Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Ujgfx-NqmsHk4KRB0-JHc9kk_nY.roa
File:                     Ujgfx-NqmsHk4KRB0-JHc9kk_nY.roa (raw, json)
Hash identifier:          L2pGeZ+Hv8N0udk65fKgbgKRCn41UqvZ7d96SYMhKXk=
Subject key identifier:   52:38:1F:C7:E3:6A:9A:C1:E4:E0:A4:41:D3:E2:47:73:D9:24:FE:76
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018FC9AF1FAB11441AFBC2B1219B020144C7
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Ujgfx-NqmsHk4KRB0-JHc9kk_nY.roa
Signing time:             Thu 30 May 2024 13:27:28 +0000
ROA not before:           Thu 30 May 2024 13:27:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214795
IP address blocks:        2a0c:b641:c70::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c9:af:1f:ab:11:44:1a:fb:c2:b1:21:9b:02:01:44:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: May 30 13:27:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52381fc7e36a9ac1e4e0a441d3e24773d924fe76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:98:4e:18:03:00:e9:2c:b6:eb:3a:34:55:8f:
                    32:d7:cd:05:58:16:0d:f1:7b:b0:a3:18:ee:96:c7:
                    71:6a:f7:d4:25:35:7b:0a:67:72:ef:15:8c:55:0b:
                    ae:bc:a4:41:ae:d9:4d:5c:8b:a2:9a:6d:d4:8d:54:
                    5d:1b:fe:64:e1:56:85:f4:3b:e6:26:89:3c:2d:e5:
                    19:3d:59:d7:2c:02:07:45:95:4d:44:0f:78:74:14:
                    7f:2a:09:1d:17:1a:05:68:3e:b3:26:49:9c:65:25:
                    a8:ed:ff:88:2e:a7:a5:00:16:a2:29:4c:20:bb:12:
                    0f:26:75:44:32:06:58:61:66:67:22:f8:9b:10:cc:
                    55:0c:a0:49:2b:8b:9f:0b:4b:ec:67:e5:30:e0:79:
                    61:84:49:35:59:31:76:78:c0:f1:65:f2:e7:31:2e:
                    bf:e6:9d:4b:82:86:28:7e:87:a1:7a:19:6a:5f:98:
                    71:d8:06:bc:c1:81:91:ea:71:28:19:ef:39:bc:0b:
                    dc:6c:ad:97:94:28:c0:53:a0:7f:cf:99:47:73:ec:
                    8d:31:92:ff:8e:51:12:87:21:e4:67:69:cb:54:23:
                    71:41:03:68:79:7d:a6:0b:3c:1b:ba:22:3e:6b:a4:
                    53:6c:ed:b5:b3:ad:ed:d5:37:da:60:9f:26:f2:af:
                    8d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:38:1F:C7:E3:6A:9A:C1:E4:E0:A4:41:D3:E2:47:73:D9:24:FE:76
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/Ujgfx-NqmsHk4KRB0-JHc9kk_nY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:c70::/44

    Signature Algorithm: sha256WithRSAEncryption
         55:1d:1f:c2:3e:2d:0d:b6:fe:90:b8:6e:2b:0c:be:d8:34:51:
         17:8e:77:3e:c3:53:33:f3:9e:a5:fb:9c:0e:30:19:e7:96:7f:
         ae:44:be:ee:db:79:4a:4c:e2:97:b6:bf:18:5d:9c:b8:0d:45:
         34:53:08:93:da:8f:0e:6f:e1:43:ab:e9:67:e8:6d:46:86:1d:
         45:06:b2:2b:2a:ce:b3:55:c3:ee:00:12:17:76:64:e2:f3:61:
         21:50:84:ae:1f:f3:10:77:fb:d4:9d:9e:42:6f:d1:e6:43:06:
         b0:66:11:06:74:f9:78:9d:e7:e5:17:fc:a8:e7:fc:6e:b1:1d:
         7c:ab:27:a8:4f:f7:5f:6c:dc:13:84:ba:5d:79:86:86:63:6a:
         fe:bb:73:95:d2:41:a1:f6:08:86:55:fa:38:d0:76:8f:52:e5:
         b5:73:89:15:b8:e8:50:bb:59:05:ee:92:60:79:76:19:60:aa:
         58:aa:f4:3e:c9:9b:4f:5b:1e:3e:e0:cc:0f:89:51:0e:c9:11:
         c3:ed:43:48:36:70:3f:7b:71:32:57:c9:10:88:10:c0:b1:c5:
         20:c1:c4:f5:5e:4c:75:33:0d:27:ec:48:c8:a3:6f:22:5b:b6:
         ce:de:8c:18:ca:1d:2e:85:c2:76:7f:9c:ee:b3:76:e2:a5:a9:
         ab:09:32:cf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY/Jrx+rEUQa+8KxIZsCAUTHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwNTMwMTMyNzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjM4MWZjN2UzNmE5YWMxZTRlMGE0NDFkM2UyNDc3M2Q5MjRmZTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxphOGAMA6Sy26zo0VY8y180FWBYN
8XuwoxjulsdxavfUJTV7Cmdy7xWMVQuuvKRBrtlNXIuimm3UjVRdG/5k4VaF9Dvm
Jok8LeUZPVnXLAIHRZVNRA94dBR/KgkdFxoFaD6zJkmcZSWo7f+ILqelABaiKUwg
uxIPJnVEMgZYYWZnIvibEMxVDKBJK4ufC0vsZ+Uw4HlhhEk1WTF2eMDxZfLnMS6/
5p1LgoYofoehehlqX5hx2Aa8wYGR6nEoGe85vAvcbK2XlCjAU6B/z5lHc+yNMZL/
jlEShyHkZ2nLVCNxQQNoeX2mCzwbuiI+a6RTbO21s63t1TfaYJ8m8q+NvwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFI4H8fjaprB5OCkQdPiR3PZJP52MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvVWpnZngtTnFtc0hrNEtSQjAtSkhjOWtrX25ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQxw
MA0GCSqGSIb3DQEBCwUAA4IBAQBVHR/CPi0Ntv6QuG4rDL7YNFEXjnc+w1Mz856l
+5wOMBnnln+uRL7u23lKTOKXtr8YXZy4DUU0UwiT2o8Ob+FDq+ln6G1Ghh1FBrIr
Ks6zVcPuABIXdmTi82EhUISuH/MQd/vUnZ5Cb9HmQwawZhEGdPl4neflF/yo5/xu
sR18qyeoT/dfbNwThLpdeYaGY2r+u3OV0kGh9giGVfo40HaPUuW1c4kVuOhQu1kF
7pJgeXYZYKpYqvQ+yZtPWx4+4MwPiVEOyRHD7UNINnA/e3EyV8kQiBDAscUgwcT1
Xkx1Mw0n7EjIo28iW7bO3owYyh0uhcJ2f5zus3bipamrCTLP
-----END CERTIFICATE-----