Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/679cab-2cf4-40a5-b5ee-246646e9db1e/1/uMgXGnHJtpBZxUTOGcmdbVM1Ujg.roa
File:                     uMgXGnHJtpBZxUTOGcmdbVM1Ujg.roa (raw, json)
Hash identifier:          5kchvjwGIIWYfh1jo1LFwohMp5GRmL3D2YFjaqIXFeo=
Subject key identifier:   B8:C8:17:1A:71:C9:B6:90:59:C5:44:CE:19:C9:9D:6D:53:35:52:38
Certificate issuer:       /CN=07743006a8e9d0e1bf20557ad5964078fe8126ef
Certificate serial:       0194274856585A27DBBFFCF52BFEC129FC9F
Authority key identifier: 07:74:30:06:A8:E9:D0:E1:BF:20:55:7A:D5:96:40:78:FE:81:26:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B3QwBqjp0OG_IFV61ZZAeP6BJu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/679cab-2cf4-40a5-b5ee-246646e9db1e/1/uMgXGnHJtpBZxUTOGcmdbVM1Ujg.roa
Signing time:             Thu 02 Jan 2025 13:50:39 +0000
ROA not before:           Thu 02 Jan 2025 13:50:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13236
IP address blocks:        195.234.236.0/22 maxlen: 22
                          195.234.236.0/24 maxlen: 24
                          195.234.237.0/24 maxlen: 24
                          195.234.238.0/24 maxlen: 24
                          195.234.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/679cab-2cf4-40a5-b5ee-246646e9db1e/1/B3QwBqjp0OG_IFV61ZZAeP6BJu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/679cab-2cf4-40a5-b5ee-246646e9db1e/1/B3QwBqjp0OG_IFV61ZZAeP6BJu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B3QwBqjp0OG_IFV61ZZAeP6BJu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 10:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:56:58:5a:27:db:bf:fc:f5:2b:fe:c1:29:fc:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07743006a8e9d0e1bf20557ad5964078fe8126ef
        Validity
            Not Before: Jan  2 13:50:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b8c8171a71c9b69059c544ce19c99d6d53355238
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:2d:d1:75:76:07:8a:8f:41:9f:96:8f:81:96:
                    6a:5f:73:23:09:d3:d4:a4:1d:df:57:83:dc:3a:8f:
                    c4:28:9f:a6:ce:1e:55:0e:60:66:2b:cf:b0:5e:58:
                    eb:b7:af:95:62:67:61:94:33:59:a6:ce:4c:5b:98:
                    4f:7c:58:32:5a:fe:6b:96:bd:78:19:e4:ec:4c:e7:
                    91:96:da:0d:f4:0f:3a:4d:81:b7:ef:57:ce:cf:99:
                    0f:2d:b3:3a:ca:04:95:8a:44:d5:dd:4d:fe:fc:1c:
                    b8:61:64:37:83:f1:13:7a:27:8d:2d:c4:2a:06:57:
                    a3:5c:c2:f3:da:40:38:9a:44:cb:ee:b2:c5:41:94:
                    18:fc:97:97:dc:8f:aa:09:b2:5d:e7:07:f3:65:1a:
                    d4:b1:40:fa:3d:90:f9:5b:7e:ff:e5:9c:3d:05:05:
                    e2:68:b0:60:b2:e6:1f:a8:6b:ed:d0:01:23:02:76:
                    1c:be:87:64:42:80:d9:bc:49:03:fa:c4:fa:71:c5:
                    b9:66:57:e3:69:2c:52:0e:37:0b:39:db:90:0c:e1:
                    59:c8:87:e8:33:d1:a2:1b:7a:c7:0a:0a:32:00:57:
                    ea:c2:33:1f:02:66:3d:75:e7:78:eb:58:d8:49:cd:
                    d0:17:3c:5d:15:03:d5:5f:85:58:2e:f7:51:9c:40:
                    35:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:C8:17:1A:71:C9:B6:90:59:C5:44:CE:19:C9:9D:6D:53:35:52:38
            X509v3 Authority Key Identifier:
                keyid:07:74:30:06:A8:E9:D0:E1:BF:20:55:7A:D5:96:40:78:FE:81:26:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B3QwBqjp0OG_IFV61ZZAeP6BJu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/679cab-2cf4-40a5-b5ee-246646e9db1e/1/uMgXGnHJtpBZxUTOGcmdbVM1Ujg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/679cab-2cf4-40a5-b5ee-246646e9db1e/1/B3QwBqjp0OG_IFV61ZZAeP6BJu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:cf:ca:9f:e9:dc:97:7e:db:29:56:52:5a:80:83:e8:62:2a:
         f4:e6:ce:9e:d1:1a:44:92:e3:9c:e0:88:f5:64:f7:7b:8d:f6:
         fb:de:36:66:5c:83:b4:ba:fb:ac:b9:cb:4f:b5:07:95:21:d6:
         24:74:85:3d:38:c4:39:f4:44:88:d6:bb:a3:39:02:83:e9:da:
         45:ba:92:c7:fa:0e:f7:46:e0:33:31:e3:63:24:ff:ab:64:98:
         41:d3:ae:6c:d0:70:0e:d0:79:10:31:cd:1f:88:c1:50:21:a4:
         48:41:9c:aa:fd:c1:68:94:a8:da:58:b1:e0:bd:ac:d4:ae:98:
         fb:00:e1:bb:cc:3f:40:1c:27:79:65:87:1e:98:b7:69:71:ce:
         1d:00:cd:fb:fb:95:87:80:83:ca:c6:9a:ad:8b:93:dc:c2:9e:
         12:2b:11:92:da:32:c8:9c:d6:d4:cd:7e:39:19:7b:e9:53:f3:
         07:8d:8c:6d:2a:7a:15:c1:8d:9d:a3:7a:d8:ea:32:89:d9:3e:
         fe:8f:92:bd:46:7e:1a:0f:c9:83:33:1a:56:20:df:ae:6a:ab:
         80:6d:0e:6e:66:7b:86:82:73:ce:b7:fa:95:b8:f3:f8:bd:79:
         52:e6:b9:6f:69:7d:11:bb:ae:38:02:08:ac:1f:9c:53:ba:dc:
         bd:d0:52:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSFZYWifbv/z1K/7BKfyfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3NzQzMDA2YThlOWQwZTFiZjIwNTU3YWQ1OTY0MDc4ZmU4
MTI2ZWYwHhcNMjUwMTAyMTM1MDM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGM4MTcxYTcxYzliNjkwNTljNTQ0Y2UxOWM5OWQ2ZDUzMzU1MjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkC3RdXYHio9Bn5aPgZZqX3MjCdPU
pB3fV4PcOo/EKJ+mzh5VDmBmK8+wXljrt6+VYmdhlDNZps5MW5hPfFgyWv5rlr14
GeTsTOeRltoN9A86TYG371fOz5kPLbM6ygSVikTV3U3+/By4YWQ3g/ETeieNLcQq
BlejXMLz2kA4mkTL7rLFQZQY/JeX3I+qCbJd5wfzZRrUsUD6PZD5W37/5Zw9BQXi
aLBgsuYfqGvt0AEjAnYcvodkQoDZvEkD+sT6ccW5ZlfjaSxSDjcLOduQDOFZyIfo
M9GiG3rHCgoyAFfqwjMfAmY9ded461jYSc3QFzxdFQPVX4VYLvdRnEA1sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLjIFxpxybaQWcVEzhnJnW1TNVI4MB8GA1UdIwQY
MBaAFAd0MAao6dDhvyBVetWWQHj+gSbvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjNRd0JxanAwT0dfSUZWNjFaWkFlUDZCSnU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82NzljYWItMmNmNC00MGE1LWI1ZWUt
MjQ2NjQ2ZTlkYjFlLzEvdU1nWEduSEp0cEJaeFVUT0djbWRiVk0xVWpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82NzljYWItMmNmNC00MGE1LWI1ZWUtMjQ2NjQ2ZTlkYjFl
LzEvQjNRd0JxanAwT0dfSUZWNjFaWkFlUDZCSnU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw+rsMA0G
CSqGSIb3DQEBCwUAA4IBAQAZz8qf6dyXftspVlJagIPoYir05s6e0RpEkuOc4Ij1
ZPd7jfb73jZmXIO0uvusuctPtQeVIdYkdIU9OMQ59ESI1rujOQKD6dpFupLH+g73
RuAzMeNjJP+rZJhB065s0HAO0HkQMc0fiMFQIaRIQZyq/cFolKjaWLHgvazUrpj7
AOG7zD9AHCd5ZYcemLdpcc4dAM37+5WHgIPKxpqti5Pcwp4SKxGS2jLInNbUzX45
GXvpU/MHjYxtKnoVwY2do3rY6jKJ2T7+j5K9Rn4aD8mDMxpWIN+uaquAbQ5uZnuG
gnPOt/qVuPP4vXlS5rlvaX0Ru644AgisH5xTuty90FIm
-----END CERTIFICATE-----