Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/UyBiQlecE82oB-Vqj3Ggh9uCLss.roa
File:                     UyBiQlecE82oB-Vqj3Ggh9uCLss.roa (raw, json)
Hash identifier:          jwL2WirCKxbBO8Niltc43863EvOmWXb57mzGDa/90aU=
Subject key identifier:   53:20:62:42:57:9C:13:CD:A8:07:E5:6A:8F:71:A0:87:DB:82:2E:CB
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01942369F2C243B6C3CD64881F86C00F099B
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/UyBiQlecE82oB-Vqj3Ggh9uCLss.roa
Signing time:             Wed 01 Jan 2025 19:48:53 +0000
ROA not before:           Wed 01 Jan 2025 19:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44992
IP address blocks:        185.254.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f2:c2:43:b6:c3:cd:64:88:1f:86:c0:0f:09:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 19:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53206242579c13cda807e56a8f71a087db822ecb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a4:12:36:48:3f:64:a6:e6:13:41:0d:55:c6:
                    29:d6:69:dc:1b:73:10:79:5f:03:1b:e1:6a:3a:47:
                    1e:39:6d:53:8c:a3:4f:70:67:f0:33:50:60:01:db:
                    49:fb:6a:90:4f:7d:14:61:46:b0:d4:16:eb:cc:2d:
                    cf:2b:c5:df:09:de:a6:fc:18:67:ed:91:2f:03:57:
                    39:d2:e9:bf:98:ee:a6:d9:a2:1b:dd:38:87:36:8c:
                    c7:d4:b8:6a:7f:71:f4:73:5e:50:39:7a:2b:10:2f:
                    ef:e9:f3:8b:6a:49:86:68:b0:9f:72:01:15:50:78:
                    4c:5d:7b:33:38:fd:62:90:09:96:68:9c:c0:09:cf:
                    0d:ea:18:bc:91:4e:bf:64:90:dd:35:11:26:f2:fe:
                    a2:02:b9:0b:c7:8f:5f:a4:0c:e7:c0:d2:2e:0f:27:
                    04:93:50:ff:d7:51:2a:75:94:2f:96:76:0c:9a:da:
                    73:fe:24:b2:cb:ee:be:e4:5d:df:dc:78:1f:6a:28:
                    e0:07:26:5c:2d:57:83:a6:56:a1:f8:ae:0f:d3:8d:
                    ae:e4:5b:6b:7c:18:f9:ad:62:e2:ae:0a:f0:ee:1f:
                    7f:01:a3:d0:2f:70:8b:df:c1:9b:df:7b:73:bc:b6:
                    23:96:bd:f5:99:6b:86:94:c1:da:c1:61:ec:78:fb:
                    2e:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:20:62:42:57:9C:13:CD:A8:07:E5:6A:8F:71:A0:87:DB:82:2E:CB
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/UyBiQlecE82oB-Vqj3Ggh9uCLss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:49:25:bd:dc:25:2a:8d:72:ff:f4:03:99:f0:9e:07:f4:9c:
         f6:77:f8:85:b3:d3:5c:c0:df:21:e1:db:ab:e7:63:7a:ce:69:
         cc:b8:ac:31:32:18:07:44:2d:92:e2:af:b1:86:55:60:ce:3c:
         00:e2:7f:98:28:6a:be:6f:f8:49:00:50:1f:d8:cc:bf:5c:3b:
         75:42:74:f9:58:6f:bc:36:81:25:5b:04:67:8a:b2:26:ac:41:
         64:78:09:de:34:60:ed:16:af:67:49:54:d0:03:92:74:c7:df:
         22:88:71:67:bb:33:9d:14:3a:e7:58:50:d2:1b:6d:91:2a:97:
         e7:52:80:2b:86:c3:bf:72:33:a5:11:6d:fd:81:e6:e5:24:42:
         52:07:05:0b:a9:e2:40:d9:04:ae:6c:1a:9c:6a:af:f7:f0:32:
         b0:39:7e:2c:3b:01:f8:c6:5c:2b:8e:1b:80:f0:7f:67:5b:e4:
         33:9b:08:7a:cc:41:0a:6b:b6:52:f1:44:69:9e:82:a3:6c:c2:
         1c:e8:4c:14:cd:2b:e2:b0:81:7d:92:f1:96:fd:95:68:ed:c0:
         d5:d4:27:a9:c0:fc:73:4f:aa:bb:14:1d:a7:96:8b:25:b9:dd:
         20:60:b8:91:7f:9a:85:a3:4c:e0:53:2c:e5:91:02:41:29:56:
         d0:3a:2b:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjafLCQ7bDzWSIH4bADwmbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMTAxMTk0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzIwNjI0MjU3OWMxM2NkYTgwN2U1NmE4ZjcxYTA4N2RiODIyZWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKQSNkg/ZKbmE0ENVcYp1mncG3MQ
eV8DG+FqOkceOW1TjKNPcGfwM1BgAdtJ+2qQT30UYUaw1BbrzC3PK8XfCd6m/Bhn
7ZEvA1c50um/mO6m2aIb3TiHNozH1Lhqf3H0c15QOXorEC/v6fOLakmGaLCfcgEV
UHhMXXszOP1ikAmWaJzACc8N6hi8kU6/ZJDdNREm8v6iArkLx49fpAznwNIuDycE
k1D/11EqdZQvlnYMmtpz/iSyy+6+5F3f3HgfaijgByZcLVeDplah+K4P042u5Ftr
fBj5rWLirgrw7h9/AaPQL3CL38Gb33tzvLYjlr31mWuGlMHawWHsePsu1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMgYkJXnBPNqAflao9xoIfbgi7LMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvVXlCaVFsZWNFODJvQi1WcWozR2doOXVDTHNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf4SMA0G
CSqGSIb3DQEBCwUAA4IBAQDCSSW93CUqjXL/9AOZ8J4H9Jz2d/iFs9NcwN8h4dur
52N6zmnMuKwxMhgHRC2S4q+xhlVgzjwA4n+YKGq+b/hJAFAf2My/XDt1QnT5WG+8
NoElWwRnirImrEFkeAneNGDtFq9nSVTQA5J0x98iiHFnuzOdFDrnWFDSG22RKpfn
UoArhsO/cjOlEW39geblJEJSBwULqeJA2QSubBqcaq/38DKwOX4sOwH4xlwrjhuA
8H9nW+Qzmwh6zEEKa7ZS8URpnoKjbMIc6EwUzSvisIF9kvGW/ZVo7cDV1CepwPxz
T6q7FB2nloslud0gYLiRf5qFo0zgUyzlkQJBKVbQOisL
-----END CERTIFICATE-----