Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/UofF8XU3exWeauninptt64WR7xg.roa
File:                     UofF8XU3exWeauninptt64WR7xg.roa (raw, json)
Hash identifier:          uyQs9cvae2xtwhLBboAWSW3Lw9mAKxZrThDTKOY76+Y=
Subject key identifier:   52:87:C5:F1:75:37:7B:15:9E:6A:E9:E2:9E:9B:6D:EB:85:91:EF:18
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       018FD95AF3F87A354BCBD0E0A6F9DC574F4E
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/UofF8XU3exWeauninptt64WR7xg.roa
Signing time:             Sun 02 Jun 2024 14:29:27 +0000
ROA not before:           Sun 02 Jun 2024 14:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.217.192.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:d9:5a:f3:f8:7a:35:4b:cb:d0:e0:a6:f9:dc:57:4f:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: Jun  2 14:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5287c5f175377b159e6ae9e29e9b6deb8591ef18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:2d:67:8f:31:ce:4d:68:71:37:f6:2d:c4:0d:
                    3d:56:41:53:b4:29:fb:21:a8:8c:5f:d8:8f:4c:c0:
                    d7:19:2a:25:5e:8a:09:c1:69:2f:ab:ce:e4:b7:7a:
                    03:ba:d9:cc:8c:3b:be:9c:eb:db:14:3a:fa:f1:6a:
                    5c:dd:10:41:14:ec:9d:76:10:88:cb:4c:ab:a8:d1:
                    c6:79:61:0d:0e:a9:5f:d3:47:67:bb:80:57:37:27:
                    84:e8:19:5e:6f:58:6e:97:e1:7c:af:7e:d2:71:a0:
                    02:69:84:aa:8b:59:00:b5:bd:76:65:ee:27:22:3e:
                    81:e9:c6:58:42:1d:5e:ee:c9:cf:04:6e:ec:17:b9:
                    6c:13:0f:e5:dd:ff:34:1d:c7:b9:9a:2d:bf:18:0e:
                    24:4c:0d:8c:86:27:78:49:15:e6:23:cd:78:fb:27:
                    97:ac:81:0a:cd:9f:72:53:a3:65:99:d9:a5:ad:3b:
                    25:3b:65:10:de:ec:67:31:b6:be:85:01:5a:5c:ff:
                    10:6c:55:7a:06:bb:e4:62:3c:99:f4:2d:a6:bd:e0:
                    54:41:ea:7a:d0:ef:40:46:1f:78:94:b6:8d:83:7c:
                    58:72:30:f9:ac:16:d5:0e:24:e1:ca:21:cd:e1:60:
                    8e:99:8d:f1:31:5b:65:ba:f9:5c:15:da:39:59:7e:
                    54:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:87:C5:F1:75:37:7B:15:9E:6A:E9:E2:9E:9B:6D:EB:85:91:EF:18
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/UofF8XU3exWeauninptt64WR7xg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         09:2c:9f:3a:76:cc:b2:49:c8:e5:29:13:f2:fd:88:c3:7a:c1:
         4c:5f:4f:41:b8:a7:05:13:b9:65:c0:bf:f1:8d:a8:e4:9c:6c:
         b4:c6:3f:a4:07:a3:e9:3e:59:70:24:30:8c:3d:e1:2d:65:f6:
         30:f4:49:20:54:83:d7:90:8b:b9:f2:bb:e0:d8:22:b8:17:ef:
         77:61:a6:78:94:d6:d7:3a:a0:1d:f5:92:2e:f4:9a:67:7b:fb:
         64:b0:65:9f:9b:7b:ba:ec:3f:aa:0f:61:07:82:ae:58:28:8e:
         46:e8:27:84:67:15:0a:43:71:2e:8e:93:0b:5b:d4:3f:4e:4a:
         1b:09:cf:28:41:7b:fa:39:2f:4b:1e:b5:d1:0f:a4:1e:ec:a7:
         92:1d:d9:9d:50:32:c3:7a:c5:f1:a3:30:35:84:28:7e:c6:7b:
         30:14:b8:df:01:b2:71:99:b0:c4:24:d7:30:58:da:f3:bb:de:
         0e:4d:34:c3:20:0c:1e:ae:4f:37:29:00:f6:5a:b3:3a:e8:7c:
         be:c7:a7:ec:c0:26:bb:85:d9:ed:18:08:4b:02:9a:91:77:e0:
         43:04:79:98:03:89:18:b5:9b:1b:1a:d3:a7:56:31:b9:98:ca:
         e3:1a:ce:e0:ec:66:90:3f:6f:0c:72:92:a1:70:cb:b1:2d:67:
         be:3d:4f:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/ZWvP4ejVLy9DgpvncV09OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjQwNjAyMTQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mjg3YzVmMTc1Mzc3YjE1OWU2YWU5ZTI5ZTliNmRlYjg1OTFlZjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvy1njzHOTWhxN/YtxA09VkFTtCn7
IaiMX9iPTMDXGSolXooJwWkvq87kt3oDutnMjDu+nOvbFDr68Wpc3RBBFOyddhCI
y0yrqNHGeWENDqlf00dnu4BXNyeE6Bleb1hul+F8r37ScaACaYSqi1kAtb12Ze4n
Ij6B6cZYQh1e7snPBG7sF7lsEw/l3f80Hce5mi2/GA4kTA2Mhid4SRXmI814+yeX
rIEKzZ9yU6NlmdmlrTslO2UQ3uxnMba+hQFaXP8QbFV6BrvkYjyZ9C2mveBUQep6
0O9ARh94lLaNg3xYcjD5rBbVDiThyiHN4WCOmY3xMVtluvlcFdo5WX5UUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKHxfF1N3sVnmrp4p6bbeuFke8YMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvVW9mRjhYVTNleFdlYXVuaW5wdHQ2NFdSN3hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudnAMA0G
CSqGSIb3DQEBCwUAA4IBAQAJLJ86dsyyScjlKRPy/YjDesFMX09BuKcFE7llwL/x
jajknGy0xj+kB6PpPllwJDCMPeEtZfYw9EkgVIPXkIu58rvg2CK4F+93YaZ4lNbX
OqAd9ZIu9Jpne/tksGWfm3u67D+qD2EHgq5YKI5G6CeEZxUKQ3EujpMLW9Q/Tkob
Cc8oQXv6OS9LHrXRD6Qe7KeSHdmdUDLDesXxozA1hCh+xnswFLjfAbJxmbDEJNcw
WNrzu94OTTTDIAwerk83KQD2WrM66Hy+x6fswCa7hdntGAhLApqRd+BDBHmYA4kY
tZsbGtOnVjG5mMrjGs7g7GaQP28McpKhcMuxLWe+PU8r
-----END CERTIFICATE-----