Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/7dbf36-2485-4935-a0c7-ef91d8b5b081/1/UcqTmJ89l8NUNjKYfDLMA156xvg.roa
File:                     UcqTmJ89l8NUNjKYfDLMA156xvg.roa (raw, json)
Hash identifier:          vHYUpfnZxXjHkU7oFNbi+l4QCTaNKF/HLN9VYPGDanA=
Subject key identifier:   51:CA:93:98:9F:3D:97:C3:54:36:32:98:7C:32:CC:03:5E:7A:C6:F8
Certificate issuer:       /CN=3ad11f6c179eb3142a48ee64b2e94cde9dd36173
Certificate serial:       01942143E468DD2C86046891478F4E38D2A4
Authority key identifier: 3A:D1:1F:6C:17:9E:B3:14:2A:48:EE:64:B2:E9:4C:DE:9D:D3:61:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OtEfbBeesxQqSO5ksulM3p3TYXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/7dbf36-2485-4935-a0c7-ef91d8b5b081/1/UcqTmJ89l8NUNjKYfDLMA156xvg.roa
Signing time:             Wed 01 Jan 2025 09:48:04 +0000
ROA not before:           Wed 01 Jan 2025 09:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50718
IP address blocks:        193.105.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/7dbf36-2485-4935-a0c7-ef91d8b5b081/1/OtEfbBeesxQqSO5ksulM3p3TYXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/7dbf36-2485-4935-a0c7-ef91d8b5b081/1/OtEfbBeesxQqSO5ksulM3p3TYXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OtEfbBeesxQqSO5ksulM3p3TYXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:e4:68:dd:2c:86:04:68:91:47:8f:4e:38:d2:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ad11f6c179eb3142a48ee64b2e94cde9dd36173
        Validity
            Not Before: Jan  1 09:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=51ca93989f3d97c3543632987c32cc035e7ac6f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:cb:d8:12:73:e8:88:4c:4c:ef:0c:d0:ed:a5:
                    95:0a:f1:1a:e4:40:25:c2:1f:0e:b4:e7:f3:56:99:
                    c8:58:33:1d:3c:7c:30:7d:2b:da:3d:4e:ab:9c:df:
                    38:e2:11:2b:98:da:5d:34:c6:22:02:c8:9c:06:2d:
                    a6:97:92:f1:69:37:bb:7f:f6:f5:b9:87:9d:07:0f:
                    c1:64:df:6f:de:c2:36:8d:5d:78:8b:bd:a6:f8:6e:
                    cc:ad:83:bf:e2:07:9a:6d:5e:1f:8f:8e:17:d9:fd:
                    a3:25:10:2d:94:55:bd:25:38:5e:82:e4:b0:93:60:
                    25:45:10:80:14:9b:e0:30:ed:ac:4f:25:28:61:64:
                    9b:aa:2a:cc:7d:02:f6:62:1a:51:ec:ba:ef:d9:47:
                    05:26:e2:50:29:da:46:70:b7:11:3e:9c:98:a5:43:
                    0e:7a:e6:8c:d3:a5:43:6c:47:d8:a0:a1:95:a5:08:
                    56:2b:7c:14:00:fe:0f:bd:6d:22:4f:60:64:ae:eb:
                    32:c6:08:19:36:f4:38:08:8d:26:01:47:4e:a6:04:
                    4f:dc:a0:69:97:ae:ce:73:ea:8d:c1:76:be:c3:2c:
                    a1:6d:7b:c3:c8:af:5f:90:da:72:b0:1b:6e:2b:21:
                    f7:6d:dd:37:76:1e:2a:a5:88:e4:5c:41:ca:8d:45:
                    3c:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:CA:93:98:9F:3D:97:C3:54:36:32:98:7C:32:CC:03:5E:7A:C6:F8
            X509v3 Authority Key Identifier:
                keyid:3A:D1:1F:6C:17:9E:B3:14:2A:48:EE:64:B2:E9:4C:DE:9D:D3:61:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OtEfbBeesxQqSO5ksulM3p3TYXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/7dbf36-2485-4935-a0c7-ef91d8b5b081/1/UcqTmJ89l8NUNjKYfDLMA156xvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/7dbf36-2485-4935-a0c7-ef91d8b5b081/1/OtEfbBeesxQqSO5ksulM3p3TYXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:f7:62:9a:44:f8:56:82:cc:a8:7d:18:dd:91:4d:03:d1:92:
         48:99:3e:a5:25:e1:ce:34:e2:23:ef:5f:64:c4:29:0a:99:bf:
         96:66:f7:89:b9:f1:b1:c7:3d:3e:6a:2d:c1:33:1f:bc:29:33:
         be:7a:80:c3:cf:06:ab:7d:e6:12:f0:68:33:76:3d:0b:f9:25:
         dc:50:50:90:5e:b1:08:94:2a:8a:b2:14:52:bf:50:dc:be:6f:
         f2:05:a2:11:a8:5f:e4:9d:83:68:87:45:1d:1f:15:f5:d3:25:
         97:12:c6:60:49:90:de:84:27:88:ce:6c:b8:bf:b5:92:e8:28:
         e1:bd:00:70:05:77:d5:e5:0e:16:f1:1b:30:51:b8:53:61:fb:
         ad:a1:2c:3e:aa:0f:28:37:55:8d:07:69:46:80:ac:d6:c2:5f:
         b1:12:93:15:ec:db:65:65:99:f2:b1:fa:39:f4:17:1b:b7:2b:
         c7:e0:45:05:6e:b9:0c:b4:14:b4:68:63:97:36:29:ff:b9:22:
         07:59:fb:6c:d0:d1:03:15:ed:d5:82:44:fb:15:2e:8d:37:a4:
         28:ee:86:3c:4e:42:1e:87:f6:63:3c:e7:2d:e8:29:fc:e7:be:
         7b:de:9e:0b:6b:4a:10:10:aa:b0:c2:96:c5:93:a0:9d:e9:a8:
         41:03:19:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ+Ro3SyGBGiRR49OONKkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZDExZjZjMTc5ZWIzMTQyYTQ4ZWU2NGIyZTk0Y2RlOWRk
MzYxNzMwHhcNMjUwMTAxMDk0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWNhOTM5ODlmM2Q5N2MzNTQzNjMyOTg3YzMyY2MwMzVlN2FjNmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6cvYEnPoiExM7wzQ7aWVCvEa5EAl
wh8OtOfzVpnIWDMdPHwwfSvaPU6rnN844hErmNpdNMYiAsicBi2ml5LxaTe7f/b1
uYedBw/BZN9v3sI2jV14i72m+G7MrYO/4geabV4fj44X2f2jJRAtlFW9JTheguSw
k2AlRRCAFJvgMO2sTyUoYWSbqirMfQL2YhpR7Lrv2UcFJuJQKdpGcLcRPpyYpUMO
euaM06VDbEfYoKGVpQhWK3wUAP4PvW0iT2BkrusyxggZNvQ4CI0mAUdOpgRP3KBp
l67Oc+qNwXa+wyyhbXvDyK9fkNpysBtuKyH3bd03dh4qpYjkXEHKjUU8UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFHKk5ifPZfDVDYymHwyzANeesb4MB8GA1UdIwQY
MBaAFDrRH2wXnrMUKkjuZLLpTN6d02FzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RFZmJCZWVzeFFxU081a3N1bE0zcDNUWVhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy83ZGJmMzYtMjQ4NS00OTM1LWEwYzct
ZWY5MWQ4YjViMDgxLzEvVWNxVG1KODlsOE5VTmpLWWZETE1BMTU2eHZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy83ZGJmMzYtMjQ4NS00OTM1LWEwYzctZWY5MWQ4YjViMDgx
LzEvT3RFZmJCZWVzeFFxU081a3N1bE0zcDNUWVhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWnMMA0G
CSqGSIb3DQEBCwUAA4IBAQBG92KaRPhWgsyofRjdkU0D0ZJImT6lJeHONOIj719k
xCkKmb+WZveJufGxxz0+ai3BMx+8KTO+eoDDzwarfeYS8Ggzdj0L+SXcUFCQXrEI
lCqKshRSv1Dcvm/yBaIRqF/knYNoh0UdHxX10yWXEsZgSZDehCeIzmy4v7WS6Cjh
vQBwBXfV5Q4W8RswUbhTYfutoSw+qg8oN1WNB2lGgKzWwl+xEpMV7NtlZZnysfo5
9BcbtyvH4EUFbrkMtBS0aGOXNin/uSIHWfts0NEDFe3VgkT7FS6NN6Qo7oY8TkIe
h/ZjPOct6Cn857573p4La0oQEKqwwpbFk6Cd6ahBAxl9
-----END CERTIFICATE-----