Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/UHjfP3V5popAhLVdBLxmVH4AHdE.roa
File:                     UHjfP3V5popAhLVdBLxmVH4AHdE.roa (raw, json)
Hash identifier:          CLr9XFS9LyXmtjSYmTZvGV7u0vDYNWpap22Q19VtSzQ=
Subject key identifier:   50:78:DF:3F:75:79:A6:8A:40:84:B5:5D:04:BC:66:54:7E:00:1D:D1
Certificate issuer:       /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial:       018CC34899C687952139BC53CC0050404710
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/UHjfP3V5popAhLVdBLxmVH4AHdE.roa
Signing time:             Mon 01 Jan 2024 04:29:24 +0000
ROA not before:           Mon 01 Jan 2024 04:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        212.116.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:99:c6:87:95:21:39:bc:53:cc:00:50:40:47:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
        Validity
            Not Before: Jan  1 04:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5078df3f7579a68a4084b55d04bc66547e001dd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:8e:63:65:cb:ae:c2:00:16:7d:84:ed:fa:2d:
                    3a:94:66:51:e4:d4:c3:45:7b:05:84:68:78:6e:d3:
                    eb:e1:b2:e2:d5:b6:f8:3e:31:23:f0:d7:7b:62:7d:
                    94:f5:e1:21:ad:e5:f2:82:5d:8b:fd:c3:13:0b:94:
                    93:d6:a3:28:f9:a1:9e:e3:6f:0c:15:bc:31:5a:77:
                    66:b2:cb:51:fa:3a:d9:a2:54:fe:bd:53:ac:d4:45:
                    5a:15:18:11:05:a3:3b:01:c8:3e:aa:d1:46:e6:8d:
                    15:74:c0:a1:2e:44:26:84:2a:18:4e:05:df:7d:de:
                    67:62:41:b1:ff:55:9b:b0:a7:63:06:9c:bf:29:6a:
                    96:74:5a:7a:16:b8:27:64:9b:b9:4f:7c:63:55:17:
                    4e:1b:c0:2f:ac:bc:fb:b1:f0:b3:eb:1d:8e:89:17:
                    9e:e6:90:84:3c:c5:5f:16:64:09:24:27:83:8d:b8:
                    cb:ab:d3:30:f3:01:cf:0a:ad:53:1e:f2:01:e4:3b:
                    db:ed:9d:93:bc:43:55:d3:ad:07:0a:f7:86:98:69:
                    68:ae:f8:51:91:1a:23:92:59:f8:56:1a:be:bf:00:
                    bc:47:4b:62:63:1d:1e:b1:51:f8:4e:9a:b1:c5:d5:
                    59:6e:5b:7c:8d:cb:29:91:e3:f8:8f:fc:66:8b:3c:
                    93:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:78:DF:3F:75:79:A6:8A:40:84:B5:5D:04:BC:66:54:7E:00:1D:D1
            X509v3 Authority Key Identifier:
                keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/UHjfP3V5popAhLVdBLxmVH4AHdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.116.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:d6:8e:d6:2a:71:93:fd:99:69:76:09:f2:c7:a2:41:46:f6:
         8c:d8:b1:1f:77:ee:05:6b:33:3a:2d:f3:0b:a2:a7:8f:8e:66:
         cd:d5:b8:66:6c:75:9b:94:6e:bb:f2:89:cc:78:e9:5f:a0:3d:
         16:5e:52:f5:10:fe:5e:fd:0c:1e:7e:fa:6a:64:04:d3:88:1f:
         c4:12:2b:bb:9a:6f:ed:2b:3b:fd:38:f3:75:5f:94:f5:c6:31:
         53:e3:90:f9:6e:f1:06:16:26:a1:75:41:db:9b:82:86:f3:d4:
         7d:f5:06:54:f5:aa:5d:86:96:a6:2f:6b:49:3f:2b:67:33:de:
         b1:ad:f6:95:25:bd:6b:a9:94:e1:ff:a4:c7:c5:bc:34:69:9e:
         03:dc:87:ed:6d:8d:82:fe:20:79:49:d2:92:70:32:c4:3a:85:
         16:c0:00:41:0b:7b:70:b6:34:78:c3:c4:7a:dc:99:cb:4a:97:
         fb:4d:91:38:8b:93:27:7d:af:4c:68:90:ac:8a:f2:63:e7:df:
         b3:59:8d:30:6b:ff:5c:b0:63:10:a0:5d:6a:90:be:9c:c2:dc:
         27:d0:17:33:3f:c8:ed:33:04:e0:2a:d2:88:68:96:e5:39:76:
         fe:f9:69:b7:97:1c:3a:c8:be:ea:5a:b4:c2:da:47:df:8b:e0:
         ee:c1:c7:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJnGh5UhObxTzABQQEcQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjQwMTAxMDQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDc4ZGYzZjc1NzlhNjhhNDA4NGI1NWQwNGJjNjY1NDdlMDAxZGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg45jZcuuwgAWfYTt+i06lGZR5NTD
RXsFhGh4btPr4bLi1bb4PjEj8Nd7Yn2U9eEhreXygl2L/cMTC5ST1qMo+aGe428M
FbwxWndmsstR+jrZolT+vVOs1EVaFRgRBaM7Acg+qtFG5o0VdMChLkQmhCoYTgXf
fd5nYkGx/1WbsKdjBpy/KWqWdFp6FrgnZJu5T3xjVRdOG8AvrLz7sfCz6x2OiRee
5pCEPMVfFmQJJCeDjbjLq9Mw8wHPCq1THvIB5Dvb7Z2TvENV060HCveGmGlorvhR
kRojkln4Vhq+vwC8R0tiYx0esVH4TpqxxdVZblt8jcspkeP4j/xmizyTHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFB43z91eaaKQIS1XQS8ZlR+AB3RMB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEvVUhqZlAzVjVwb3BBaExWZEJMeG1WSDRBSGRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HT1MA0G
CSqGSIb3DQEBCwUAA4IBAQAH1o7WKnGT/Zlpdgnyx6JBRvaM2LEfd+4FazM6LfML
oqePjmbN1bhmbHWblG678onMeOlfoD0WXlL1EP5e/QwefvpqZATTiB/EEiu7mm/t
Kzv9OPN1X5T1xjFT45D5bvEGFiahdUHbm4KG89R99QZU9apdhpamL2tJPytnM96x
rfaVJb1rqZTh/6THxbw0aZ4D3IftbY2C/iB5SdKScDLEOoUWwABBC3twtjR4w8R6
3JnLSpf7TZE4i5Mnfa9MaJCsivJj59+zWY0wa/9csGMQoF1qkL6cwtwn0BczP8jt
MwTgKtKIaJblOXb++Wm3lxw6yL7qWrTC2kffi+Duwcf1
-----END CERTIFICATE-----