Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/73fe78-f00d-45f8-bfd3-f2a0e9c8c7f0/1/UKGb-85m8bF_p3DHIAVA6HIYV1I.roa
File:                     UKGb-85m8bF_p3DHIAVA6HIYV1I.roa (raw, json)
Hash identifier:          yM90WaQtUFrCFZFvNlx0W7L26i/LfqO4EGlflvqkTBA=
Subject key identifier:   50:A1:9B:FB:CE:66:F1:B1:7F:A7:70:C7:20:05:40:E8:72:18:57:52
Certificate issuer:       /CN=7946c5601064101b1b54cf5c6efcd407f17911b9
Certificate serial:       018CC803086367CE6BDC9CE238A698D4C9E9
Authority key identifier: 79:46:C5:60:10:64:10:1B:1B:54:CF:5C:6E:FC:D4:07:F1:79:11:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eUbFYBBkEBsbVM9cbvzUB_F5Ebk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/73fe78-f00d-45f8-bfd3-f2a0e9c8c7f0/1/UKGb-85m8bF_p3DHIAVA6HIYV1I.roa
Signing time:             Tue 02 Jan 2024 02:31:31 +0000
ROA not before:           Tue 02 Jan 2024 02:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8708
IP address blocks:        194.102.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/73fe78-f00d-45f8-bfd3-f2a0e9c8c7f0/1/eUbFYBBkEBsbVM9cbvzUB_F5Ebk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/73fe78-f00d-45f8-bfd3-f2a0e9c8c7f0/1/eUbFYBBkEBsbVM9cbvzUB_F5Ebk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eUbFYBBkEBsbVM9cbvzUB_F5Ebk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:08:63:67:ce:6b:dc:9c:e2:38:a6:98:d4:c9:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7946c5601064101b1b54cf5c6efcd407f17911b9
        Validity
            Not Before: Jan  2 02:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50a19bfbce66f1b17fa770c7200540e872185752
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:34:3a:d9:f9:bc:58:d3:45:a4:6f:98:b2:ad:
                    77:56:76:ce:92:87:a9:80:0b:00:c6:b7:d2:42:ae:
                    93:c4:32:38:eb:43:d2:5a:56:e8:13:77:fd:e8:b8:
                    8c:b0:a3:95:d3:09:9a:7d:98:d8:ab:eb:59:54:e6:
                    51:b3:2b:f9:7f:ac:44:59:7b:6e:d0:d0:0b:79:b3:
                    d7:8c:d6:80:e9:f4:ab:79:2b:ed:bc:5c:51:16:40:
                    93:08:c6:49:de:9a:a9:d2:b2:0e:77:7e:7a:a6:59:
                    b5:89:67:b3:a3:82:55:37:89:8c:df:39:0d:68:0b:
                    d4:03:a2:d2:3c:28:55:e9:c4:23:b9:fa:51:2f:8e:
                    8f:5b:7b:df:4c:07:3c:0c:2b:b7:11:55:d9:5b:f5:
                    6a:3e:17:0c:5d:28:22:03:9e:34:4b:62:33:2a:0a:
                    bc:d9:09:a5:e3:ed:42:60:4b:43:e2:c6:b1:35:4f:
                    86:77:33:7d:89:9a:e7:e8:29:4d:38:38:a4:4f:e3:
                    18:21:17:98:78:e6:71:ad:48:dd:30:67:23:5a:40:
                    16:7e:e6:69:20:28:02:bd:6c:8b:9d:96:bb:c0:b1:
                    5c:6f:33:56:bc:e7:79:af:2f:20:41:8a:9d:50:e6:
                    7d:1c:28:2f:57:79:d3:f8:be:eb:87:2f:f5:cb:c9:
                    18:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:A1:9B:FB:CE:66:F1:B1:7F:A7:70:C7:20:05:40:E8:72:18:57:52
            X509v3 Authority Key Identifier:
                keyid:79:46:C5:60:10:64:10:1B:1B:54:CF:5C:6E:FC:D4:07:F1:79:11:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eUbFYBBkEBsbVM9cbvzUB_F5Ebk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/73fe78-f00d-45f8-bfd3-f2a0e9c8c7f0/1/UKGb-85m8bF_p3DHIAVA6HIYV1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/73fe78-f00d-45f8-bfd3-f2a0e9c8c7f0/1/eUbFYBBkEBsbVM9cbvzUB_F5Ebk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.102.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:07:6a:b3:48:53:d4:20:9f:3c:98:76:8d:97:99:c3:2b:a7:
         c6:68:2c:bf:28:5d:67:cf:66:0e:4f:9e:46:6c:83:0f:12:70:
         09:4c:49:6e:da:8c:27:0f:4a:8a:87:39:d3:e1:69:9f:6e:5a:
         ae:77:21:da:f5:25:ae:20:c4:c4:60:54:f8:9f:20:fd:72:05:
         06:d1:88:ba:2a:bf:c7:ce:d3:f9:3c:60:9f:07:51:87:e3:c7:
         95:98:8a:2d:a7:c2:b9:88:8b:a9:20:f0:e3:cf:00:c1:9e:56:
         6e:df:9f:84:de:3b:8c:3c:22:5a:4c:d2:ee:2e:16:47:dd:2e:
         49:ad:54:01:99:ac:17:75:b0:36:69:0f:32:d4:73:cb:e1:ea:
         4d:5b:49:9a:53:85:12:b2:16:86:d0:4a:2a:0f:e1:ee:ad:ea:
         ba:1e:ff:5a:c8:28:66:5c:6d:69:09:05:90:55:54:2b:65:3c:
         a7:0d:46:58:59:09:18:0e:99:d0:5d:c4:c9:c2:c3:71:04:f2:
         12:13:fe:49:a8:c2:e7:c5:87:56:21:31:8c:6a:65:43:28:e8:
         24:c1:ce:e2:3d:4d:62:82:d9:be:11:e4:b1:79:78:70:ee:82:
         c9:94:39:ac:a1:76:8a:be:e1:98:55:79:4f:20:ce:c3:fa:62:
         0a:c7:9d:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAwhjZ85r3JziOKaY1MnpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NDZjNTYwMTA2NDEwMWIxYjU0Y2Y1YzZlZmNkNDA3ZjE3
OTExYjkwHhcNMjQwMTAyMDIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGExOWJmYmNlNjZmMWIxN2ZhNzcwYzcyMDA1NDBlODcyMTg1NzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjQ62fm8WNNFpG+Ysq13VnbOkoep
gAsAxrfSQq6TxDI460PSWlboE3f96LiMsKOV0wmafZjYq+tZVOZRsyv5f6xEWXtu
0NALebPXjNaA6fSreSvtvFxRFkCTCMZJ3pqp0rIOd356plm1iWezo4JVN4mM3zkN
aAvUA6LSPChV6cQjufpRL46PW3vfTAc8DCu3EVXZW/VqPhcMXSgiA540S2IzKgq8
2Qml4+1CYEtD4saxNU+GdzN9iZrn6ClNODikT+MYIReYeOZxrUjdMGcjWkAWfuZp
ICgCvWyLnZa7wLFcbzNWvOd5ry8gQYqdUOZ9HCgvV3nT+L7rhy/1y8kYxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFChm/vOZvGxf6dwxyAFQOhyGFdSMB8GA1UdIwQY
MBaAFHlGxWAQZBAbG1TPXG781AfxeRG5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVViRllCQmtFQnNiVk05Y2J2elVCX0Y1RWJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC83M2ZlNzgtZjAwZC00NWY4LWJmZDMt
ZjJhMGU5YzhjN2YwLzEvVUtHYi04NW04YkZfcDNESElBVkE2SElZVjFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC83M2ZlNzgtZjAwZC00NWY4LWJmZDMtZjJhMGU5YzhjN2Yw
LzEvZVViRllCQmtFQnNiVk05Y2J2elVCX0Y1RWJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmaAMA0G
CSqGSIb3DQEBCwUAA4IBAQBSB2qzSFPUIJ88mHaNl5nDK6fGaCy/KF1nz2YOT55G
bIMPEnAJTElu2ownD0qKhznT4WmfblqudyHa9SWuIMTEYFT4nyD9cgUG0Yi6Kr/H
ztP5PGCfB1GH48eVmIotp8K5iIupIPDjzwDBnlZu35+E3juMPCJaTNLuLhZH3S5J
rVQBmawXdbA2aQ8y1HPL4epNW0maU4USshaG0EoqD+Hureq6Hv9ayChmXG1pCQWQ
VVQrZTynDUZYWQkYDpnQXcTJwsNxBPISE/5JqMLnxYdWITGMamVDKOgkwc7iPU1i
gtm+EeSxeXhw7oLJlDmsoXaKvuGYVXlPIM7D+mIKx51O
-----END CERTIFICATE-----