Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/ux3VitBLPC2AbwF5466JeP6iDFE.roa
File:                     ux3VitBLPC2AbwF5466JeP6iDFE.roa (raw, json)
Hash identifier:          pkUhQmQB1cPk8BJK0PSMQO9sMqwUnGNYe/AEkoXkas4=
Subject key identifier:   BB:1D:D5:8A:D0:4B:3C:2D:80:6F:01:79:E3:AE:89:78:FE:A2:0C:51
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       0192B8AD482F972C7B46050F724DDC70D421
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/ux3VitBLPC2AbwF5466JeP6iDFE.roa
Signing time:             Wed 23 Oct 2024 09:20:16 +0000
ROA not before:           Wed 23 Oct 2024 09:20:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202656
IP address blocks:        86.110.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b8:ad:48:2f:97:2c:7b:46:05:0f:72:4d:dc:70:d4:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Oct 23 09:20:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb1dd58ad04b3c2d806f0179e3ae8978fea20c51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:2e:1c:90:89:c6:c8:26:89:24:0d:ca:40:5c:
                    7e:de:1c:32:34:50:a3:ae:e2:66:74:9b:82:30:f3:
                    2e:0d:76:b1:94:af:4b:2f:e5:29:53:32:92:a7:90:
                    47:5a:3e:94:68:e8:31:70:35:da:74:a8:cc:1e:fd:
                    61:c2:82:29:93:bc:9f:57:6c:98:a9:d1:9d:4a:7f:
                    3f:58:a7:12:99:b1:81:42:70:c5:be:24:d3:0f:dc:
                    1f:1e:fc:f6:f4:86:a7:41:20:c5:b3:d8:4a:91:f0:
                    fe:84:3e:25:ea:3d:ea:a6:19:28:4d:b5:d1:8d:7a:
                    e8:6b:d6:13:7b:1c:be:8e:c6:e3:f1:88:e3:a1:48:
                    de:0d:63:f3:3a:a1:b8:9b:58:db:98:68:8b:0a:f3:
                    e5:88:d9:78:76:bb:58:73:5f:51:97:9a:0a:89:f6:
                    bf:23:d7:af:42:f7:64:c4:3f:76:0e:3c:d9:97:a2:
                    f7:ab:72:ab:9a:ce:c6:bf:0f:5e:ba:5e:a6:5e:c2:
                    6f:51:4e:d3:61:3d:75:08:c7:7d:15:bf:df:b9:4d:
                    48:dd:58:3c:20:08:35:3d:62:c6:a1:bd:73:52:b7:
                    45:5e:8a:54:46:88:dc:e4:8a:e3:af:2e:2f:1b:f4:
                    44:13:44:fe:49:34:f8:3a:ab:2e:db:3d:a5:35:e5:
                    f1:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:1D:D5:8A:D0:4B:3C:2D:80:6F:01:79:E3:AE:89:78:FE:A2:0C:51
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/ux3VitBLPC2AbwF5466JeP6iDFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:e8:7b:ed:25:da:da:85:f3:93:81:ad:32:0e:b5:f3:c8:b1:
         8f:27:f5:62:ba:d0:12:cb:29:9c:71:74:bf:04:ca:6f:fd:35:
         05:c3:dd:3b:cc:de:4c:fb:60:b8:5e:ea:89:9b:b7:78:c8:51:
         44:5a:c5:80:79:93:2d:05:18:d2:de:26:b9:d7:dd:a2:9d:cf:
         58:35:ce:3b:d2:fc:da:18:f9:f8:3b:21:65:b7:ff:ae:6a:62:
         8c:59:0c:66:b0:7c:49:ac:28:2b:56:c9:c7:c7:2a:a8:cb:00:
         0b:0c:cf:fe:d3:0c:2e:db:fc:7f:9d:23:32:6f:5a:6e:b6:bc:
         69:4d:78:0b:1c:9a:e6:cb:ca:7d:1b:a2:4a:c6:68:13:f7:e2:
         3e:24:35:21:3b:5c:66:7e:d3:82:b6:36:db:86:d3:79:6b:62:
         e5:0e:65:f1:78:70:a5:be:90:e5:96:e4:39:60:22:a9:b4:3a:
         f2:f3:d5:cc:1c:d5:46:e5:79:64:b8:40:11:33:49:ec:e6:44:
         3d:44:59:ea:7d:dd:68:29:95:9a:db:7e:2c:79:9f:64:8e:f3:
         ee:34:df:d4:3e:af:58:92:a7:5f:42:a8:b5:0c:5e:1a:58:86:
         c7:41:71:9e:0a:bc:d5:4e:af:52:5e:84:db:c9:82:d9:7f:f1:
         eb:ff:75:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK4rUgvlyx7RgUPck3ccNQhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjQxMDIzMDkyMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjFkZDU4YWQwNGIzYzJkODA2ZjAxNzllM2FlODk3OGZlYTIwYzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnS4ckInGyCaJJA3KQFx+3hwyNFCj
ruJmdJuCMPMuDXaxlK9LL+UpUzKSp5BHWj6UaOgxcDXadKjMHv1hwoIpk7yfV2yY
qdGdSn8/WKcSmbGBQnDFviTTD9wfHvz29IanQSDFs9hKkfD+hD4l6j3qphkoTbXR
jXroa9YTexy+jsbj8YjjoUjeDWPzOqG4m1jbmGiLCvPliNl4drtYc19Rl5oKifa/
I9evQvdkxD92DjzZl6L3q3Krms7Gvw9eul6mXsJvUU7TYT11CMd9Fb/fuU1I3Vg8
IAg1PWLGob1zUrdFXopURojc5Irjry4vG/REE0T+STT4Oqsu2z2lNeXxtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLsd1YrQSzwtgG8BeeOuiXj+ogxRMB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvdXgzVml0QkxQQzJBYndGNTQ2NkplUDZpREZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm4pMA0G
CSqGSIb3DQEBCwUAA4IBAQAA6HvtJdrahfOTga0yDrXzyLGPJ/ViutASyymccXS/
BMpv/TUFw907zN5M+2C4XuqJm7d4yFFEWsWAeZMtBRjS3ia5192inc9YNc470vza
GPn4OyFlt/+uamKMWQxmsHxJrCgrVsnHxyqoywALDM/+0wwu2/x/nSMyb1putrxp
TXgLHJrmy8p9G6JKxmgT9+I+JDUhO1xmftOCtjbbhtN5a2LlDmXxeHClvpDlluQ5
YCKptDry89XMHNVG5XlkuEARM0ns5kQ9RFnqfd1oKZWa234seZ9kjvPuNN/UPq9Y
kqdfQqi1DF4aWIbHQXGeCrzVTq9SXoTbyYLZf/Hr/3Vp
-----END CERTIFICATE-----