Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/UbBEFIkqmtjlchOqliA4CJMPpqM.roa
File:                     UbBEFIkqmtjlchOqliA4CJMPpqM.roa (raw, json)
Hash identifier:          by6vbebcc8nRlJYjkZw4NeTX9Tn+vaPj90zV/obzbWY=
Subject key identifier:   51:B0:44:14:89:2A:9A:D8:E5:72:13:AA:96:20:38:08:93:0F:A6:A3
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       0192B5126EF742DED2FB6AA519A139D211A8
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/UbBEFIkqmtjlchOqliA4CJMPpqM.roa
Signing time:             Tue 22 Oct 2024 16:32:17 +0000
ROA not before:           Tue 22 Oct 2024 16:32:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214010
IP address blocks:        185.225.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b5:12:6e:f7:42:de:d2:fb:6a:a5:19:a1:39:d2:11:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Oct 22 16:32:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51b04414892a9ad8e57213aa96203808930fa6a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:04:e3:d8:cb:a7:e4:1d:53:19:34:fc:1d:cb:
                    df:ff:c2:bc:77:f3:bc:59:11:c9:70:22:07:14:e5:
                    d8:52:4e:b9:b0:b0:a2:f2:03:ae:7e:65:26:51:74:
                    5e:72:df:6e:28:f9:11:fb:5d:6f:82:b7:4f:3f:85:
                    9a:ef:4d:da:d1:ad:a3:82:6f:97:d8:fe:48:89:55:
                    eb:22:08:cc:65:a1:71:90:f8:54:09:52:55:e4:8a:
                    d7:4c:b8:5e:22:55:1c:35:f3:24:a2:43:bd:fa:92:
                    e4:80:de:14:30:d7:8b:72:04:37:ee:46:ea:a0:9e:
                    da:64:51:86:ea:94:c4:73:3d:d8:78:d7:51:1a:85:
                    5d:a4:a6:d1:f7:c4:0c:20:f5:dd:ae:f0:95:6a:d0:
                    3c:1a:b9:8d:4d:64:04:f6:40:fa:9f:23:99:32:07:
                    9d:9c:89:30:36:26:c3:5b:39:56:b9:c2:ac:eb:13:
                    23:f2:f7:c5:a7:f4:0e:50:94:c2:ed:23:bc:40:3c:
                    e6:de:34:30:ea:c2:8d:8f:8e:a0:30:06:ab:bf:cb:
                    25:fe:e5:ad:c0:75:a6:aa:2d:07:c6:53:45:b1:47:
                    2d:44:f6:df:d4:a1:a6:01:6f:2e:94:e5:ca:e8:aa:
                    29:5f:25:64:44:01:ff:fd:66:bc:76:ab:3b:4a:db:
                    05:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:B0:44:14:89:2A:9A:D8:E5:72:13:AA:96:20:38:08:93:0F:A6:A3
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/UbBEFIkqmtjlchOqliA4CJMPpqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:7f:1b:03:e7:c1:4f:33:bc:80:54:74:03:02:66:e2:e3:b6:
         f3:fb:ac:7c:3e:86:2e:d9:2f:22:00:1e:a0:5f:0b:9d:35:43:
         db:23:44:24:44:88:1c:cd:f9:8d:88:4e:b8:88:27:ba:d5:d5:
         06:27:f5:e4:c0:c8:17:65:16:f2:54:92:53:06:48:da:44:65:
         50:87:93:86:62:87:b7:5b:34:c5:b9:b5:6f:ca:a5:8f:e9:62:
         61:23:de:6f:b9:26:35:ca:dc:66:b6:22:59:40:e8:ee:12:c6:
         63:0b:2c:42:1c:8a:a5:b4:9a:83:6d:6e:b7:eb:3a:19:cc:d6:
         96:fc:08:5c:71:43:e9:57:11:00:4f:ab:74:76:91:05:42:2a:
         fd:b1:6b:7b:35:2d:15:44:0e:cd:0b:5e:f9:62:44:65:62:4d:
         ff:29:2a:bc:35:af:26:5a:39:c3:84:67:d0:0b:04:73:b8:78:
         af:e2:1d:b0:bc:42:27:6a:9a:6e:ea:7a:eb:8f:85:72:45:17:
         a3:27:8a:df:37:c3:ec:76:53:10:b4:1c:4a:a5:92:c8:e0:6d:
         1f:4b:bf:2d:07:a3:b5:5b:71:0b:97:03:31:32:7a:77:b6:83:
         64:c5:12:94:6b:6b:22:30:c6:a7:e9:28:9a:58:66:02:6b:8e:
         da:61:9c:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK1Em73Qt7S+2qlGaE50hGoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQxMDIyMTYzMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWIwNDQxNDg5MmE5YWQ4ZTU3MjEzYWE5NjIwMzgwODkzMGZhNmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgTj2Mun5B1TGTT8Hcvf/8K8d/O8
WRHJcCIHFOXYUk65sLCi8gOufmUmUXRect9uKPkR+11vgrdPP4Wa703a0a2jgm+X
2P5IiVXrIgjMZaFxkPhUCVJV5IrXTLheIlUcNfMkokO9+pLkgN4UMNeLcgQ37kbq
oJ7aZFGG6pTEcz3YeNdRGoVdpKbR98QMIPXdrvCVatA8GrmNTWQE9kD6nyOZMged
nIkwNibDWzlWucKs6xMj8vfFp/QOUJTC7SO8QDzm3jQw6sKNj46gMAarv8sl/uWt
wHWmqi0HxlNFsUctRPbf1KGmAW8ulOXK6KopXyVkRAH//Wa8dqs7StsF7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFGwRBSJKprY5XITqpYgOAiTD6ajMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvVWJCRUZJa3FtdGpsY2hPcWxpQTRDSk1QcHFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueHOMA0G
CSqGSIb3DQEBCwUAA4IBAQA7fxsD58FPM7yAVHQDAmbi47bz+6x8PoYu2S8iAB6g
XwudNUPbI0QkRIgczfmNiE64iCe61dUGJ/XkwMgXZRbyVJJTBkjaRGVQh5OGYoe3
WzTFubVvyqWP6WJhI95vuSY1ytxmtiJZQOjuEsZjCyxCHIqltJqDbW636zoZzNaW
/AhccUPpVxEAT6t0dpEFQir9sWt7NS0VRA7NC175YkRlYk3/KSq8Na8mWjnDhGfQ
CwRzuHiv4h2wvEInappu6nrrj4VyRRejJ4rfN8PsdlMQtBxKpZLI4G0fS78tB6O1
W3ELlwMxMnp3toNkxRKUa2siMMan6SiaWGYCa47aYZxN
-----END CERTIFICATE-----