Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/ugfoieoEujoq5kOltOMOPaWDP3k.roa
File:                     ugfoieoEujoq5kOltOMOPaWDP3k.roa (raw, json)
Hash identifier:          q7s/s/L0Z6lI+4d+nTg3/jg9CznwX/Y2RS+P3KNovIc=
Subject key identifier:   BA:07:E8:89:EA:04:BA:3A:2A:E6:43:A5:B4:E3:0E:3D:A5:83:3F:79
Certificate issuer:       /CN=a5b0c05731efa4bbe5c2a30ae5189f7785d2d499
Certificate serial:       018FE8E1428A984E1522062EAB44B569D7BD
Authority key identifier: A5:B0:C0:57:31:EF:A4:BB:E5:C2:A3:0A:E5:18:9F:77:85:D2:D4:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/ugfoieoEujoq5kOltOMOPaWDP3k.roa
Signing time:             Wed 05 Jun 2024 14:50:27 +0000
ROA not before:           Wed 05 Jun 2024 14:50:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        192.94.58.0/24 maxlen: 24
                          193.150.189.0/24 maxlen: 24
                          193.150.190.0/24 maxlen: 24
                          193.150.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e8:e1:42:8a:98:4e:15:22:06:2e:ab:44:b5:69:d7:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5b0c05731efa4bbe5c2a30ae5189f7785d2d499
        Validity
            Not Before: Jun  5 14:50:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba07e889ea04ba3a2ae643a5b4e30e3da5833f79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ba:a1:74:ad:15:5d:ac:70:10:59:f1:bd:4d:
                    9f:2f:ab:bd:dd:a9:fb:10:71:2c:22:76:b1:9b:d2:
                    de:40:2a:ce:ed:9f:7c:d1:6a:ca:76:26:e3:7e:c9:
                    f2:84:58:ab:4d:cc:2c:86:a4:bd:7a:f9:0d:d6:91:
                    72:da:14:8c:0c:27:23:5f:5d:d4:b8:98:47:a7:e7:
                    6a:93:9b:d6:18:5d:7e:01:ff:7c:c7:bf:52:22:97:
                    4c:33:33:95:33:08:93:6c:f6:c8:d5:52:9a:3d:37:
                    91:18:a0:7f:60:bd:76:39:91:e0:01:93:3d:9b:cb:
                    9d:d7:8f:ec:9d:8a:ad:68:e1:9e:6c:50:38:b9:8d:
                    70:72:f5:a2:0e:3b:3f:12:b0:db:b4:54:13:66:c4:
                    28:8a:b0:81:79:12:ce:3b:3c:95:11:af:a9:ed:bb:
                    e0:10:80:86:44:6d:8e:2c:0a:27:1b:83:0a:a7:12:
                    b7:a6:54:90:65:29:4a:b3:92:a5:0f:66:d3:a7:94:
                    66:6d:62:56:95:8b:32:ff:bf:3b:48:47:3e:95:d0:
                    0e:bf:69:9d:ba:5f:7d:59:6a:30:51:f2:02:97:10:
                    ff:ee:32:1c:71:dc:fd:7d:ad:26:28:90:63:5a:3d:
                    79:4e:fe:ea:a4:6f:53:70:f0:aa:64:87:66:4e:1b:
                    90:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:07:E8:89:EA:04:BA:3A:2A:E6:43:A5:B4:E3:0E:3D:A5:83:3F:79
            X509v3 Authority Key Identifier:
                keyid:A5:B0:C0:57:31:EF:A4:BB:E5:C2:A3:0A:E5:18:9F:77:85:D2:D4:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/ugfoieoEujoq5kOltOMOPaWDP3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/25149c-0932-4683-8ab8-d15febdf5ecf/1/pbDAVzHvpLvlwqMK5Rifd4XS1Jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.94.58.0/24
                  193.150.189.0-193.150.191.255

    Signature Algorithm: sha256WithRSAEncryption
         b7:94:cd:f2:e1:7d:b0:cf:b7:51:9c:30:82:5a:1b:a7:e1:73:
         b8:28:32:73:33:98:6c:41:2e:66:6f:60:eb:52:ef:01:e9:ec:
         c9:6b:9e:a5:9a:4a:f1:4f:ff:a9:7d:68:07:39:d6:21:cf:49:
         cb:af:bb:3f:c7:9b:7e:35:e9:85:80:fa:2a:19:b0:d5:75:6f:
         39:2b:8e:f2:74:a8:30:54:8d:ab:8b:f4:65:f5:e3:3f:03:ed:
         91:98:c7:77:31:e2:04:8d:ca:78:25:0a:fa:53:33:f2:6e:67:
         15:d7:4d:bd:47:fe:e0:6a:78:98:9b:64:fe:ae:6e:47:a6:e3:
         93:36:d5:2a:82:06:9c:bf:e9:db:61:c7:0f:9d:14:c4:47:68:
         a2:35:2e:9e:af:80:49:fb:52:5e:31:2f:ef:ba:83:23:c3:08:
         5a:0b:0c:44:02:bc:50:83:93:93:9b:7e:79:cd:d1:72:f0:04:
         6e:7b:48:a3:23:78:89:9a:86:f2:69:75:66:90:cb:ea:ef:92:
         2f:f0:7f:d2:e3:e4:d4:fd:b1:f8:48:d6:89:9e:3b:80:89:59:
         56:46:75:bc:4b:9e:69:07:e2:16:a1:9e:71:38:74:e4:bc:69:
         c3:fe:a0:58:65:97:d5:92:1f:cd:e1:ff:b9:69:5e:54:b3:77:
         e7:f5:a4:df
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY/o4UKKmE4VIgYuq0S1ade9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YjBjMDU3MzFlZmE0YmJlNWMyYTMwYWU1MTg5Zjc3ODVk
MmQ0OTkwHhcNMjQwNjA1MTQ1MDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTA3ZTg4OWVhMDRiYTNhMmFlNjQzYTViNGUzMGUzZGE1ODMzZjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrqhdK0VXaxwEFnxvU2fL6u93an7
EHEsInaxm9LeQCrO7Z980WrKdibjfsnyhFirTcwshqS9evkN1pFy2hSMDCcjX13U
uJhHp+dqk5vWGF1+Af98x79SIpdMMzOVMwiTbPbI1VKaPTeRGKB/YL12OZHgAZM9
m8ud14/snYqtaOGebFA4uY1wcvWiDjs/ErDbtFQTZsQoirCBeRLOOzyVEa+p7bvg
EICGRG2OLAonG4MKpxK3plSQZSlKs5KlD2bTp5RmbWJWlYsy/787SEc+ldAOv2md
ul99WWowUfIClxD/7jIccdz9fa0mKJBjWj15Tv7qpG9TcPCqZIdmThuQdQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFLoH6InqBLo6KuZDpbTjDj2lgz95MB8GA1UdIwQY
MBaAFKWwwFcx76S75cKjCuUYn3eF0tSZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGJEQVZ6SHZwTHZsd3FNSzVSaWZkNFhTMUprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8yNTE0OWMtMDkzMi00NjgzLThhYjgt
ZDE1ZmViZGY1ZWNmLzEvdWdmb2llb0V1am9xNWtPbHRPTU9QYVdEUDNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8yNTE0OWMtMDkzMi00NjgzLThhYjgtZDE1ZmViZGY1ZWNm
LzEvcGJEQVZ6SHZwTHZsd3FNSzVSaWZkNFhTMUprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAwF46MAwD
BADBlr0DBAbBloAwDQYJKoZIhvcNAQELBQADggEBALeUzfLhfbDPt1GcMIJaG6fh
c7goMnMzmGxBLmZvYOtS7wHp7MlrnqWaSvFP/6l9aAc51iHPScuvuz/Hm3416YWA
+ioZsNV1bzkrjvJ0qDBUjauL9GX14z8D7ZGYx3cx4gSNynglCvpTM/JuZxXXTb1H
/uBqeJibZP6ubkem45M21SqCBpy/6dthxw+dFMRHaKI1Lp6vgEn7Ul4xL++6gyPD
CFoLDEQCvFCDk5ObfnnN0XLwBG57SKMjeImahvJpdWaQy+rvki/wf9Lj5NT9sfhI
1omeO4CJWVZGdbxLnmkH4hahnnE4dOS8acP+oFhll9WSH83h/7lpXlSzd+f1pN8=
-----END CERTIFICATE-----