Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/f8cda4-c818-4dc0-b605-163247eb0e07/1/UfU8wNCKIeir-Xv392JTVmYcxIM.roa
File:                     UfU8wNCKIeir-Xv392JTVmYcxIM.roa (raw, json)
Hash identifier:          Sp/RcOrqJydwVweo85DmY3Z1nZV2Dxm4HHkrdCEddHE=
Subject key identifier:   51:F5:3C:C0:D0:8A:21:E8:AB:F9:7B:F7:F7:62:53:56:66:1C:C4:83
Certificate issuer:       /CN=22f35c611c29234bf4b40b35990ddfa293a537f9
Certificate serial:       018CC500D5432828081C8071E8926524ADF6
Authority key identifier: 22:F3:5C:61:1C:29:23:4B:F4:B4:0B:35:99:0D:DF:A2:93:A5:37:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvNcYRwpI0v0tAs1mQ3fopOlN_k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/f8cda4-c818-4dc0-b605-163247eb0e07/1/UfU8wNCKIeir-Xv392JTVmYcxIM.roa
Signing time:             Mon 01 Jan 2024 12:30:15 +0000
ROA not before:           Mon 01 Jan 2024 12:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48492
IP address blocks:        185.181.108.0/22 maxlen: 24
                          185.75.224.0/22 maxlen: 24
                          2a0d:4f00::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/f8cda4-c818-4dc0-b605-163247eb0e07/1/IvNcYRwpI0v0tAs1mQ3fopOlN_k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/f8cda4-c818-4dc0-b605-163247eb0e07/1/IvNcYRwpI0v0tAs1mQ3fopOlN_k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IvNcYRwpI0v0tAs1mQ3fopOlN_k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:d5:43:28:28:08:1c:80:71:e8:92:65:24:ad:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f35c611c29234bf4b40b35990ddfa293a537f9
        Validity
            Not Before: Jan  1 12:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51f53cc0d08a21e8abf97bf7f7625356661cc483
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:45:75:4e:eb:59:a2:a7:dc:67:81:de:33:4c:
                    6c:43:45:a8:1f:71:84:39:bf:ee:ff:90:cc:d7:3c:
                    96:39:4c:cf:36:67:3f:52:f4:f6:8c:62:c6:b4:a6:
                    dc:2c:7a:5a:7f:84:92:3a:d2:86:b1:5d:c0:0f:df:
                    11:a2:f6:c6:b1:62:49:ac:bc:0a:e5:9e:72:0d:6f:
                    bc:ec:4d:d6:f7:96:eb:5b:de:26:4a:86:76:fd:62:
                    73:a5:9f:71:36:2d:99:31:98:74:09:aa:7f:5e:ca:
                    a4:7b:09:f3:cd:cc:00:5e:e7:17:fe:07:32:7a:eb:
                    c4:fa:7d:25:de:17:01:e5:41:83:83:da:c3:c5:8b:
                    cc:d9:88:d9:a4:e1:cf:a0:6c:77:11:ee:2e:6f:1a:
                    0a:43:90:c9:73:18:6c:0a:2e:35:72:f8:c3:20:23:
                    dc:53:2e:c7:95:42:62:dd:59:b7:bd:f3:65:ad:34:
                    7d:7a:d6:72:ae:d2:82:c3:f4:01:4f:3c:ab:7b:f9:
                    b5:69:bc:7e:b5:3d:58:74:a4:5f:0d:4a:a6:17:a3:
                    85:f6:09:dd:6a:94:8e:1e:a1:15:16:51:ca:56:9e:
                    70:e2:42:0b:0c:8b:8a:b0:95:b9:75:be:55:0a:8b:
                    a6:ae:dc:5d:5b:6f:2a:3b:23:ef:87:8c:22:8b:09:
                    03:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:F5:3C:C0:D0:8A:21:E8:AB:F9:7B:F7:F7:62:53:56:66:1C:C4:83
            X509v3 Authority Key Identifier:
                keyid:22:F3:5C:61:1C:29:23:4B:F4:B4:0B:35:99:0D:DF:A2:93:A5:37:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNcYRwpI0v0tAs1mQ3fopOlN_k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/f8cda4-c818-4dc0-b605-163247eb0e07/1/UfU8wNCKIeir-Xv392JTVmYcxIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/f8cda4-c818-4dc0-b605-163247eb0e07/1/IvNcYRwpI0v0tAs1mQ3fopOlN_k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.224.0/22
                  185.181.108.0/22
                IPv6:
                  2a0d:4f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         3d:12:96:cb:6b:74:bd:2f:43:e0:a4:71:19:09:d1:c2:72:be:
         bc:15:16:95:2f:ab:df:47:55:84:74:96:14:6c:51:a0:54:ce:
         84:dd:ca:11:b1:12:dc:f7:d3:54:d0:07:a0:c0:9f:d5:fb:fd:
         9d:f2:5a:13:5e:0c:0e:9e:ef:6b:79:80:03:b0:e1:23:f8:a7:
         2b:bb:67:11:55:d8:20:e5:a8:1e:71:7d:3d:25:7d:8c:d7:6e:
         02:f5:b0:3d:0b:4a:55:56:8b:f0:7d:68:e8:40:c7:e4:c8:33:
         6f:48:57:20:ac:8d:35:09:1f:98:27:6e:84:4b:26:e3:ea:0e:
         0d:1e:cf:a4:89:15:b8:82:c8:85:57:4b:02:e6:6d:50:86:83:
         10:a4:32:49:3f:a2:bb:59:d8:c2:72:0a:49:d9:f4:8f:80:ae:
         df:3f:87:c0:83:06:6f:33:8e:be:cc:ab:c2:be:65:02:a3:dd:
         8a:d6:e7:96:64:fe:6d:a9:4e:f5:81:72:0d:57:24:96:3e:5f:
         d8:40:34:b5:04:5a:d6:71:3e:be:bc:13:37:18:75:51:ac:42:
         ee:4d:0e:f7:67:d4:4b:70:cb:63:72:e5:46:13:95:6c:a5:67:
         d1:0d:fa:69:b8:40:e0:e7:3d:cd:56:c1:db:ac:95:40:99:4b:
         bc:95:9a:6e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFANVDKCgIHIBx6JJlJK32MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM1YzYxMWMyOTIzNGJmNGI0MGIzNTk5MGRkZmEyOTNh
NTM3ZjkwHhcNMjQwMTAxMTIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWY1M2NjMGQwOGEyMWU4YWJmOTdiZjdmNzYyNTM1NjY2MWNjNDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0V1TutZoqfcZ4HeM0xsQ0WoH3GE
Ob/u/5DM1zyWOUzPNmc/UvT2jGLGtKbcLHpaf4SSOtKGsV3AD98RovbGsWJJrLwK
5Z5yDW+87E3W95brW94mSoZ2/WJzpZ9xNi2ZMZh0Cap/XsqkewnzzcwAXucX/gcy
euvE+n0l3hcB5UGDg9rDxYvM2YjZpOHPoGx3Ee4ubxoKQ5DJcxhsCi41cvjDICPc
Uy7HlUJi3Vm3vfNlrTR9etZyrtKCw/QBTzyre/m1abx+tT1YdKRfDUqmF6OF9gnd
apSOHqEVFlHKVp5w4kILDIuKsJW5db5VCoumrtxdW28qOyPvh4wiiwkDbwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFH1PMDQiiHoq/l79/diU1ZmHMSDMB8GA1UdIwQY
MBaAFCLzXGEcKSNL9LQLNZkN36KTpTf5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZOY1lSd3BJMHYwdEFzMW1RM2ZvcE9sTl9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9mOGNkYTQtYzgxOC00ZGMwLWI2MDUt
MTYzMjQ3ZWIwZTA3LzEvVWZVOHdOQ0tJZWlyLVh2MzkySlRWbVljeElNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9mOGNkYTQtYzgxOC00ZGMwLWI2MDUtMTYzMjQ3ZWIwZTA3
LzEvSXZOY1lSd3BJMHYwdEFzMW1RM2ZvcE9sTl9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuUvgAwQC
ubVsMA0EAgACMAcDBQMqDU8AMA0GCSqGSIb3DQEBCwUAA4IBAQA9EpbLa3S9L0Pg
pHEZCdHCcr68FRaVL6vfR1WEdJYUbFGgVM6E3coRsRLc99NU0AegwJ/V+/2d8loT
XgwOnu9reYADsOEj+Kcru2cRVdgg5agecX09JX2M124C9bA9C0pVVovwfWjoQMfk
yDNvSFcgrI01CR+YJ26ESybj6g4NHs+kiRW4gsiFV0sC5m1QhoMQpDJJP6K7WdjC
cgpJ2fSPgK7fP4fAgwZvM46+zKvCvmUCo92K1ueWZP5tqU71gXINVySWPl/YQDS1
BFrWcT6+vBM3GHVRrELuTQ73Z9RLcMtjcuVGE5VspWfRDfppuEDg5z3NVsHbrJVA
mUu8lZpu
-----END CERTIFICATE-----