Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/f54cb3-ebae-46b2-8b17-84b57693c7a8/1/uXq_aTh3UQxFoHj3npFIiBeKX5c.roa
File:                     uXq_aTh3UQxFoHj3npFIiBeKX5c.roa (raw, json)
Hash identifier:          PY/MwgJ2Tt8R+SJruS7boKiH1h9NlL2bJEX5At7gUoM=
Subject key identifier:   B9:7A:BF:69:38:77:51:0C:45:A0:78:F7:9E:91:48:88:17:8A:5F:97
Certificate issuer:       /CN=741491a6b10433b99615756fde9313f2be1d3df0
Certificate serial:       018CC8DF8D2C1DC83AC4BC8AC7D99403CA02
Authority key identifier: 74:14:91:A6:B1:04:33:B9:96:15:75:6F:DE:93:13:F2:BE:1D:3D:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dBSRprEEM7mWFXVv3pMT8r4dPfA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/f54cb3-ebae-46b2-8b17-84b57693c7a8/1/uXq_aTh3UQxFoHj3npFIiBeKX5c.roa
Signing time:             Tue 02 Jan 2024 06:32:23 +0000
ROA not before:           Tue 02 Jan 2024 06:32:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9211
IP address blocks:        193.28.52.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/f54cb3-ebae-46b2-8b17-84b57693c7a8/1/dBSRprEEM7mWFXVv3pMT8r4dPfA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/f54cb3-ebae-46b2-8b17-84b57693c7a8/1/dBSRprEEM7mWFXVv3pMT8r4dPfA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dBSRprEEM7mWFXVv3pMT8r4dPfA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:8d:2c:1d:c8:3a:c4:bc:8a:c7:d9:94:03:ca:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=741491a6b10433b99615756fde9313f2be1d3df0
        Validity
            Not Before: Jan  2 06:32:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b97abf693877510c45a078f79e914888178a5f97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:4d:ad:23:16:99:17:fe:c5:e7:87:99:cd:f3:
                    51:70:7d:6f:1b:83:09:ef:5a:ce:24:50:36:6b:d9:
                    0a:a2:5f:ab:72:2d:00:a4:96:93:28:a0:13:ac:3f:
                    e6:6a:53:d4:58:8a:4d:88:2a:b6:0e:61:e7:c5:07:
                    5f:22:ae:f9:83:33:60:b1:ec:4e:9e:ed:f6:3c:e0:
                    78:7a:a6:5f:5f:6c:b7:4d:95:b5:20:a8:7a:a8:b5:
                    0d:57:96:48:94:77:a6:89:a5:26:1c:34:99:29:8d:
                    21:88:2b:e5:f5:18:63:a2:54:f5:6b:48:22:f8:59:
                    98:5e:75:c7:d8:eb:68:d6:3a:bb:ea:75:dd:04:a2:
                    65:4a:aa:7e:8d:8e:48:01:53:5b:3b:a7:2f:05:e5:
                    f5:6b:9b:c2:bb:0e:47:ae:ca:cd:9b:ce:46:a9:b5:
                    29:ec:22:e2:d5:25:a2:1c:10:54:a4:55:62:0e:5d:
                    ff:8e:a7:a0:b5:1e:7f:33:c9:ae:70:b0:54:22:22:
                    1f:bf:0b:5f:40:98:d3:56:53:83:84:e3:1a:f4:05:
                    f6:33:65:b1:3c:8b:c8:3e:9b:6a:21:7a:a6:96:53:
                    49:63:6d:1a:9e:00:d9:9e:76:a9:f7:5d:58:07:fa:
                    2e:c2:18:78:1e:91:2d:a6:9e:4c:77:c6:cc:bd:8b:
                    c0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:7A:BF:69:38:77:51:0C:45:A0:78:F7:9E:91:48:88:17:8A:5F:97
            X509v3 Authority Key Identifier:
                keyid:74:14:91:A6:B1:04:33:B9:96:15:75:6F:DE:93:13:F2:BE:1D:3D:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dBSRprEEM7mWFXVv3pMT8r4dPfA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/f54cb3-ebae-46b2-8b17-84b57693c7a8/1/uXq_aTh3UQxFoHj3npFIiBeKX5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/f54cb3-ebae-46b2-8b17-84b57693c7a8/1/dBSRprEEM7mWFXVv3pMT8r4dPfA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         45:79:31:01:f7:02:2e:24:f4:4a:b7:5c:ab:8f:4d:86:aa:0b:
         fa:3d:ca:e1:d3:0a:ce:8c:fc:c1:7c:9a:6b:19:19:e9:79:24:
         f0:29:3c:e6:4a:e8:ef:32:1a:f6:4f:cb:aa:20:94:74:70:6e:
         50:e6:09:ca:01:58:a4:cb:44:2d:7c:c0:27:df:c1:a7:cf:86:
         1e:20:43:2d:df:cf:07:78:9a:53:d2:c3:f1:3d:b5:c5:24:20:
         b0:d2:32:5a:70:e7:c7:15:1a:1d:be:f2:f9:0a:93:d7:c0:8a:
         9d:ba:8a:e0:68:15:03:69:fc:79:d4:a4:59:40:15:00:b1:6f:
         b9:3c:14:5b:62:de:4d:d9:f8:bd:21:e8:11:73:84:30:a4:ec:
         6c:ce:97:f2:43:21:0d:88:85:16:a8:55:d1:d6:f0:0d:d0:b8:
         65:b2:37:73:37:48:f2:74:62:b1:08:42:9e:c4:84:0e:da:eb:
         51:5c:63:40:c6:42:d1:84:c0:7b:d3:d6:95:be:ce:a8:e0:c8:
         1f:b6:c0:0d:26:04:8c:45:5f:62:f2:59:9b:dd:4b:a5:59:bc:
         6a:0a:b5:ed:49:64:df:ba:71:cc:e8:04:7c:06:48:80:4e:30:
         9e:eb:67:81:40:0b:66:d9:f9:1c:cd:6e:cb:c3:48:15:5f:a4:
         7b:4f:eb:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI340sHcg6xLyKx9mUA8oCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MTQ5MWE2YjEwNDMzYjk5NjE1NzU2ZmRlOTMxM2YyYmUx
ZDNkZjAwHhcNMjQwMTAyMDYzMjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTdhYmY2OTM4Nzc1MTBjNDVhMDc4Zjc5ZTkxNDg4ODE3OGE1Zjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkE2tIxaZF/7F54eZzfNRcH1vG4MJ
71rOJFA2a9kKol+rci0ApJaTKKATrD/malPUWIpNiCq2DmHnxQdfIq75gzNgsexO
nu32POB4eqZfX2y3TZW1IKh6qLUNV5ZIlHemiaUmHDSZKY0hiCvl9RhjolT1a0gi
+FmYXnXH2Oto1jq76nXdBKJlSqp+jY5IAVNbO6cvBeX1a5vCuw5HrsrNm85GqbUp
7CLi1SWiHBBUpFViDl3/jqegtR5/M8mucLBUIiIfvwtfQJjTVlODhOMa9AX2M2Wx
PIvIPptqIXqmllNJY20angDZnnap911YB/ouwhh4HpEtpp5Md8bMvYvAzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLl6v2k4d1EMRaB4956RSIgXil+XMB8GA1UdIwQY
MBaAFHQUkaaxBDO5lhV1b96TE/K+HT3wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEJTUnByRUVNN21XRlhWdjNwTVQ4cjRkUGZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9mNTRjYjMtZWJhZS00NmIyLThiMTct
ODRiNTc2OTNjN2E4LzEvdVhxX2FUaDNVUXhGb0hqM25wRklpQmVLWDVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9mNTRjYjMtZWJhZS00NmIyLThiMTctODRiNTc2OTNjN2E4
LzEvZEJTUnByRUVNN21XRlhWdjNwTVQ4cjRkUGZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwRw0MA0G
CSqGSIb3DQEBCwUAA4IBAQBFeTEB9wIuJPRKt1yrj02Gqgv6Pcrh0wrOjPzBfJpr
GRnpeSTwKTzmSujvMhr2T8uqIJR0cG5Q5gnKAViky0QtfMAn38Gnz4YeIEMt388H
eJpT0sPxPbXFJCCw0jJacOfHFRodvvL5CpPXwIqduorgaBUDafx51KRZQBUAsW+5
PBRbYt5N2fi9IegRc4QwpOxszpfyQyENiIUWqFXR1vAN0LhlsjdzN0jydGKxCEKe
xIQO2utRXGNAxkLRhMB709aVvs6o4MgftsANJgSMRV9i8lmb3UulWbxqCrXtSWTf
unHM6AR8BkiATjCe62eBQAtm2fkczW7Lw0gVX6R7T+tN
-----END CERTIFICATE-----