Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/400686-8c75-42d0-8bd1-00044757fe8a/1/uLjydiLVYatJ81jKuB9teUAji-k.roa
File:                     uLjydiLVYatJ81jKuB9teUAji-k.roa (raw, json)
Hash identifier:          +uFO40aC8Sf1aTnEHZ3Tiisy/s+TZS9NPN1xWXxdYLw=
Subject key identifier:   B8:B8:F2:76:22:D5:61:AB:49:F3:58:CA:B8:1F:6D:79:40:23:8B:E9
Certificate issuer:       /CN=bf73a3f21a1944421b4ddba7ecbc8360cca5e6fc
Certificate serial:       018CC26D65CF2F9989F03BEEB20F801550E1
Authority key identifier: BF:73:A3:F2:1A:19:44:42:1B:4D:DB:A7:EC:BC:83:60:CC:A5:E6:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v3Oj8hoZREIbTdun7LyDYMyl5vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/400686-8c75-42d0-8bd1-00044757fe8a/1/uLjydiLVYatJ81jKuB9teUAji-k.roa
Signing time:             Mon 01 Jan 2024 00:29:58 +0000
ROA not before:           Mon 01 Jan 2024 00:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8757
IP address blocks:        185.146.124.0/22 maxlen: 24
                          212.58.128.0/19 maxlen: 24
                          2a07:7b80::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/400686-8c75-42d0-8bd1-00044757fe8a/1/v3Oj8hoZREIbTdun7LyDYMyl5vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/400686-8c75-42d0-8bd1-00044757fe8a/1/v3Oj8hoZREIbTdun7LyDYMyl5vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v3Oj8hoZREIbTdun7LyDYMyl5vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:65:cf:2f:99:89:f0:3b:ee:b2:0f:80:15:50:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf73a3f21a1944421b4ddba7ecbc8360cca5e6fc
        Validity
            Not Before: Jan  1 00:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8b8f27622d561ab49f358cab81f6d7940238be9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:26:9e:9b:40:6f:9a:8e:f4:b4:17:a9:88:96:
                    f4:be:15:2d:ae:90:c5:95:db:0e:d8:c5:ad:15:b4:
                    92:a5:2f:b0:85:0d:5a:9a:d1:71:16:64:f4:32:ef:
                    e5:02:39:d6:49:01:de:9f:b5:fa:89:65:56:d6:c3:
                    32:ec:e3:0d:85:81:4c:af:21:b4:41:c9:e6:fc:3a:
                    f5:1a:ac:50:0b:64:7a:3f:b6:d2:b0:e7:fc:27:b5:
                    e5:65:e2:a0:9c:e8:7b:e2:bd:86:36:52:cb:ec:f1:
                    ec:10:55:1d:4b:7a:76:9d:07:48:26:02:d4:2e:c5:
                    7d:a9:f8:c3:41:75:ee:cc:54:1d:c9:c2:2c:23:51:
                    92:c4:2c:f7:e3:0b:17:80:cf:a5:37:2f:cd:50:86:
                    6e:40:04:c7:90:68:56:23:b7:c2:fa:7c:40:dc:f4:
                    60:3e:62:50:6b:b2:0e:12:d5:ba:11:cb:41:c3:71:
                    47:af:f1:3e:a6:fb:c0:01:69:ae:e2:4c:b9:5b:4e:
                    40:2f:33:bb:a9:2b:eb:0d:94:11:7e:c4:7b:73:03:
                    6c:ad:07:1a:77:1f:b2:6c:89:bf:5c:4c:e1:0c:b3:
                    75:e1:e4:32:fe:6e:37:b9:55:b4:2e:e5:a4:90:46:
                    4c:81:6c:2a:a1:c8:71:ae:70:c6:de:9a:39:ab:8d:
                    9e:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:B8:F2:76:22:D5:61:AB:49:F3:58:CA:B8:1F:6D:79:40:23:8B:E9
            X509v3 Authority Key Identifier:
                keyid:BF:73:A3:F2:1A:19:44:42:1B:4D:DB:A7:EC:BC:83:60:CC:A5:E6:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v3Oj8hoZREIbTdun7LyDYMyl5vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/400686-8c75-42d0-8bd1-00044757fe8a/1/uLjydiLVYatJ81jKuB9teUAji-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/400686-8c75-42d0-8bd1-00044757fe8a/1/v3Oj8hoZREIbTdun7LyDYMyl5vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.124.0/22
                  212.58.128.0/19
                IPv6:
                  2a07:7b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         27:2d:ba:7c:97:60:33:fa:0c:f6:80:81:61:09:82:8b:e6:a6:
         28:0b:8e:cd:e6:8f:db:70:e1:b4:31:37:6b:eb:e3:49:6b:aa:
         fb:32:5d:d0:d0:08:d3:16:e5:23:39:a7:3a:3c:12:d2:ef:0b:
         d5:4e:9b:a8:6c:a7:f7:6a:b9:59:34:7c:44:55:5d:73:76:9f:
         f1:40:a6:74:68:db:21:6c:a3:c5:37:f7:e3:f6:18:92:a6:bd:
         6e:f1:59:cc:04:2c:92:bc:5e:19:56:d9:a4:36:9a:a1:23:43:
         8e:66:b7:39:f3:b5:b3:1a:77:10:78:d0:c8:9d:e5:6d:e1:75:
         90:e2:e4:12:7d:07:d4:81:5b:78:64:6f:2b:98:3b:26:a9:ac:
         08:1f:8f:25:04:7f:4e:98:67:9e:eb:e5:7f:a9:21:b4:c3:e9:
         d7:6d:90:10:0b:a1:dd:eb:95:7d:28:ce:5b:40:d9:cc:31:b6:
         cc:29:ac:ef:7e:60:4f:21:70:a1:88:69:46:a5:77:40:03:04:
         67:0d:ae:8e:e2:33:d8:72:3f:a4:6a:4b:55:83:00:35:2b:80:
         c4:ac:6e:d3:87:18:e0:96:52:14:86:ec:cd:d1:36:1a:63:fa:
         78:7f:ca:ac:72:11:67:48:fe:e7:25:8f:98:8a:49:40:35:bc:
         02:91:d4:08
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzCbWXPL5mJ8Dvusg+AFVDhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNzNhM2YyMWExOTQ0NDIxYjRkZGJhN2VjYmM4MzYwY2Nh
NWU2ZmMwHhcNMjQwMTAxMDAyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGI4ZjI3NjIyZDU2MWFiNDlmMzU4Y2FiODFmNmQ3OTQwMjM4YmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjiaem0Bvmo70tBepiJb0vhUtrpDF
ldsO2MWtFbSSpS+whQ1amtFxFmT0Mu/lAjnWSQHen7X6iWVW1sMy7OMNhYFMryG0
Qcnm/Dr1GqxQC2R6P7bSsOf8J7XlZeKgnOh74r2GNlLL7PHsEFUdS3p2nQdIJgLU
LsV9qfjDQXXuzFQdycIsI1GSxCz34wsXgM+lNy/NUIZuQATHkGhWI7fC+nxA3PRg
PmJQa7IOEtW6EctBw3FHr/E+pvvAAWmu4ky5W05ALzO7qSvrDZQRfsR7cwNsrQca
dx+ybIm/XEzhDLN14eQy/m43uVW0LuWkkEZMgWwqochxrnDG3po5q42ejwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLi48nYi1WGrSfNYyrgfbXlAI4vpMB8GA1UdIwQY
MBaAFL9zo/IaGURCG03bp+y8g2DMpeb8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjNPajhob1pSRUliVGR1bjdMeURZTXlsNXZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS80MDA2ODYtOGM3NS00MmQwLThiZDEt
MDAwNDQ3NTdmZThhLzEvdUxqeWRpTFZZYXRKODFqS3VCOXRlVUFqaS1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS80MDA2ODYtOGM3NS00MmQwLThiZDEtMDAwNDQ3NTdmZThh
LzEvdjNPajhob1pSRUliVGR1bjdMeURZTXlsNXZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuZJ8AwQF
1DqAMA0EAgACMAcDBQMqB3uAMA0GCSqGSIb3DQEBCwUAA4IBAQAnLbp8l2Az+gz2
gIFhCYKL5qYoC47N5o/bcOG0MTdr6+NJa6r7Ml3Q0AjTFuUjOac6PBLS7wvVTpuo
bKf3arlZNHxEVV1zdp/xQKZ0aNshbKPFN/fj9hiSpr1u8VnMBCySvF4ZVtmkNpqh
I0OOZrc587WzGncQeNDIneVt4XWQ4uQSfQfUgVt4ZG8rmDsmqawIH48lBH9OmGee
6+V/qSG0w+nXbZAQC6Hd65V9KM5bQNnMMbbMKazvfmBPIXChiGlGpXdAAwRnDa6O
4jPYcj+kaktVgwA1K4DErG7ThxjgllIUhuzN0TYaY/p4f8qschFnSP7nJY+YiklA
NbwCkdQI
-----END CERTIFICATE-----