Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/624e63-b876-4ef4-bf19-e43620880cb6/1/2UppjTO_hdeUfGVHwX-49DDLcZ0.roa
File:                     2UppjTO_hdeUfGVHwX-49DDLcZ0.roa (raw, json)
Hash identifier:          ubTxHdqO886FOcrliAHFxl7Q7pzMz+8G/gvxflqPCsM=
Subject key identifier:   D9:4A:69:8D:33:BF:85:D7:94:7C:65:47:C1:7F:B8:F4:30:CB:71:9D
Certificate issuer:       /CN=320247516e91017e2dbcb572ca0f29a12281acf0
Certificate serial:       018F4FB869396D0863AF5C14B59077F77B99
Authority key identifier: 32:02:47:51:6E:91:01:7E:2D:BC:B5:72:CA:0F:29:A1:22:81:AC:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MgJHUW6RAX4tvLVyyg8poSKBrPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/624e63-b876-4ef4-bf19-e43620880cb6/1/2UppjTO_hdeUfGVHwX-49DDLcZ0.roa
Signing time:             Mon 06 May 2024 21:03:56 +0000
ROA not before:           Mon 06 May 2024 21:03:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47506
IP address blocks:        93.174.184.0/21 maxlen: 24
                          185.39.32.0/22 maxlen: 24
                          2a02:e60::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/624e63-b876-4ef4-bf19-e43620880cb6/1/MgJHUW6RAX4tvLVyyg8poSKBrPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/624e63-b876-4ef4-bf19-e43620880cb6/1/MgJHUW6RAX4tvLVyyg8poSKBrPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MgJHUW6RAX4tvLVyyg8poSKBrPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4f:b8:69:39:6d:08:63:af:5c:14:b5:90:77:f7:7b:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=320247516e91017e2dbcb572ca0f29a12281acf0
        Validity
            Not Before: May  6 21:03:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d94a698d33bf85d7947c6547c17fb8f430cb719d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c7:bb:5e:71:bc:41:08:b6:6a:91:fe:fb:32:
                    29:79:0c:97:ec:68:3a:be:dc:08:2d:c8:02:a2:8e:
                    e0:f3:6e:c8:35:c4:05:af:15:5e:88:de:96:3a:19:
                    17:d4:2c:8e:45:ca:0c:e1:67:dc:c2:d2:a1:0d:5b:
                    7f:69:13:27:dd:66:53:8d:59:a3:70:07:0f:b7:93:
                    5c:d7:56:80:0a:c6:8d:17:bc:0d:c0:e5:e1:32:d5:
                    46:c2:6d:67:c0:d3:8a:ec:be:87:fd:d6:67:a7:ee:
                    d2:bc:f2:86:5d:bb:e1:10:73:0f:61:4d:a2:62:35:
                    6d:01:bd:5b:3c:fd:64:c4:b0:e0:81:8d:a3:d0:1c:
                    83:50:16:c8:1f:bc:74:7a:74:ed:e0:43:fe:9f:7f:
                    99:59:bc:f8:8b:2b:45:f6:75:1d:f3:cf:82:bd:32:
                    cc:72:13:16:8a:40:28:a1:22:7e:1a:9a:ca:f3:56:
                    cd:78:d4:16:c4:11:c0:5c:15:8d:5a:4b:62:e3:8c:
                    8d:8d:e4:ca:89:4a:b2:23:40:12:d9:37:48:8e:c0:
                    85:5f:e1:81:8e:d6:9d:6c:f6:18:34:27:37:6b:32:
                    9d:ec:20:8c:8a:f3:65:3c:51:e0:83:93:51:65:30:
                    18:73:b2:fc:d9:5c:39:e9:30:9d:ba:60:01:2c:ae:
                    de:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:4A:69:8D:33:BF:85:D7:94:7C:65:47:C1:7F:B8:F4:30:CB:71:9D
            X509v3 Authority Key Identifier:
                keyid:32:02:47:51:6E:91:01:7E:2D:BC:B5:72:CA:0F:29:A1:22:81:AC:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MgJHUW6RAX4tvLVyyg8poSKBrPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/624e63-b876-4ef4-bf19-e43620880cb6/1/2UppjTO_hdeUfGVHwX-49DDLcZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/624e63-b876-4ef4-bf19-e43620880cb6/1/MgJHUW6RAX4tvLVyyg8poSKBrPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.174.184.0/21
                  185.39.32.0/22
                IPv6:
                  2a02:e60::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:b5:d5:98:1f:d9:a1:80:00:86:c5:a5:60:16:62:bc:f7:d1:
         c7:0a:87:f6:47:2a:ab:3f:38:8c:a9:d4:7c:69:eb:7e:a9:44:
         8a:31:8a:12:06:26:a3:b0:44:c6:24:36:72:a8:33:82:28:ee:
         12:b5:80:62:b1:f1:b0:04:19:d1:06:fd:ef:8f:96:fe:66:56:
         fd:3a:d6:87:5d:fd:a3:23:aa:13:9e:bb:31:0d:cb:8f:92:18:
         80:a3:32:00:ef:98:6e:cc:15:26:15:89:cd:06:c1:a2:9d:d7:
         98:42:0d:f6:ff:60:80:e6:9b:38:ea:cf:18:cc:83:e7:b1:27:
         62:3e:46:3f:e1:64:5d:c9:0d:4e:fd:a0:15:4b:cf:7b:e0:4b:
         45:cf:2b:19:a2:d1:4d:bd:72:95:3c:13:ca:46:b7:87:34:6c:
         cd:48:08:03:0d:6a:72:00:35:ad:53:c1:ab:33:b1:fb:b7:5c:
         d2:7d:96:02:7c:a4:58:14:7c:0d:45:bd:1a:1e:b8:99:5a:8e:
         66:f1:29:a8:1c:16:bd:ca:b0:65:33:ab:16:e9:de:48:a8:16:
         23:26:28:ac:d9:f7:3a:2a:9c:14:5c:a1:92:bc:2e:97:52:b7:
         f4:60:62:22:10:a2:fe:db:50:f0:a9:9d:3e:d9:44:42:65:8f:
         8d:59:5e:6b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY9PuGk5bQhjr1wUtZB393uZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMDI0NzUxNmU5MTAxN2UyZGJjYjU3MmNhMGYyOWExMjI4
MWFjZjAwHhcNMjQwNTA2MjEwMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTRhNjk4ZDMzYmY4NWQ3OTQ3YzY1NDdjMTdmYjhmNDMwY2I3MTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8e7XnG8QQi2apH++zIpeQyX7Gg6
vtwILcgCoo7g827INcQFrxVeiN6WOhkX1CyORcoM4WfcwtKhDVt/aRMn3WZTjVmj
cAcPt5Nc11aACsaNF7wNwOXhMtVGwm1nwNOK7L6H/dZnp+7SvPKGXbvhEHMPYU2i
YjVtAb1bPP1kxLDggY2j0ByDUBbIH7x0enTt4EP+n3+ZWbz4iytF9nUd88+CvTLM
chMWikAooSJ+GprK81bNeNQWxBHAXBWNWkti44yNjeTKiUqyI0AS2TdIjsCFX+GB
jtadbPYYNCc3azKd7CCMivNlPFHgg5NRZTAYc7L82Vw56TCdumABLK7egQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNlKaY0zv4XXlHxlR8F/uPQwy3GdMB8GA1UdIwQY
MBaAFDICR1FukQF+Lby1csoPKaEigazwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWdKSFVXNlJBWDR0dkxWeXlnOHBvU0tCclBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS82MjRlNjMtYjg3Ni00ZWY0LWJmMTkt
ZTQzNjIwODgwY2I2LzEvMlVwcGpUT19oZGVVZkdWSHdYLTQ5RERMY1owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS82MjRlNjMtYjg3Ni00ZWY0LWJmMTktZTQzNjIwODgwY2I2
LzEvTWdKSFVXNlJBWDR0dkxWeXlnOHBvU0tCclBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDXa64AwQC
uScgMA0EAgACMAcDBQAqAg5gMA0GCSqGSIb3DQEBCwUAA4IBAQBTtdWYH9mhgACG
xaVgFmK899HHCof2RyqrPziMqdR8aet+qUSKMYoSBiajsETGJDZyqDOCKO4StYBi
sfGwBBnRBv3vj5b+Zlb9OtaHXf2jI6oTnrsxDcuPkhiAozIA75huzBUmFYnNBsGi
ndeYQg32/2CA5ps46s8YzIPnsSdiPkY/4WRdyQ1O/aAVS8974EtFzysZotFNvXKV
PBPKRreHNGzNSAgDDWpyADWtU8GrM7H7t1zSfZYCfKRYFHwNRb0aHriZWo5m8Smo
HBa9yrBlM6sW6d5IqBYjJiis2fc6KpwUXKGSvC6XUrf0YGIiEKL+21DwqZ0+2URC
ZY+NWV5r
-----END CERTIFICATE-----