Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/b55ef1-ca63-4ca1-a659-f9720285e797/1/UxsHS_3_E6dMk2wVEhDbhWcRJuE.roa
File:                     UxsHS_3_E6dMk2wVEhDbhWcRJuE.roa (raw, json)
Hash identifier:          HSXkHT19rDsTJeJN+C9QDCvtOz6lvWTQDhdBZ5GShi8=
Subject key identifier:   53:1B:07:4B:FD:FF:13:A7:4C:93:6C:15:12:10:DB:85:67:11:26:E1
Certificate issuer:       /CN=6f074d2efb5f3e1d35c291f8a11c0bc0be7ec1b8
Certificate serial:       0191802016E5F794B85421390AA4896F922C
Authority key identifier: 6F:07:4D:2E:FB:5F:3E:1D:35:C2:91:F8:A1:1C:0B:C0:BE:7E:C1:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bwdNLvtfPh01wpH4oRwLwL5-wbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/b55ef1-ca63-4ca1-a659-f9720285e797/1/UxsHS_3_E6dMk2wVEhDbhWcRJuE.roa
Signing time:             Fri 23 Aug 2024 16:44:32 +0000
ROA not before:           Fri 23 Aug 2024 16:44:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     965
IP address blocks:        193.108.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/b55ef1-ca63-4ca1-a659-f9720285e797/1/bwdNLvtfPh01wpH4oRwLwL5-wbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/b55ef1-ca63-4ca1-a659-f9720285e797/1/bwdNLvtfPh01wpH4oRwLwL5-wbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bwdNLvtfPh01wpH4oRwLwL5-wbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:80:20:16:e5:f7:94:b8:54:21:39:0a:a4:89:6f:92:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f074d2efb5f3e1d35c291f8a11c0bc0be7ec1b8
        Validity
            Not Before: Aug 23 16:44:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=531b074bfdff13a74c936c151210db85671126e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:1f:e7:0e:b3:e8:39:f2:89:fa:ec:8a:cc:e9:
                    ef:eb:c2:66:f4:30:7d:64:c7:e7:3d:5c:2e:05:d7:
                    01:ce:5a:f7:c8:b9:b8:c5:3a:28:d9:a5:50:f3:65:
                    90:c8:dc:a6:8f:4d:b6:79:05:72:65:15:dd:bf:e7:
                    c9:91:7a:09:9a:36:63:5c:d0:0c:2b:ef:8f:b6:67:
                    05:e3:df:a4:33:d6:f6:2d:b1:67:a9:e2:b1:ff:6f:
                    5f:0b:b5:89:68:29:3c:10:ac:4f:8a:03:12:ca:b8:
                    fd:89:91:1d:2e:52:35:34:40:62:80:fb:72:22:80:
                    12:dc:99:5c:9c:ae:43:23:bc:81:43:90:0c:29:45:
                    4f:c7:a2:e6:63:33:d7:d0:ba:fe:9a:0c:3a:8e:2c:
                    b5:3d:6a:04:f5:25:64:e8:3d:5f:d0:1c:a4:a1:ed:
                    2d:ab:3b:7f:82:08:8c:a2:5c:da:4b:2d:1d:de:26:
                    a5:8b:bc:59:dc:99:1e:b7:35:96:ac:9f:b9:3c:e1:
                    54:76:bf:c0:83:c3:a9:c0:a1:cd:0a:f5:4e:1e:cd:
                    a2:1c:38:d1:69:7f:a7:f1:19:b5:39:73:bb:69:ca:
                    ae:5c:d1:6b:04:54:e7:7e:c6:75:ad:4d:f4:c0:57:
                    68:83:02:8e:49:98:5a:b4:76:dc:c8:de:cf:62:80:
                    a1:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:1B:07:4B:FD:FF:13:A7:4C:93:6C:15:12:10:DB:85:67:11:26:E1
            X509v3 Authority Key Identifier:
                keyid:6F:07:4D:2E:FB:5F:3E:1D:35:C2:91:F8:A1:1C:0B:C0:BE:7E:C1:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bwdNLvtfPh01wpH4oRwLwL5-wbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/b55ef1-ca63-4ca1-a659-f9720285e797/1/UxsHS_3_E6dMk2wVEhDbhWcRJuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/b55ef1-ca63-4ca1-a659-f9720285e797/1/bwdNLvtfPh01wpH4oRwLwL5-wbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:cc:6b:db:22:0d:47:8e:a5:dd:2e:97:f8:d3:3e:3f:db:06:
         c7:70:4e:95:ed:32:70:95:e8:45:2f:7c:bf:72:ce:ba:9b:ac:
         f0:93:57:f7:90:70:1b:f0:3d:34:9b:0c:68:18:ec:90:95:9b:
         c7:6d:cc:5d:9d:30:6b:22:0f:15:e5:5c:d0:74:6d:ef:d4:1c:
         9d:b9:a5:de:ca:e4:26:d1:76:e2:a4:00:84:e3:d3:7a:3b:26:
         44:35:df:5f:c9:2e:1c:a7:b1:1e:a4:dc:4e:ba:00:ee:f7:86:
         ed:42:09:94:c1:10:a3:86:d3:d5:0f:1a:31:09:3d:c0:4c:e0:
         7e:cb:08:93:bb:91:fe:95:fa:38:e5:c9:50:87:f0:01:f7:8e:
         3e:82:15:33:7b:7a:14:e0:3a:21:95:72:fb:b2:f5:f8:ec:3d:
         d1:8b:fd:45:b8:12:3c:14:92:c6:19:4a:a2:54:af:82:fb:a2:
         b2:1d:7c:f6:0a:11:b0:f1:2f:69:40:78:6e:af:86:f2:2c:21:
         34:d3:c3:44:94:80:81:68:e3:de:6b:7f:42:27:8f:23:11:7d:
         bb:d3:3d:5c:9d:68:35:54:01:73:22:c5:00:2f:63:74:4f:01:
         96:b8:b6:af:cd:cf:ab:08:51:8a:29:16:95:00:95:f5:d3:89:
         96:5c:23:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGAIBbl95S4VCE5CqSJb5IsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMDc0ZDJlZmI1ZjNlMWQzNWMyOTFmOGExMWMwYmMwYmU3
ZWMxYjgwHhcNMjQwODIzMTY0NDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzFiMDc0YmZkZmYxM2E3NGM5MzZjMTUxMjEwZGI4NTY3MTEyNmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkR/nDrPoOfKJ+uyKzOnv68Jm9DB9
ZMfnPVwuBdcBzlr3yLm4xToo2aVQ82WQyNymj022eQVyZRXdv+fJkXoJmjZjXNAM
K++PtmcF49+kM9b2LbFnqeKx/29fC7WJaCk8EKxPigMSyrj9iZEdLlI1NEBigPty
IoAS3JlcnK5DI7yBQ5AMKUVPx6LmYzPX0Lr+mgw6jiy1PWoE9SVk6D1f0Bykoe0t
qzt/ggiMolzaSy0d3iali7xZ3JketzWWrJ+5POFUdr/Ag8OpwKHNCvVOHs2iHDjR
aX+n8Rm1OXO7acquXNFrBFTnfsZ1rU30wFdogwKOSZhatHbcyN7PYoChKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMbB0v9/xOnTJNsFRIQ24VnESbhMB8GA1UdIwQY
MBaAFG8HTS77Xz4dNcKR+KEcC8C+fsG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYndkTkx2dGZQaDAxd3BING9Sd0x3TDUtd2JnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9iNTVlZjEtY2E2My00Y2ExLWE2NTkt
Zjk3MjAyODVlNzk3LzEvVXhzSFNfM19FNmRNazJ3VkVoRGJoV2NSSnVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9iNTVlZjEtY2E2My00Y2ExLWE2NTktZjk3MjAyODVlNzk3
LzEvYndkTkx2dGZQaDAxd3BING9Sd0x3TDUtd2JnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWyCMA0G
CSqGSIb3DQEBCwUAA4IBAQCxzGvbIg1HjqXdLpf40z4/2wbHcE6V7TJwlehFL3y/
cs66m6zwk1f3kHAb8D00mwxoGOyQlZvHbcxdnTBrIg8V5VzQdG3v1ByduaXeyuQm
0XbipACE49N6OyZENd9fyS4cp7EepNxOugDu94btQgmUwRCjhtPVDxoxCT3ATOB+
ywiTu5H+lfo45clQh/AB944+ghUze3oU4DohlXL7svX47D3Ri/1FuBI8FJLGGUqi
VK+C+6KyHXz2ChGw8S9pQHhur4byLCE008NElICBaOPea39CJ48jEX270z1cnWg1
VAFzIsUAL2N0TwGWuLavzc+rCFGKKRaVAJX104mWXCPo
-----END CERTIFICATE-----