Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/c30740-bc9e-4ffe-ad74-2a464091356b/1/VUIS3dckNr0Kh1Z6hZLO0YNZ4g4.roa
File:                     VUIS3dckNr0Kh1Z6hZLO0YNZ4g4.roa (raw, json)
Hash identifier:          aYI+W1bfXl98I8N9jO+WeobvU+Z0j8a9IrQSBqb8MBY=
Subject key identifier:   55:42:12:DD:D7:24:36:BD:0A:87:56:7A:85:92:CE:D1:83:59:E2:0E
Certificate issuer:       /CN=06a9fa8485ff0f4b85c7d4ef478f986093d9eccb
Certificate serial:       0197A8A8299BDE4B3EAF47FC05476E9B8F61
Authority key identifier: 06:A9:FA:84:85:FF:0F:4B:85:C7:D4:EF:47:8F:98:60:93:D9:EC:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bqn6hIX_D0uFx9TvR4-YYJPZ7Ms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/c30740-bc9e-4ffe-ad74-2a464091356b/1/VUIS3dckNr0Kh1Z6hZLO0YNZ4g4.roa
Signing time:             Wed 25 Jun 2025 19:54:42 +0000
ROA not before:           Wed 25 Jun 2025 19:54:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     786
IP address blocks:        129.12.0.0/16 maxlen: 16
                          192.138.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/c30740-bc9e-4ffe-ad74-2a464091356b/1/Bqn6hIX_D0uFx9TvR4-YYJPZ7Ms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/c30740-bc9e-4ffe-ad74-2a464091356b/1/Bqn6hIX_D0uFx9TvR4-YYJPZ7Ms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Bqn6hIX_D0uFx9TvR4-YYJPZ7Ms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a8:a8:29:9b:de:4b:3e:af:47:fc:05:47:6e:9b:8f:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06a9fa8485ff0f4b85c7d4ef478f986093d9eccb
        Validity
            Not Before: Jun 25 19:54:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=554212ddd72436bd0a87567a8592ced18359e20e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:6d:a3:02:c9:f0:a4:98:23:05:9e:8c:14:4a:
                    1c:06:b2:6c:61:55:fd:5f:91:67:98:cf:81:89:49:
                    55:2d:eb:28:99:87:7d:ac:d1:c2:28:cb:76:cf:a0:
                    54:3d:83:8e:3c:75:7e:02:f9:7b:df:00:59:b0:aa:
                    45:ad:6b:17:7f:95:03:89:cb:7c:11:6f:be:f6:e5:
                    87:89:c0:fe:32:67:1d:b8:ad:d3:d6:af:c7:a8:da:
                    91:9f:e7:3d:8f:33:7f:e0:c9:bd:2f:00:02:7a:43:
                    d3:f6:23:61:cc:36:20:32:7c:7f:f8:f3:bc:35:c1:
                    17:39:fe:5f:64:76:4e:e0:3f:99:ac:89:d1:52:73:
                    bb:a0:fa:32:97:f5:39:fc:12:58:b5:73:33:2a:0d:
                    e1:cb:f9:8f:f6:be:55:5c:ba:50:bb:2e:a3:89:b8:
                    fa:58:2f:a7:6b:dc:67:8a:01:93:e7:ee:d2:a8:31:
                    e4:98:b9:e2:75:b1:f9:09:11:80:d4:8f:fb:0c:1b:
                    45:ad:66:d9:7f:9a:e9:fc:a8:60:f8:1f:09:f4:96:
                    3d:8e:f4:27:89:23:5d:50:95:2d:1b:b9:a4:70:50:
                    c1:67:f1:8b:0c:2a:bb:c9:c0:51:e3:35:34:43:f4:
                    4a:f6:90:f4:81:74:36:1b:90:69:fa:09:99:33:bc:
                    14:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:42:12:DD:D7:24:36:BD:0A:87:56:7A:85:92:CE:D1:83:59:E2:0E
            X509v3 Authority Key Identifier:
                keyid:06:A9:FA:84:85:FF:0F:4B:85:C7:D4:EF:47:8F:98:60:93:D9:EC:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bqn6hIX_D0uFx9TvR4-YYJPZ7Ms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c30740-bc9e-4ffe-ad74-2a464091356b/1/VUIS3dckNr0Kh1Z6hZLO0YNZ4g4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c30740-bc9e-4ffe-ad74-2a464091356b/1/Bqn6hIX_D0uFx9TvR4-YYJPZ7Ms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.12.0.0/16
                  192.138.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:b7:5f:3f:cb:15:c2:80:26:ae:26:90:36:d1:34:cc:0c:d7:
         f3:57:40:46:07:a8:ec:04:d0:ac:7a:6a:95:53:da:02:a9:a0:
         38:f4:8a:24:68:dd:1a:2f:13:21:2b:38:69:9b:05:4b:1a:28:
         7e:9b:a4:5f:58:27:4e:f4:67:ff:7b:86:f6:9e:cd:e0:08:47:
         46:1c:14:56:01:82:bc:98:a5:8c:fc:4a:a2:67:6b:a2:3a:17:
         27:25:8c:7b:f9:3d:6d:c8:7e:4f:99:89:a9:a1:b8:70:db:d2:
         5d:da:72:43:60:36:67:8c:ec:4a:fb:69:c7:db:06:e5:e2:63:
         49:89:4d:ba:76:c4:6c:1d:c1:51:c5:8a:e0:95:dd:34:5d:1d:
         64:5b:41:ed:5c:69:b1:f4:55:41:fc:88:31:c2:82:1f:61:92:
         37:26:af:d6:6f:87:4c:43:90:50:42:92:47:c4:92:5b:5c:aa:
         5d:8e:b5:bb:e0:0f:73:e7:03:d6:f5:70:93:27:3f:ed:0b:d6:
         0d:07:20:27:65:72:e0:77:69:0e:bc:de:46:e9:6d:34:0f:10:
         c3:99:a5:97:30:a8:99:b0:d4:a1:8d:05:c5:e8:08:8b:3c:74:
         58:9c:32:46:fd:c7:47:0d:b9:37:58:35:52:63:19:54:ca:c5:
         78:34:07:06
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZeoqCmb3ks+r0f8BUdum49hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YTlmYTg0ODVmZjBmNGI4NWM3ZDRlZjQ3OGY5ODYwOTNk
OWVjY2IwHhcNMjUwNjI1MTk1NDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTQyMTJkZGQ3MjQzNmJkMGE4NzU2N2E4NTkyY2VkMTgzNTllMjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtW2jAsnwpJgjBZ6MFEocBrJsYVX9
X5FnmM+BiUlVLesomYd9rNHCKMt2z6BUPYOOPHV+Avl73wBZsKpFrWsXf5UDict8
EW++9uWHicD+MmcduK3T1q/HqNqRn+c9jzN/4Mm9LwACekPT9iNhzDYgMnx/+PO8
NcEXOf5fZHZO4D+ZrInRUnO7oPoyl/U5/BJYtXMzKg3hy/mP9r5VXLpQuy6jibj6
WC+na9xnigGT5+7SqDHkmLnidbH5CRGA1I/7DBtFrWbZf5rp/Khg+B8J9JY9jvQn
iSNdUJUtG7mkcFDBZ/GLDCq7ycBR4zU0Q/RK9pD0gXQ2G5Bp+gmZM7wU3QIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFFVCEt3XJDa9CodWeoWSztGDWeIOMB8GA1UdIwQY
MBaAFAap+oSF/w9LhcfU70ePmGCT2ezLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnFuNmhJWF9EMHVGeDlUdlI0LVlZSlBaN01zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9jMzA3NDAtYmM5ZS00ZmZlLWFkNzQt
MmE0NjQwOTEzNTZiLzEvVlVJUzNkY2tOcjBLaDFaNmhaTE8wWU5aNGc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9jMzA3NDAtYmM5ZS00ZmZlLWFkNzQtMmE0NjQwOTEzNTZi
LzEvQnFuNmhJWF9EMHVGeDlUdlI0LVlZSlBaN01zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAgQwDBADA
ivgwDQYJKoZIhvcNAQELBQADggEBAAO3Xz/LFcKAJq4mkDbRNMwM1/NXQEYHqOwE
0Kx6apVT2gKpoDj0iiRo3RovEyErOGmbBUsaKH6bpF9YJ070Z/97hvaezeAIR0Yc
FFYBgryYpYz8SqJna6I6FycljHv5PW3Ifk+ZiamhuHDb0l3ackNgNmeM7Er7acfb
BuXiY0mJTbp2xGwdwVHFiuCV3TRdHWRbQe1cabH0VUH8iDHCgh9hkjcmr9Zvh0xD
kFBCkkfEkltcql2OtbvgD3PnA9b1cJMnP+0L1g0HICdlcuB3aQ683kbpbTQPEMOZ
pZcwqJmw1KGNBcXoCIs8dFicMkb9x0cNuTdYNVJjGVTKxXg0BwY=
-----END CERTIFICATE-----