Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/UynMb9YY3IU9KCnFQ0z6kwXovHs.roa
File:                     UynMb9YY3IU9KCnFQ0z6kwXovHs.roa (raw, json)
Hash identifier:          auimxHRrTlV4WuR2JFq4l4V21XofVRi+6DHRPhXxu1U=
Subject key identifier:   53:29:CC:6F:D6:18:DC:85:3D:28:29:C5:43:4C:FA:93:05:E8:BC:7B
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       018E71EC24EF920CE762AB1B921D7C9DE4E5
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/UynMb9YY3IU9KCnFQ0z6kwXovHs.roa
Signing time:             Sun 24 Mar 2024 19:24:45 +0000
ROA not before:           Sun 24 Mar 2024 19:24:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216089
IP address blocks:        80.246.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:71:ec:24:ef:92:0c:e7:62:ab:1b:92:1d:7c:9d:e4:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Mar 24 19:24:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5329cc6fd618dc853d2829c5434cfa9305e8bc7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b0:ef:dd:5a:81:de:0e:62:5d:b5:5a:c6:06:
                    3b:b8:0f:28:58:f7:aa:c1:65:4e:57:eb:2e:a5:d9:
                    9f:cf:59:45:4d:4a:3e:cb:78:91:9b:7e:c0:54:1d:
                    05:8d:98:f6:7b:c6:ba:bb:c9:4c:cd:93:ba:1e:f6:
                    8c:b0:65:ec:de:cc:fb:7d:3a:bb:44:aa:75:46:77:
                    54:92:93:59:b6:17:ab:a8:9f:0e:82:68:e2:3e:01:
                    99:ed:f6:da:d1:d8:9b:d9:c7:7d:9d:21:bd:30:b4:
                    1c:07:ce:a2:6e:bf:80:da:03:46:46:16:c5:55:05:
                    b6:e2:b3:ce:a4:2f:3a:c7:7b:1a:d5:1c:51:5d:9b:
                    39:48:7c:13:c1:df:13:8f:bd:ce:1c:1b:0b:bd:14:
                    0f:55:a1:6a:86:99:ba:25:22:9b:55:b4:69:b1:a6:
                    e9:22:ab:bc:c2:82:af:39:76:b9:c2:a1:f6:b5:39:
                    0a:b2:c3:23:86:fb:4c:3a:78:1f:a0:88:35:32:23:
                    6d:d6:c9:de:6a:e7:6a:e6:a8:52:4b:8e:89:8a:4e:
                    a4:52:63:1b:81:48:f3:9a:7b:c3:c9:18:2d:46:87:
                    83:9d:52:07:d8:76:9d:0f:9c:64:ba:53:0e:d5:e1:
                    9f:ae:54:5a:c1:67:af:5c:fc:65:90:e6:8b:45:84:
                    15:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:29:CC:6F:D6:18:DC:85:3D:28:29:C5:43:4C:FA:93:05:E8:BC:7B
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/UynMb9YY3IU9KCnFQ0z6kwXovHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:a9:07:27:8b:64:6f:90:f9:f9:a0:33:8d:3b:db:fc:dd:95:
         33:d8:ab:f2:eb:82:12:60:69:db:90:86:72:01:8b:6d:8d:97:
         de:79:da:34:b5:67:57:62:20:a6:5b:bd:1c:d6:b6:ee:1b:a0:
         b9:01:00:02:08:c0:09:bb:08:b9:da:9d:4a:98:b4:13:46:9f:
         82:86:49:bf:ca:fe:cd:36:2b:10:dd:ba:0c:df:d6:38:84:73:
         cd:a7:af:f2:f0:d0:67:36:ae:1d:d1:09:d8:f2:16:58:4b:8e:
         1f:bc:0f:d0:91:08:65:6b:76:f0:89:49:1b:12:52:83:48:12:
         05:70:16:b1:c1:42:71:2a:88:b8:32:e8:c3:c7:f3:f0:c6:ac:
         37:72:f4:80:3c:af:dc:a3:ff:b1:a5:6f:98:bf:6b:c4:b8:e4:
         ae:e0:84:78:1b:1d:bf:87:5d:50:d0:1c:6a:d5:9b:5c:c4:e4:
         b8:35:95:ee:30:e7:45:bb:f1:6b:e4:91:1b:d5:fb:60:3b:35:
         1c:1f:b1:34:09:a3:dc:03:f5:37:0a:70:c6:46:9d:56:fd:dd:
         2b:60:e7:34:6f:0d:f5:7e:95:a0:2e:9d:0a:2b:e7:e0:94:66:
         2f:33:e3:6e:37:d9:62:4e:fa:2f:5d:a5:30:db:70:35:43:85:
         55:dd:72:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5x7CTvkgznYqsbkh18neTlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjQwMzI0MTkyNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzI5Y2M2ZmQ2MThkYzg1M2QyODI5YzU0MzRjZmE5MzA1ZThiYzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7Dv3VqB3g5iXbVaxgY7uA8oWPeq
wWVOV+supdmfz1lFTUo+y3iRm37AVB0FjZj2e8a6u8lMzZO6HvaMsGXs3sz7fTq7
RKp1RndUkpNZtherqJ8OgmjiPgGZ7fba0dib2cd9nSG9MLQcB86ibr+A2gNGRhbF
VQW24rPOpC86x3sa1RxRXZs5SHwTwd8Tj73OHBsLvRQPVaFqhpm6JSKbVbRpsabp
Iqu8woKvOXa5wqH2tTkKssMjhvtMOngfoIg1MiNt1sneaudq5qhSS46Jik6kUmMb
gUjzmnvDyRgtRoeDnVIH2HadD5xkulMO1eGfrlRawWevXPxlkOaLRYQVBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMpzG/WGNyFPSgpxUNM+pMF6Lx7MB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvVXluTWI5WVkzSVU5S0NuRlEwejZrd1hvdkhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPbjMA0G
CSqGSIb3DQEBCwUAA4IBAQAAqQcni2RvkPn5oDONO9v83ZUz2Kvy64ISYGnbkIZy
AYttjZfeedo0tWdXYiCmW70c1rbuG6C5AQACCMAJuwi52p1KmLQTRp+Chkm/yv7N
NisQ3boM39Y4hHPNp6/y8NBnNq4d0QnY8hZYS44fvA/QkQhla3bwiUkbElKDSBIF
cBaxwUJxKoi4MujDx/Pwxqw3cvSAPK/co/+xpW+Yv2vEuOSu4IR4Gx2/h11Q0Bxq
1ZtcxOS4NZXuMOdFu/Fr5JEb1ftgOzUcH7E0CaPcA/U3CnDGRp1W/d0rYOc0bw31
fpWgLp0KK+fglGYvM+NuN9liTvovXaUw23A1Q4VV3XIy
-----END CERTIFICATE-----