Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/MU-UHSVfSKw4clHYxj3WpnYDerU.roa
File:                     MU-UHSVfSKw4clHYxj3WpnYDerU.roa (raw, json)
Hash identifier:          uQmB+Sixqr+N1Pr46JuJB6tokKy89aj4mjz9hA8XjIg=
Subject key identifier:   31:4F:94:1D:25:5F:48:AC:38:72:51:D8:C6:3D:D6:A6:76:03:7A:B5
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       0190BF7B69B3CCBBDC48855817CEFCB505B6
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/MU-UHSVfSKw4clHYxj3WpnYDerU.roa
Signing time:             Wed 17 Jul 2024 06:57:34 +0000
ROA not before:           Wed 17 Jul 2024 06:57:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138997
IP address blocks:        185.126.134.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:bf:7b:69:b3:cc:bb:dc:48:85:58:17:ce:fc:b5:05:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Jul 17 06:57:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=314f941d255f48ac387251d8c63dd6a676037ab5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:19:c5:9d:ef:5c:e9:80:0a:c5:2d:8b:90:e8:
                    38:da:9d:d3:90:1d:c4:62:71:97:61:75:06:ed:7f:
                    e2:9f:6b:3c:68:ff:82:fb:d3:33:ac:c2:03:81:48:
                    b3:ad:92:ec:3c:9b:5e:af:72:b6:0f:17:4a:d0:9d:
                    2f:60:85:f7:55:ef:ca:00:39:65:22:09:73:a8:3e:
                    28:4d:34:a9:fd:c0:c4:05:48:51:2c:18:dd:0f:8b:
                    64:32:bb:ad:71:0e:c0:6c:ad:3a:11:63:64:e5:ee:
                    97:db:6f:19:a9:61:20:1f:16:b3:aa:13:57:c6:50:
                    2c:be:1a:1e:31:f0:d5:7f:58:09:21:34:41:7a:0c:
                    8c:73:70:ea:18:26:54:86:00:50:c4:03:ff:8f:4f:
                    82:6c:24:94:c1:af:49:e7:ad:8e:95:af:28:34:95:
                    49:ae:18:a0:09:95:60:13:19:88:65:45:f0:cd:21:
                    46:35:74:1b:4a:6b:e9:c0:05:25:13:c8:57:77:f0:
                    c0:ca:05:ee:58:b0:b2:ee:63:46:15:66:5f:32:9b:
                    6a:24:13:af:95:80:f7:c2:23:4b:eb:f4:c9:db:64:
                    11:39:b0:e9:13:b6:8c:2b:6e:e7:09:47:67:28:bb:
                    08:be:82:ff:12:b4:7b:e8:0b:1c:67:a8:19:21:eb:
                    3d:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:4F:94:1D:25:5F:48:AC:38:72:51:D8:C6:3D:D6:A6:76:03:7A:B5
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/MU-UHSVfSKw4clHYxj3WpnYDerU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:f4:57:57:d1:ee:bb:69:a8:c4:df:84:16:16:d5:69:fe:e6:
         36:c9:4f:1c:e8:f3:f0:ae:1e:44:ea:9a:91:7e:17:09:bd:07:
         19:5f:b0:f6:7f:de:8b:33:e2:5c:fb:bb:5a:20:09:c1:d9:83:
         5b:74:9f:e7:72:02:5d:45:02:c1:ca:24:0f:9b:c6:9d:34:47:
         39:7d:6e:5e:be:43:bb:42:7f:be:69:bd:67:98:d3:38:96:5e:
         3d:55:30:85:9e:bd:5d:87:df:8e:52:e8:53:9b:2d:8a:1c:d8:
         2a:ae:a2:84:c4:7d:1d:90:ee:dd:d0:89:c1:40:71:bc:8a:e5:
         2a:53:7d:22:c3:dd:97:d4:f6:e6:96:77:d1:f5:df:c9:a6:f8:
         3b:8d:e2:9d:32:c7:b7:c4:59:fc:02:e4:61:ca:8c:68:b0:b5:
         c7:33:13:9a:ff:37:c6:01:be:3a:94:9b:89:cc:e8:63:20:d5:
         15:53:32:6b:67:2f:2d:98:33:a1:35:d7:00:ab:54:50:b2:4b:
         7f:7f:7e:02:70:db:99:ff:10:3d:9c:bb:44:f1:93:b6:59:52:
         e3:90:f9:c3:9f:24:95:27:24:38:d4:18:6f:5b:99:4b:39:c3:
         12:6d:13:a8:06:67:c4:3c:ae:22:b5:05:e4:64:9a:6d:92:e2:
         7e:60:c6:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZC/e2mzzLvcSIVYF878tQW2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjQwNzE3MDY1NzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTRmOTQxZDI1NWY0OGFjMzg3MjUxZDhjNjNkZDZhNjc2MDM3YWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBnFne9c6YAKxS2LkOg42p3TkB3E
YnGXYXUG7X/in2s8aP+C+9MzrMIDgUizrZLsPJter3K2DxdK0J0vYIX3Ve/KADll
IglzqD4oTTSp/cDEBUhRLBjdD4tkMrutcQ7AbK06EWNk5e6X228ZqWEgHxazqhNX
xlAsvhoeMfDVf1gJITRBegyMc3DqGCZUhgBQxAP/j0+CbCSUwa9J562Ola8oNJVJ
rhigCZVgExmIZUXwzSFGNXQbSmvpwAUlE8hXd/DAygXuWLCy7mNGFWZfMptqJBOv
lYD3wiNL6/TJ22QRObDpE7aMK27nCUdnKLsIvoL/ErR76AscZ6gZIes90wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDFPlB0lX0isOHJR2MY91qZ2A3q1MB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvTVUtVUhTVmZTS3c0Y2xIWXhqM1dwbllEZXJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuX6GMA0G
CSqGSIb3DQEBCwUAA4IBAQAC9FdX0e67aajE34QWFtVp/uY2yU8c6PPwrh5E6pqR
fhcJvQcZX7D2f96LM+Jc+7taIAnB2YNbdJ/ncgJdRQLByiQPm8adNEc5fW5evkO7
Qn++ab1nmNM4ll49VTCFnr1dh9+OUuhTmy2KHNgqrqKExH0dkO7d0InBQHG8iuUq
U30iw92X1PbmlnfR9d/Jpvg7jeKdMse3xFn8AuRhyoxosLXHMxOa/zfGAb46lJuJ
zOhjINUVUzJrZy8tmDOhNdcAq1RQskt/f34CcNuZ/xA9nLtE8ZO2WVLjkPnDnySV
JyQ41BhvW5lLOcMSbROoBmfEPK4itQXkZJptkuJ+YMan
-----END CERTIFICATE-----