Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/uCDXX2K14euDgjEwGKmWFs_RST4.roa
File:                     uCDXX2K14euDgjEwGKmWFs_RST4.roa (raw, json)
Hash identifier:          e4vcQ88GuL4ckp6yU+RS8Yn74ksYS2T9Pv/IN8nIE+E=
Subject key identifier:   B8:20:D7:5F:62:B5:E1:EB:83:82:31:30:18:A9:96:16:CF:D1:49:3E
Certificate issuer:       /CN=fa3d0bc11b29da44ad57304c3f8568870a019c24
Certificate serial:       01912AA69046237F02CBC4EA3E91FABD319D
Authority key identifier: FA:3D:0B:C1:1B:29:DA:44:AD:57:30:4C:3F:85:68:87:0A:01:9C:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/uCDXX2K14euDgjEwGKmWFs_RST4.roa
Signing time:             Wed 07 Aug 2024 02:24:04 +0000
ROA not before:           Wed 07 Aug 2024 02:24:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214515
IP address blocks:        185.49.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:2a:a6:90:46:23:7f:02:cb:c4:ea:3e:91:fa:bd:31:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa3d0bc11b29da44ad57304c3f8568870a019c24
        Validity
            Not Before: Aug  7 02:24:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b820d75f62b5e1eb8382313018a99616cfd1493e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0f:ea:bd:05:02:1e:c8:fa:d4:68:57:32:cb:
                    b1:04:f8:9a:6a:0c:b2:61:f2:c6:e5:78:c4:59:de:
                    45:92:1d:19:61:1f:57:fe:70:6e:f7:9b:17:23:97:
                    94:22:74:ed:46:31:4b:44:e7:20:d8:47:8b:ee:eb:
                    08:94:5f:5e:95:c8:75:81:50:e9:ef:f1:05:4f:c8:
                    22:8c:5b:bf:f8:f9:40:21:36:3b:b6:46:4a:21:e5:
                    fe:56:7e:c1:22:d4:cd:18:5f:c5:dc:66:8e:9e:f5:
                    f2:75:61:8b:68:90:34:3f:ac:c8:6a:cf:87:ee:4d:
                    8e:f9:6f:50:10:8c:40:37:7a:0a:1a:f3:c6:c0:25:
                    6f:a1:96:c6:42:5a:9a:e2:ec:ea:a6:b1:98:fb:e9:
                    24:6c:5a:04:6f:4d:65:87:b4:6e:a9:5f:b2:5e:84:
                    8e:dc:c6:f3:f1:83:66:a7:e2:d6:57:15:09:f5:86:
                    80:6d:16:3a:26:e3:76:25:34:30:88:c3:fc:dd:ba:
                    10:13:a3:35:e4:42:bc:c2:b9:ac:6e:85:f0:1d:8b:
                    08:ff:b5:f9:ff:2c:24:6d:24:c4:92:f3:c4:ef:c9:
                    a3:59:8b:06:c0:3a:3a:25:c8:a8:fa:08:01:7a:1d:
                    aa:8f:4d:f6:9e:8e:ce:66:b1:ed:41:45:c0:6d:12:
                    ab:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:20:D7:5F:62:B5:E1:EB:83:82:31:30:18:A9:96:16:CF:D1:49:3E
            X509v3 Authority Key Identifier:
                keyid:FA:3D:0B:C1:1B:29:DA:44:AD:57:30:4C:3F:85:68:87:0A:01:9C:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/uCDXX2K14euDgjEwGKmWFs_RST4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:31:ae:5d:a5:c9:f5:97:6f:7c:b6:16:59:63:84:55:07:64:
         29:a7:53:6a:51:80:b8:d5:d7:ba:74:9b:62:9a:b9:d4:2d:d5:
         7d:77:d9:1c:f8:df:13:ef:4d:58:9b:35:8a:8c:a9:e1:57:10:
         54:75:04:38:fb:f0:c8:d5:23:0c:12:29:e1:98:f6:69:8b:b4:
         99:56:ae:58:1d:f9:fd:3a:b5:0d:a9:ab:0c:ab:a6:09:46:6c:
         67:9d:78:5a:e3:98:a7:fd:f9:2b:05:7a:3a:e7:ec:ca:6e:67:
         94:a6:1a:1d:45:e5:a6:11:24:df:ff:31:e3:2d:4c:c9:fd:43:
         fd:05:2b:9b:af:ef:22:10:5f:ef:57:38:7f:26:66:fd:75:cd:
         86:18:b6:a4:89:cb:55:80:ed:31:f7:de:8b:1d:45:a4:74:cd:
         61:02:ff:3c:49:02:88:77:db:39:67:4b:0e:21:d4:f1:c9:96:
         e5:66:ad:7f:71:65:5a:64:55:4f:46:a1:10:9d:11:9e:11:ea:
         42:f8:71:e0:76:1c:81:4b:8a:1c:67:3d:85:4b:75:f3:76:e3:
         2b:ee:48:da:d6:6a:52:2b:7e:63:e5:77:4e:3d:e0:0a:5b:6b:
         b8:fd:da:50:12:9c:c5:a4:42:e2:aa:46:bb:00:20:13:07:b1:
         37:4c:56:36
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZEqppBGI38Cy8TqPpH6vTGdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhM2QwYmMxMWIyOWRhNDRhZDU3MzA0YzNmODU2ODg3MGEw
MTljMjQwHhcNMjQwODA3MDIyNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODIwZDc1ZjYyYjVlMWViODM4MjMxMzAxOGE5OTYxNmNmZDE0OTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsA/qvQUCHsj61GhXMsuxBPiaagyy
YfLG5XjEWd5Fkh0ZYR9X/nBu95sXI5eUInTtRjFLROcg2EeL7usIlF9elch1gVDp
7/EFT8gijFu/+PlAITY7tkZKIeX+Vn7BItTNGF/F3GaOnvXydWGLaJA0P6zIas+H
7k2O+W9QEIxAN3oKGvPGwCVvoZbGQlqa4uzqprGY++kkbFoEb01lh7RuqV+yXoSO
3Mbz8YNmp+LWVxUJ9YaAbRY6JuN2JTQwiMP83boQE6M15EK8wrmsboXwHYsI/7X5
/ywkbSTEkvPE78mjWYsGwDo6Jcio+ggBeh2qj032no7OZrHtQUXAbRKrVQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLgg119iteHrg4IxMBiplhbP0Uk+MB8GA1UdIwQY
MBaAFPo9C8EbKdpErVcwTD+FaIcKAZwkMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1qMEx3UnNwMmtTdFZ6Qk1QNFZvaHdvQm5DUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzMvYWE2NjI5LWQxNDktNDE5Ny1hMzE1
LWQyMTA3MWVmNzM1Yi8xL3VDRFhYMksxNGV1RGdqRXdHS21XRnNfUlNUNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzMvYWE2NjI5LWQxNDktNDE5Ny1hMzE1LWQyMTA3MWVmNzM1
Yi8xLzEtajBMd1JzcDJrU3RWekJNUDRWb2h3b0JuQ1EuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5MWsw
DQYJKoZIhvcNAQELBQADggEBAIYxrl2lyfWXb3y2FlljhFUHZCmnU2pRgLjV17p0
m2KaudQt1X132Rz43xPvTVibNYqMqeFXEFR1BDj78MjVIwwSKeGY9mmLtJlWrlgd
+f06tQ2pqwyrpglGbGedeFrjmKf9+SsFejrn7MpuZ5SmGh1F5aYRJN//MeMtTMn9
Q/0FK5uv7yIQX+9XOH8mZv11zYYYtqSJy1WA7TH33osdRaR0zWEC/zxJAoh32zln
Sw4h1PHJluVmrX9xZVpkVU9GoRCdEZ4R6kL4ceB2HIFLihxnPYVLdfN24yvuSNrW
alIrfmPld0494Apba7j92lASnMWkQuKqRrsAIBMHsTdMVjY=
-----END CERTIFICATE-----