Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/1c0205-5c65-47cd-b1b3-27c26b23b845/1/Uk3bFeu2vggvn3RURW4D1j9wA0s.roa
File:                     Uk3bFeu2vggvn3RURW4D1j9wA0s.roa (raw, json)
Hash identifier:          qf3QuNlkmR2/8NjdGrfw3qcY4tnIiaHzJdTvA7fEjAo=
Subject key identifier:   52:4D:DB:15:EB:B6:BE:08:2F:9F:74:54:45:6E:03:D6:3F:70:03:4B
Certificate issuer:       /CN=5740040e1b7a532dd2aec22e93a622b2e1b3bdef
Certificate serial:       018CC86F134479A1323D5FF5484B7BAF5434
Authority key identifier: 57:40:04:0E:1B:7A:53:2D:D2:AE:C2:2E:93:A6:22:B2:E1:B3:BD:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V0AEDht6Uy3SrsIuk6YisuGzve8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/1c0205-5c65-47cd-b1b3-27c26b23b845/1/Uk3bFeu2vggvn3RURW4D1j9wA0s.roa
Signing time:             Tue 02 Jan 2024 04:29:31 +0000
ROA not before:           Tue 02 Jan 2024 04:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        194.76.232.0/22 maxlen: 22
                          194.76.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/1c0205-5c65-47cd-b1b3-27c26b23b845/1/V0AEDht6Uy3SrsIuk6YisuGzve8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/1c0205-5c65-47cd-b1b3-27c26b23b845/1/V0AEDht6Uy3SrsIuk6YisuGzve8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V0AEDht6Uy3SrsIuk6YisuGzve8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:13:44:79:a1:32:3d:5f:f5:48:4b:7b:af:54:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5740040e1b7a532dd2aec22e93a622b2e1b3bdef
        Validity
            Not Before: Jan  2 04:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=524ddb15ebb6be082f9f7454456e03d63f70034b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:b0:7e:59:7a:ba:b5:17:77:df:61:27:8e:87:
                    9e:61:fd:d4:39:c3:72:fb:2a:1e:a1:c0:d7:7b:c4:
                    b8:f0:dd:e5:e2:60:51:41:49:b5:7d:f2:3d:c3:84:
                    e4:00:77:57:dc:18:16:17:8a:8a:7a:3c:09:ec:97:
                    26:7a:d8:65:a1:e5:6b:77:24:58:c2:00:2d:6e:b7:
                    81:18:fb:18:c7:fd:e7:2b:bb:50:67:b3:ed:b4:ac:
                    ca:70:9d:27:98:c8:5b:c4:3a:43:9d:f7:20:c4:8f:
                    c3:51:67:c1:52:91:d9:f2:26:cf:56:80:37:51:e9:
                    39:d4:b2:d3:84:0b:7c:af:a1:f0:57:6c:ea:eb:98:
                    d6:bc:39:f5:41:3a:7e:28:e3:e2:0c:ce:84:67:98:
                    e7:1c:01:3d:e5:51:54:6a:58:4d:61:fa:14:be:84:
                    7f:15:e0:a0:9a:e1:68:09:e8:48:5e:3c:25:93:3c:
                    02:68:54:36:d7:cc:57:89:08:94:57:33:fd:b4:d1:
                    3f:b0:05:b2:fe:2b:f1:80:c3:b6:33:ce:97:ab:2a:
                    7e:33:dc:7c:fe:23:25:df:95:cd:99:f2:31:2d:81:
                    a1:98:af:d4:3a:0c:23:59:7d:07:c0:ea:c2:fb:05:
                    50:6b:c5:93:5c:fb:33:29:f9:59:42:89:34:cb:e8:
                    ed:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:4D:DB:15:EB:B6:BE:08:2F:9F:74:54:45:6E:03:D6:3F:70:03:4B
            X509v3 Authority Key Identifier:
                keyid:57:40:04:0E:1B:7A:53:2D:D2:AE:C2:2E:93:A6:22:B2:E1:B3:BD:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V0AEDht6Uy3SrsIuk6YisuGzve8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/1c0205-5c65-47cd-b1b3-27c26b23b845/1/Uk3bFeu2vggvn3RURW4D1j9wA0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/1c0205-5c65-47cd-b1b3-27c26b23b845/1/V0AEDht6Uy3SrsIuk6YisuGzve8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:32:51:42:8e:70:cd:a2:98:5b:77:2e:b1:53:61:aa:28:e1:
         d9:d5:a0:b1:08:82:c9:22:fd:79:3f:30:85:3d:20:b6:91:62:
         6a:31:11:b8:f0:ba:f5:71:72:94:e7:52:05:88:dc:2c:26:04:
         96:bd:d3:12:03:1e:43:c4:8d:3a:0a:52:75:56:83:03:f3:b7:
         24:00:3c:9f:ea:6f:91:62:24:c0:73:5c:d8:90:b6:8f:cb:9b:
         dc:af:72:f9:70:fe:da:5a:2d:0f:2d:1d:27:49:8b:4c:87:c8:
         82:bd:2a:11:ba:3a:77:72:7d:d3:6d:f0:0f:a3:72:a0:48:a1:
         41:74:ac:57:75:3b:e2:a3:ae:be:32:fc:25:00:37:ac:68:20:
         59:d3:9e:87:e0:ff:00:11:db:17:89:a2:2a:dd:ed:48:f3:4d:
         d9:fb:99:fd:e0:2a:6f:c1:85:6b:68:05:ca:53:e0:cf:1c:04:
         b9:84:3f:d1:93:c3:c2:de:5e:29:2d:9e:ba:00:7a:3b:a2:9c:
         a2:df:d8:12:77:89:95:bf:93:17:d8:c9:57:b2:77:6d:ec:6d:
         f8:ce:89:1c:1a:fe:c8:0e:e7:24:03:b6:71:38:8f:68:7a:e0:
         03:ec:b9:ce:6e:5e:b7:b5:4c:42:70:90:51:fe:ec:69:54:93:
         41:b5:89:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbxNEeaEyPV/1SEt7r1Q0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NDAwNDBlMWI3YTUzMmRkMmFlYzIyZTkzYTYyMmIyZTFi
M2JkZWYwHhcNMjQwMTAyMDQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjRkZGIxNWViYjZiZTA4MmY5Zjc0NTQ0NTZlMDNkNjNmNzAwMzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLB+WXq6tRd332EnjoeeYf3UOcNy
+yoeocDXe8S48N3l4mBRQUm1ffI9w4TkAHdX3BgWF4qKejwJ7JcmethloeVrdyRY
wgAtbreBGPsYx/3nK7tQZ7PttKzKcJ0nmMhbxDpDnfcgxI/DUWfBUpHZ8ibPVoA3
Uek51LLThAt8r6HwV2zq65jWvDn1QTp+KOPiDM6EZ5jnHAE95VFUalhNYfoUvoR/
FeCgmuFoCehIXjwlkzwCaFQ218xXiQiUVzP9tNE/sAWy/ivxgMO2M86Xqyp+M9x8
/iMl35XNmfIxLYGhmK/UOgwjWX0HwOrC+wVQa8WTXPszKflZQok0y+jt8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJN2xXrtr4IL590VEVuA9Y/cANLMB8GA1UdIwQY
MBaAFFdABA4belMt0q7CLpOmIrLhs73vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjBBRURodDZVeTNTcnNJdWs2WWlzdUd6dmU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8xYzAyMDUtNWM2NS00N2NkLWIxYjMt
MjdjMjZiMjNiODQ1LzEvVWszYkZldTJ2Z2d2bjNSVVJXNEQxajl3QTBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8xYzAyMDUtNWM2NS00N2NkLWIxYjMtMjdjMjZiMjNiODQ1
LzEvVjBBRURodDZVeTNTcnNJdWs2WWlzdUd6dmU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwkzoMA0G
CSqGSIb3DQEBCwUAA4IBAQBjMlFCjnDNophbdy6xU2GqKOHZ1aCxCILJIv15PzCF
PSC2kWJqMRG48Lr1cXKU51IFiNwsJgSWvdMSAx5DxI06ClJ1VoMD87ckADyf6m+R
YiTAc1zYkLaPy5vcr3L5cP7aWi0PLR0nSYtMh8iCvSoRujp3cn3TbfAPo3KgSKFB
dKxXdTvio66+MvwlADesaCBZ056H4P8AEdsXiaIq3e1I803Z+5n94CpvwYVraAXK
U+DPHAS5hD/Rk8PC3l4pLZ66AHo7opyi39gSd4mVv5MX2MlXsndt7G34zokcGv7I
DuckA7ZxOI9oeuAD7LnObl63tUxCcJBR/uxpVJNBtYn4
-----END CERTIFICATE-----