Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/UnS6REJvho44Wiaq699r4RaN7SU.roa
File:                     UnS6REJvho44Wiaq699r4RaN7SU.roa (raw, json)
Hash identifier:          kOmDTwbA6197W6NVf+C9PX7IhodOO8t0BToSawWq41o=
Subject key identifier:   52:74:BA:44:42:6F:86:8E:38:5A:26:AA:EB:DF:6B:E1:16:8D:ED:25
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       018CC3B68AE6638CEAB31C9646EE3B632372
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/UnS6REJvho44Wiaq699r4RaN7SU.roa
Signing time:             Mon 01 Jan 2024 06:29:29 +0000
ROA not before:           Mon 01 Jan 2024 06:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201247
IP address blocks:        79.133.97.0/24 maxlen: 24
                          185.13.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:8a:e6:63:8c:ea:b3:1c:96:46:ee:3b:63:23:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 06:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5274ba44426f868e385a26aaebdf6be1168ded25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:c8:0c:9c:64:cd:c5:15:10:9b:59:1d:76:4a:
                    0b:9a:93:c6:ca:18:29:e8:87:6b:e6:e0:55:cc:5e:
                    39:7d:6d:cc:da:26:de:99:84:32:7d:44:f2:6c:95:
                    78:0d:9e:37:19:bf:f5:54:e1:f9:89:bb:42:4b:aa:
                    0c:43:58:18:39:9b:f7:44:3e:ac:88:7e:b8:ed:6c:
                    13:31:58:99:31:18:93:1e:bc:78:5f:e1:69:4b:4c:
                    a4:90:0b:1e:61:01:c0:0c:4c:9e:4f:51:67:82:f2:
                    8a:12:4d:2b:da:86:40:c8:97:46:05:31:17:c4:6b:
                    3b:f4:26:0b:5a:02:b5:b2:8c:3f:7c:8e:da:c4:32:
                    fc:1f:3e:be:30:bc:d2:c8:4f:43:df:d7:b9:6b:22:
                    73:b0:a4:45:e4:83:64:5e:01:e9:1b:40:a0:04:33:
                    37:9b:e5:8f:2f:5c:08:84:40:d6:bc:04:59:11:34:
                    1d:69:8b:dd:5d:25:82:c0:52:3c:71:aa:73:79:96:
                    95:35:10:6b:b2:14:7c:19:a0:e0:f8:c7:04:35:26:
                    5f:f8:6a:30:19:82:81:93:85:e6:13:11:55:90:4a:
                    7e:2c:4e:b8:2c:92:52:08:28:f0:be:a2:91:ea:5d:
                    e2:ab:3d:80:ae:fa:46:ec:12:54:d1:ec:f0:be:d2:
                    4c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:74:BA:44:42:6F:86:8E:38:5A:26:AA:EB:DF:6B:E1:16:8D:ED:25
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/UnS6REJvho44Wiaq699r4RaN7SU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.133.97.0/24
                  185.13.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:f4:66:a9:62:8a:e2:e1:ef:28:7f:89:b9:f9:86:ad:ed:8d:
         06:43:06:c7:71:59:39:99:99:43:fe:1c:d3:1d:fa:fb:7f:66:
         b6:cc:73:0c:78:6d:7e:06:8d:cc:50:bb:b5:94:a1:70:00:01:
         9f:94:ac:c0:de:c8:ff:4f:0f:b4:6b:f8:7e:65:b9:a8:d3:b3:
         8f:e8:88:0b:2f:c3:35:1a:bb:f1:78:f4:55:60:bd:8c:20:a0:
         34:84:47:8d:28:ad:a9:0a:69:d1:a6:db:87:56:83:91:87:3f:
         a1:42:a5:27:36:2f:78:20:b1:98:83:68:57:29:28:2b:be:7c:
         b8:d1:b8:a3:b0:4d:80:38:1e:47:26:b2:9e:0f:a6:4e:51:b1:
         2c:a0:d1:74:64:21:4c:93:f3:99:5f:72:5e:55:0b:ab:a3:fa:
         e3:ea:ea:b1:4d:43:e6:49:de:78:70:e6:03:82:62:0a:f2:0a:
         bc:27:47:df:12:54:89:87:8e:9c:94:2b:7a:e0:d5:47:61:2f:
         8c:e8:44:90:1a:cb:64:0a:e7:cf:ee:25:65:ee:d8:da:2d:a8:
         d1:77:61:80:36:90:54:81:3b:5b:40:f3:61:91:49:6a:1e:37:
         87:13:ee:7c:88:a9:f4:c0:cd:62:ac:44:5d:df:39:94:ec:17:
         46:da:77:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtormY4zqsxyWRu47YyNyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjQwMTAxMDYyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mjc0YmE0NDQyNmY4NjhlMzg1YTI2YWFlYmRmNmJlMTE2OGRlZDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlMgMnGTNxRUQm1kddkoLmpPGyhgp
6Idr5uBVzF45fW3M2ibemYQyfUTybJV4DZ43Gb/1VOH5ibtCS6oMQ1gYOZv3RD6s
iH647WwTMViZMRiTHrx4X+FpS0ykkAseYQHADEyeT1FngvKKEk0r2oZAyJdGBTEX
xGs79CYLWgK1sow/fI7axDL8Hz6+MLzSyE9D39e5ayJzsKRF5INkXgHpG0CgBDM3
m+WPL1wIhEDWvARZETQdaYvdXSWCwFI8capzeZaVNRBrshR8GaDg+McENSZf+Gow
GYKBk4XmExFVkEp+LE64LJJSCCjwvqKR6l3iqz2ArvpG7BJU0ezwvtJMFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFJ0ukRCb4aOOFomquvfa+EWje0lMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvVW5TNlJFSnZobzQ0V2lhcTY5OXI0UmFON1NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT4VhAwQA
uQ0iMA0GCSqGSIb3DQEBCwUAA4IBAQAe9GapYori4e8of4m5+Yat7Y0GQwbHcVk5
mZlD/hzTHfr7f2a2zHMMeG1+Bo3MULu1lKFwAAGflKzA3sj/Tw+0a/h+Zbmo07OP
6IgLL8M1GrvxePRVYL2MIKA0hEeNKK2pCmnRptuHVoORhz+hQqUnNi94ILGYg2hX
KSgrvny40bijsE2AOB5HJrKeD6ZOUbEsoNF0ZCFMk/OZX3JeVQuro/rj6uqxTUPm
Sd54cOYDgmIK8gq8J0ffElSJh46clCt64NVHYS+M6ESQGstkCufP7iVl7tjaLajR
d2GANpBUgTtbQPNhkUlqHjeHE+58iKn0wM1irERd3zmU7BdG2ndn
-----END CERTIFICATE-----