Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/UGYmxbmUwmbWF3PPMRvTlBC3mXs.roa
File:                     UGYmxbmUwmbWF3PPMRvTlBC3mXs.roa (raw, json)
Hash identifier:          wezBuiTsLoXTF3wkUTpV2NlQI067A8dNPmDdF0Zk9tw=
Subject key identifier:   50:66:26:C5:B9:94:C2:66:D6:17:73:CF:31:1B:D3:94:10:B7:99:7B
Certificate issuer:       /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial:       018CC801DDB3612DD7B51271FF6323F9BDA0
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/UGYmxbmUwmbWF3PPMRvTlBC3mXs.roa
Signing time:             Tue 02 Jan 2024 02:30:14 +0000
ROA not before:           Tue 02 Jan 2024 02:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5650
IP address blocks:        92.53.176.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 19:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:dd:b3:61:2d:d7:b5:12:71:ff:63:23:f9:bd:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
        Validity
            Not Before: Jan  2 02:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=506626c5b994c266d61773cf311bd39410b7997b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:bb:18:d0:a2:dd:99:46:47:98:5c:23:4f:80:
                    14:3f:96:17:2a:dc:7f:1a:12:f7:33:5a:2d:5c:07:
                    fc:b5:ed:9c:8c:b3:6b:90:f1:67:24:16:81:c1:7c:
                    69:2a:42:37:d4:89:3b:ec:d3:55:78:7b:df:66:89:
                    75:91:d4:75:93:31:07:5b:c5:34:5b:84:f1:ea:3d:
                    c0:27:57:ad:fd:91:5b:70:8e:70:4c:25:c9:13:1c:
                    87:25:96:af:f8:38:4f:7a:e7:1e:f1:80:11:9c:47:
                    10:70:92:62:b3:7b:b2:30:67:af:29:ab:a7:32:3a:
                    b4:87:a3:72:b1:97:40:21:4b:85:48:60:44:a6:11:
                    ce:12:75:2d:ff:d1:26:69:27:12:4e:5a:73:14:9b:
                    a3:75:fd:ee:f7:28:9e:de:a5:30:5c:aa:6a:a4:31:
                    3a:a7:0c:eb:07:02:d5:3a:ff:20:07:30:c0:dd:92:
                    d9:01:88:23:07:7f:23:e3:37:b5:5b:88:39:6c:e6:
                    f5:77:c3:28:2f:d6:ba:fc:c1:70:2f:56:dc:8d:5e:
                    dd:fe:a7:a8:1b:49:8b:f8:12:6a:e2:fd:59:65:72:
                    0f:34:4e:a7:43:f7:14:14:7e:b0:a4:7f:0a:16:9c:
                    65:c0:42:85:cf:0e:73:7b:92:0d:5c:9d:cd:78:3d:
                    39:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:66:26:C5:B9:94:C2:66:D6:17:73:CF:31:1B:D3:94:10:B7:99:7B
            X509v3 Authority Key Identifier:
                keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/UGYmxbmUwmbWF3PPMRvTlBC3mXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.53.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:e1:43:14:b9:0a:39:82:00:51:46:4f:ba:95:1a:c7:9f:8d:
         c9:27:12:0e:33:c0:38:d5:c1:7a:31:4b:c8:85:d3:f5:f1:00:
         e1:c1:4f:86:95:c6:30:de:ed:56:1a:89:64:05:5f:1b:2a:83:
         f5:24:c6:c1:6f:f0:e0:50:dc:c4:66:b5:f9:6e:b5:36:7c:b3:
         c8:36:8b:91:31:bb:52:1f:71:7e:aa:6d:5b:6d:56:61:97:5b:
         c2:ef:42:44:09:eb:3c:16:66:b0:9d:27:ab:6a:9d:9c:3c:12:
         f3:8c:c1:f6:31:5c:0f:e8:78:c8:05:3a:45:d8:e5:dc:5f:5a:
         73:e7:0e:77:e2:5b:c8:a3:1e:13:6a:58:03:3d:1e:00:2c:6c:
         aa:2e:c4:10:b7:99:0b:3f:53:c3:68:60:34:82:7a:d1:cb:7e:
         c3:83:c0:c2:7c:83:15:cd:f0:d2:d4:fe:d1:d0:a9:29:9e:6a:
         2a:75:1e:47:33:c2:1f:66:82:8a:cd:2d:23:2e:c2:36:92:cf:
         65:7f:67:c1:c9:56:9c:25:1a:42:9e:2f:92:9d:ef:f4:16:5d:
         9f:b3:b7:ef:aa:57:30:46:d6:49:3a:d1:af:a6:4c:5c:15:ea:
         45:f1:c9:fb:5c:d1:a6:09:b5:dd:b9:4d:09:3f:32:26:86:d5:
         8b:ac:98:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAd2zYS3XtRJx/2Mj+b2gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjQwMTAyMDIzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDY2MjZjNWI5OTRjMjY2ZDYxNzczY2YzMTFiZDM5NDEwYjc5OTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrsY0KLdmUZHmFwjT4AUP5YXKtx/
GhL3M1otXAf8te2cjLNrkPFnJBaBwXxpKkI31Ik77NNVeHvfZol1kdR1kzEHW8U0
W4Tx6j3AJ1et/ZFbcI5wTCXJExyHJZav+DhPeuce8YARnEcQcJJis3uyMGevKaun
Mjq0h6NysZdAIUuFSGBEphHOEnUt/9EmaScSTlpzFJujdf3u9yie3qUwXKpqpDE6
pwzrBwLVOv8gBzDA3ZLZAYgjB38j4ze1W4g5bOb1d8MoL9a6/MFwL1bcjV7d/qeo
G0mL+BJq4v1ZZXIPNE6nQ/cUFH6wpH8KFpxlwEKFzw5ze5INXJ3NeD057QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFBmJsW5lMJm1hdzzzEb05QQt5l7MB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvVUdZbXhibVV3bWJXRjNQUE1SdlRsQkMzbVhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXDWwMA0G
CSqGSIb3DQEBCwUAA4IBAQCT4UMUuQo5ggBRRk+6lRrHn43JJxIOM8A41cF6MUvI
hdP18QDhwU+GlcYw3u1WGolkBV8bKoP1JMbBb/DgUNzEZrX5brU2fLPINouRMbtS
H3F+qm1bbVZhl1vC70JECes8FmawnSerap2cPBLzjMH2MVwP6HjIBTpF2OXcX1pz
5w534lvIox4TalgDPR4ALGyqLsQQt5kLP1PDaGA0gnrRy37Dg8DCfIMVzfDS1P7R
0KkpnmoqdR5HM8IfZoKKzS0jLsI2ks9lf2fByVacJRpCni+Sne/0Fl2fs7fvqlcw
RtZJOtGvpkxcFepF8cn7XNGmCbXduU0JPzImhtWLrJg/
-----END CERTIFICATE-----