Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/eb27f2-e369-4b07-8d1d-c3431d320406/1/cUf_ucABkY52EfwQHCzWj8OXBHg.roa
File:                     cUf_ucABkY52EfwQHCzWj8OXBHg.roa (raw, json)
Hash identifier:          M4+dsoJpmBcNMNiTY4A9WR/rv3PyMgvOOqeNzQ9MZS8=
Subject key identifier:   71:47:FF:B9:C0:01:91:8E:76:11:FC:10:1C:2C:D6:8F:C3:97:04:78
Certificate issuer:       /CN=27321078f359d7990276dabb0f8c30070e685963
Certificate serial:       018CC3B6C213AA4412364C62BB542A308AC6
Authority key identifier: 27:32:10:78:F3:59:D7:99:02:76:DA:BB:0F:8C:30:07:0E:68:59:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JzIQePNZ15kCdtq7D4wwBw5oWWM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/eb27f2-e369-4b07-8d1d-c3431d320406/1/cUf_ucABkY52EfwQHCzWj8OXBHg.roa
Signing time:             Mon 01 Jan 2024 06:29:43 +0000
ROA not before:           Mon 01 Jan 2024 06:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212438
IP address blocks:        185.179.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/eb27f2-e369-4b07-8d1d-c3431d320406/1/JzIQePNZ15kCdtq7D4wwBw5oWWM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/eb27f2-e369-4b07-8d1d-c3431d320406/1/JzIQePNZ15kCdtq7D4wwBw5oWWM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JzIQePNZ15kCdtq7D4wwBw5oWWM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c2:13:aa:44:12:36:4c:62:bb:54:2a:30:8a:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27321078f359d7990276dabb0f8c30070e685963
        Validity
            Not Before: Jan  1 06:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7147ffb9c001918e7611fc101c2cd68fc3970478
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b6:85:c5:51:fd:bb:e6:1e:d5:7d:d7:42:11:
                    b2:95:3f:e1:b1:35:ed:19:4c:57:78:c1:c1:44:1a:
                    91:3a:df:4a:9b:72:f4:3e:63:1a:4d:f5:aa:95:89:
                    9e:41:24:0d:22:84:d9:7a:97:0f:db:ae:9d:ce:51:
                    dd:54:9c:6e:7b:e6:14:44:27:20:1d:1e:fb:84:44:
                    0b:85:57:5a:ba:c5:92:41:a4:ef:8a:da:19:c5:35:
                    8f:a3:dd:94:51:1d:04:dc:2f:d7:78:a1:67:66:d6:
                    56:36:8f:59:37:00:f7:73:eb:ac:9a:33:4d:1a:6e:
                    ee:86:41:b9:6b:59:8a:c6:93:5d:40:52:69:38:55:
                    c0:ba:40:bb:c3:71:54:94:d8:3e:53:a2:1b:ec:04:
                    e7:3d:ac:97:ae:a3:2c:ae:28:cf:23:ad:63:84:96:
                    61:89:0c:4d:75:be:16:df:e1:95:28:bc:a9:55:89:
                    21:b4:5b:84:dd:0b:98:2b:3c:bf:b5:dd:62:63:21:
                    91:e7:fb:23:20:92:cd:3d:2e:a9:a0:9f:16:99:6c:
                    b4:6d:f8:52:bb:36:24:d9:c9:59:a0:3d:4c:bf:43:
                    dc:70:fa:19:15:33:0f:3d:df:0b:98:f4:90:b0:8d:
                    bc:11:df:9f:0f:d6:02:b9:84:88:b3:d7:a9:6b:9a:
                    24:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:47:FF:B9:C0:01:91:8E:76:11:FC:10:1C:2C:D6:8F:C3:97:04:78
            X509v3 Authority Key Identifier:
                keyid:27:32:10:78:F3:59:D7:99:02:76:DA:BB:0F:8C:30:07:0E:68:59:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JzIQePNZ15kCdtq7D4wwBw5oWWM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/eb27f2-e369-4b07-8d1d-c3431d320406/1/cUf_ucABkY52EfwQHCzWj8OXBHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/eb27f2-e369-4b07-8d1d-c3431d320406/1/JzIQePNZ15kCdtq7D4wwBw5oWWM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:7d:c2:68:c4:b3:f0:e7:20:22:1a:66:2d:a0:a5:bc:6c:52:
         a5:58:20:3c:c2:a6:df:17:4f:15:2a:6f:7d:5e:5f:27:d0:a9:
         cc:b8:72:99:85:c9:38:9d:2c:ce:7c:08:fa:d6:b0:e7:e8:f6:
         67:b3:dc:ff:0c:f4:c4:07:e4:33:f4:70:47:6d:0c:86:76:68:
         d4:8f:d6:98:96:41:aa:20:3e:2a:75:12:c7:12:4d:7c:a4:b9:
         0d:79:97:fa:e0:21:7f:17:e2:56:b5:06:a4:dc:c8:06:76:fb:
         bf:15:7b:64:dd:5f:7e:fa:7e:63:04:29:2b:0f:e3:e9:83:79:
         0b:11:c5:28:1a:a2:bb:92:d3:4b:ad:36:24:c6:57:9b:42:ed:
         eb:9d:a0:82:d9:62:48:dd:f1:3e:3b:9a:46:75:76:1d:b0:1a:
         75:b3:60:7c:90:38:ec:79:8e:9d:bf:d5:4e:5d:a0:4c:8a:a4:
         49:d2:54:66:52:2e:1e:b8:d6:5a:91:d4:fd:26:d2:c6:4a:71:
         e3:a4:55:5f:61:f3:50:93:4c:3a:49:85:55:1a:8e:1b:c1:8b:
         f8:88:de:48:d0:05:73:4a:bc:86:d3:5c:97:fc:05:66:11:ba:
         8d:cf:9e:c0:a0:0a:eb:91:09:69:0b:61:61:2b:6c:a6:78:1a:
         51:a8:23:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtsITqkQSNkxiu1QqMIrGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MzIxMDc4ZjM1OWQ3OTkwMjc2ZGFiYjBmOGMzMDA3MGU2
ODU5NjMwHhcNMjQwMTAxMDYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTQ3ZmZiOWMwMDE5MThlNzYxMWZjMTAxYzJjZDY4ZmMzOTcwNDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLaFxVH9u+Ye1X3XQhGylT/hsTXt
GUxXeMHBRBqROt9Km3L0PmMaTfWqlYmeQSQNIoTZepcP266dzlHdVJxue+YURCcg
HR77hEQLhVdausWSQaTvitoZxTWPo92UUR0E3C/XeKFnZtZWNo9ZNwD3c+usmjNN
Gm7uhkG5a1mKxpNdQFJpOFXAukC7w3FUlNg+U6Ib7ATnPayXrqMsrijPI61jhJZh
iQxNdb4W3+GVKLypVYkhtFuE3QuYKzy/td1iYyGR5/sjIJLNPS6poJ8WmWy0bfhS
uzYk2clZoD1Mv0PccPoZFTMPPd8LmPSQsI28Ed+fD9YCuYSIs9epa5okJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFH/7nAAZGOdhH8EBws1o/DlwR4MB8GA1UdIwQY
MBaAFCcyEHjzWdeZAnbauw+MMAcOaFljMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnpJUWVQTloxNWtDZHRxN0Q0d3dCdzVvV1dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9lYjI3ZjItZTM2OS00YjA3LThkMWQt
YzM0MzFkMzIwNDA2LzEvY1VmX3VjQUJrWTUyRWZ3UUhDeldqOE9YQkhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9lYjI3ZjItZTM2OS00YjA3LThkMWQtYzM0MzFkMzIwNDA2
LzEvSnpJUWVQTloxNWtDZHRxN0Q0d3dCdzVvV1dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubPVMA0G
CSqGSIb3DQEBCwUAA4IBAQAGfcJoxLPw5yAiGmYtoKW8bFKlWCA8wqbfF08VKm99
Xl8n0KnMuHKZhck4nSzOfAj61rDn6PZns9z/DPTEB+Qz9HBHbQyGdmjUj9aYlkGq
ID4qdRLHEk18pLkNeZf64CF/F+JWtQak3MgGdvu/FXtk3V9++n5jBCkrD+Ppg3kL
EcUoGqK7ktNLrTYkxlebQu3rnaCC2WJI3fE+O5pGdXYdsBp1s2B8kDjseY6dv9VO
XaBMiqRJ0lRmUi4euNZakdT9JtLGSnHjpFVfYfNQk0w6SYVVGo4bwYv4iN5I0AVz
SryG01yX/AVmEbqNz57AoArrkQlpC2FhK2ymeBpRqCMK
-----END CERTIFICATE-----