Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/UYG02sedni6PF3l5885jWR9SDAU.roa
File:                     UYG02sedni6PF3l5885jWR9SDAU.roa (raw, json)
Hash identifier:          F15eDYq10rpPatO7l2AwP8pJp/GPkxjGwfOAI4ndu8c=
Subject key identifier:   51:81:B4:DA:C7:9D:9E:2E:8F:17:79:79:F3:CE:63:59:1F:52:0C:05
Certificate issuer:       /CN=07f231365985828d5a9663ed1b440624b24fec13
Certificate serial:       019427B58739079FDE00E883D91C01EE3D9D
Authority key identifier: 07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/UYG02sedni6PF3l5885jWR9SDAU.roa
Signing time:             Thu 02 Jan 2025 15:49:55 +0000
ROA not before:           Thu 02 Jan 2025 15:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212384
IP address blocks:        91.199.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:87:39:07:9f:de:00:e8:83:d9:1c:01:ee:3d:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07f231365985828d5a9663ed1b440624b24fec13
        Validity
            Not Before: Jan  2 15:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5181b4dac79d9e2e8f177979f3ce63591f520c05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:8f:25:ce:68:51:40:ba:f3:55:c4:37:a9:50:
                    42:c1:75:38:ae:46:61:74:78:4d:cd:a5:17:d3:f1:
                    ef:18:af:d6:d7:1b:2e:5e:e7:c7:63:71:de:16:76:
                    2a:7f:63:59:0f:75:4e:2c:18:c2:c2:3b:d7:53:7a:
                    51:6e:ae:a1:ef:55:e3:e7:e2:6e:1c:35:96:0a:6a:
                    d9:c7:3e:bf:53:d7:a8:b1:bc:4b:e4:ce:53:fc:b5:
                    bd:3f:9c:ca:a8:34:12:45:77:25:97:15:5b:1a:80:
                    ee:f5:e2:c8:90:f5:75:41:cf:f4:2b:1d:79:8f:5f:
                    3b:6e:8c:ea:be:b8:f3:8f:d6:5a:5d:d6:bb:88:cd:
                    61:b1:8c:c7:bf:8c:48:bd:00:94:c7:dd:9f:f3:34:
                    e0:e3:f4:21:e4:06:bb:d1:03:04:af:71:d1:63:f0:
                    1e:34:96:c4:94:85:5d:a0:1f:5c:88:a1:04:fb:7b:
                    e3:7e:df:cc:0d:f1:49:cd:74:14:b3:99:ef:ec:4f:
                    53:d4:f7:29:a4:7a:30:1f:c0:b9:3f:f9:43:bc:53:
                    88:0e:f9:94:d5:ac:bd:8a:00:54:e0:42:46:67:6d:
                    c2:11:83:3c:f0:84:b5:25:56:c3:06:2f:f3:9a:d6:
                    6b:56:fd:b8:9f:c1:84:1c:ff:87:b6:6d:24:c7:ee:
                    12:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:81:B4:DA:C7:9D:9E:2E:8F:17:79:79:F3:CE:63:59:1F:52:0C:05
            X509v3 Authority Key Identifier:
                keyid:07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/UYG02sedni6PF3l5885jWR9SDAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:f9:2a:c5:12:e6:df:20:a1:64:3f:0f:6f:19:9f:2e:b7:72:
         5e:56:06:12:12:4d:70:f7:f0:05:1f:3c:95:a8:87:ee:c5:a5:
         e7:9f:69:21:62:fb:be:f3:bf:bd:22:c1:e1:21:5f:c4:24:61:
         43:f3:38:e5:72:fd:6a:99:e5:7f:4e:fa:a8:1c:31:5c:d5:23:
         85:29:b9:f5:ed:21:b4:c5:bc:57:8e:3b:51:08:b5:24:67:51:
         63:6a:e5:bd:bd:0e:06:73:dc:de:1f:c8:5e:89:3c:f5:40:37:
         7a:cb:31:ae:fb:8a:85:47:04:f1:e7:95:c8:09:3b:d1:f9:1e:
         e8:b5:36:31:61:be:68:53:59:ce:1b:a0:75:97:bf:70:21:04:
         a3:c1:05:b6:8f:9a:ea:6e:a6:92:26:76:9c:80:11:d1:c5:0d:
         dc:41:4c:d7:41:b8:9d:bb:c6:a4:3d:1f:21:99:a6:ae:cc:10:
         9f:22:fe:ca:34:ce:ef:a4:06:04:aa:5a:a6:f3:e8:3a:e8:4a:
         c2:4c:73:cf:00:bf:a7:04:28:69:e2:e8:7a:61:d1:f2:61:71:
         7d:4d:0d:4b:40:f6:18:7a:6d:7d:fb:ca:b8:12:a6:dd:f2:91:
         3d:16:a3:57:ec:87:5e:74:f4:23:2d:79:a8:27:3c:4b:54:91:
         0f:eb:5b:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntYc5B5/eAOiD2RwB7j2dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZjIzMTM2NTk4NTgyOGQ1YTk2NjNlZDFiNDQwNjI0YjI0
ZmVjMTMwHhcNMjUwMTAyMTU0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTgxYjRkYWM3OWQ5ZTJlOGYxNzc5NzlmM2NlNjM1OTFmNTIwYzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqY8lzmhRQLrzVcQ3qVBCwXU4rkZh
dHhNzaUX0/HvGK/W1xsuXufHY3HeFnYqf2NZD3VOLBjCwjvXU3pRbq6h71Xj5+Ju
HDWWCmrZxz6/U9eosbxL5M5T/LW9P5zKqDQSRXcllxVbGoDu9eLIkPV1Qc/0Kx15
j187bozqvrjzj9ZaXda7iM1hsYzHv4xIvQCUx92f8zTg4/Qh5Aa70QMEr3HRY/Ae
NJbElIVdoB9ciKEE+3vjft/MDfFJzXQUs5nv7E9T1PcppHowH8C5P/lDvFOIDvmU
1ay9igBU4EJGZ23CEYM88IS1JVbDBi/zmtZrVv24n8GEHP+Htm0kx+4S6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFGBtNrHnZ4ujxd5efPOY1kfUgwFMB8GA1UdIwQY
MBaAFAfyMTZZhYKNWpZj7RtEBiSyT+wTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzct
MDg1ZmEwYTU2MDUyLzEvVVlHMDJzZWRuaTZQRjNsNTg4NWpXUjlTREFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzctMDg1ZmEwYTU2MDUy
LzEvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8cvMA0G
CSqGSIb3DQEBCwUAA4IBAQAO+SrFEubfIKFkPw9vGZ8ut3JeVgYSEk1w9/AFHzyV
qIfuxaXnn2khYvu+87+9IsHhIV/EJGFD8zjlcv1qmeV/TvqoHDFc1SOFKbn17SG0
xbxXjjtRCLUkZ1FjauW9vQ4Gc9zeH8heiTz1QDd6yzGu+4qFRwTx55XICTvR+R7o
tTYxYb5oU1nOG6B1l79wIQSjwQW2j5rqbqaSJnacgBHRxQ3cQUzXQbidu8akPR8h
maauzBCfIv7KNM7vpAYEqlqm8+g66ErCTHPPAL+nBChp4uh6YdHyYXF9TQ1LQPYY
em19+8q4Eqbd8pE9FqNX7IdedPQjLXmoJzxLVJEP61sp
-----END CERTIFICATE-----