3:c1:e3:f2:0c:8a:
                    84:2e:ae:9a:3b:87:c0:95:1b:db:7f:8e:5c:d8:45:
                    21:c3:c5:64:4f:c1:41:33:00:cd:dd:4f:e1:7c:10:
                    2d:b0:0e:40:23:af:cf:42:9c:19:29:ae:c8:14:00:
                    96:b8:5f:fd:7b:68:50:56:40:74:5a:c4:14:fe:03:
                    20:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:19:44:48:53:C2:29:18:15:2E:7F:F4:BA:35:88:4F:73:58:D1:15
            X509v3 Authority Key Identifier:
                keyid:0A:0C:8A:94:D3:BC:04:C2:3C:EE:A7:8A:10:CF:21:8F:1B:F0:EC:79

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.services.vm.a-x1.w420.net/repo/warpnet/0/0A0C8A94D3BC04C23CEEA78A10CF218F1BF0EC79.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CgyKlNO8BMI87qeKEM8hjxvw7Hk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.services.vm.a-x1.w420.net/repo/warpnet/0/326130343a356138303a3a2f32392d3332203d3e20313939393138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:5a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         8f:77:64:a2:60:bf:d1:da:1e:c4:26:11:59:a4:25:53:46:dc:
         a0:1e:b0:ec:70:5b:f3:fd:ec:72:f8:8f:93:d3:94:b9:c9:39:
         c3:05:30:68:b3:51:8f:14:2d:84:38:2a:02:24:ba:13:fe:35:
         05:be:49:ea:49:49:ce:11:2e:24:d7:29:c6:25:16:4a:32:d8:
         b0:cc:b5:91:33:e3:65:8e:0c:38:d6:c2:20:79:c0:94:73:c5:
         b2:2c:45:74:de:a3:c6:1d:88:58:f6:11:0f:84:8f:ad:ba:5f:
         44:74:15:cc:b4:47:b8:60:b2:13:1d:32:2c:af:9a:c5:81:a4:
         b7:ba:77:de:1b:3a:1b:ff:ff:45:dd:38:01:ea:df:09:a6:42:
         e0:b9:42:3f:0e:e5:2a:3e:ed:db:da:5a:a2:5a:16:da:b9:90:
         90:ac:50:a2:00:20:4b:7b:15:84:67:ad:08:b2:39:ac:08:11:
         5b:46:d5:ab:55:64:2c:e0:e7:99:3f:f5:6b:51:b7:b9:a6:b0:
         13:2a:0d:01:03:46:a0:c1:8b:34:07:81:fe:68:24:4c:bb:b7:
         84:7e:0a:36:19:07:fc:56:96:36:e9:88:cb:fd:09:9a:70:d7:
         71:61:70:8c:a5:57:00:3f:22:08:ba:14:70:bd:84:8d:b3:f5:
         69:69:2c:90
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUSdBbhJjNl0qIUcauUtZzjMAvCjkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGEwYzhhOTRkM2JjMDRjMjNjZWVhNzhhMTBjZjIxOGYx
YmYwZWM3OTAeFw0yNDAzMDkxMDQ4MDNaFw0yNTAzMDgxMDUzMDNaMDMxMTAvBgNV
BAMTKDAwMTk0NDQ4NTNDMjI5MTgxNTJFN0ZGNEJBMzU4ODRGNzM1OEQxMTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNFEhMGilrs0sRCfaPzl4Cohps
IfgvC+cwt6tJirMNkE60q/Fvmv6wo+XCxmxn+CBemUBAeUagkz87LafHAY9yBNzZ
HvTtWXFOOszg/0sN7zzHXkSUkpljR5V/zCtiuBwggd1FaGC6ZsP7vZKmqduvaLb3
UuAG3faBaOYlD07DXVH96j6Evq0uuaT6UUicTdU0ceVQWHWyEu/bX7wPSsc2kxyz
aW4DXiJJF8eud0QNJPBw/RX4kJN4dIyOftPB4/IMioQurpo7h8CVG9t/jlzYRSHD
xWRPwUEzAM3dT+F8EC2wDkAjr89CnBkprsgUAJa4X/17aFBWQHRaxBT+AyCZAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUABlESFPCKRgVLn/0ujWIT3NY0RUwHwYDVR0j
BBgwFoAUCgyKlNO8BMI87qeKEM8hjxvw7HkwDgYDVR0PAQH/BAQDAgeAMHMGA1Ud
HwRsMGowaKBmoGSGYnJzeW5jOi8vcnBraS5zZXJ2aWNlcy52bS5hLXgxLnc0MjAu
bmV0L3JlcG8vd2FycG5ldC8wLzBBMEM4QTk0RDNCQzA0QzIzQ0VFQTc4QTEwQ0Yy
MThGMUJGMEVDNzkuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5
bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9DZ3lLbE5POEJN
STg3cWVLRU04aGp4dnc3SGsuY2VyMIGNBggrBgEFBQcBCwSBgDB+MHwGCCsGAQUF
BzALhnByc3luYzovL3Jwa2kuc2VydmljZXMudm0uYS14MS53NDIwLm5ldC9yZXBv
L3dhcnBuZXQvMC8zMjYxMzAzNDNhMzU2MTM4MzAzYTNhMmYzMjM5MmQzMzMyMjAz
ZDNlMjAzMTM5MzkzOTMxMzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
IAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqBFqAMA0GCSqGSIb3DQEBCwUA
A4IBAQCPd2SiYL/R2h7EJhFZpCVTRtygHrDscFvz/exy+I+T05S5yTnDBTBos1GP
FC2EOCoCJLoT/jUFvknqSUnOES4k1ynGJRZKMtiwzLWRM+Nljgw41sIgecCUc8Wy
LEV03qPGHYhY9hEPhI+tul9EdBXMtEe4YLITHTIsr5rFgaS3unfeGzob//9F3TgB
6t8JpkLguUI/DuUqPu3b2lqiWhbauZCQrFCiACBLexWEZ60IsjmsCBFbRtWrVWQs
4OeZP/VrUbe5prATKg0BA0agwYs0B4H+aCRMu7eEfgo2GQf8VpY26YjL/QmacNdx
YXCMpVcAPyIIuhRwvYSNs/VpaSyQ
-----END CERTIFICATE-----