Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/0b06bc-b8c7-4f75-b29e-c107a7ac0488/1/Uc88eghrvwuZa3flmG5gaM9sRjQ.roa
File:                     Uc88eghrvwuZa3flmG5gaM9sRjQ.roa (raw, json)
Hash identifier:          bDFz/+Lz/AXRoBvbVUWgKm3ScRUvfzHs+O70kSBrRP0=
Subject key identifier:   51:CF:3C:7A:08:6B:BF:0B:99:6B:77:E5:98:6E:60:68:CF:6C:46:34
Certificate issuer:       /CN=58ffa14df2a89cb6709636f2b0b570abccf8b84b
Certificate serial:       018CE92CDCFB14F7D74C2D40E7922C7438EC
Authority key identifier: 58:FF:A1:4D:F2:A8:9C:B6:70:96:36:F2:B0:B5:70:AB:CC:F8:B8:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WP-hTfKonLZwljbysLVwq8z4uEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/0b06bc-b8c7-4f75-b29e-c107a7ac0488/1/Uc88eghrvwuZa3flmG5gaM9sRjQ.roa
Signing time:             Mon 08 Jan 2024 13:04:40 +0000
ROA not before:           Mon 08 Jan 2024 13:04:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205388
IP address blocks:        146.19.42.0/24 maxlen: 24
                          185.216.212.0/22 maxlen: 32
                          2a0b:bbc0::/32 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/0b06bc-b8c7-4f75-b29e-c107a7ac0488/1/WP-hTfKonLZwljbysLVwq8z4uEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/0b06bc-b8c7-4f75-b29e-c107a7ac0488/1/WP-hTfKonLZwljbysLVwq8z4uEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WP-hTfKonLZwljbysLVwq8z4uEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 23:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e9:2c:dc:fb:14:f7:d7:4c:2d:40:e7:92:2c:74:38:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ffa14df2a89cb6709636f2b0b570abccf8b84b
        Validity
            Not Before: Jan  8 13:04:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51cf3c7a086bbf0b996b77e5986e6068cf6c4634
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:51:43:76:4c:2b:87:99:ab:40:7b:3e:63:b8:
                    30:8a:f2:56:0a:13:f5:9f:19:65:1c:f8:e8:98:3b:
                    10:55:aa:a6:d1:70:74:e2:5e:a0:47:10:24:c4:f3:
                    6c:0a:56:b7:80:90:dd:8e:90:d4:ed:38:36:37:50:
                    2f:bd:41:a7:2d:df:6b:11:2d:95:38:6d:ca:08:11:
                    56:9e:22:2d:34:15:c9:9e:56:f7:01:cf:f5:cd:fb:
                    b5:d9:60:de:4b:75:4c:e1:49:db:59:05:51:77:84:
                    96:ce:6e:22:98:2c:29:fc:8a:26:e5:c5:dd:a3:9d:
                    f5:ee:ea:6f:1e:f3:61:d3:50:46:bc:de:47:9e:3a:
                    84:60:28:8b:4f:cb:41:d8:77:2b:d2:4e:57:2f:73:
                    f3:15:91:12:b4:50:b7:65:22:68:57:2c:63:cc:ff:
                    02:76:4f:85:2b:92:1d:ff:3f:d6:89:84:8d:f0:42:
                    c5:0a:0b:d7:64:cd:3e:6a:65:18:7c:11:95:83:4b:
                    26:e2:b8:5d:c9:67:cf:60:ba:1e:a5:43:9e:cb:76:
                    e6:88:c9:b2:47:62:96:db:a4:a9:08:a6:80:a9:ec:
                    d2:44:a6:2a:3f:6d:64:c9:7e:ff:ca:6f:c2:c3:71:
                    ae:9b:4c:23:72:62:1a:f4:ee:44:c1:88:5a:07:c7:
                    4f:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:CF:3C:7A:08:6B:BF:0B:99:6B:77:E5:98:6E:60:68:CF:6C:46:34
            X509v3 Authority Key Identifier:
                keyid:58:FF:A1:4D:F2:A8:9C:B6:70:96:36:F2:B0:B5:70:AB:CC:F8:B8:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WP-hTfKonLZwljbysLVwq8z4uEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/0b06bc-b8c7-4f75-b29e-c107a7ac0488/1/Uc88eghrvwuZa3flmG5gaM9sRjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/0b06bc-b8c7-4f75-b29e-c107a7ac0488/1/WP-hTfKonLZwljbysLVwq8z4uEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.42.0/24
                  185.216.212.0/22
                IPv6:
                  2a0b:bbc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:eb:23:22:02:4a:de:20:c6:b2:45:be:6c:72:c2:bc:9d:21:
         37:e2:5b:ad:98:37:eb:94:28:7e:c5:34:d2:ce:a5:46:28:9b:
         5b:2a:17:6c:25:07:a9:3d:dd:ba:0e:3d:29:9b:59:50:a2:ed:
         cb:6e:36:ae:90:d6:21:e2:44:42:0d:d6:56:ff:08:c7:8e:9e:
         70:eb:49:17:03:6f:21:13:5b:9a:3c:1a:29:a3:7c:32:b5:8f:
         e4:13:50:dc:3d:5e:0c:9f:0a:cc:33:41:f2:f9:7c:d2:86:cb:
         cc:cf:92:73:12:98:84:03:75:1f:40:be:52:91:7e:b6:4f:ee:
         ae:86:5e:95:99:7a:c1:e3:05:b4:a8:b6:2d:ee:91:00:93:9e:
         dd:22:9e:1f:e8:91:72:61:0e:91:b9:e4:4d:5b:87:4b:57:a7:
         8e:b2:58:05:cd:cc:b2:d2:8c:ce:13:ce:3b:99:80:7d:34:ad:
         3b:47:77:19:0c:cb:63:df:32:e0:0d:1b:25:89:36:3a:94:03:
         87:05:b3:72:d1:64:42:ba:16:6c:f4:fa:f1:a9:a5:33:06:74:
         7d:f1:7b:97:92:21:aa:de:c4:bd:bd:e1:59:3c:a1:a3:b4:40:
         5d:6c:9b:55:24:36:cc:c4:6c:f5:fa:ac:82:80:57:19:cc:b5:
         25:3a:b3:5c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzpLNz7FPfXTC1A55IsdDjsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ZmZhMTRkZjJhODljYjY3MDk2MzZmMmIwYjU3MGFiY2Nm
OGI4NGIwHhcNMjQwMTA4MTMwNDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWNmM2M3YTA4NmJiZjBiOTk2Yjc3ZTU5ODZlNjA2OGNmNmM0NjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFFDdkwrh5mrQHs+Y7gwivJWChP1
nxllHPjomDsQVaqm0XB04l6gRxAkxPNsCla3gJDdjpDU7Tg2N1AvvUGnLd9rES2V
OG3KCBFWniItNBXJnlb3Ac/1zfu12WDeS3VM4UnbWQVRd4SWzm4imCwp/Iom5cXd
o5317upvHvNh01BGvN5HnjqEYCiLT8tB2Hcr0k5XL3PzFZEStFC3ZSJoVyxjzP8C
dk+FK5Id/z/WiYSN8ELFCgvXZM0+amUYfBGVg0sm4rhdyWfPYLoepUOey3bmiMmy
R2KW26SpCKaAqezSRKYqP21kyX7/ym/Cw3Gum0wjcmIa9O5EwYhaB8dPoQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFHPPHoIa78LmWt35ZhuYGjPbEY0MB8GA1UdIwQY
MBaAFFj/oU3yqJy2cJY28rC1cKvM+LhLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1AtaFRmS29uTFp3bGpieXNMVndxOHo0dUVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8wYjA2YmMtYjhjNy00Zjc1LWIyOWUt
YzEwN2E3YWMwNDg4LzEvVWM4OGVnaHJ2d3VaYTNmbG1HNWdhTTlzUmpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8wYjA2YmMtYjhjNy00Zjc1LWIyOWUtYzEwN2E3YWMwNDg4
LzEvV1AtaFRmS29uTFp3bGpieXNMVndxOHo0dUVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAkhMqAwQC
udjUMA0EAgACMAcDBQAqC7vAMA0GCSqGSIb3DQEBCwUAA4IBAQBS6yMiAkreIMay
Rb5scsK8nSE34lutmDfrlCh+xTTSzqVGKJtbKhdsJQepPd26Dj0pm1lQou3Lbjau
kNYh4kRCDdZW/wjHjp5w60kXA28hE1uaPBopo3wytY/kE1DcPV4MnwrMM0Hy+XzS
hsvMz5JzEpiEA3UfQL5SkX62T+6uhl6VmXrB4wW0qLYt7pEAk57dIp4f6JFyYQ6R
ueRNW4dLV6eOslgFzcyy0ozOE847mYB9NK07R3cZDMtj3zLgDRsliTY6lAOHBbNy
0WRCuhZs9PrxqaUzBnR98XuXkiGq3sS9veFZPKGjtEBdbJtVJDbMxGz1+qyCgFcZ
zLUlOrNc
-----END CERTIFICATE-----