Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/f0372a-c332-485f-b293-a6d2684a9425/1/UyByoYW1eGUazMnJ8I-2ncOK0hs.roa
File:                     UyByoYW1eGUazMnJ8I-2ncOK0hs.roa (raw, json)
Hash identifier:          2RQW6HeC6UJWl0PyhVUJ1Au2Gjg5MsY0s3xBfwIHAaw=
Subject key identifier:   53:20:72:A1:85:B5:78:65:1A:CC:C9:C9:F0:8F:B6:9D:C3:8A:D2:1B
Certificate issuer:       /CN=1f2cb35b874780cb93dc44210b9d79d6ed94fe5e
Certificate serial:       019420685ED3181BB531B1B999A328EA5ECD
Authority key identifier: 1F:2C:B3:5B:87:47:80:CB:93:DC:44:21:0B:9D:79:D6:ED:94:FE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HyyzW4dHgMuT3EQhC5151u2U_l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/f0372a-c332-485f-b293-a6d2684a9425/1/UyByoYW1eGUazMnJ8I-2ncOK0hs.roa
Signing time:             Wed 01 Jan 2025 05:48:18 +0000
ROA not before:           Wed 01 Jan 2025 05:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197745
IP address blocks:        217.196.184.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/f0372a-c332-485f-b293-a6d2684a9425/1/HyyzW4dHgMuT3EQhC5151u2U_l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/f0372a-c332-485f-b293-a6d2684a9425/1/HyyzW4dHgMuT3EQhC5151u2U_l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HyyzW4dHgMuT3EQhC5151u2U_l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:5e:d3:18:1b:b5:31:b1:b9:99:a3:28:ea:5e:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f2cb35b874780cb93dc44210b9d79d6ed94fe5e
        Validity
            Not Before: Jan  1 05:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=532072a185b578651accc9c9f08fb69dc38ad21b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:6c:7d:5d:0b:5c:7f:f0:8f:0b:c1:a4:37:ca:
                    e5:3e:3d:1c:26:49:51:9e:f3:6a:f9:21:6a:44:93:
                    06:34:b3:ec:56:91:2a:8d:5a:e9:58:19:91:80:e3:
                    89:d6:3c:c9:f9:fb:94:30:b9:24:d0:83:0c:53:2c:
                    b8:e6:16:81:d7:a3:a8:b9:34:96:5e:63:3c:79:54:
                    5a:e4:50:c5:b0:9d:cc:fd:3d:1c:cf:20:bd:2d:3b:
                    d1:65:93:c6:49:97:70:d2:04:00:ff:ab:81:72:19:
                    3b:5d:00:6e:d0:6b:6a:9d:d2:fd:b6:a6:66:fc:cc:
                    1b:eb:4a:1e:2f:be:56:e6:02:3b:ee:6e:8f:c3:4f:
                    bc:91:3a:c6:eb:03:35:e0:2e:5e:1b:36:b0:5b:44:
                    2b:48:c9:83:56:34:02:17:6d:a4:1d:ee:14:1e:b4:
                    a0:04:01:55:39:cd:c5:de:6e:55:4c:61:f2:d9:50:
                    63:84:1b:35:31:85:f3:45:75:22:18:5b:cf:06:af:
                    99:26:c1:21:0f:f8:45:99:8e:3a:81:82:c4:b4:b0:
                    4a:86:e4:a6:bc:f3:4e:2b:7d:06:7d:13:a1:4c:28:
                    0e:e7:5c:34:45:42:e5:06:17:6b:38:21:7f:88:56:
                    e4:29:5d:6d:ed:5b:ac:02:fd:ee:a9:9a:71:09:6d:
                    b8:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:20:72:A1:85:B5:78:65:1A:CC:C9:C9:F0:8F:B6:9D:C3:8A:D2:1B
            X509v3 Authority Key Identifier:
                keyid:1F:2C:B3:5B:87:47:80:CB:93:DC:44:21:0B:9D:79:D6:ED:94:FE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HyyzW4dHgMuT3EQhC5151u2U_l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/f0372a-c332-485f-b293-a6d2684a9425/1/UyByoYW1eGUazMnJ8I-2ncOK0hs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/f0372a-c332-485f-b293-a6d2684a9425/1/HyyzW4dHgMuT3EQhC5151u2U_l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.196.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         bb:e8:d1:42:98:53:8e:58:a8:0e:00:a9:36:e6:75:47:cc:32:
         0c:10:81:a8:63:1e:92:20:89:96:35:3e:9c:d6:23:db:4d:84:
         59:d4:3d:9e:48:98:f0:2f:c0:2a:ba:d4:f7:c7:05:fd:7a:61:
         a3:ce:25:65:bc:72:ff:ec:9c:d9:13:90:df:f6:5b:2c:b8:b0:
         1d:59:3c:0f:bd:cb:9f:17:c8:c7:d3:d9:4d:51:cb:6f:0c:fe:
         80:b2:0f:f7:dd:d1:4f:13:b4:74:4d:27:39:90:42:2b:e3:63:
         1f:d6:53:5c:52:fe:4c:6c:59:f4:1a:d1:f7:52:93:39:2d:db:
         1d:c0:42:5f:90:9d:f2:1d:42:0b:3b:d5:94:66:cd:21:53:ae:
         f8:2c:3d:14:2b:36:d9:5a:b9:4c:eb:62:00:68:a9:a0:82:06:
         bf:f8:f8:d6:b6:8f:2f:97:82:a2:84:e5:ad:30:23:54:85:e0:
         64:51:22:1d:09:47:60:e9:9f:3c:6b:0e:dc:fa:02:d1:cd:d2:
         48:82:40:c3:7a:3d:df:46:9c:d3:2c:91:f8:42:4b:7a:64:89:
         db:c5:51:43:fd:55:36:53:0d:ab:af:97:39:93:8c:87:1f:06:
         29:eb:6f:bf:a5:f0:8d:77:2a:c7:2b:bc:cc:2f:c7:17:f5:89:
         27:d6:d0:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaF7TGBu1MbG5maMo6l7NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMmNiMzViODc0NzgwY2I5M2RjNDQyMTBiOWQ3OWQ2ZWQ5
NGZlNWUwHhcNMjUwMTAxMDU0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzIwNzJhMTg1YjU3ODY1MWFjY2M5YzlmMDhmYjY5ZGMzOGFkMjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Gx9XQtcf/CPC8GkN8rlPj0cJklR
nvNq+SFqRJMGNLPsVpEqjVrpWBmRgOOJ1jzJ+fuUMLkk0IMMUyy45haB16OouTSW
XmM8eVRa5FDFsJ3M/T0czyC9LTvRZZPGSZdw0gQA/6uBchk7XQBu0GtqndL9tqZm
/Mwb60oeL75W5gI77m6Pw0+8kTrG6wM14C5eGzawW0QrSMmDVjQCF22kHe4UHrSg
BAFVOc3F3m5VTGHy2VBjhBs1MYXzRXUiGFvPBq+ZJsEhD/hFmY46gYLEtLBKhuSm
vPNOK30GfROhTCgO51w0RULlBhdrOCF/iFbkKV1t7VusAv3uqZpxCW24PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMgcqGFtXhlGszJyfCPtp3DitIbMB8GA1UdIwQY
MBaAFB8ss1uHR4DLk9xEIQudedbtlP5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHl5elc0ZEhnTXVUM0VRaEM1MTUxdTJVX2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9mMDM3MmEtYzMzMi00ODVmLWIyOTMt
YTZkMjY4NGE5NDI1LzEvVXlCeW9ZVzFlR1Vhek1uSjhJLTJuY09LMGhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9mMDM3MmEtYzMzMi00ODVmLWIyOTMtYTZkMjY4NGE5NDI1
LzEvSHl5elc0ZEhnTXVUM0VRaEM1MTUxdTJVX2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2cS4MA0G
CSqGSIb3DQEBCwUAA4IBAQC76NFCmFOOWKgOAKk25nVHzDIMEIGoYx6SIImWNT6c
1iPbTYRZ1D2eSJjwL8AqutT3xwX9emGjziVlvHL/7JzZE5Df9lssuLAdWTwPvcuf
F8jH09lNUctvDP6Asg/33dFPE7R0TSc5kEIr42Mf1lNcUv5MbFn0GtH3UpM5Ldsd
wEJfkJ3yHUILO9WUZs0hU674LD0UKzbZWrlM62IAaKmggga/+PjWto8vl4KihOWt
MCNUheBkUSIdCUdg6Z88aw7c+gLRzdJIgkDDej3fRpzTLJH4Qkt6ZInbxVFD/VU2
Uw2rr5c5k4yHHwYp62+/pfCNdyrHK7zML8cX9Ykn1tAZ
-----END CERTIFICATE-----