Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/uZMueBNz3TgMJy-ya56NUDo_uZA.roa
File:                     uZMueBNz3TgMJy-ya56NUDo_uZA.roa (raw, json)
Hash identifier:          GYjWGgdiSPZ2TAd9bWoqY0kuaJ7AvmldnFrItOHDhbE=
Subject key identifier:   B9:93:2E:78:13:73:DD:38:0C:27:2F:B2:6B:9E:8D:50:3A:3F:B9:90
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       018CC94D44EBC1439C2885CE4677BF7E009A
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/uZMueBNz3TgMJy-ya56NUDo_uZA.roa
Signing time:             Tue 02 Jan 2024 08:32:13 +0000
ROA not before:           Tue 02 Jan 2024 08:32:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213129
IP address blocks:        195.178.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:44:eb:c1:43:9c:28:85:ce:46:77:bf:7e:00:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan  2 08:32:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9932e781373dd380c272fb26b9e8d503a3fb990
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b1:ed:0f:73:73:e0:e3:60:b3:aa:42:b1:1b:
                    a2:fe:5f:18:7f:9c:2f:c4:6b:95:2a:a8:3a:a8:c0:
                    ef:dd:a5:d9:d6:4a:c2:65:a8:18:6a:01:8b:eb:9a:
                    57:b2:dc:a9:e2:fd:10:4e:6e:33:4a:7e:4f:a8:35:
                    49:3e:df:14:ac:22:6c:ee:50:e0:17:e6:67:b9:f2:
                    2e:76:40:24:75:2a:75:85:dd:06:bb:d0:1f:52:67:
                    b0:00:3c:ee:b2:27:70:b0:88:4c:ec:cd:68:fb:e1:
                    87:6b:f1:34:1b:4c:62:9c:f4:df:ed:4a:90:5c:28:
                    12:e2:8f:7e:71:51:22:22:90:04:16:07:f8:23:e6:
                    27:3e:b7:56:a1:dd:b0:3f:a6:af:de:27:a0:9e:2b:
                    91:aa:3f:7a:20:50:b1:d6:2c:3e:ab:61:7c:b7:83:
                    20:02:9c:1c:10:97:3d:96:2d:e6:10:ab:6f:42:46:
                    08:03:4c:d8:e3:6b:41:a4:8a:f5:14:86:c1:45:be:
                    41:4e:1c:dc:0a:20:d3:8f:5c:1c:75:29:34:55:5a:
                    2b:bd:15:86:77:24:35:fb:0a:59:3d:75:31:02:f5:
                    fc:0e:d4:0b:c3:ef:23:07:24:bf:60:69:d6:92:13:
                    2a:62:51:ad:33:43:d9:b0:25:34:4c:4a:f3:5c:7c:
                    ae:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:93:2E:78:13:73:DD:38:0C:27:2F:B2:6B:9E:8D:50:3A:3F:B9:90
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/uZMueBNz3TgMJy-ya56NUDo_uZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:80:2a:75:4a:de:31:40:7a:c5:ac:c3:d2:09:be:c1:bb:8a:
         19:47:24:d8:7a:0b:9b:0f:e2:73:61:25:2d:43:b4:34:3d:e6:
         a7:c0:36:65:a6:84:45:e7:68:41:cb:83:65:27:56:f3:33:4a:
         e6:46:17:dd:73:d5:d0:da:de:5b:22:df:2c:62:24:1e:13:88:
         0b:de:75:6a:8b:34:dd:82:6a:d1:02:db:d4:d8:d8:63:a1:bb:
         49:15:e8:16:5c:e9:9a:59:3b:bf:56:66:d6:da:35:da:3f:9a:
         24:45:e9:9b:8b:93:f9:a4:18:0e:e9:ce:a2:25:a9:b9:02:91:
         b0:aa:9a:64:48:da:a9:16:45:40:ff:2e:cf:40:ca:f3:8f:eb:
         46:35:7c:6e:46:97:64:8f:6b:2d:ab:ae:0a:e7:7f:20:1f:03:
         ba:85:3c:f7:5e:05:8c:ba:76:28:f9:6b:40:a1:0d:04:62:bd:
         16:95:61:1c:1f:18:4b:6c:de:6c:d0:70:d2:27:11:d6:ba:34:
         ab:78:9e:d2:15:65:81:98:2a:2e:71:3c:68:05:1c:76:24:b1:
         78:ba:be:0b:45:c9:89:fd:dc:42:7a:da:00:8d:97:18:4b:68:
         5d:7f:5b:f8:f4:88:7c:5f:53:35:26:98:ae:4c:39:eb:c4:63:
         dd:32:dd:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTUTrwUOcKIXORne/fgCaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQwMTAyMDgzMjEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTkzMmU3ODEzNzNkZDM4MGMyNzJmYjI2YjllOGQ1MDNhM2ZiOTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprHtD3Nz4ONgs6pCsRui/l8Yf5wv
xGuVKqg6qMDv3aXZ1krCZagYagGL65pXstyp4v0QTm4zSn5PqDVJPt8UrCJs7lDg
F+ZnufIudkAkdSp1hd0Gu9AfUmewADzusidwsIhM7M1o++GHa/E0G0xinPTf7UqQ
XCgS4o9+cVEiIpAEFgf4I+YnPrdWod2wP6av3iegniuRqj96IFCx1iw+q2F8t4Mg
ApwcEJc9li3mEKtvQkYIA0zY42tBpIr1FIbBRb5BThzcCiDTj1wcdSk0VVorvRWG
dyQ1+wpZPXUxAvX8DtQLw+8jByS/YGnWkhMqYlGtM0PZsCU0TErzXHyuvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLmTLngTc904DCcvsmuejVA6P7mQMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvdVpNdWVCTnozVGdNSnkteWE1Nk5VRG9fdVpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7KeMA0G
CSqGSIb3DQEBCwUAA4IBAQA8gCp1St4xQHrFrMPSCb7Bu4oZRyTYegubD+JzYSUt
Q7Q0PeanwDZlpoRF52hBy4NlJ1bzM0rmRhfdc9XQ2t5bIt8sYiQeE4gL3nVqizTd
gmrRAtvU2NhjobtJFegWXOmaWTu/VmbW2jXaP5okRembi5P5pBgO6c6iJam5ApGw
qppkSNqpFkVA/y7PQMrzj+tGNXxuRpdkj2stq64K538gHwO6hTz3XgWMunYo+WtA
oQ0EYr0WlWEcHxhLbN5s0HDSJxHWujSreJ7SFWWBmCoucTxoBRx2JLF4ur4LRcmJ
/dxCetoAjZcYS2hdf1v49Ih8X1M1JpiuTDnrxGPdMt3/
-----END CERTIFICATE-----