Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/169a3b-6a73-49ec-affa-ed0a7aba8cb2/1/uKDziCmYElaykB4W-VucqgTOm5c.roa
File:                     uKDziCmYElaykB4W-VucqgTOm5c.roa (raw, json)
Hash identifier:          +PLTn4mnFUAjlO0OKRPcAahPAsHMPRtAItwpvz34i3I=
Subject key identifier:   B8:A0:F3:88:29:98:12:56:B2:90:1E:16:F9:5B:9C:AA:04:CE:9B:97
Certificate issuer:       /CN=4aefb99d2a06ee99dea9566f16bf226db3e56c92
Certificate serial:       018CC5DC9ACEFE89519DE0109E79A27224EA
Authority key identifier: 4A:EF:B9:9D:2A:06:EE:99:DE:A9:56:6F:16:BF:22:6D:B3:E5:6C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Su-5nSoG7pneqVZvFr8ibbPlbJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/169a3b-6a73-49ec-affa-ed0a7aba8cb2/1/uKDziCmYElaykB4W-VucqgTOm5c.roa
Signing time:             Mon 01 Jan 2024 16:30:18 +0000
ROA not before:           Mon 01 Jan 2024 16:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20953
IP address blocks:        195.246.219.0/24 maxlen: 24
                          80.79.192.0/20 maxlen: 20
                          2a02:1d8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/169a3b-6a73-49ec-affa-ed0a7aba8cb2/1/Su-5nSoG7pneqVZvFr8ibbPlbJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/169a3b-6a73-49ec-affa-ed0a7aba8cb2/1/Su-5nSoG7pneqVZvFr8ibbPlbJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Su-5nSoG7pneqVZvFr8ibbPlbJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:9a:ce:fe:89:51:9d:e0:10:9e:79:a2:72:24:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4aefb99d2a06ee99dea9566f16bf226db3e56c92
        Validity
            Not Before: Jan  1 16:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8a0f38829981256b2901e16f95b9caa04ce9b97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:43:f5:f8:51:52:2f:a3:4b:2d:8a:39:1d:ea:
                    ff:5f:66:f4:0b:d4:02:bb:af:bd:fd:e6:09:c2:9c:
                    e2:80:38:fc:f9:d7:28:cc:21:36:2d:9f:72:44:40:
                    c7:83:e7:c1:27:93:68:5f:80:41:10:ed:01:f2:7c:
                    d1:2d:b9:73:02:ab:5f:ed:08:03:8a:e7:ed:c4:b5:
                    da:b7:0e:8b:2c:64:78:04:ae:ac:cf:37:52:f4:05:
                    b0:15:42:6b:86:07:91:56:bb:04:43:14:30:0b:8d:
                    f5:07:61:36:96:51:3f:d6:01:2a:32:55:a9:b8:3f:
                    69:5a:33:fc:69:8b:0f:58:db:31:6e:ee:37:d1:e8:
                    6d:38:86:57:44:74:a6:d1:a1:f1:f3:1a:b4:aa:72:
                    27:b8:35:32:c7:04:e6:6d:60:2a:86:d2:fd:08:02:
                    02:4c:3c:c5:5d:a5:8f:5a:a7:36:54:11:10:b0:1a:
                    10:cd:37:ba:7d:f7:e1:a7:68:c4:36:79:14:ab:cc:
                    b6:18:29:e9:94:78:a4:25:ec:71:c4:d1:73:c5:1e:
                    1f:90:eb:14:be:d9:a1:8b:cf:0c:71:f9:08:ef:4d:
                    96:2a:df:9f:99:d2:30:ea:6d:e6:65:e3:44:e5:8a:
                    d3:8c:14:25:a4:02:b1:89:49:6e:d6:14:2f:a5:7d:
                    33:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:A0:F3:88:29:98:12:56:B2:90:1E:16:F9:5B:9C:AA:04:CE:9B:97
            X509v3 Authority Key Identifier:
                keyid:4A:EF:B9:9D:2A:06:EE:99:DE:A9:56:6F:16:BF:22:6D:B3:E5:6C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Su-5nSoG7pneqVZvFr8ibbPlbJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/169a3b-6a73-49ec-affa-ed0a7aba8cb2/1/uKDziCmYElaykB4W-VucqgTOm5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/169a3b-6a73-49ec-affa-ed0a7aba8cb2/1/Su-5nSoG7pneqVZvFr8ibbPlbJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.79.192.0/20
                  195.246.219.0/24
                IPv6:
                  2a02:1d8::/32

    Signature Algorithm: sha256WithRSAEncryption
         19:be:9c:a1:ed:90:40:3e:bf:07:f3:00:ba:29:3a:58:1b:04:
         aa:1e:3d:ef:ac:46:f9:83:74:91:55:c4:6f:c6:c3:15:6c:cc:
         b0:21:17:e9:1e:f8:28:ad:18:88:b5:08:06:75:2c:45:e3:23:
         8b:e1:2d:88:32:fb:e8:b6:f7:b2:fb:f8:0c:c4:e9:f5:d3:e6:
         54:2d:fd:47:5d:fa:3f:a6:a4:50:c3:99:ef:ec:54:18:bf:94:
         a9:b5:07:38:a8:0e:21:23:61:21:3f:8c:4a:35:c4:b5:15:ae:
         a0:6a:59:fd:a1:91:3b:a1:74:c4:7b:6f:5b:ab:98:ba:ce:ed:
         3f:5c:26:12:55:91:d8:d8:86:37:1a:46:76:34:8a:e8:f8:26:
         e3:40:4a:53:2a:ba:c9:a8:e1:33:60:67:1f:55:53:b6:81:a4:
         75:1e:13:33:4f:57:76:02:e2:46:12:32:e7:31:b6:6a:cc:03:
         9c:9f:e2:ed:27:fb:de:b7:86:aa:eb:2b:11:a5:8b:de:42:84:
         fd:9f:e3:b1:d2:48:1c:9c:cc:aa:41:50:47:31:c0:a1:a3:aa:
         e2:f4:c1:a4:67:4e:f3:d1:b1:a4:31:00:a5:92:5b:8e:27:7d:
         ff:6f:9b:1d:e3:13:29:8d:86:6b:34:2b:89:cb:cc:d5:34:db:
         1e:4d:01:5a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzF3JrO/olRneAQnnmiciTqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhZWZiOTlkMmEwNmVlOTlkZWE5NTY2ZjE2YmYyMjZkYjNl
NTZjOTIwHhcNMjQwMTAxMTYzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGEwZjM4ODI5OTgxMjU2YjI5MDFlMTZmOTViOWNhYTA0Y2U5Yjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgEP1+FFSL6NLLYo5Her/X2b0C9QC
u6+9/eYJwpzigDj8+dcozCE2LZ9yREDHg+fBJ5NoX4BBEO0B8nzRLblzAqtf7QgD
iuftxLXatw6LLGR4BK6szzdS9AWwFUJrhgeRVrsEQxQwC431B2E2llE/1gEqMlWp
uD9pWjP8aYsPWNsxbu430ehtOIZXRHSm0aHx8xq0qnInuDUyxwTmbWAqhtL9CAIC
TDzFXaWPWqc2VBEQsBoQzTe6fffhp2jENnkUq8y2GCnplHikJexxxNFzxR4fkOsU
vtmhi88McfkI702WKt+fmdIw6m3mZeNE5YrTjBQlpAKxiUlu1hQvpX0zpQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLig84gpmBJWspAeFvlbnKoEzpuXMB8GA1UdIwQY
MBaAFErvuZ0qBu6Z3qlWbxa/Im2z5WySMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3UtNW5Tb0c3cG5lcVZadkZyOGliYlBsYkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8xNjlhM2ItNmE3My00OWVjLWFmZmEt
ZWQwYTdhYmE4Y2IyLzEvdUtEemlDbVlFbGF5a0I0Vy1WdWNxZ1RPbTVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8xNjlhM2ItNmE3My00OWVjLWFmZmEtZWQwYTdhYmE4Y2Iy
LzEvU3UtNW5Tb0c3cG5lcVZadkZyOGliYlBsYkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEUE/AAwQA
w/bbMA0EAgACMAcDBQAqAgHYMA0GCSqGSIb3DQEBCwUAA4IBAQAZvpyh7ZBAPr8H
8wC6KTpYGwSqHj3vrEb5g3SRVcRvxsMVbMywIRfpHvgorRiItQgGdSxF4yOL4S2I
Mvvotvey+/gMxOn10+ZULf1HXfo/pqRQw5nv7FQYv5SptQc4qA4hI2EhP4xKNcS1
Fa6galn9oZE7oXTEe29bq5i6zu0/XCYSVZHY2IY3GkZ2NIro+CbjQEpTKrrJqOEz
YGcfVVO2gaR1HhMzT1d2AuJGEjLnMbZqzAOcn+LtJ/vet4aq6ysRpYveQoT9n+Ox
0kgcnMyqQVBHMcCho6ri9MGkZ07z0bGkMQClkluOJ33/b5sd4xMpjYZrNCuJy8zV
NNseTQFa
-----END CERTIFICATE-----