Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/A-ujoD5NPwWHG0e8BKRkbhpsS3A.roa
File:                     A-ujoD5NPwWHG0e8BKRkbhpsS3A.roa (raw, json)
Hash identifier:          8lazZeKnUFy3TR988YiNgOss+i34oelgUwLhPAcabr0=
Subject key identifier:   03:EB:A3:A0:3E:4D:3F:05:87:1B:47:BC:04:A4:64:6E:1A:6C:4B:70
Certificate issuer:       /CN=3cd37ec23719b2f142f46e6f3317664034adf598
Certificate serial:       018D98F824C634DC59C8D2499EF3A23614B6
Authority key identifier: 3C:D3:7E:C2:37:19:B2:F1:42:F4:6E:6F:33:17:66:40:34:AD:F5:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/A-ujoD5NPwWHG0e8BKRkbhpsS3A.roa
Signing time:             Sun 11 Feb 2024 16:20:15 +0000
ROA not before:           Sun 11 Feb 2024 16:20:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44947
IP address blocks:        185.83.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:98:f8:24:c6:34:dc:59:c8:d2:49:9e:f3:a2:36:14:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cd37ec23719b2f142f46e6f3317664034adf598
        Validity
            Not Before: Feb 11 16:20:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03eba3a03e4d3f05871b47bc04a4646e1a6c4b70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:9b:5b:bc:d2:39:67:7f:5c:be:08:e3:05:27:
                    c7:95:fb:f2:fe:91:2e:1c:ec:a2:14:05:e7:fa:f3:
                    c2:c5:1f:bb:05:ca:c0:87:9e:04:a2:4e:49:14:ac:
                    48:05:07:e0:ea:d0:54:16:e0:21:e0:ab:1a:75:87:
                    81:a0:0d:70:4a:72:95:c2:37:f0:10:36:4c:b1:d3:
                    6d:fa:07:47:cb:a0:28:96:e5:68:fb:f7:ab:64:8e:
                    c7:d7:d7:39:ae:40:7b:37:43:d1:7a:00:09:cf:0e:
                    2c:fc:3c:64:e2:09:98:a9:37:10:55:60:be:ff:7e:
                    dd:50:d8:43:d7:f1:5e:9f:8a:61:e8:e5:79:27:ea:
                    ba:82:c0:e1:e0:5f:32:99:24:8e:bf:a7:7c:0c:ac:
                    a6:52:1b:1f:94:69:d3:95:d8:85:4c:92:ff:09:5c:
                    f0:e3:f1:49:82:14:0a:54:5d:0f:8e:52:88:03:dd:
                    c7:68:6a:42:33:5d:ba:f7:57:7c:64:f7:1b:27:64:
                    99:aa:fd:13:05:3a:fc:d3:f2:41:dd:23:7d:49:dd:
                    d1:d3:f4:8d:c8:27:53:24:5e:a3:4f:be:ca:ea:d3:
                    9b:cb:fb:22:0c:b8:3b:15:8a:2e:70:78:f1:c4:c4:
                    a2:09:8a:82:d3:ed:51:90:08:bf:55:6f:9b:d7:a2:
                    19:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:EB:A3:A0:3E:4D:3F:05:87:1B:47:BC:04:A4:64:6E:1A:6C:4B:70
            X509v3 Authority Key Identifier:
                keyid:3C:D3:7E:C2:37:19:B2:F1:42:F4:6E:6F:33:17:66:40:34:AD:F5:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/A-ujoD5NPwWHG0e8BKRkbhpsS3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/3f7e56-0916-47ac-8586-a9388f31b47e/1/PNN-wjcZsvFC9G5vMxdmQDSt9Zg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:04:13:ce:8f:c2:95:10:ab:fe:82:3f:30:40:47:d6:14:b7:
         d1:5e:37:d3:70:d1:42:3d:a2:af:1a:6f:13:cf:57:db:01:f8:
         aa:74:33:1c:d2:7e:af:d5:b6:b5:cb:b0:f3:ce:3b:88:05:ab:
         ab:bd:d9:9e:f2:45:70:3e:6b:5d:de:96:15:27:2b:a8:51:d3:
         9c:c4:02:4d:65:e8:65:ff:2a:c3:86:73:23:6d:ad:be:8c:6e:
         f3:f4:d8:b1:19:a8:e1:aa:16:3a:56:82:59:62:0c:45:3e:ba:
         19:b3:8e:2b:0f:df:08:d1:f4:ac:26:c0:59:0a:df:da:0e:f6:
         e7:49:4e:1b:d7:09:be:38:2c:c9:52:e8:51:5a:da:0b:28:b7:
         f4:f4:d8:1e:86:0d:9b:93:b2:9e:f6:ba:c8:bf:4a:be:83:fa:
         a9:c2:fa:19:71:1d:7e:7d:38:7b:c1:0a:87:57:28:a2:a6:15:
         24:3c:a8:de:e4:76:cb:3a:29:b4:e4:06:95:d2:1e:fc:1e:de:
         74:3a:12:11:78:3c:aa:51:f8:b1:87:f7:33:ae:c2:16:89:ab:
         fe:28:a6:94:d6:e2:19:9c:f0:65:46:64:a6:2b:b7:63:33:76:
         d1:97:ff:8d:36:bd:99:a0:9b:67:ca:fe:55:90:38:7b:00:29:
         eb:84:e3:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2Y+CTGNNxZyNJJnvOiNhS2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZDM3ZWMyMzcxOWIyZjE0MmY0NmU2ZjMzMTc2NjQwMzRh
ZGY1OTgwHhcNMjQwMjExMTYyMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2ViYTNhMDNlNGQzZjA1ODcxYjQ3YmMwNGE0NjQ2ZTFhNmM0YjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZtbvNI5Z39cvgjjBSfHlfvy/pEu
HOyiFAXn+vPCxR+7BcrAh54Eok5JFKxIBQfg6tBUFuAh4KsadYeBoA1wSnKVwjfw
EDZMsdNt+gdHy6AoluVo+/erZI7H19c5rkB7N0PRegAJzw4s/Dxk4gmYqTcQVWC+
/37dUNhD1/Fen4ph6OV5J+q6gsDh4F8ymSSOv6d8DKymUhsflGnTldiFTJL/CVzw
4/FJghQKVF0PjlKIA93HaGpCM12691d8ZPcbJ2SZqv0TBTr80/JB3SN9Sd3R0/SN
yCdTJF6jT77K6tOby/siDLg7FYoucHjxxMSiCYqC0+1RkAi/VW+b16IZQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPro6A+TT8FhxtHvASkZG4abEtwMB8GA1UdIwQY
MBaAFDzTfsI3GbLxQvRubzMXZkA0rfWYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUE5OLXdqY1pzdkZDOUc1dk14ZG1RRFN0OVpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8zZjdlNTYtMDkxNi00N2FjLTg1ODYt
YTkzODhmMzFiNDdlLzEvQS11am9ENU5Qd1dIRzBlOEJLUmtiaHBzUzNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8zZjdlNTYtMDkxNi00N2FjLTg1ODYtYTkzODhmMzFiNDdl
LzEvUE5OLXdqY1pzdkZDOUc1dk14ZG1RRFN0OVpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVO2MA0G
CSqGSIb3DQEBCwUAA4IBAQCQBBPOj8KVEKv+gj8wQEfWFLfRXjfTcNFCPaKvGm8T
z1fbAfiqdDMc0n6v1ba1y7DzzjuIBaurvdme8kVwPmtd3pYVJyuoUdOcxAJNZehl
/yrDhnMjba2+jG7z9NixGajhqhY6VoJZYgxFProZs44rD98I0fSsJsBZCt/aDvbn
SU4b1wm+OCzJUuhRWtoLKLf09Ngehg2bk7Ke9rrIv0q+g/qpwvoZcR1+fTh7wQqH
VyiiphUkPKje5HbLOim05AaV0h78Ht50OhIReDyqUfixh/czrsIWiav+KKaU1uIZ
nPBlRmSmK7djM3bRl/+NNr2ZoJtnyv5VkDh7ACnrhOP1
-----END CERTIFICATE-----