Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/11d1e5-3cc7-4972-a07a-785e3e8768f9/1/uEaPXwIvt3nd0ncZqWTmGRgN2Co.roa
File:                     uEaPXwIvt3nd0ncZqWTmGRgN2Co.roa (raw, json)
Hash identifier:          V/FrvYjkhAUQhpjTMGaHfRf+RO486rwY6D+JJKx9Z6U=
Subject key identifier:   B8:46:8F:5F:02:2F:B7:79:DD:D2:77:19:A9:64:E6:19:18:0D:D8:2A
Certificate issuer:       /CN=3826423eb01955224e6c11d19c6d39381e8be21d
Certificate serial:       0194206874CEC8CC71FEF430FDF076288D89
Authority key identifier: 38:26:42:3E:B0:19:55:22:4E:6C:11:D1:9C:6D:39:38:1E:8B:E2:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OCZCPrAZVSJObBHRnG05OB6L4h0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/11d1e5-3cc7-4972-a07a-785e3e8768f9/1/uEaPXwIvt3nd0ncZqWTmGRgN2Co.roa
Signing time:             Wed 01 Jan 2025 05:48:24 +0000
ROA not before:           Wed 01 Jan 2025 05:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47650
IP address blocks:        195.34.220.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/11d1e5-3cc7-4972-a07a-785e3e8768f9/1/OCZCPrAZVSJObBHRnG05OB6L4h0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/11d1e5-3cc7-4972-a07a-785e3e8768f9/1/OCZCPrAZVSJObBHRnG05OB6L4h0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OCZCPrAZVSJObBHRnG05OB6L4h0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:74:ce:c8:cc:71:fe:f4:30:fd:f0:76:28:8d:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3826423eb01955224e6c11d19c6d39381e8be21d
        Validity
            Not Before: Jan  1 05:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b8468f5f022fb779ddd27719a964e619180dd82a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:4e:c4:17:41:0b:73:c8:00:b4:16:b2:3a:1a:
                    b1:13:f6:26:b5:52:39:88:42:5a:c2:e9:0c:71:a7:
                    dd:37:47:23:e3:d6:ce:41:db:db:1d:41:3a:d3:97:
                    4d:6b:6f:73:0a:18:76:50:e9:91:22:33:6f:36:ff:
                    9f:dd:78:b0:c7:6f:19:ea:9a:d3:c1:87:55:e0:65:
                    0e:de:0b:16:5d:87:46:cf:3f:d0:45:e2:5e:e3:ab:
                    93:f6:90:f9:74:84:47:50:20:82:05:08:c0:c2:11:
                    5a:1c:7e:7e:98:b1:ac:01:51:6c:12:e6:93:85:20:
                    b2:c4:c9:77:74:7e:03:e8:c8:6a:91:20:04:98:33:
                    34:8f:58:f2:ad:87:f1:7b:ce:0d:be:ef:1f:6f:3c:
                    6c:2e:04:57:46:c5:e4:d0:4a:26:f7:f4:a1:8e:50:
                    a6:cc:d5:80:51:04:ea:0e:fa:c5:84:70:4b:03:3e:
                    a7:74:bc:6e:66:eb:dc:2e:db:85:64:0a:2f:a3:7a:
                    18:50:1b:7d:09:eb:52:0f:84:96:cb:8a:14:54:8b:
                    7a:fc:b6:47:b6:ab:c8:d8:b8:5d:53:d7:88:51:76:
                    3a:3b:fb:f3:81:38:9e:74:db:e5:90:e0:0c:43:cd:
                    41:70:02:69:e4:55:db:0d:31:63:51:14:fc:fc:6e:
                    2e:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:46:8F:5F:02:2F:B7:79:DD:D2:77:19:A9:64:E6:19:18:0D:D8:2A
            X509v3 Authority Key Identifier:
                keyid:38:26:42:3E:B0:19:55:22:4E:6C:11:D1:9C:6D:39:38:1E:8B:E2:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OCZCPrAZVSJObBHRnG05OB6L4h0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/11d1e5-3cc7-4972-a07a-785e3e8768f9/1/uEaPXwIvt3nd0ncZqWTmGRgN2Co.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/11d1e5-3cc7-4972-a07a-785e3e8768f9/1/OCZCPrAZVSJObBHRnG05OB6L4h0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.34.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:d1:19:f0:9e:ce:e9:b9:99:2b:c2:9b:3e:41:e5:8c:fd:04:
         02:be:02:88:c6:2a:b0:d2:f3:21:a7:2d:6f:d1:bc:f8:8a:98:
         af:f0:44:34:0a:32:c7:b1:bf:50:3a:31:45:e5:64:43:b0:b3:
         20:09:6e:5f:77:ba:58:e2:17:2c:cb:18:f9:b0:8e:14:c4:cd:
         e6:ba:6f:52:db:49:a9:0c:4d:51:83:0d:bd:cb:82:b8:12:9d:
         2b:23:e2:d2:b8:ed:7b:e9:62:77:de:77:d9:83:d0:1d:87:fc:
         e6:6a:4d:d8:d9:5c:46:2c:83:4e:1c:c1:47:9f:de:66:0e:b8:
         9a:63:78:e1:e5:7b:90:8b:9c:bf:63:35:2a:ad:81:05:1c:15:
         80:49:61:52:62:11:c8:58:60:66:4d:05:8d:6f:9e:6e:4b:6b:
         58:05:d8:48:cf:89:29:c7:8f:0f:45:fd:93:c7:d5:b9:9c:5a:
         58:62:8f:d3:ec:9d:d4:66:4d:6a:9c:64:19:ac:4c:9f:78:27:
         1c:96:f1:5a:6d:a1:6b:eb:ff:f6:0d:a4:f5:23:81:87:87:7e:
         ca:d1:bc:67:5e:a2:b8:48:20:18:05:99:46:0e:48:c2:bf:05:
         cb:6f:25:76:02:a5:7d:5f:cf:ea:d9:b8:58:54:c5:bb:93:5b:
         f0:bb:59:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaHTOyMxx/vQw/fB2KI2JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MjY0MjNlYjAxOTU1MjI0ZTZjMTFkMTljNmQzOTM4MWU4
YmUyMWQwHhcNMjUwMTAxMDU0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODQ2OGY1ZjAyMmZiNzc5ZGRkMjc3MTlhOTY0ZTYxOTE4MGRkODJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuk7EF0ELc8gAtBayOhqxE/YmtVI5
iEJawukMcafdN0cj49bOQdvbHUE605dNa29zChh2UOmRIjNvNv+f3Xiwx28Z6prT
wYdV4GUO3gsWXYdGzz/QReJe46uT9pD5dIRHUCCCBQjAwhFaHH5+mLGsAVFsEuaT
hSCyxMl3dH4D6MhqkSAEmDM0j1jyrYfxe84Nvu8fbzxsLgRXRsXk0Eom9/ShjlCm
zNWAUQTqDvrFhHBLAz6ndLxuZuvcLtuFZAovo3oYUBt9CetSD4SWy4oUVIt6/LZH
tqvI2LhdU9eIUXY6O/vzgTiedNvlkOAMQ81BcAJp5FXbDTFjURT8/G4ueQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLhGj18CL7d53dJ3Galk5hkYDdgqMB8GA1UdIwQY
MBaAFDgmQj6wGVUiTmwR0ZxtOTgei+IdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0NaQ1ByQVpWU0pPYkJIUm5HMDVPQjZMNGgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8xMWQxZTUtM2NjNy00OTcyLWEwN2Et
Nzg1ZTNlODc2OGY5LzEvdUVhUFh3SXZ0M25kMG5jWnFXVG1HUmdOMkNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8xMWQxZTUtM2NjNy00OTcyLWEwN2EtNzg1ZTNlODc2OGY5
LzEvT0NaQ1ByQVpWU0pPYkJIUm5HMDVPQjZMNGgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwyLcMA0G
CSqGSIb3DQEBCwUAA4IBAQAc0Rnwns7puZkrwps+QeWM/QQCvgKIxiqw0vMhpy1v
0bz4ipiv8EQ0CjLHsb9QOjFF5WRDsLMgCW5fd7pY4hcsyxj5sI4UxM3mum9S20mp
DE1Rgw29y4K4Ep0rI+LSuO176WJ33nfZg9Adh/zmak3Y2VxGLINOHMFHn95mDria
Y3jh5XuQi5y/YzUqrYEFHBWASWFSYhHIWGBmTQWNb55uS2tYBdhIz4kpx48PRf2T
x9W5nFpYYo/T7J3UZk1qnGQZrEyfeCcclvFabaFr6//2DaT1I4GHh37K0bxnXqK4
SCAYBZlGDkjCvwXLbyV2AqV9X8/q2bhYVMW7k1vwu1l5
-----END CERTIFICATE-----