Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/1-plAfPR9hNnnecfc8X8KKi05vB4.roa
File:                     1-plAfPR9hNnnecfc8X8KKi05vB4.roa (raw, json)
Hash identifier:          C34E6i2Q7QrCSM3y1JebqmW8tFbqJmx63iqzs7sJjfo=
Subject key identifier:   FA:99:40:7C:F4:7D:84:D9:E7:79:C7:DC:F1:7F:0A:2A:2D:39:BC:1E
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       0196831D316BCC6E8A89AF583D8E3443B840
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/1-plAfPR9hNnnecfc8X8KKi05vB4.roa
Signing time:             Tue 29 Apr 2025 19:54:10 +0000
ROA not before:           Tue 29 Apr 2025 19:54:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47447
IP address blocks:        188.209.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 12:58:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:83:1d:31:6b:cc:6e:8a:89:af:58:3d:8e:34:43:b8:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Apr 29 19:54:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa99407cf47d84d9e779c7dcf17f0a2a2d39bc1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:70:b4:65:d6:f3:07:70:73:32:b0:79:5e:f3:
                    c7:76:69:9e:2b:12:5d:1a:68:43:d3:01:c8:c3:67:
                    26:a6:77:68:a6:86:d2:ed:97:56:c2:c1:ed:ba:10:
                    25:ef:d3:e4:1e:49:f8:e5:5f:8e:fb:dc:60:de:aa:
                    4b:a2:e9:d8:f4:8f:73:9b:21:f4:8d:66:fe:92:55:
                    9f:03:18:34:37:9a:15:73:78:d7:55:1a:cc:80:98:
                    e7:d3:f7:c1:d8:5d:4a:61:a5:c6:16:10:0e:62:e9:
                    0f:01:d8:3b:9d:38:66:7c:10:fa:71:94:b2:a0:25:
                    dc:9a:91:ca:9a:bd:2a:6e:be:de:83:57:3f:51:2d:
                    4a:df:f9:e6:6f:fd:c8:9c:66:56:ed:e0:06:2b:04:
                    1c:93:12:22:96:46:4f:46:ee:64:f8:2c:ec:41:71:
                    f1:6a:b1:78:2d:3d:1a:1e:9f:de:7b:7e:7c:7b:b5:
                    54:a2:4d:57:63:92:24:aa:49:e0:08:62:52:e6:f9:
                    70:f2:84:9d:d0:29:fa:ff:d7:03:84:5b:11:75:7e:
                    2e:90:7a:9e:48:ac:ae:04:1a:7f:70:fa:7e:61:98:
                    ee:54:df:ed:11:b3:99:21:2f:8c:ba:0f:a8:76:f6:
                    1b:3a:aa:ef:83:9d:1b:bd:56:ed:dc:4c:b2:f2:9f:
                    44:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:99:40:7C:F4:7D:84:D9:E7:79:C7:DC:F1:7F:0A:2A:2D:39:BC:1E
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/1-plAfPR9hNnnecfc8X8KKi05vB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:05:78:32:5c:7d:61:30:95:b1:a4:66:1a:5e:12:dc:30:fc:
         0b:79:00:d8:6a:e8:59:30:35:b0:fe:c6:cf:bb:83:46:6f:8c:
         55:67:b5:4d:84:92:9a:a2:31:7c:90:28:d9:a7:7b:85:8e:e1:
         21:89:59:da:c8:95:2b:3c:a6:3a:38:1d:dd:ba:21:53:f6:2e:
         6f:d7:88:fe:65:56:37:63:be:9a:df:06:1a:94:a9:61:a5:82:
         bc:d6:cb:bd:b8:44:71:f5:87:d3:89:03:db:ab:a8:da:41:6c:
         42:80:7a:5e:42:0a:a5:79:9e:e3:a2:c9:84:69:60:1d:de:f8:
         8c:8b:50:c5:d9:59:ac:a5:ab:81:f2:4f:11:db:c5:98:2b:6b:
         75:bd:1f:5b:e8:10:08:ed:46:75:cb:e1:84:16:7b:56:e5:b9:
         09:2a:e6:84:80:24:e4:e4:2b:f7:8a:14:f3:72:01:94:c4:3b:
         54:5d:a3:b4:6f:fb:9a:cc:d0:be:85:c9:09:85:12:9c:37:61:
         e7:83:57:43:9e:76:79:46:5a:8c:5f:4a:d2:21:dc:5c:d5:86:
         d3:57:6f:2f:c0:19:88:e8:49:4b:a4:2a:5a:e2:41:ec:01:f4:
         4b:48:36:b5:ce:9f:6d:bf:20:f3:94:25:42:ba:b0:8f:e4:52:
         10:a9:8e:cb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZaDHTFrzG6Kia9YPY40Q7hAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUwNDI5MTk1NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTk5NDA3Y2Y0N2Q4NGQ5ZTc3OWM3ZGNmMTdmMGEyYTJkMzliYzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHC0ZdbzB3BzMrB5XvPHdmmeKxJd
GmhD0wHIw2cmpndopobS7ZdWwsHtuhAl79PkHkn45V+O+9xg3qpLounY9I9zmyH0
jWb+klWfAxg0N5oVc3jXVRrMgJjn0/fB2F1KYaXGFhAOYukPAdg7nThmfBD6cZSy
oCXcmpHKmr0qbr7eg1c/US1K3/nmb/3InGZW7eAGKwQckxIilkZPRu5k+CzsQXHx
arF4LT0aHp/ee358e7VUok1XY5IkqkngCGJS5vlw8oSd0Cn6/9cDhFsRdX4ukHqe
SKyuBBp/cPp+YZjuVN/tEbOZIS+Mug+odvYbOqrvg50bvVbt3Eyy8p9EhQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPqZQHz0fYTZ53nH3PF/CiotObweMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvMS1wbEFmUFI5aE5ubmVjZmM4WDhLS2kwNXZCNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTAvMzk1MzI4LWY0NjEtNDRiNy1iMDMxLTNmOGI1NWRhMWFj
NC8xL0JSOHBSaTU2ZmFmclgwWGFlSFB4VGtBXzQ2cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALzRhTAN
BgkqhkiG9w0BAQsFAAOCAQEAMAV4Mlx9YTCVsaRmGl4S3DD8C3kA2GroWTA1sP7G
z7uDRm+MVWe1TYSSmqIxfJAo2ad7hY7hIYlZ2siVKzymOjgd3bohU/Yub9eI/mVW
N2O+mt8GGpSpYaWCvNbLvbhEcfWH04kD26uo2kFsQoB6XkIKpXme46LJhGlgHd74
jItQxdlZrKWrgfJPEdvFmCtrdb0fW+gQCO1GdcvhhBZ7VuW5CSrmhIAk5OQr94oU
83IBlMQ7VF2jtG/7mszQvoXJCYUSnDdh54NXQ552eUZajF9K0iHcXNWG01dvL8AZ
iOhJS6QqWuJB7AH0S0g2tc6fbb8g85QlQrqwj+RSEKmOyw==
-----END CERTIFICATE-----