Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/2ddd58-6037-494b-992f-ab8e97d855cc/1/UWvkX5bcvTbnLCMaPd17WKECPzk.roa
File:                     UWvkX5bcvTbnLCMaPd17WKECPzk.roa (raw, json)
Hash identifier:          yQUEq3i9d0XIP6QRsNnRoG6OqENQWGvOOS7clhit4dk=
Subject key identifier:   51:6B:E4:5F:96:DC:BD:36:E7:2C:23:1A:3D:DD:7B:58:A1:02:3F:39
Certificate issuer:       /CN=459b2fd0053bdd7e7775398db163bee8772478a5
Certificate serial:       018CC9BC40715F7C157924D3852446D63ADC
Authority key identifier: 45:9B:2F:D0:05:3B:DD:7E:77:75:39:8D:B1:63:BE:E8:77:24:78:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RZsv0AU73X53dTmNsWO-6HckeKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/2ddd58-6037-494b-992f-ab8e97d855cc/1/UWvkX5bcvTbnLCMaPd17WKECPzk.roa
Signing time:             Tue 02 Jan 2024 10:33:26 +0000
ROA not before:           Tue 02 Jan 2024 10:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        209.127.202.0/24 maxlen: 24
                          2a01:4ce0:50::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/2ddd58-6037-494b-992f-ab8e97d855cc/1/RZsv0AU73X53dTmNsWO-6HckeKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/2ddd58-6037-494b-992f-ab8e97d855cc/1/RZsv0AU73X53dTmNsWO-6HckeKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RZsv0AU73X53dTmNsWO-6HckeKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:40:71:5f:7c:15:79:24:d3:85:24:46:d6:3a:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=459b2fd0053bdd7e7775398db163bee8772478a5
        Validity
            Not Before: Jan  2 10:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=516be45f96dcbd36e72c231a3ddd7b58a1023f39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:77:d7:b5:be:d5:f3:fe:af:aa:80:72:49:c1:
                    5a:0f:c3:d3:c5:8f:0f:c3:4b:88:ec:64:28:70:d8:
                    b7:38:fc:9f:6a:46:69:97:77:36:f3:dd:bc:70:65:
                    51:d1:fc:84:0a:a7:6b:3f:cd:ec:ff:c2:63:78:05:
                    21:78:12:2e:36:20:34:67:3f:3e:9d:ee:82:2c:ef:
                    c7:20:2c:ae:1a:c3:08:5c:ff:ca:7f:08:c6:ce:65:
                    3d:09:af:73:07:d2:85:90:7c:90:e5:13:4a:ca:8a:
                    40:8a:16:57:19:be:44:03:07:1f:ac:41:88:36:57:
                    97:ce:d3:9d:f8:ee:4d:79:cd:65:89:50:31:05:6d:
                    d3:a4:33:95:0d:d2:37:5c:47:31:51:b9:93:dc:25:
                    72:01:0b:2f:d0:74:ad:22:b1:66:d9:92:04:08:2f:
                    f7:ac:0f:94:b3:1a:0b:2a:2a:2b:9e:2a:2c:0e:2c:
                    de:a5:35:f8:da:42:12:d5:d5:63:c1:46:c6:14:16:
                    da:ce:8d:83:eb:1c:4c:57:c2:1c:bc:ba:38:5e:26:
                    51:28:35:51:78:ba:a7:4c:9d:a0:38:2f:17:f3:64:
                    58:e8:9f:4f:5a:2a:0a:b6:c4:69:08:51:d7:84:ff:
                    44:0a:18:74:32:0c:14:cf:29:ce:cf:e9:d5:02:d4:
                    60:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:6B:E4:5F:96:DC:BD:36:E7:2C:23:1A:3D:DD:7B:58:A1:02:3F:39
            X509v3 Authority Key Identifier:
                keyid:45:9B:2F:D0:05:3B:DD:7E:77:75:39:8D:B1:63:BE:E8:77:24:78:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RZsv0AU73X53dTmNsWO-6HckeKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2ddd58-6037-494b-992f-ab8e97d855cc/1/UWvkX5bcvTbnLCMaPd17WKECPzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2ddd58-6037-494b-992f-ab8e97d855cc/1/RZsv0AU73X53dTmNsWO-6HckeKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.127.202.0/24
                IPv6:
                  2a01:4ce0:50::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:d5:07:23:bd:a8:7b:58:46:97:e8:2d:26:db:c8:e7:e5:26:
         24:2d:f6:da:8c:82:20:6c:08:7c:6b:5d:55:c5:e1:37:cf:6f:
         e9:4a:71:bb:8d:07:2b:e1:fc:db:dd:34:f3:ad:b8:e5:65:e2:
         6a:aa:79:e4:bd:e2:2e:76:47:3e:ba:66:a8:15:91:df:b2:3d:
         13:e2:c0:e3:ed:03:29:e0:ae:55:19:1a:80:21:8d:19:6a:b5:
         c9:68:2a:6f:80:a6:80:65:8a:2a:d0:16:32:5a:4f:97:20:a6:
         0e:cf:c4:34:f2:3d:0e:29:a3:7c:aa:14:9d:5c:fd:e5:5c:14:
         d0:38:0a:0c:3f:1b:a9:ca:d0:fb:61:f5:4b:62:8b:aa:36:7f:
         74:2f:25:f2:44:49:82:db:f7:82:57:f3:bd:f1:47:1b:af:a6:
         c0:2e:e6:c2:dd:57:48:cc:ce:80:f5:6c:2a:df:a0:03:bc:0f:
         e4:c0:e8:f9:8f:27:ed:9d:35:fc:64:17:fc:1f:15:73:25:3a:
         fd:58:42:b1:80:2c:07:3f:86:a8:39:6d:e5:fd:45:31:27:88:
         c2:08:e6:d5:bc:1b:99:4b:f6:fd:4d:07:eb:a6:80:47:56:8c:
         8c:2d:59:9e:e3:65:f5:2c:47:ef:f7:85:59:78:a4:2b:a9:1b:
         4c:89:a5:f3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJvEBxX3wVeSTThSRG1jrcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OWIyZmQwMDUzYmRkN2U3Nzc1Mzk4ZGIxNjNiZWU4Nzcy
NDc4YTUwHhcNMjQwMTAyMTAzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTZiZTQ1Zjk2ZGNiZDM2ZTcyYzIzMWEzZGRkN2I1OGExMDIzZjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHfXtb7V8/6vqoByScFaD8PTxY8P
w0uI7GQocNi3OPyfakZpl3c28928cGVR0fyECqdrP83s/8JjeAUheBIuNiA0Zz8+
ne6CLO/HICyuGsMIXP/KfwjGzmU9Ca9zB9KFkHyQ5RNKyopAihZXGb5EAwcfrEGI
NleXztOd+O5Nec1liVAxBW3TpDOVDdI3XEcxUbmT3CVyAQsv0HStIrFm2ZIECC/3
rA+UsxoLKiorniosDizepTX42kIS1dVjwUbGFBbazo2D6xxMV8IcvLo4XiZRKDVR
eLqnTJ2gOC8X82RY6J9PWioKtsRpCFHXhP9EChh0MgwUzynOz+nVAtRgxQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFFr5F+W3L025ywjGj3de1ihAj85MB8GA1UdIwQY
MBaAFEWbL9AFO91+d3U5jbFjvuh3JHilMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlpzdjBBVTczWDUzZFRtTnNXTy02SGNrZUtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8yZGRkNTgtNjAzNy00OTRiLTk5MmYt
YWI4ZTk3ZDg1NWNjLzEvVVd2a1g1YmN2VGJuTENNYVBkMTdXS0VDUHprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8yZGRkNTgtNjAzNy00OTRiLTk5MmYtYWI4ZTk3ZDg1NWNj
LzEvUlpzdjBBVTczWDUzZFRtTnNXTy02SGNrZUtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA0X/KMA8E
AgACMAkDBwAqAUzgAFAwDQYJKoZIhvcNAQELBQADggEBAGTVByO9qHtYRpfoLSbb
yOflJiQt9tqMgiBsCHxrXVXF4TfPb+lKcbuNByvh/NvdNPOtuOVl4mqqeeS94i52
Rz66ZqgVkd+yPRPiwOPtAyngrlUZGoAhjRlqtcloKm+ApoBliirQFjJaT5cgpg7P
xDTyPQ4po3yqFJ1c/eVcFNA4Cgw/G6nK0Pth9Utii6o2f3QvJfJESYLb94JX873x
RxuvpsAu5sLdV0jMzoD1bCrfoAO8D+TA6PmPJ+2dNfxkF/wfFXMlOv1YQrGALAc/
hqg5beX9RTEniMII5tW8G5lL9v1NB+umgEdWjIwtWZ7jZfUsR+/3hVl4pCupG0yJ
pfM=
-----END CERTIFICATE-----