Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/x_UxszxiBw1pgcyisRdtLvPAWIs.roa
File:                     x_UxszxiBw1pgcyisRdtLvPAWIs.roa (raw, json)
Hash identifier:          uNgzNjKXKqL1+QDGNarD2zBq1WMMSgWal7K/0V6Dj70=
Subject key identifier:   C7:F5:31:B3:3C:62:07:0D:69:81:CC:A2:B1:17:6D:2E:F3:C0:58:8B
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       0194258F05014A9B1C29C8C689EEFA3FED84
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/x_UxszxiBw1pgcyisRdtLvPAWIs.roa
Signing time:             Thu 02 Jan 2025 05:48:37 +0000
ROA not before:           Thu 02 Jan 2025 05:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199230
IP address blocks:        151.237.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:05:01:4a:9b:1c:29:c8:c6:89:ee:fa:3f:ed:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  2 05:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7f531b33c62070d6981cca2b1176d2ef3c0588b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:bf:57:82:2a:9a:d6:ec:86:c0:f8:7c:e4:02:
                    33:97:19:70:1f:21:de:c8:6c:08:da:b5:81:85:fb:
                    c2:b0:04:1d:a2:a9:df:5e:5a:33:e5:4e:4a:03:60:
                    93:fd:d6:49:83:d8:2d:8d:da:fc:fd:71:c6:bc:53:
                    cb:80:15:48:db:b4:fc:89:24:f7:0c:7a:1a:70:a3:
                    4f:1c:8b:83:40:0e:48:c2:68:bc:41:24:c0:e4:34:
                    e8:c5:d4:ef:49:54:6a:5d:fb:26:43:bd:26:99:26:
                    1d:90:69:8e:7a:31:4c:8f:77:5c:65:32:24:32:c7:
                    28:22:81:5e:fe:09:93:2e:71:43:48:3e:ad:ca:06:
                    33:8e:15:7e:39:f6:f3:7b:1d:8a:3d:f3:dd:d1:ae:
                    45:a8:32:a0:4f:70:1d:5e:a5:bc:da:88:84:06:d9:
                    3a:3a:1c:d0:6d:12:85:42:89:43:35:62:6b:54:2c:
                    4d:32:25:22:28:a9:c2:50:b8:70:22:2c:75:03:33:
                    4a:09:b1:50:7d:aa:ed:89:6a:61:e7:b2:b0:32:15:
                    29:d6:27:d7:f5:6f:7b:f6:84:7b:a0:de:0c:e2:f2:
                    e4:80:be:56:26:25:13:d6:2d:ef:4d:57:d1:7f:fa:
                    d2:e3:69:37:ee:a7:da:ba:64:b1:73:e6:5d:03:46:
                    1b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:F5:31:B3:3C:62:07:0D:69:81:CC:A2:B1:17:6D:2E:F3:C0:58:8B
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/x_UxszxiBw1pgcyisRdtLvPAWIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.237.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:b1:4a:59:17:e5:a0:2c:fc:fe:43:17:9c:9f:ce:21:f1:f3:
         22:2e:b6:64:b9:a2:5a:3c:38:b8:e0:20:70:e4:3a:a6:80:5a:
         e8:9b:d9:0e:6d:3b:75:9a:0c:7e:e1:4c:2d:4a:e1:b2:a8:f7:
         84:9f:06:37:9e:27:ca:f2:cf:4a:2f:3b:96:7f:d5:80:ad:91:
         47:cd:2b:f8:60:19:c7:11:91:25:3b:bd:3a:df:65:a1:2f:b7:
         a3:c3:1b:3c:fd:ca:52:6d:ea:fd:01:aa:a5:45:f1:13:5a:7a:
         94:1c:e4:20:b8:17:f8:2b:0b:de:57:b2:5a:a1:23:94:ff:36:
         2e:59:d0:a1:c5:ff:e4:f4:b8:cc:54:35:ef:82:39:fc:19:84:
         42:9a:f0:9c:39:cb:e5:08:43:7a:05:6a:b5:30:cc:92:03:44:
         fb:ff:c3:d9:fd:cf:64:c8:d7:fe:a7:1e:49:ce:c0:35:93:f9:
         be:6b:69:52:b8:a0:ae:51:22:86:56:2a:8e:52:57:03:61:85:
         dc:fa:85:8a:b6:05:c8:54:65:90:58:9f:68:d7:18:8f:12:8b:
         b1:11:d9:ef:5f:e7:30:94:91:97:ff:cd:b2:72:9e:61:15:dc:
         5a:f3:f6:69:57:cc:c8:3d:71:54:86:2c:93:a6:60:01:aa:ec:
         a9:ed:b7:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljwUBSpscKcjGie76P+2EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjUwMTAyMDU0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2Y1MzFiMzNjNjIwNzBkNjk4MWNjYTJiMTE3NmQyZWYzYzA1ODhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyL9Xgiqa1uyGwPh85AIzlxlwHyHe
yGwI2rWBhfvCsAQdoqnfXloz5U5KA2CT/dZJg9gtjdr8/XHGvFPLgBVI27T8iST3
DHoacKNPHIuDQA5Iwmi8QSTA5DToxdTvSVRqXfsmQ70mmSYdkGmOejFMj3dcZTIk
MscoIoFe/gmTLnFDSD6tygYzjhV+Ofbzex2KPfPd0a5FqDKgT3AdXqW82oiEBtk6
OhzQbRKFQolDNWJrVCxNMiUiKKnCULhwIix1AzNKCbFQfartiWph57KwMhUp1ifX
9W979oR7oN4M4vLkgL5WJiUT1i3vTVfRf/rS42k37qfaumSxc+ZdA0YbwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMf1MbM8YgcNaYHMorEXbS7zwFiLMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEveF9VeHN6eGlCdzFwZ2N5aXNSZHRMdlBBV0lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUtYTk3YzBkYzBhNzQ5
LzEvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl+2BMA0G
CSqGSIb3DQEBCwUAA4IBAQBLsUpZF+WgLPz+Qxecn84h8fMiLrZkuaJaPDi44CBw
5DqmgFrom9kObTt1mgx+4UwtSuGyqPeEnwY3nifK8s9KLzuWf9WArZFHzSv4YBnH
EZElO70632WhL7ejwxs8/cpSber9AaqlRfETWnqUHOQguBf4KwveV7JaoSOU/zYu
WdChxf/k9LjMVDXvgjn8GYRCmvCcOcvlCEN6BWq1MMySA0T7/8PZ/c9kyNf+px5J
zsA1k/m+a2lSuKCuUSKGViqOUlcDYYXc+oWKtgXIVGWQWJ9o1xiPEouxEdnvX+cw
lJGX/82ycp5hFdxa8/ZpV8zIPXFUhiyTpmABquyp7bd4
-----END CERTIFICATE-----