Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e8be0e-a80d-4a4f-b52f-dff1cffb7b18/1/uJnVKXAIy60auoGPJwESNrSmHkE.roa
File:                     uJnVKXAIy60auoGPJwESNrSmHkE.roa (raw, json)
Hash identifier:          ebmKrJfXBBi07GAqHoc+u6RWZ0ztB7xPcVNK+Z+MDgQ=
Subject key identifier:   B8:99:D5:29:70:08:CB:AD:1A:BA:81:8F:27:01:12:36:B4:A6:1E:41
Certificate issuer:       /CN=ba6d46b76bfd6d42bbd575e2f26fce136b9b6a6d
Certificate serial:       019425FCB63AA82BF86640AB1C8F7668463B
Authority key identifier: BA:6D:46:B7:6B:FD:6D:42:BB:D5:75:E2:F2:6F:CE:13:6B:9B:6A:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um1Gt2v9bUK71XXi8m_OE2ubam0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e8be0e-a80d-4a4f-b52f-dff1cffb7b18/1/uJnVKXAIy60auoGPJwESNrSmHkE.roa
Signing time:             Thu 02 Jan 2025 07:48:26 +0000
ROA not before:           Thu 02 Jan 2025 07:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47393
IP address blocks:        195.43.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e8be0e-a80d-4a4f-b52f-dff1cffb7b18/1/um1Gt2v9bUK71XXi8m_OE2ubam0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e8be0e-a80d-4a4f-b52f-dff1cffb7b18/1/um1Gt2v9bUK71XXi8m_OE2ubam0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um1Gt2v9bUK71XXi8m_OE2ubam0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:b6:3a:a8:2b:f8:66:40:ab:1c:8f:76:68:46:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6d46b76bfd6d42bbd575e2f26fce136b9b6a6d
        Validity
            Not Before: Jan  2 07:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b899d5297008cbad1aba818f27011236b4a61e41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:36:b3:cd:d2:3c:ad:be:bd:b1:a5:ce:95:5a:
                    d0:bf:af:25:93:c3:cf:f9:b8:1d:53:a5:ee:2b:29:
                    8e:65:4d:dc:eb:97:0e:43:fb:98:70:b6:d9:bf:15:
                    f5:b8:e3:18:53:fa:80:c5:d2:ba:7d:74:2d:85:ac:
                    2f:23:57:23:d8:b7:60:cf:26:66:7a:47:15:39:46:
                    2d:2a:57:27:f4:9a:48:60:0f:9a:c0:7a:9c:91:b4:
                    66:3f:95:85:13:34:ee:0f:2e:af:10:0e:2a:2d:c4:
                    0b:9b:b2:00:7d:b8:74:9a:d0:1c:4a:9b:d2:a9:c7:
                    42:b2:0b:30:d0:fd:98:f9:ff:91:64:52:ca:4e:2d:
                    ee:97:f6:7c:a8:9e:24:5a:3d:d5:2d:f3:63:74:ac:
                    08:f9:dd:f3:00:75:85:b0:0b:03:40:37:ca:e8:20:
                    df:ef:65:f4:5f:cc:b1:ef:8e:d8:76:dd:af:1e:dd:
                    f0:b6:7c:fc:a8:6b:9c:50:52:04:3c:d9:fb:dd:48:
                    99:3a:8d:55:cd:d9:0d:e6:3b:fc:5e:d9:43:86:d1:
                    27:ec:a7:8d:69:bb:26:04:c3:b7:f5:14:3b:34:3d:
                    da:90:8e:26:7c:a7:3e:70:6b:d9:94:cc:a2:dd:fe:
                    b8:dc:c5:e8:7b:48:68:ee:9a:6d:e3:2c:62:26:0f:
                    42:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:99:D5:29:70:08:CB:AD:1A:BA:81:8F:27:01:12:36:B4:A6:1E:41
            X509v3 Authority Key Identifier:
                keyid:BA:6D:46:B7:6B:FD:6D:42:BB:D5:75:E2:F2:6F:CE:13:6B:9B:6A:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um1Gt2v9bUK71XXi8m_OE2ubam0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e8be0e-a80d-4a4f-b52f-dff1cffb7b18/1/uJnVKXAIy60auoGPJwESNrSmHkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e8be0e-a80d-4a4f-b52f-dff1cffb7b18/1/um1Gt2v9bUK71XXi8m_OE2ubam0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.43.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:6c:52:71:a5:e0:51:7e:ce:de:72:bc:d3:4b:3e:0e:c0:1e:
         6b:50:bb:8e:8b:60:b8:8c:19:f1:79:5d:e1:7f:82:3c:1a:19:
         42:d3:f1:9b:71:d1:96:d1:2e:71:0f:b4:f6:d8:e9:b7:fe:e6:
         23:e8:77:dd:da:f8:b9:77:9e:14:c1:55:c4:64:c0:5c:2e:b0:
         b5:c9:bc:67:f2:b5:92:a5:e9:51:c3:5a:32:36:b6:10:c0:8c:
         c5:bf:d9:1e:bd:6b:de:3e:52:68:00:9c:bf:3f:e2:e1:6c:76:
         c9:54:8b:fd:ad:ea:a7:2d:ce:d3:23:9f:19:64:69:2e:2e:25:
         5a:a6:b2:e3:4e:0e:15:30:45:d9:c3:38:cf:b5:65:92:6f:43:
         87:41:96:a8:d5:60:2d:40:de:01:23:f9:20:a3:14:84:32:4a:
         72:d6:19:fa:00:c5:72:93:fe:33:d9:c9:61:f1:77:81:9a:81:
         d9:09:f5:5c:57:7d:6b:81:8d:48:30:da:8a:f5:57:a2:28:b2:
         a2:5a:c3:96:47:4e:3e:97:0f:de:fe:a7:00:2f:f0:b5:00:13:
         02:7e:ca:05:1e:f3:5d:be:ac:d9:ba:92:f5:c1:ce:21:34:e4:
         8b:c6:23:dc:b7:94:c3:93:30:69:a3:42:a9:17:0a:33:4e:d6:
         5e:6d:a5:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/LY6qCv4ZkCrHI92aEY7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmQ0NmI3NmJmZDZkNDJiYmQ1NzVlMmYyNmZjZTEzNmI5
YjZhNmQwHhcNMjUwMTAyMDc0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODk5ZDUyOTcwMDhjYmFkMWFiYTgxOGYyNzAxMTIzNmI0YTYxZTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjazzdI8rb69saXOlVrQv68lk8PP
+bgdU6XuKymOZU3c65cOQ/uYcLbZvxX1uOMYU/qAxdK6fXQthawvI1cj2LdgzyZm
ekcVOUYtKlcn9JpIYA+awHqckbRmP5WFEzTuDy6vEA4qLcQLm7IAfbh0mtAcSpvS
qcdCsgsw0P2Y+f+RZFLKTi3ul/Z8qJ4kWj3VLfNjdKwI+d3zAHWFsAsDQDfK6CDf
72X0X8yx747Ydt2vHt3wtnz8qGucUFIEPNn73UiZOo1VzdkN5jv8XtlDhtEn7KeN
absmBMO39RQ7ND3akI4mfKc+cGvZlMyi3f643MXoe0ho7ppt4yxiJg9CwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLiZ1SlwCMutGrqBjycBEja0ph5BMB8GA1UdIwQY
MBaAFLptRrdr/W1Cu9V14vJvzhNrm2ptMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW0xR3QydjliVUs3MVhYaThtX09FMnViYW0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lOGJlMGUtYTgwZC00YTRmLWI1MmYt
ZGZmMWNmZmI3YjE4LzEvdUpuVktYQUl5NjBhdW9HUEp3RVNOclNtSGtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lOGJlMGUtYTgwZC00YTRmLWI1MmYtZGZmMWNmZmI3YjE4
LzEvdW0xR3QydjliVUs3MVhYaThtX09FMnViYW0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyuCMA0G
CSqGSIb3DQEBCwUAA4IBAQBhbFJxpeBRfs7ecrzTSz4OwB5rULuOi2C4jBnxeV3h
f4I8GhlC0/GbcdGW0S5xD7T22Om3/uYj6Hfd2vi5d54UwVXEZMBcLrC1ybxn8rWS
pelRw1oyNrYQwIzFv9kevWvePlJoAJy/P+LhbHbJVIv9reqnLc7TI58ZZGkuLiVa
prLjTg4VMEXZwzjPtWWSb0OHQZao1WAtQN4BI/kgoxSEMkpy1hn6AMVyk/4z2clh
8XeBmoHZCfVcV31rgY1IMNqK9VeiKLKiWsOWR04+lw/e/qcAL/C1ABMCfsoFHvNd
vqzZupL1wc4hNOSLxiPct5TDkzBpo0KpFwozTtZebaUJ
-----END CERTIFICATE-----