Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/4d9c83-f960-48ac-bbf5-9dca5cc80dd9/1/2UbS1EAloXEyA0BxAmNaFARQcNQ.roa
File:                     2UbS1EAloXEyA0BxAmNaFARQcNQ.roa (raw, json)
Hash identifier:          cZYI6Or2Jx26mD2t9A5DVd+NiBoz4kQO/JozvVMQ0oE=
Subject key identifier:   D9:46:D2:D4:40:25:A1:71:32:03:40:71:02:63:5A:14:04:50:70:D4
Certificate issuer:       /CN=1ed3d8e29e063b9d2740ab3de6c72255ec8d0557
Certificate serial:       01942521ED0F88E68C59E7AF4AD8931846EE
Authority key identifier: 1E:D3:D8:E2:9E:06:3B:9D:27:40:AB:3D:E6:C7:22:55:EC:8D:05:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HtPY4p4GO50nQKs95sciVeyNBVc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/4d9c83-f960-48ac-bbf5-9dca5cc80dd9/1/2UbS1EAloXEyA0BxAmNaFARQcNQ.roa
Signing time:             Thu 02 Jan 2025 03:49:27 +0000
ROA not before:           Thu 02 Jan 2025 03:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12541
IP address blocks:        212.31.198.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/4d9c83-f960-48ac-bbf5-9dca5cc80dd9/1/HtPY4p4GO50nQKs95sciVeyNBVc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/4d9c83-f960-48ac-bbf5-9dca5cc80dd9/1/HtPY4p4GO50nQKs95sciVeyNBVc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HtPY4p4GO50nQKs95sciVeyNBVc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 12:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ed:0f:88:e6:8c:59:e7:af:4a:d8:93:18:46:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ed3d8e29e063b9d2740ab3de6c72255ec8d0557
        Validity
            Not Before: Jan  2 03:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d946d2d44025a1713203407102635a14045070d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:37:b7:b3:8a:9f:9a:33:ea:eb:6a:84:31:2f:
                    d5:7e:c4:43:03:f2:08:a7:f0:54:e3:7f:e1:00:a2:
                    10:a2:09:ba:f7:78:8c:fb:c4:cd:5b:07:35:6f:88:
                    f6:e9:5a:d7:21:b6:2b:51:13:39:ac:2e:62:b9:33:
                    3a:b9:4f:97:2a:5f:f8:ef:e6:66:74:3e:2b:3d:74:
                    b7:a9:9c:62:09:96:b7:be:c7:39:1d:90:66:2e:0c:
                    e7:04:89:c2:13:59:35:2d:89:c1:4a:bc:7a:7d:44:
                    c3:1d:c2:6d:0c:7d:e4:5b:2c:3d:b4:28:8d:f7:c0:
                    4a:89:48:8c:47:d4:db:22:da:f1:7d:8f:fe:58:28:
                    85:df:3b:aa:5d:08:74:92:4a:a9:98:d7:b0:68:54:
                    ac:68:2b:3d:a3:d0:e2:a1:18:f1:dd:55:4f:f3:66:
                    c9:86:c8:7c:4b:af:1a:38:b9:e3:d1:c1:1e:41:7a:
                    85:a3:09:47:ea:dc:89:71:54:45:37:03:f9:df:fa:
                    3e:84:fe:d0:ee:f8:a3:3c:22:28:4c:0b:08:14:9f:
                    f7:91:29:fa:ca:f2:00:d3:c4:36:99:4f:f1:9e:e5:
                    bd:48:d7:b5:e6:1d:28:1a:37:7b:df:13:b4:b4:cd:
                    94:1e:f5:fe:ad:66:93:2d:5a:ce:1d:47:cd:f0:fe:
                    02:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:46:D2:D4:40:25:A1:71:32:03:40:71:02:63:5A:14:04:50:70:D4
            X509v3 Authority Key Identifier:
                keyid:1E:D3:D8:E2:9E:06:3B:9D:27:40:AB:3D:E6:C7:22:55:EC:8D:05:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HtPY4p4GO50nQKs95sciVeyNBVc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/4d9c83-f960-48ac-bbf5-9dca5cc80dd9/1/2UbS1EAloXEyA0BxAmNaFARQcNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/4d9c83-f960-48ac-bbf5-9dca5cc80dd9/1/HtPY4p4GO50nQKs95sciVeyNBVc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.31.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a8:27:ab:11:97:3e:03:d5:05:4e:33:c6:2a:32:b5:36:64:f7:
         78:62:aa:b6:67:26:b5:67:ac:b1:2b:3b:3b:48:34:20:74:d3:
         51:38:ee:79:25:89:be:6d:fd:1a:c0:4d:59:00:38:d1:17:63:
         1a:c2:a7:9d:d9:56:40:f1:af:0a:1a:ef:44:84:7d:db:25:e9:
         59:17:44:87:58:99:b8:ca:f0:c2:c9:55:31:dc:4e:a6:62:4c:
         5e:57:28:69:93:47:33:88:de:73:dd:41:81:c5:ab:68:60:6a:
         77:3b:39:1f:8c:6e:88:b5:e1:ae:9e:5d:0a:37:1f:69:30:17:
         47:cc:67:96:c3:19:6e:25:ea:6f:2c:df:fa:e9:93:43:a1:fa:
         b9:c7:d8:b5:0c:36:b5:db:b9:ba:52:12:91:d4:c1:41:c1:51:
         e8:c2:ef:94:3e:43:f3:a3:31:9b:7b:dc:3f:0c:94:5a:52:17:
         a5:42:1e:58:63:2e:68:60:c1:d2:57:b1:a3:5f:cb:59:6f:01:
         99:3e:87:1a:a3:57:29:d8:50:a8:15:19:27:f9:fd:ff:84:4c:
         3f:2f:70:76:d9:52:0f:eb:06:15:d7:9e:78:52:37:6e:b9:b3:
         43:fd:a5:8f:cb:3b:aa:cc:66:06:4e:8b:47:7c:5d:e3:b2:52:
         fa:d6:11:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIe0PiOaMWeevStiTGEbuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlZDNkOGUyOWUwNjNiOWQyNzQwYWIzZGU2YzcyMjU1ZWM4
ZDA1NTcwHhcNMjUwMTAyMDM0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTQ2ZDJkNDQwMjVhMTcxMzIwMzQwNzEwMjYzNWExNDA0NTA3MGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDe3s4qfmjPq62qEMS/VfsRDA/II
p/BU43/hAKIQogm693iM+8TNWwc1b4j26VrXIbYrURM5rC5iuTM6uU+XKl/47+Zm
dD4rPXS3qZxiCZa3vsc5HZBmLgznBInCE1k1LYnBSrx6fUTDHcJtDH3kWyw9tCiN
98BKiUiMR9TbItrxfY/+WCiF3zuqXQh0kkqpmNewaFSsaCs9o9DioRjx3VVP82bJ
hsh8S68aOLnj0cEeQXqFowlH6tyJcVRFNwP53/o+hP7Q7vijPCIoTAsIFJ/3kSn6
yvIA08Q2mU/xnuW9SNe15h0oGjd73xO0tM2UHvX+rWaTLVrOHUfN8P4CwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNlG0tRAJaFxMgNAcQJjWhQEUHDUMB8GA1UdIwQY
MBaAFB7T2OKeBjudJ0CrPebHIlXsjQVXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHRQWTRwNEdPNTBuUUtzOTVzY2lWZXlOQlZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi80ZDljODMtZjk2MC00OGFjLWJiZjUt
OWRjYTVjYzgwZGQ5LzEvMlViUzFFQWxvWEV5QTBCeEFtTmFGQVJRY05RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi80ZDljODMtZjk2MC00OGFjLWJiZjUtOWRjYTVjYzgwZGQ5
LzEvSHRQWTRwNEdPNTBuUUtzOTVzY2lWZXlOQlZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1B/GMA0G
CSqGSIb3DQEBCwUAA4IBAQCoJ6sRlz4D1QVOM8YqMrU2ZPd4Yqq2Zya1Z6yxKzs7
SDQgdNNROO55JYm+bf0awE1ZADjRF2Mawqed2VZA8a8KGu9EhH3bJelZF0SHWJm4
yvDCyVUx3E6mYkxeVyhpk0cziN5z3UGBxatoYGp3OzkfjG6IteGunl0KNx9pMBdH
zGeWwxluJepvLN/66ZNDofq5x9i1DDa127m6UhKR1MFBwVHowu+UPkPzozGbe9w/
DJRaUhelQh5YYy5oYMHSV7GjX8tZbwGZPocao1cp2FCoFRkn+f3/hEw/L3B22VIP
6wYV1554UjduubND/aWPyzuqzGYGTotHfF3jslL61hEt
-----END CERTIFICATE-----