Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/UOqf2nr1SMAuqDt3BSP1PANWF94.roa
File:                     UOqf2nr1SMAuqDt3BSP1PANWF94.roa (raw, json)
Hash identifier:          bonJXpnVrLNGM0WRkCLowPRXY0PEZAsM8203NXDUEbg=
Subject key identifier:   50:EA:9F:DA:7A:F5:48:C0:2E:A8:3B:77:05:23:F5:3C:03:56:17:DE
Certificate issuer:       /CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
Certificate serial:       018CC8DE48169195FFD923584C69C4246B1E
Authority key identifier: 1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/UOqf2nr1SMAuqDt3BSP1PANWF94.roa
Signing time:             Tue 02 Jan 2024 06:30:59 +0000
ROA not before:           Tue 02 Jan 2024 06:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        178.159.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:48:16:91:95:ff:d9:23:58:4c:69:c4:24:6b:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
        Validity
            Not Before: Jan  2 06:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50ea9fda7af548c02ea83b770523f53c035617de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:66:a9:3e:56:19:ce:0f:64:f2:1f:ea:07:b2:
                    0b:eb:ff:fc:2d:a9:eb:15:4a:b4:2f:2d:bf:2a:21:
                    59:07:10:e0:33:9c:26:2e:81:c6:b2:f7:55:54:34:
                    35:74:58:3a:8c:53:9b:84:a5:09:9a:52:c9:22:5b:
                    9a:61:ef:5f:b6:78:4b:c0:e3:17:7e:32:fc:2a:b0:
                    16:2f:97:68:ba:18:88:5c:78:8a:c8:79:d2:e1:64:
                    53:2e:c3:c5:60:93:f9:3f:e8:de:fa:2c:d7:77:9c:
                    50:42:36:9d:b5:81:5c:0e:c9:1c:c7:a7:fc:a3:ba:
                    31:5d:a6:8f:a1:04:2d:5a:8f:27:f3:34:08:9d:f3:
                    4a:74:71:a2:5e:4d:7c:64:47:ba:d9:73:7b:d5:6a:
                    3c:3c:1b:18:ac:05:62:be:81:fc:dd:45:7f:54:84:
                    f5:1a:7d:ce:61:65:b6:64:06:e7:b7:9e:c2:e7:3e:
                    9a:c6:25:b1:85:35:21:6b:4e:83:2e:56:b8:18:92:
                    a8:8e:c8:0e:aa:0e:36:0c:a3:15:8c:58:8f:c9:38:
                    c8:09:7d:52:66:2a:46:d5:fe:26:29:1b:50:e5:a6:
                    d1:ce:ee:08:f6:e8:9d:78:a3:3f:7c:22:4c:31:64:
                    61:04:46:8a:72:dd:f9:d8:62:f9:8b:45:4e:96:17:
                    28:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:EA:9F:DA:7A:F5:48:C0:2E:A8:3B:77:05:23:F5:3C:03:56:17:DE
            X509v3 Authority Key Identifier:
                keyid:1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/UOqf2nr1SMAuqDt3BSP1PANWF94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.159.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:7a:4d:7f:e8:5f:74:6d:fe:56:f6:45:80:4f:9a:38:8d:a9:
         77:ca:1b:f3:20:e7:64:ee:57:77:ca:e8:3e:77:bb:f5:db:d9:
         de:55:30:4a:aa:28:c4:5b:d2:f1:0d:16:a4:44:46:9e:ef:f7:
         f4:24:33:85:2a:54:26:54:63:0c:38:91:af:65:f4:b4:48:de:
         4c:32:1b:8a:a2:e1:97:f2:98:4e:9f:21:fe:54:94:ae:7d:08:
         f9:5f:07:5b:a8:b1:46:26:1b:ad:74:2f:3a:79:05:92:30:72:
         c0:5c:ba:af:89:8e:6a:c2:9f:74:85:be:38:99:5e:42:6c:7e:
         e4:50:4a:92:ee:a5:cf:40:f4:6b:52:6b:bf:3e:ba:e6:00:cd:
         52:3f:eb:e1:c3:e0:98:8b:d5:37:50:5f:e3:b6:73:fa:85:4f:
         68:58:65:78:12:ec:0f:74:41:42:c9:2f:2a:33:37:6f:22:ce:
         78:c5:14:d3:be:4a:07:66:07:52:a7:75:33:6f:2a:48:f7:e3:
         1a:b9:58:fd:72:a0:56:6f:47:34:45:13:be:e5:5f:f7:94:94:
         bb:23:4f:56:2f:e3:f0:15:ff:08:64:ed:94:a8:b8:1b:e3:83:
         97:27:a7:0d:5f:38:67:be:b7:0e:35:56:3f:0b:48:37:9e:f4:
         38:6b:56:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3kgWkZX/2SNYTGnEJGseMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWZkYzdmYjM5ZWJiYmVkNGVlNTRmNzAzZDNhYzYxNTNk
ZGVlNjkwHhcNMjQwMTAyMDYzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGVhOWZkYTdhZjU0OGMwMmVhODNiNzcwNTIzZjUzYzAzNTYxN2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2apPlYZzg9k8h/qB7IL6//8Lanr
FUq0Ly2/KiFZBxDgM5wmLoHGsvdVVDQ1dFg6jFObhKUJmlLJIluaYe9ftnhLwOMX
fjL8KrAWL5douhiIXHiKyHnS4WRTLsPFYJP5P+je+izXd5xQQjadtYFcDskcx6f8
o7oxXaaPoQQtWo8n8zQInfNKdHGiXk18ZEe62XN71Wo8PBsYrAVivoH83UV/VIT1
Gn3OYWW2ZAbnt57C5z6axiWxhTUha06DLla4GJKojsgOqg42DKMVjFiPyTjICX1S
ZipG1f4mKRtQ5abRzu4I9uideKM/fCJMMWRhBEaKct352GL5i0VOlhcoPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDqn9p69UjALqg7dwUj9TwDVhfeMB8GA1UdIwQY
MBaAFB6f3H+znru+1O5U9wPTrGFT3e5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgt
NjkxZmY1YjQ0YjAxLzEvVU9xZjJucjFTTUF1cUR0M0JTUDFQQU5XRjk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgtNjkxZmY1YjQ0YjAx
LzEvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsp9eMA0G
CSqGSIb3DQEBCwUAA4IBAQBFek1/6F90bf5W9kWAT5o4jal3yhvzIOdk7ld3yug+
d7v129neVTBKqijEW9LxDRakREae7/f0JDOFKlQmVGMMOJGvZfS0SN5MMhuKouGX
8phOnyH+VJSufQj5XwdbqLFGJhutdC86eQWSMHLAXLqviY5qwp90hb44mV5CbH7k
UEqS7qXPQPRrUmu/PrrmAM1SP+vhw+CYi9U3UF/jtnP6hU9oWGV4EuwPdEFCyS8q
MzdvIs54xRTTvkoHZgdSp3UzbypI9+MauVj9cqBWb0c0RRO+5V/3lJS7I09WL+Pw
Ff8IZO2UqLgb44OXJ6cNXzhnvrcONVY/C0g3nvQ4a1ag
-----END CERTIFICATE-----