Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/UgN0cKNW9dNdHdWelhpwDBynnFs.roa
File:                     UgN0cKNW9dNdHdWelhpwDBynnFs.roa (raw, json)
Hash identifier:          d596rMSRxVyDkNR+qvNV44FN3LGE81IKqHNAerm5Jfc=
Subject key identifier:   52:03:74:70:A3:56:F5:D3:5D:1D:D5:9E:96:1A:70:0C:1C:A7:9C:5B
Certificate issuer:       /CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
Certificate serial:       01941F8C6384F7708FEC2EBE8560379F40A7
Authority key identifier: EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/UgN0cKNW9dNdHdWelhpwDBynnFs.roa
Signing time:             Wed 01 Jan 2025 01:48:01 +0000
ROA not before:           Wed 01 Jan 2025 01:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     393942
IP address blocks:        194.187.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 13:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:63:84:f7:70:8f:ec:2e:be:85:60:37:9f:40:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eac2c1afd4bdec980506fa07df7c8662d554fa46
        Validity
            Not Before: Jan  1 01:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52037470a356f5d35d1dd59e961a700c1ca79c5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:8f:ba:43:03:bf:b6:d7:34:53:cd:43:11:5f:
                    19:b9:fa:da:ab:e4:a3:cb:c8:e8:3f:67:0d:4e:7c:
                    dc:a4:6e:98:03:49:27:32:4c:ae:cb:46:51:4c:15:
                    74:36:19:5b:04:16:81:a5:12:aa:63:a3:6b:52:3d:
                    ba:49:d2:76:e5:bd:40:f5:32:21:d9:ce:a3:15:78:
                    c4:e1:b6:dc:a9:b6:67:62:ef:f1:d8:30:33:5e:9a:
                    23:b0:f2:f4:9b:28:82:6e:c0:38:23:d2:26:d5:16:
                    51:5f:3a:af:65:e6:1d:a3:9a:96:3c:70:a7:85:34:
                    0c:93:7a:26:c4:e0:54:b1:af:b8:b7:ef:ef:7f:83:
                    83:73:5f:8f:c5:73:7e:47:c5:e1:5a:77:e4:f2:60:
                    42:0e:f8:75:c2:64:95:63:35:a0:a2:02:65:1c:1d:
                    e6:1a:27:53:28:a9:08:fd:34:26:3c:97:58:ff:c3:
                    ec:55:34:af:b1:c7:1e:44:28:e4:a8:ca:3f:80:26:
                    5b:f1:a3:0a:66:9a:67:7a:81:49:ff:40:0e:12:17:
                    14:fd:f4:f1:c0:a1:dc:24:62:32:4b:e0:21:19:63:
                    3a:31:b2:25:eb:62:c0:8c:3e:7d:c0:cb:db:97:67:
                    9f:f6:0d:5b:b4:46:f6:01:83:0e:2f:ff:90:19:7e:
                    d3:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:03:74:70:A3:56:F5:D3:5D:1D:D5:9E:96:1A:70:0C:1C:A7:9C:5B
            X509v3 Authority Key Identifier:
                keyid:EA:C2:C1:AF:D4:BD:EC:98:05:06:FA:07:DF:7C:86:62:D5:54:FA:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6sLBr9S97JgFBvoH33yGYtVU-kY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/UgN0cKNW9dNdHdWelhpwDBynnFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/589a6b-4d7e-4012-a0fc-c0ceb037ad42/1/6sLBr9S97JgFBvoH33yGYtVU-kY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.187.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:77:7a:39:5a:94:80:71:05:b8:da:70:55:61:6b:bd:fd:7c:
         9c:dd:98:87:6d:a4:62:59:4d:c8:57:c0:5d:9c:be:86:1d:f1:
         ee:50:38:5e:2b:8a:13:10:57:a7:4f:85:d3:cb:ca:fe:a8:f4:
         d9:9f:5b:b6:a4:4f:4e:76:58:e0:c3:ee:5d:c5:eb:d9:a5:41:
         50:5a:3b:bf:07:99:b0:83:8f:f0:f2:74:ae:b1:80:de:ee:d1:
         be:0c:41:9f:61:8b:27:59:11:d5:54:cc:1d:ef:c5:d7:ca:92:
         63:84:d2:e1:0e:9a:5a:dc:9d:59:cb:ec:84:12:8f:dd:8d:2a:
         53:c3:47:8c:7c:18:ff:fa:02:31:bd:9c:a6:6f:1c:17:9f:48:
         39:59:dc:3b:76:49:ea:1f:68:4b:c8:bf:94:3f:0b:72:91:d5:
         02:97:ab:90:05:02:81:be:41:e0:00:2e:23:68:b8:1c:e3:af:
         9a:71:91:07:88:4f:db:88:68:19:ca:ae:99:2a:f4:5e:b2:3f:
         07:89:df:66:1a:db:2e:13:57:e8:2c:08:a5:74:e7:2a:33:a5:
         fb:75:af:df:26:a9:f8:4a:11:2b:68:fb:9c:71:4a:c7:32:c6:
         e3:18:69:a3:71:95:5c:69:fd:c1:74:a9:2b:ac:d2:4d:b0:f5:
         00:0a:bd:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjGOE93CP7C6+hWA3n0CnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYzJjMWFmZDRiZGVjOTgwNTA2ZmEwN2RmN2M4NjYyZDU1
NGZhNDYwHhcNMjUwMTAxMDE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjAzNzQ3MGEzNTZmNWQzNWQxZGQ1OWU5NjFhNzAwYzFjYTc5YzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuY+6QwO/ttc0U81DEV8Zufraq+Sj
y8joP2cNTnzcpG6YA0knMkyuy0ZRTBV0NhlbBBaBpRKqY6NrUj26SdJ25b1A9TIh
2c6jFXjE4bbcqbZnYu/x2DAzXpojsPL0myiCbsA4I9Im1RZRXzqvZeYdo5qWPHCn
hTQMk3omxOBUsa+4t+/vf4ODc1+PxXN+R8XhWnfk8mBCDvh1wmSVYzWgogJlHB3m
GidTKKkI/TQmPJdY/8PsVTSvscceRCjkqMo/gCZb8aMKZppneoFJ/0AOEhcU/fTx
wKHcJGIyS+AhGWM6MbIl62LAjD59wMvbl2ef9g1btEb2AYMOL/+QGX7TXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFIDdHCjVvXTXR3VnpYacAwcp5xbMB8GA1UdIwQY
MBaAFOrCwa/UveyYBQb6B998hmLVVPpGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMt
YzBjZWIwMzdhZDQyLzEvVWdOMGNLTlc5ZE5kSGRXZWxocHdEQnlubkZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS81ODlhNmItNGQ3ZS00MDEyLWEwZmMtYzBjZWIwMzdhZDQy
LzEvNnNMQnI5Uzk3SmdGQnZvSDMzeUdZdFZVLWtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrt1MA0G
CSqGSIb3DQEBCwUAA4IBAQBFd3o5WpSAcQW42nBVYWu9/Xyc3ZiHbaRiWU3IV8Bd
nL6GHfHuUDheK4oTEFenT4XTy8r+qPTZn1u2pE9Odljgw+5dxevZpUFQWju/B5mw
g4/w8nSusYDe7tG+DEGfYYsnWRHVVMwd78XXypJjhNLhDppa3J1Zy+yEEo/djSpT
w0eMfBj/+gIxvZymbxwXn0g5Wdw7dknqH2hLyL+UPwtykdUCl6uQBQKBvkHgAC4j
aLgc46+acZEHiE/biGgZyq6ZKvResj8Hid9mGtsuE1foLAildOcqM6X7da/fJqn4
ShEraPuccUrHMsbjGGmjcZVcaf3BdKkrrNJNsPUACr1+
-----END CERTIFICATE-----