Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/UqRgRoYKUAHGTx1Vx9HFm4_hdQ8.roa
File:                     UqRgRoYKUAHGTx1Vx9HFm4_hdQ8.roa (raw, json)
Hash identifier:          1ewevFvdVhldAqNSqwFd0p73DaQM0AaedMS1joDh/7Q=
Subject key identifier:   52:A4:60:46:86:0A:50:01:C6:4F:1D:55:C7:D1:C5:9B:8F:E1:75:0F
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E3E5860951EC0FE31EF9A7721C171
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/UqRgRoYKUAHGTx1Vx9HFm4_hdQ8.roa
Signing time:             Tue 02 Jan 2024 08:33:17 +0000
ROA not before:           Tue 02 Jan 2024 08:33:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201702
IP address blocks:        2a09:e681::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:3e:58:60:95:1e:c0:fe:31:ef:9a:77:21:c1:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52a46046860a5001c64f1d55c7d1c59b8fe1750f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:35:ad:81:09:94:e4:a2:68:29:dd:92:66:98:
                    2e:0e:b9:9b:be:68:c0:4c:2f:66:29:c1:e1:af:fa:
                    d7:fc:05:30:c2:94:ba:58:99:43:66:4c:9d:7d:1f:
                    ca:a9:78:0f:56:b3:84:c7:b8:2f:1c:8d:b8:dc:56:
                    ca:cb:b3:07:fd:2c:ab:fc:45:4c:a2:c7:7c:07:52:
                    79:36:d1:ed:6c:a7:ba:13:93:3a:18:0d:88:3e:1d:
                    14:ed:84:b4:e1:5c:ab:c4:73:08:84:ee:e2:0e:de:
                    dd:69:0b:56:96:0d:65:05:40:a9:34:fd:c0:38:87:
                    12:39:7c:0c:8d:ad:6e:0d:29:fb:e0:14:49:58:f0:
                    a4:a0:45:e4:21:3d:88:86:38:94:45:1e:bb:bf:31:
                    6e:d8:20:a4:8f:81:98:2a:67:72:04:97:f1:dc:0a:
                    5e:c1:8a:87:aa:d9:f4:98:e8:9e:d9:81:67:6a:9a:
                    9e:2e:f6:a4:60:0e:c5:11:24:87:ec:05:68:15:a5:
                    21:65:23:ef:fe:b0:e5:73:07:85:f4:fe:99:02:f1:
                    b0:3d:e2:50:19:53:62:48:9f:79:de:9c:21:fe:68:
                    b5:21:7a:e3:0d:f5:50:57:7d:d3:8f:1c:85:48:98:
                    e2:af:4c:0a:65:fe:ae:3f:af:69:d5:32:3a:32:33:
                    e7:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:A4:60:46:86:0A:50:01:C6:4F:1D:55:C7:D1:C5:9B:8F:E1:75:0F
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/UqRgRoYKUAHGTx1Vx9HFm4_hdQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:e681::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:c4:8e:ac:2b:4a:0f:b6:38:c4:e9:3f:08:13:c6:84:51:35:
         10:2a:97:8a:62:38:1d:95:6d:1d:03:eb:04:b3:70:29:af:24:
         31:0b:5e:ed:97:4e:fc:65:3a:5b:31:a3:a9:c9:2c:ca:c6:f5:
         d4:c3:f8:7d:6e:31:bf:fd:9e:b7:b3:39:95:81:57:32:16:fd:
         a7:09:9b:88:01:9e:4b:c1:81:c7:86:6f:f0:b0:de:84:87:d5:
         50:55:a8:8f:22:97:6a:d3:26:00:db:7a:49:f0:4d:4a:4c:20:
         b4:a2:53:34:a2:e3:38:e6:3f:65:a8:b6:c7:3e:e1:7c:b5:0b:
         b7:e1:15:5b:8f:24:82:e6:1c:d0:7e:82:41:6e:5d:e5:6a:79:
         1b:68:f0:81:5c:29:2a:df:05:5f:73:6f:54:27:aa:26:c4:0b:
         b7:38:16:c6:d1:a0:59:a4:20:a9:4c:73:55:cb:82:2e:5b:f9:
         1d:d4:30:93:50:3b:4e:ff:85:38:dd:01:58:66:7b:a4:f5:3b:
         dc:88:29:12:c3:de:09:e7:0b:54:90:cf:35:55:22:95:a5:56:
         a6:b6:89:fc:b2:de:4e:c5:2d:85:7f:25:f5:81:9d:7d:55:09:
         8b:c5:35:52:92:9c:af:0d:b3:d5:62:94:b1:4f:8e:14:1f:10:
         a5:d9:de:2e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTj5YYJUewP4x75p3IcFxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmE0NjA0Njg2MGE1MDAxYzY0ZjFkNTVjN2QxYzU5YjhmZTE3NTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjWtgQmU5KJoKd2SZpguDrmbvmjA
TC9mKcHhr/rX/AUwwpS6WJlDZkydfR/KqXgPVrOEx7gvHI243FbKy7MH/Syr/EVM
osd8B1J5NtHtbKe6E5M6GA2IPh0U7YS04VyrxHMIhO7iDt7daQtWlg1lBUCpNP3A
OIcSOXwMja1uDSn74BRJWPCkoEXkIT2IhjiURR67vzFu2CCkj4GYKmdyBJfx3Ape
wYqHqtn0mOie2YFnapqeLvakYA7FESSH7AVoFaUhZSPv/rDlcweF9P6ZAvGwPeJQ
GVNiSJ953pwh/mi1IXrjDfVQV33TjxyFSJjir0wKZf6uP69p1TI6MjPnEQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFKkYEaGClABxk8dVcfRxZuP4XUPMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvVXFSZ1JvWUtVQUhHVHgxVng5SEZtNF9oZFE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgnmgTAN
BgkqhkiG9w0BAQsFAAOCAQEAFsSOrCtKD7Y4xOk/CBPGhFE1ECqXimI4HZVtHQPr
BLNwKa8kMQte7ZdO/GU6WzGjqcksysb11MP4fW4xv/2et7M5lYFXMhb9pwmbiAGe
S8GBx4Zv8LDehIfVUFWojyKXatMmANt6SfBNSkwgtKJTNKLjOOY/Zai2xz7hfLUL
t+EVW48kguYc0H6CQW5d5Wp5G2jwgVwpKt8FX3NvVCeqJsQLtzgWxtGgWaQgqUxz
VcuCLlv5HdQwk1A7Tv+FON0BWGZ7pPU73IgpEsPeCecLVJDPNVUilaVWpraJ/LLe
TsUthX8l9YGdfVUJi8U1UpKcrw2z1WKUsU+OFB8QpdneLg==
-----END CERTIFICATE-----