Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/UaW7zG2HGo01gVJxSkw6OdjGMMU.roa
File:                     UaW7zG2HGo01gVJxSkw6OdjGMMU.roa (raw, json)
Hash identifier:          uk5XMd7BNOg40JUfygX0cSvVnUHPx9uXOejkZVDIVGM=
Subject key identifier:   51:A5:BB:CC:6D:87:1A:8D:35:81:52:71:4A:4C:3A:39:D8:C6:30:C5
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       018FA03B76E5C88B04F65466D84A812461DD
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/UaW7zG2HGo01gVJxSkw6OdjGMMU.roa
Signing time:             Wed 22 May 2024 12:16:42 +0000
ROA not before:           Wed 22 May 2024 12:16:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198592
IP address blocks:        109.120.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a0:3b:76:e5:c8:8b:04:f6:54:66:d8:4a:81:24:61:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: May 22 12:16:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51a5bbcc6d871a8d358152714a4c3a39d8c630c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:7a:d6:48:e5:90:d0:06:ad:f4:b0:8b:36:f5:
                    5c:cd:3b:0a:06:bb:d5:ba:28:a4:56:f2:04:f3:6c:
                    5e:39:98:35:35:67:53:50:08:43:ea:b4:43:35:6e:
                    21:d3:a5:d2:38:8a:5f:56:0c:40:6c:c2:25:ef:7f:
                    a1:0c:6e:e5:20:98:f2:e2:a6:83:ef:36:5c:38:e3:
                    bb:38:d0:2a:69:b4:9b:d8:66:6e:53:f3:59:85:f9:
                    63:28:fd:bf:95:6b:a7:f1:5a:86:34:3b:16:07:db:
                    5f:59:9b:26:88:74:29:3c:0d:3e:e8:56:46:34:ef:
                    45:b3:06:7b:ea:ed:37:c7:5b:f5:87:58:7d:9c:8f:
                    b5:02:ef:14:06:fa:c1:5d:38:67:2e:a6:e9:6a:4e:
                    0e:ac:c4:89:f6:4c:57:d1:9e:f0:75:cd:b9:79:69:
                    85:27:45:c8:f7:b3:12:c0:a5:91:84:98:fd:77:0a:
                    ae:90:7d:68:de:0b:03:08:13:7f:65:64:d1:a2:ac:
                    bd:b4:84:13:47:6b:86:a9:bf:b3:54:68:bd:24:4d:
                    08:ac:a9:c7:55:c5:87:a1:a7:77:84:64:2b:b5:4e:
                    e5:a3:ee:20:26:a4:e4:a9:37:72:aa:f7:86:56:5b:
                    57:15:0b:6e:d8:cf:14:23:e1:81:f2:1e:4c:18:14:
                    bf:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:A5:BB:CC:6D:87:1A:8D:35:81:52:71:4A:4C:3A:39:D8:C6:30:C5
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/UaW7zG2HGo01gVJxSkw6OdjGMMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.120.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:80:a8:c3:98:6d:4d:2e:0f:c2:fa:02:c3:b4:d0:15:99:b4:
         8f:68:e3:38:f9:e2:5a:f0:44:c4:6f:e3:3f:54:22:47:39:f3:
         2d:4d:86:07:a0:44:96:0b:69:1f:2b:cd:3c:f0:ae:93:51:ff:
         8b:6e:b2:f7:e8:60:c4:45:bd:e4:5d:30:8a:20:76:20:6a:c5:
         ec:12:75:29:c4:58:18:f4:7f:b4:dc:83:a4:dc:de:b5:f4:a4:
         8c:d6:45:b2:32:97:b2:37:56:41:43:b5:d3:2a:c5:7e:8a:5d:
         e2:66:89:64:87:88:5e:ea:fc:c2:cc:74:39:b8:d5:76:f4:fe:
         57:ed:b5:43:46:81:1c:65:34:d8:ae:c0:64:ed:8b:b5:14:5b:
         fa:5c:00:0f:26:1c:21:85:87:13:34:7c:92:b4:b0:e3:e2:5a:
         4f:e3:94:df:63:d6:6c:99:dc:41:af:81:b3:7c:71:12:67:d3:
         3a:48:42:3f:1b:6c:54:30:8a:34:b1:2e:a4:29:a4:dd:1c:7a:
         a1:f9:93:ff:06:e5:03:1c:fa:07:2e:f1:5b:d7:1d:0a:b6:9a:
         96:d0:9b:a8:2a:f2:26:cf:46:e5:ae:a2:1e:40:34:e2:01:58:
         45:73:7a:0e:e5:53:30:af:40:e0:d6:e1:0b:d1:6a:4e:ee:8e:
         40:17:20:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+gO3blyIsE9lRm2EqBJGHdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjQwNTIyMTIxNjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWE1YmJjYzZkODcxYThkMzU4MTUyNzE0YTRjM2EzOWQ4YzYzMGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznrWSOWQ0Aat9LCLNvVczTsKBrvV
uiikVvIE82xeOZg1NWdTUAhD6rRDNW4h06XSOIpfVgxAbMIl73+hDG7lIJjy4qaD
7zZcOOO7ONAqabSb2GZuU/NZhfljKP2/lWun8VqGNDsWB9tfWZsmiHQpPA0+6FZG
NO9FswZ76u03x1v1h1h9nI+1Au8UBvrBXThnLqbpak4OrMSJ9kxX0Z7wdc25eWmF
J0XI97MSwKWRhJj9dwqukH1o3gsDCBN/ZWTRoqy9tIQTR2uGqb+zVGi9JE0IrKnH
VcWHoad3hGQrtU7lo+4gJqTkqTdyqveGVltXFQtu2M8UI+GB8h5MGBS/jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFGlu8xthxqNNYFScUpMOjnYxjDFMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvVWFXN3pHMkhHbzAxZ1ZKeFNrdzZPZGpHTU1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXiUMA0G
CSqGSIb3DQEBCwUAA4IBAQBRgKjDmG1NLg/C+gLDtNAVmbSPaOM4+eJa8ETEb+M/
VCJHOfMtTYYHoESWC2kfK8088K6TUf+LbrL36GDERb3kXTCKIHYgasXsEnUpxFgY
9H+03IOk3N619KSM1kWyMpeyN1ZBQ7XTKsV+il3iZolkh4he6vzCzHQ5uNV29P5X
7bVDRoEcZTTYrsBk7Yu1FFv6XAAPJhwhhYcTNHyStLDj4lpP45TfY9ZsmdxBr4Gz
fHESZ9M6SEI/G2xUMIo0sS6kKaTdHHqh+ZP/BuUDHPoHLvFb1x0KtpqW0JuoKvIm
z0blrqIeQDTiAVhFc3oO5VMwr0Dg1uEL0WpO7o5AFyCv
-----END CERTIFICATE-----