Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/76a60e-0d81-4c41-b889-91fc0f51ea07/1/uf-C4rDGm1nml6y3R4uO-V_TqeQ.roa
File:                     uf-C4rDGm1nml6y3R4uO-V_TqeQ.roa (raw, json)
Hash identifier:          kWKUFTC/WkLLhHrlWGtwVk+PEHfO0teLx+ViuENGyLw=
Subject key identifier:   B9:FF:82:E2:B0:C6:9B:59:E6:97:AC:B7:47:8B:8E:F9:5F:D3:A9:E4
Certificate issuer:       /CN=514b4d3effb8bd0b1336eebcb827b77e129e0f6f
Certificate serial:       018CC4922BFF7991AB2BFD6C7F375C8801D4
Authority key identifier: 51:4B:4D:3E:FF:B8:BD:0B:13:36:EE:BC:B8:27:B7:7E:12:9E:0F:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UUtNPv-4vQsTNu68uCe3fhKeD28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/76a60e-0d81-4c41-b889-91fc0f51ea07/1/uf-C4rDGm1nml6y3R4uO-V_TqeQ.roa
Signing time:             Mon 01 Jan 2024 10:29:22 +0000
ROA not before:           Mon 01 Jan 2024 10:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47928
IP address blocks:        195.182.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/76a60e-0d81-4c41-b889-91fc0f51ea07/1/UUtNPv-4vQsTNu68uCe3fhKeD28.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/76a60e-0d81-4c41-b889-91fc0f51ea07/1/UUtNPv-4vQsTNu68uCe3fhKeD28.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UUtNPv-4vQsTNu68uCe3fhKeD28.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 22:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:2b:ff:79:91:ab:2b:fd:6c:7f:37:5c:88:01:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=514b4d3effb8bd0b1336eebcb827b77e129e0f6f
        Validity
            Not Before: Jan  1 10:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9ff82e2b0c69b59e697acb7478b8ef95fd3a9e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:cd:cb:b1:3d:45:5f:bd:8e:ec:5a:94:bb:d8:
                    58:2e:ca:ce:ad:fe:64:d3:77:bb:cc:a9:9e:ea:c8:
                    b3:c7:02:8d:c6:93:bc:cd:98:47:83:46:d3:f6:b2:
                    f3:1f:4e:8a:84:81:49:ee:dd:01:a6:ab:35:96:b8:
                    ce:41:69:9e:f5:0b:b9:86:5e:69:0f:cf:e5:5f:99:
                    e4:53:c2:d5:86:0e:ba:cb:09:91:a0:51:fc:29:03:
                    3a:b2:9e:ea:0c:19:08:95:09:81:3c:5b:3f:ae:9f:
                    10:df:30:7e:b4:77:e4:21:d7:80:02:c0:0f:ca:58:
                    9b:55:f4:e0:1b:94:69:ee:25:13:2a:1d:a8:73:da:
                    b6:28:65:26:5b:63:11:69:62:43:de:37:78:66:0f:
                    e0:aa:7a:1e:c0:ac:d6:f0:b3:3a:2d:5b:dd:3d:79:
                    e8:b8:9e:96:5b:2e:ef:f7:4b:35:bd:85:01:31:a1:
                    24:0f:9e:59:7b:fc:02:1e:ba:7a:37:b0:07:f3:55:
                    ab:11:bc:09:01:95:c9:69:47:f1:82:98:08:e3:7e:
                    53:ef:d1:88:f1:f3:01:6e:81:a0:50:38:55:e8:03:
                    f7:f1:ac:7e:98:40:5e:42:92:c2:68:36:84:5e:bf:
                    ef:ec:94:de:43:56:54:73:fa:a8:6a:14:61:bc:67:
                    53:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:FF:82:E2:B0:C6:9B:59:E6:97:AC:B7:47:8B:8E:F9:5F:D3:A9:E4
            X509v3 Authority Key Identifier:
                keyid:51:4B:4D:3E:FF:B8:BD:0B:13:36:EE:BC:B8:27:B7:7E:12:9E:0F:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UUtNPv-4vQsTNu68uCe3fhKeD28.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/76a60e-0d81-4c41-b889-91fc0f51ea07/1/uf-C4rDGm1nml6y3R4uO-V_TqeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/76a60e-0d81-4c41-b889-91fc0f51ea07/1/UUtNPv-4vQsTNu68uCe3fhKeD28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.182.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:d2:df:14:b1:51:23:e5:17:1e:52:a9:08:37:61:49:ef:1f:
         73:dc:4a:bf:ac:9b:76:ae:bf:49:ef:2a:0b:c5:6f:73:a1:98:
         dc:f0:5f:b3:c6:ca:c6:f1:29:17:0f:91:aa:80:b8:28:b4:8e:
         c4:06:74:5b:da:fd:06:ea:fc:97:13:b3:d7:f8:d5:74:fe:b8:
         df:71:b4:28:f3:9a:72:08:69:1f:e2:3a:29:cf:2c:4a:88:83:
         79:84:e9:be:19:a2:82:e7:43:6c:10:4a:d8:8c:fd:8f:89:bd:
         8a:46:69:91:ef:b4:96:a1:d3:41:af:b8:38:02:d1:c5:e2:82:
         c4:05:ef:e9:fa:4d:e5:28:85:59:d6:4b:9e:bb:2d:dd:94:c4:
         cb:e3:d8:32:a9:b8:54:df:62:66:c0:f8:9c:75:38:98:e9:c6:
         f0:9d:5c:57:13:a9:89:b3:01:e5:49:36:e4:d6:6d:e1:d1:21:
         a1:eb:4b:64:65:ca:29:3a:b7:4a:1f:02:06:0a:6f:a4:ea:a7:
         ba:d9:a3:60:2d:9e:1b:35:91:86:d2:2b:f1:16:d7:3c:2b:ff:
         58:b8:c9:7d:b5:a4:f7:db:5e:a8:8c:a9:75:07:c5:19:2f:16:
         3c:ed:94:19:1a:87:c0:5b:9a:c4:f9:be:19:f1:60:e7:11:82:
         49:44:0b:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkiv/eZGrK/1sfzdciAHUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxNGI0ZDNlZmZiOGJkMGIxMzM2ZWViY2I4MjdiNzdlMTI5
ZTBmNmYwHhcNMjQwMTAxMTAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWZmODJlMmIwYzY5YjU5ZTY5N2FjYjc0NzhiOGVmOTVmZDNhOWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxs3LsT1FX72O7FqUu9hYLsrOrf5k
03e7zKme6sizxwKNxpO8zZhHg0bT9rLzH06KhIFJ7t0Bpqs1lrjOQWme9Qu5hl5p
D8/lX5nkU8LVhg66ywmRoFH8KQM6sp7qDBkIlQmBPFs/rp8Q3zB+tHfkIdeAAsAP
ylibVfTgG5Rp7iUTKh2oc9q2KGUmW2MRaWJD3jd4Zg/gqnoewKzW8LM6LVvdPXno
uJ6WWy7v90s1vYUBMaEkD55Ze/wCHrp6N7AH81WrEbwJAZXJaUfxgpgI435T79GI
8fMBboGgUDhV6AP38ax+mEBeQpLCaDaEXr/v7JTeQ1ZUc/qoahRhvGdT7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLn/guKwxptZ5pest0eLjvlf06nkMB8GA1UdIwQY
MBaAFFFLTT7/uL0LEzbuvLgnt34Sng9vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVV0TlB2LTR2UXNUTnU2OHVDZTNmaEtlRDI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC83NmE2MGUtMGQ4MS00YzQxLWI4ODkt
OTFmYzBmNTFlYTA3LzEvdWYtQzRyREdtMW5tbDZ5M1I0dU8tVl9UcWVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC83NmE2MGUtMGQ4MS00YzQxLWI4ODktOTFmYzBmNTFlYTA3
LzEvVVV0TlB2LTR2UXNUTnU2OHVDZTNmaEtlRDI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7YsMA0G
CSqGSIb3DQEBCwUAA4IBAQAw0t8UsVEj5RceUqkIN2FJ7x9z3Eq/rJt2rr9J7yoL
xW9zoZjc8F+zxsrG8SkXD5GqgLgotI7EBnRb2v0G6vyXE7PX+NV0/rjfcbQo85py
CGkf4jopzyxKiIN5hOm+GaKC50NsEErYjP2Pib2KRmmR77SWodNBr7g4AtHF4oLE
Be/p+k3lKIVZ1kueuy3dlMTL49gyqbhU32JmwPicdTiY6cbwnVxXE6mJswHlSTbk
1m3h0SGh60tkZcopOrdKHwIGCm+k6qe62aNgLZ4bNZGG0ivxFtc8K/9YuMl9taT3
216ojKl1B8UZLxY87ZQZGofAW5rE+b4Z8WDnEYJJRAuY
-----END CERTIFICATE-----