Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/182915-feec-4160-88bf-b210447c07ff/1/uyErzlODFqsgUb7YdzdD4VHRiQA.roa
File:                     uyErzlODFqsgUb7YdzdD4VHRiQA.roa (raw, json)
Hash identifier:          Ae+SPZ8rBaXaMuRG+myVDkh3SUTMrZ6XX/cpdkFlQZs=
Subject key identifier:   BB:21:2B:CE:53:83:16:AB:20:51:BE:D8:77:37:43:E1:51:D1:89:00
Certificate issuer:       /CN=192fc85b01f21a0d685c03001df47ac460937bf1
Certificate serial:       018CC64B24973E7876B9F7B4D6B527726314
Authority key identifier: 19:2F:C8:5B:01:F2:1A:0D:68:5C:03:00:1D:F4:7A:C4:60:93:7B:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GS_IWwHyGg1oXAMAHfR6xGCTe_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/182915-feec-4160-88bf-b210447c07ff/1/uyErzlODFqsgUb7YdzdD4VHRiQA.roa
Signing time:             Mon 01 Jan 2024 18:31:02 +0000
ROA not before:           Mon 01 Jan 2024 18:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207431
IP address blocks:        185.190.31.0/24 maxlen: 24
                          185.190.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/182915-feec-4160-88bf-b210447c07ff/1/GS_IWwHyGg1oXAMAHfR6xGCTe_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/182915-feec-4160-88bf-b210447c07ff/1/GS_IWwHyGg1oXAMAHfR6xGCTe_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GS_IWwHyGg1oXAMAHfR6xGCTe_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:24:97:3e:78:76:b9:f7:b4:d6:b5:27:72:63:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=192fc85b01f21a0d685c03001df47ac460937bf1
        Validity
            Not Before: Jan  1 18:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb212bce538316ab2051bed8773743e151d18900
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:07:8c:da:fc:1b:9a:24:36:f2:a8:24:b2:dd:
                    dd:0b:a5:bf:46:b7:9d:99:b9:b1:a0:de:40:db:c6:
                    8b:2b:ed:0e:c4:c5:b3:62:b7:a3:c3:df:7b:41:4c:
                    25:bf:74:64:58:8e:77:d7:49:da:12:9b:fd:e7:1d:
                    16:bf:40:6e:18:9d:9f:81:5f:70:b7:47:69:de:1e:
                    4e:e2:12:c0:5b:08:20:4a:fa:90:12:da:af:45:68:
                    52:77:cf:8b:45:8c:ec:d9:dd:e1:6b:a9:a1:7a:27:
                    87:3f:00:e6:9b:1d:d5:4f:ab:03:d2:19:e8:6d:9f:
                    33:05:7f:4a:0d:dc:92:62:bf:99:ad:42:eb:8c:cf:
                    19:99:f5:e8:94:02:13:1a:04:6d:14:9a:e2:c9:5e:
                    fa:8c:31:bc:f9:36:ae:14:f5:46:d0:3b:0e:c2:b2:
                    a3:8d:d5:26:7d:94:30:9a:c3:5d:77:5b:ac:d1:52:
                    b7:35:fd:3e:7a:14:33:08:3a:75:8e:1a:33:6c:6c:
                    f2:12:13:b9:79:a0:96:d9:c9:b6:b1:48:17:6e:ce:
                    5f:45:1d:c9:3e:87:df:26:80:94:73:5f:23:c5:d7:
                    04:2a:d4:22:4d:40:af:06:6b:49:bd:be:3b:aa:9a:
                    07:8c:9d:3d:30:4d:87:fd:a7:ac:c2:0a:59:da:18:
                    cb:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:21:2B:CE:53:83:16:AB:20:51:BE:D8:77:37:43:E1:51:D1:89:00
            X509v3 Authority Key Identifier:
                keyid:19:2F:C8:5B:01:F2:1A:0D:68:5C:03:00:1D:F4:7A:C4:60:93:7B:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GS_IWwHyGg1oXAMAHfR6xGCTe_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/182915-feec-4160-88bf-b210447c07ff/1/uyErzlODFqsgUb7YdzdD4VHRiQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/182915-feec-4160-88bf-b210447c07ff/1/GS_IWwHyGg1oXAMAHfR6xGCTe_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         81:80:15:cd:a2:d7:26:83:16:ad:54:96:35:76:af:1f:b8:a5:
         62:29:38:0e:d1:a5:f8:55:13:26:c5:9f:be:b8:4f:1c:a1:d9:
         38:66:23:fc:0a:f3:6c:4e:ad:f6:84:97:01:fb:ab:57:66:1b:
         36:96:dd:6b:b5:66:a9:0a:63:4d:44:50:ee:b6:ee:26:df:52:
         48:d9:67:92:80:cd:a1:b3:dd:29:4f:59:d6:23:4c:ac:0a:ea:
         46:d9:08:b0:f7:3a:1b:c4:2a:88:fb:d0:bd:ce:8a:1a:7d:a7:
         e5:25:d5:96:95:f2:94:98:85:a7:fd:a4:30:53:88:e8:0b:58:
         6b:d3:2e:10:83:aa:2a:e8:14:2c:ba:41:84:04:fb:26:14:7d:
         4d:cf:a7:a1:df:0b:e7:8e:b9:21:cb:c5:07:8b:df:e4:f2:13:
         75:f5:36:62:13:f3:f5:dd:e1:9b:de:a9:b6:a2:65:a4:e5:b8:
         34:e2:b3:09:d0:20:73:40:44:2d:34:f1:64:d6:4e:2c:6c:14:
         39:d1:76:87:1e:84:e1:62:aa:cf:13:66:bd:96:47:f2:a8:6a:
         5c:36:9c:7c:1f:77:1d:39:87:cf:25:38:f8:c7:a1:91:98:04:
         c4:1d:28:2d:6c:87:77:75:eb:e5:dc:84:5a:8f:4a:30:8b:90:
         24:8c:b6:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSySXPnh2ufe01rUncmMUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5MmZjODViMDFmMjFhMGQ2ODVjMDMwMDFkZjQ3YWM0NjA5
MzdiZjEwHhcNMjQwMTAxMTgzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjIxMmJjZTUzODMxNmFiMjA1MWJlZDg3NzM3NDNlMTUxZDE4OTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQeM2vwbmiQ28qgkst3dC6W/Rred
mbmxoN5A28aLK+0OxMWzYrejw997QUwlv3RkWI5310naEpv95x0Wv0BuGJ2fgV9w
t0dp3h5O4hLAWwggSvqQEtqvRWhSd8+LRYzs2d3ha6mheieHPwDmmx3VT6sD0hno
bZ8zBX9KDdySYr+ZrULrjM8ZmfXolAITGgRtFJriyV76jDG8+TauFPVG0DsOwrKj
jdUmfZQwmsNdd1us0VK3Nf0+ehQzCDp1jhozbGzyEhO5eaCW2cm2sUgXbs5fRR3J
PoffJoCUc18jxdcEKtQiTUCvBmtJvb47qpoHjJ09ME2H/aeswgpZ2hjLVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLshK85TgxarIFG+2Hc3Q+FR0YkAMB8GA1UdIwQY
MBaAFBkvyFsB8hoNaFwDAB30esRgk3vxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1NfSVd3SHlHZzFvWEFNQUhmUjZ4R0NUZV9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8xODI5MTUtZmVlYy00MTYwLTg4YmYt
YjIxMDQ0N2MwN2ZmLzEvdXlFcnpsT0RGcXNnVWI3WWR6ZEQ0VkhSaVFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8xODI5MTUtZmVlYy00MTYwLTg4YmYtYjIxMDQ0N2MwN2Zm
LzEvR1NfSVd3SHlHZzFvWEFNQUhmUjZ4R0NUZV9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBub4eMA0G
CSqGSIb3DQEBCwUAA4IBAQCBgBXNotcmgxatVJY1dq8fuKViKTgO0aX4VRMmxZ++
uE8codk4ZiP8CvNsTq32hJcB+6tXZhs2lt1rtWapCmNNRFDutu4m31JI2WeSgM2h
s90pT1nWI0ysCupG2Qiw9zobxCqI+9C9zooafaflJdWWlfKUmIWn/aQwU4joC1hr
0y4Qg6oq6BQsukGEBPsmFH1Nz6eh3wvnjrkhy8UHi9/k8hN19TZiE/P13eGb3qm2
omWk5bg04rMJ0CBzQEQtNPFk1k4sbBQ50XaHHoThYqrPE2a9lkfyqGpcNpx8H3cd
OYfPJTj4x6GRmATEHSgtbId3devl3IRaj0owi5AkjLa4
-----END CERTIFICATE-----