Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/33b69d-f4ca-43aa-9780-1d55d5929cec/1/uKpFS-4fhVcrFNqgQcgXLZynBZM.roa
File:                     uKpFS-4fhVcrFNqgQcgXLZynBZM.roa (raw, json)
Hash identifier:          Q29zEPfooOy53fmPuYQG1hYrq85p6S/Ie1eBrWNx+2Y=
Subject key identifier:   B8:AA:45:4B:EE:1F:85:57:2B:14:DA:A0:41:C8:17:2D:9C:A7:05:93
Certificate issuer:       /CN=c7ab6b2254e45730aafa45ab51973203614bb6cc
Certificate serial:       018CC2DB251D6C61F48590F8971E0EB02DFD
Authority key identifier: C7:AB:6B:22:54:E4:57:30:AA:FA:45:AB:51:97:32:03:61:4B:B6:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x6trIlTkVzCq-kWrUZcyA2FLtsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/33b69d-f4ca-43aa-9780-1d55d5929cec/1/uKpFS-4fhVcrFNqgQcgXLZynBZM.roa
Signing time:             Mon 01 Jan 2024 02:29:50 +0000
ROA not before:           Mon 01 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204781
IP address blocks:        185.229.1.0/24 maxlen: 24
                          185.229.0.0/23 maxlen: 23
                          185.229.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/33b69d-f4ca-43aa-9780-1d55d5929cec/1/x6trIlTkVzCq-kWrUZcyA2FLtsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/33b69d-f4ca-43aa-9780-1d55d5929cec/1/x6trIlTkVzCq-kWrUZcyA2FLtsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x6trIlTkVzCq-kWrUZcyA2FLtsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:25:1d:6c:61:f4:85:90:f8:97:1e:0e:b0:2d:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7ab6b2254e45730aafa45ab51973203614bb6cc
        Validity
            Not Before: Jan  1 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8aa454bee1f85572b14daa041c8172d9ca70593
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a7:7c:f4:8e:1e:a2:34:06:8e:10:02:90:67:
                    20:7a:91:02:d7:ba:2b:10:25:07:e9:dd:1d:5c:e1:
                    97:9c:39:71:a5:e5:ff:96:09:da:36:dd:3d:a2:0e:
                    60:70:1e:4d:9c:d6:6f:92:88:d1:9e:3a:24:f0:7e:
                    53:b3:01:9f:8a:d9:3f:9b:bb:80:54:a1:a8:c3:c4:
                    f3:cb:5b:30:d6:6b:d3:98:03:ac:eb:a2:64:b3:48:
                    47:2a:a9:c7:56:78:63:04:3d:40:48:f0:1e:f2:6a:
                    83:03:c9:bb:ba:a8:00:b3:d1:ad:de:d8:3c:26:e3:
                    34:de:81:dd:4d:bf:d8:7f:7d:33:03:a7:a1:c0:eb:
                    14:a3:92:5c:e9:1e:31:a5:65:4a:e9:6c:18:89:02:
                    a3:49:02:3c:79:28:7d:fa:8f:5a:fe:13:74:9d:ba:
                    71:80:cc:fe:25:8a:c5:8c:76:3d:ae:93:d5:e7:3f:
                    57:42:2f:63:ac:a5:ed:f2:2c:e2:70:53:49:ef:2f:
                    47:99:e4:e7:6c:c4:23:83:2e:38:2d:46:54:63:06:
                    f0:ab:35:e7:02:c4:2c:69:af:db:85:bc:07:59:3e:
                    d1:88:1d:9d:ae:8a:66:62:ce:88:53:05:4f:e6:62:
                    a5:b4:e0:2a:fd:17:3b:6c:c7:c3:b7:63:56:59:97:
                    49:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:AA:45:4B:EE:1F:85:57:2B:14:DA:A0:41:C8:17:2D:9C:A7:05:93
            X509v3 Authority Key Identifier:
                keyid:C7:AB:6B:22:54:E4:57:30:AA:FA:45:AB:51:97:32:03:61:4B:B6:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x6trIlTkVzCq-kWrUZcyA2FLtsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/33b69d-f4ca-43aa-9780-1d55d5929cec/1/uKpFS-4fhVcrFNqgQcgXLZynBZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/33b69d-f4ca-43aa-9780-1d55d5929cec/1/x6trIlTkVzCq-kWrUZcyA2FLtsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:33:b3:87:75:2d:0f:31:5f:91:a4:27:e4:49:08:36:cf:bc:
         ed:ca:01:71:45:79:b2:81:fd:cf:10:37:12:9a:16:bf:44:ff:
         38:32:b1:eb:5f:8c:3d:60:f4:52:6c:a9:65:f3:31:34:09:62:
         2d:51:a3:6e:8e:9e:fd:cf:4e:b6:2e:43:43:3f:1a:d7:63:ce:
         17:9d:15:b5:87:0e:fd:63:ce:ba:6f:e0:0c:93:a3:72:a1:6b:
         f2:e9:68:56:91:76:45:87:82:1a:0f:f8:fa:5f:28:ae:52:71:
         79:e2:c2:5a:1e:99:45:dc:3f:80:0b:44:de:0c:c6:f5:0a:ef:
         b6:f0:e0:1c:64:85:ed:f2:81:1c:e5:6e:c7:8f:45:77:b3:b1:
         2f:fc:29:17:a4:a2:a8:6a:1f:4b:6d:8f:43:46:40:fa:cb:fe:
         69:6f:96:84:9d:49:0a:cf:e4:82:ac:90:80:01:d7:ea:15:06:
         a7:84:05:34:cc:ce:80:71:33:08:3d:ba:bd:40:c9:41:cb:21:
         cd:94:54:35:a4:d8:d8:36:45:ad:79:38:93:86:c0:86:3c:11:
         a8:22:8e:3f:92:38:f6:f0:eb:00:a4:b9:4d:04:63:f5:fb:4d:
         6c:9b:02:3a:10:9d:db:5c:e5:17:e0:4c:d3:e4:38:a0:c0:5a:
         e5:18:72:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2yUdbGH0hZD4lx4OsC39MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3YWI2YjIyNTRlNDU3MzBhYWZhNDVhYjUxOTczMjAzNjE0
YmI2Y2MwHhcNMjQwMTAxMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGFhNDU0YmVlMWY4NTU3MmIxNGRhYTA0MWM4MTcyZDljYTcwNTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6d89I4eojQGjhACkGcgepEC17or
ECUH6d0dXOGXnDlxpeX/lgnaNt09og5gcB5NnNZvkojRnjok8H5TswGfitk/m7uA
VKGow8Tzy1sw1mvTmAOs66Jks0hHKqnHVnhjBD1ASPAe8mqDA8m7uqgAs9Gt3tg8
JuM03oHdTb/Yf30zA6ehwOsUo5Jc6R4xpWVK6WwYiQKjSQI8eSh9+o9a/hN0nbpx
gMz+JYrFjHY9rpPV5z9XQi9jrKXt8izicFNJ7y9HmeTnbMQjgy44LUZUYwbwqzXn
AsQsaa/bhbwHWT7RiB2dropmYs6IUwVP5mKltOAq/Rc7bMfDt2NWWZdJwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLiqRUvuH4VXKxTaoEHIFy2cpwWTMB8GA1UdIwQY
MBaAFMerayJU5FcwqvpFq1GXMgNhS7bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDZ0cklsVGtWekNxLWtXclVaY3lBMkZMdHN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy8zM2I2OWQtZjRjYS00M2FhLTk3ODAt
MWQ1NWQ1OTI5Y2VjLzEvdUtwRlMtNGZoVmNyRk5xZ1FjZ1hMWnluQlpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy8zM2I2OWQtZjRjYS00M2FhLTk3ODAtMWQ1NWQ1OTI5Y2Vj
LzEveDZ0cklsVGtWekNxLWtXclVaY3lBMkZMdHN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBueUAMA0G
CSqGSIb3DQEBCwUAA4IBAQBhM7OHdS0PMV+RpCfkSQg2z7ztygFxRXmygf3PEDcS
mha/RP84MrHrX4w9YPRSbKll8zE0CWItUaNujp79z062LkNDPxrXY84XnRW1hw79
Y866b+AMk6NyoWvy6WhWkXZFh4IaD/j6XyiuUnF54sJaHplF3D+AC0TeDMb1Cu+2
8OAcZIXt8oEc5W7Hj0V3s7Ev/CkXpKKoah9LbY9DRkD6y/5pb5aEnUkKz+SCrJCA
AdfqFQanhAU0zM6AcTMIPbq9QMlByyHNlFQ1pNjYNkWteTiThsCGPBGoIo4/kjj2
8OsApLlNBGP1+01smwI6EJ3bXOUX4EzT5DigwFrlGHLQ
-----END CERTIFICATE-----