Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/UMd3p_q3AlA0FTggOaSdjNfL8ps.roa
File:                     UMd3p_q3AlA0FTggOaSdjNfL8ps.roa (raw, json)
Hash identifier:          Iuj3pB23MMt3nw1keN/qkjW6nHha0ZLA8EBpAmwJlwg=
Subject key identifier:   50:C7:77:A7:FA:B7:02:50:34:15:38:20:39:A4:9D:8C:D7:CB:F2:9B
Certificate issuer:       /CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
Certificate serial:       018CC2DB067306B2E1B29C08E62BA06224D9
Authority key identifier: 21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/UMd3p_q3AlA0FTggOaSdjNfL8ps.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200436
IP address blocks:        62.3.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:06:73:06:b2:e1:b2:9c:08:e6:2b:a0:62:24:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=215266435617fa0f1fd2837ec80c6d83b0b9d608
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50c777a7fab702503415382039a49d8cd7cbf29b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:59:ee:d5:d0:e5:61:77:db:84:3e:a1:20:8e:
                    88:07:9e:bb:e0:34:82:6a:06:76:2f:df:a6:94:4a:
                    f5:3f:67:10:74:8d:79:6f:71:4c:82:60:d8:b8:04:
                    5f:98:4c:e7:70:ee:1e:7c:f4:ac:ab:96:7d:2d:bb:
                    d6:f6:76:8a:fc:d1:97:65:cf:b5:74:53:70:ca:c0:
                    3d:2b:ac:ee:01:25:87:03:7a:35:3a:5f:de:73:ad:
                    bf:b7:b7:a9:b3:4b:b2:a9:98:be:f7:d2:2a:54:bd:
                    ce:b5:c9:14:9a:00:8d:7f:50:60:09:30:3b:76:5b:
                    90:88:0d:aa:7e:a2:38:44:73:a3:d8:83:85:5f:a6:
                    9e:8f:7b:da:96:29:63:94:6a:9d:36:78:3c:25:9f:
                    1a:0a:39:3b:fc:3e:d7:16:ad:be:24:aa:8c:f3:a2:
                    77:fb:56:04:60:3a:7f:2b:de:51:99:b7:09:59:69:
                    66:3d:71:98:7d:b3:b5:af:48:c5:6a:95:97:7c:1d:
                    d4:79:09:fc:73:8a:7e:08:7a:94:ac:b6:72:e4:5d:
                    9f:4e:9c:11:9b:6c:28:af:74:10:e4:04:e7:e6:b6:
                    17:5e:e0:dc:7c:01:61:51:c0:98:83:f5:eb:ec:0e:
                    6b:62:e6:cd:fa:3c:c8:ba:7b:b2:05:42:2b:53:e5:
                    24:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:C7:77:A7:FA:B7:02:50:34:15:38:20:39:A4:9D:8C:D7:CB:F2:9B
            X509v3 Authority Key Identifier:
                keyid:21:52:66:43:56:17:FA:0F:1F:D2:83:7E:C8:0C:6D:83:B0:B9:D6:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVJmQ1YX-g8f0oN-yAxtg7C51gg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/UMd3p_q3AlA0FTggOaSdjNfL8ps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/c072ae-15d7-42a8-bfc2-bc93ca679e1f/1/IVJmQ1YX-g8f0oN-yAxtg7C51gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:1f:6a:7d:be:81:d0:82:e6:a9:a7:e6:0e:b2:2f:00:18:ae:
         13:73:09:9c:28:25:bb:b7:0b:54:89:21:47:d1:c8:a1:b3:e8:
         6a:57:5a:cf:83:86:5b:8f:f1:08:5a:8d:9d:23:5c:ec:94:4f:
         17:12:ab:f0:7b:2a:4c:42:db:ce:2f:68:48:34:02:91:ec:76:
         15:35:ea:0e:bf:82:a0:5b:d0:10:9f:a8:e2:8e:56:10:b4:0d:
         33:59:1d:48:36:82:91:e3:18:aa:f8:02:5d:c2:a4:cf:d2:3c:
         ce:e7:89:ae:19:ee:85:28:5a:65:ad:d1:c0:78:c4:08:88:b5:
         20:55:06:f0:84:98:49:ac:cd:f2:f2:3d:d0:0a:81:58:e2:75:
         8d:96:cf:94:89:bf:b7:5c:07:ad:02:4d:c7:f8:e1:75:b2:73:
         cb:bf:a2:85:22:d6:ae:02:2c:dd:78:a8:64:61:ab:2a:8c:51:
         22:d5:18:37:bc:f8:c4:d7:0b:25:15:63:68:a1:7f:9d:80:56:
         9a:bb:5c:11:9a:ab:73:7d:9d:99:66:f6:f5:96:89:f3:08:d8:
         18:7f:3b:6c:31:b5:1e:e7:4b:92:8f:aa:0c:48:ed:ff:92:26:
         13:0d:af:25:6f:7b:49:35:72:63:d4:5d:40:4d:1b:dc:7b:97:
         40:85:2e:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2wZzBrLhspwI5iugYiTZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTI2NjQzNTYxN2ZhMGYxZmQyODM3ZWM4MGM2ZDgzYjBi
OWQ2MDgwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGM3NzdhN2ZhYjcwMjUwMzQxNTM4MjAzOWE0OWQ4Y2Q3Y2JmMjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylnu1dDlYXfbhD6hII6IB5674DSC
agZ2L9+mlEr1P2cQdI15b3FMgmDYuARfmEzncO4efPSsq5Z9LbvW9naK/NGXZc+1
dFNwysA9K6zuASWHA3o1Ol/ec62/t7eps0uyqZi+99IqVL3OtckUmgCNf1BgCTA7
dluQiA2qfqI4RHOj2IOFX6aej3valiljlGqdNng8JZ8aCjk7/D7XFq2+JKqM86J3
+1YEYDp/K95RmbcJWWlmPXGYfbO1r0jFapWXfB3UeQn8c4p+CHqUrLZy5F2fTpwR
m2wor3QQ5ATn5rYXXuDcfAFhUcCYg/Xr7A5rYubN+jzIunuyBUIrU+Uk7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDHd6f6twJQNBU4IDmknYzXy/KbMB8GA1UdIwQY
MBaAFCFSZkNWF/oPH9KDfsgMbYOwudYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzIt
YmM5M2NhNjc5ZTFmLzEvVU1kM3BfcTNBbEEwRlRnZ09hU2RqTmZMOHBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9jMDcyYWUtMTVkNy00MmE4LWJmYzItYmM5M2NhNjc5ZTFm
LzEvSVZKbVExWVgtZzhmMG9OLXlBeHRnN0M1MWdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgMOMA0G
CSqGSIb3DQEBCwUAA4IBAQB6H2p9voHQguapp+YOsi8AGK4TcwmcKCW7twtUiSFH
0cihs+hqV1rPg4Zbj/EIWo2dI1zslE8XEqvweypMQtvOL2hINAKR7HYVNeoOv4Kg
W9AQn6jijlYQtA0zWR1INoKR4xiq+AJdwqTP0jzO54muGe6FKFplrdHAeMQIiLUg
VQbwhJhJrM3y8j3QCoFY4nWNls+Uib+3XAetAk3H+OF1snPLv6KFItauAizdeKhk
YasqjFEi1Rg3vPjE1wslFWNooX+dgFaau1wRmqtzfZ2ZZvb1lonzCNgYfztsMbUe
50uSj6oMSO3/kiYTDa8lb3tJNXJj1F1ATRvce5dAhS5D
-----END CERTIFICATE-----