Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/UA7rBHXQV0UhM-K-ysy32yYTNXU.roa
File:                     UA7rBHXQV0UhM-K-ysy32yYTNXU.roa (raw, json)
Hash identifier:          ttS8CW4RlwXr8n2lix+CwREvHGD9iXYGAUVOvapBepo=
Subject key identifier:   50:0E:EB:04:75:D0:57:45:21:33:E2:BE:CA:CC:B7:DB:26:13:35:75
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018D06133EC1C4684845049965EA9FF6050D
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/UA7rBHXQV0UhM-K-ysy32yYTNXU.roa
Signing time:             Sun 14 Jan 2024 03:45:40 +0000
ROA not before:           Sun 14 Jan 2024 03:45:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212517
IP address blocks:        202.133.88.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:06:13:3e:c1:c4:68:48:45:04:99:65:ea:9f:f6:05:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan 14 03:45:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=500eeb0475d057452133e2becaccb7db26133575
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:77:4d:5d:49:0d:98:a3:ab:4a:eb:22:2a:90:
                    4a:d3:b5:a9:33:be:59:c0:0d:09:e0:4c:f5:77:e9:
                    1f:f2:13:ca:34:94:f6:2a:b4:10:a4:ed:29:53:b6:
                    b4:61:9a:93:78:56:ab:f1:cc:b3:c8:7d:cb:2a:f1:
                    83:ae:2f:a6:ff:da:09:94:d1:a4:3e:1e:26:9c:0a:
                    8e:20:c9:f4:ed:84:46:c5:3e:87:95:4c:19:f3:ea:
                    94:bf:4d:88:02:14:d7:d5:b5:a3:62:f8:11:97:1b:
                    02:cd:47:d7:49:b7:72:d8:d8:62:5d:27:e4:f9:22:
                    b6:c9:d8:50:3c:7b:38:31:ad:6c:62:58:cf:c0:99:
                    42:7c:90:84:55:6a:ca:2a:f0:ef:b6:c2:14:ff:d3:
                    e8:61:a2:71:d8:29:01:9a:67:42:f6:a1:e9:b5:3a:
                    0e:52:33:ab:7a:37:ae:cb:76:dc:4e:24:19:48:63:
                    a6:53:d9:7d:7a:14:c6:8d:3e:91:29:a9:58:2e:2b:
                    f6:c0:59:6e:47:05:38:04:91:34:56:77:a3:d7:83:
                    82:f3:9b:77:35:a1:77:27:ba:de:e1:4d:1c:70:5d:
                    c4:80:d8:81:ff:8d:2b:24:9e:0b:cf:6c:df:31:71:
                    3c:7b:48:32:f4:75:c0:92:be:0d:eb:e1:2c:41:bf:
                    2c:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:0E:EB:04:75:D0:57:45:21:33:E2:BE:CA:CC:B7:DB:26:13:35:75
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/UA7rBHXQV0UhM-K-ysy32yYTNXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.133.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         de:51:6d:80:b4:82:7c:ef:c4:47:93:53:da:24:aa:ba:5e:c8:
         af:bb:26:ac:bc:2b:50:18:b0:af:a8:a6:3c:68:ab:28:d4:8a:
         91:7d:96:81:3e:36:d2:7d:85:24:f0:63:45:8a:04:b4:66:43:
         3e:f3:5d:3e:36:88:df:c3:b9:b0:cd:82:e0:25:be:7a:3b:ed:
         bc:0e:ce:32:05:5e:bf:0e:e8:2c:a4:22:02:66:e2:62:02:c4:
         60:7e:b5:ff:b7:d3:a1:39:14:23:43:66:2a:6e:27:4f:ee:ae:
         fe:34:b9:ff:0c:9c:df:6c:4a:1c:91:5d:c0:ca:be:54:2e:8e:
         d5:92:df:88:61:31:c4:31:7d:60:de:12:75:82:f7:cf:c3:22:
         e3:ef:80:a1:9b:bf:e5:14:d3:80:c7:f7:30:a0:f2:8e:3c:bc:
         79:23:18:3b:9c:40:64:55:f2:bf:97:37:37:35:17:e1:4c:04:
         e4:d7:44:07:d2:a0:cd:46:45:63:36:82:c0:78:2f:aa:1d:17:
         b0:b4:b0:ad:09:60:bb:93:85:8e:8a:d3:c4:c1:48:04:d5:b9:
         06:23:3b:5d:a3:54:57:85:cb:13:bb:de:50:bc:a9:61:f7:47:
         bf:44:43:76:14:79:ff:80:fa:ae:b4:df:94:03:ee:04:f4:bf:
         79:f6:8e:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0GEz7BxGhIRQSZZeqf9gUNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMTE0MDM0NTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDBlZWIwNDc1ZDA1NzQ1MjEzM2UyYmVjYWNjYjdkYjI2MTMzNTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHdNXUkNmKOrSusiKpBK07WpM75Z
wA0J4Ez1d+kf8hPKNJT2KrQQpO0pU7a0YZqTeFar8cyzyH3LKvGDri+m/9oJlNGk
Ph4mnAqOIMn07YRGxT6HlUwZ8+qUv02IAhTX1bWjYvgRlxsCzUfXSbdy2NhiXSfk
+SK2ydhQPHs4Ma1sYljPwJlCfJCEVWrKKvDvtsIU/9PoYaJx2CkBmmdC9qHptToO
UjOrejeuy3bcTiQZSGOmU9l9ehTGjT6RKalYLiv2wFluRwU4BJE0Vnej14OC85t3
NaF3J7re4U0ccF3EgNiB/40rJJ4Lz2zfMXE8e0gy9HXAkr4N6+EsQb8s8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFAO6wR10FdFITPivsrMt9smEzV1MB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvVUE3ckJIWFFWMFVoTS1LLXlzeTMyeVlUTlhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQByoVYMA0G
CSqGSIb3DQEBCwUAA4IBAQDeUW2AtIJ878RHk1PaJKq6XsivuyasvCtQGLCvqKY8
aKso1IqRfZaBPjbSfYUk8GNFigS0ZkM+810+Nojfw7mwzYLgJb56O+28Ds4yBV6/
DugspCICZuJiAsRgfrX/t9OhORQjQ2YqbidP7q7+NLn/DJzfbEockV3Ayr5ULo7V
kt+IYTHEMX1g3hJ1gvfPwyLj74Chm7/lFNOAx/cwoPKOPLx5Ixg7nEBkVfK/lzc3
NRfhTATk10QH0qDNRkVjNoLAeC+qHRewtLCtCWC7k4WOitPEwUgE1bkGIztdo1RX
hcsTu95QvKlh90e/REN2FHn/gPqutN+UA+4E9L959o76
-----END CERTIFICATE-----