Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/UJW-eZJiKHQxv90X8-IUNHKBqI8.roa
File:                     UJW-eZJiKHQxv90X8-IUNHKBqI8.roa (raw, json)
Hash identifier:          6vXlUGfcKEGEh45bDHaJXncjhP2ooXhKCDtbAr3ArRY=
Subject key identifier:   50:95:BE:79:92:62:28:74:31:BF:DD:17:F3:E2:14:34:72:81:A8:8F
Certificate issuer:       /CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
Certificate serial:       018E3243C3F82F517FEC25037CA026BEF230
Authority key identifier: 76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/UJW-eZJiKHQxv90X8-IUNHKBqI8.roa
Signing time:             Tue 12 Mar 2024 10:44:45 +0000
ROA not before:           Tue 12 Mar 2024 10:44:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202656
IP address blocks:        31.41.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 06:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:32:43:c3:f8:2f:51:7f:ec:25:03:7c:a0:26:be:f2:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=763d457e5d3cc0acd8a74f8b10e2686bfbc496cb
        Validity
            Not Before: Mar 12 10:44:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5095be799262287431bfdd17f3e214347281a88f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:41:07:4a:1e:4c:c9:19:bc:36:5c:49:1d:6c:
                    c0:10:6c:2c:ec:b2:bd:16:e3:91:61:cb:c1:72:69:
                    6a:1d:3d:a0:ed:a4:db:68:54:57:9a:91:1a:a1:0f:
                    ad:b8:5c:c1:dd:33:e7:22:fc:38:15:af:fa:71:3d:
                    71:88:dd:1c:d6:62:e9:f6:c7:53:92:46:1f:1a:2b:
                    5a:2e:db:d9:03:98:87:4e:f5:83:70:1a:89:63:09:
                    36:f6:8f:0a:29:e4:1f:1a:36:84:db:f3:da:92:44:
                    2a:85:34:07:fa:eb:c4:91:99:3a:d8:9a:64:20:42:
                    65:3a:cf:a8:ef:04:96:e8:93:49:16:f0:96:df:ab:
                    a5:01:38:5c:9e:28:37:82:9b:99:69:21:ed:2c:9e:
                    37:59:a0:09:48:8e:36:49:bb:99:c2:eb:e2:5b:be:
                    6f:d8:37:fb:fe:c5:76:d2:07:50:11:c4:5a:1d:b0:
                    67:b8:e1:fd:fe:22:f1:44:36:e4:14:fa:23:be:c5:
                    26:92:c0:13:2f:d9:ce:bb:a0:d4:6a:80:d2:a2:ee:
                    8a:77:e2:0e:82:42:9b:ed:51:1c:58:41:48:15:b7:
                    7f:8e:32:5d:a0:93:c1:62:59:3a:7f:c8:a5:e8:c9:
                    99:fa:c7:0e:58:e4:c0:64:fa:df:f6:8b:1f:73:4a:
                    05:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:95:BE:79:92:62:28:74:31:BF:DD:17:F3:E2:14:34:72:81:A8:8F
            X509v3 Authority Key Identifier:
                keyid:76:3D:45:7E:5D:3C:C0:AC:D8:A7:4F:8B:10:E2:68:6B:FB:C4:96:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dj1Ffl08wKzYp0-LEOJoa_vElss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/UJW-eZJiKHQxv90X8-IUNHKBqI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/ccc94b-c287-4e5f-8604-7e594f2494cc/1/dj1Ffl08wKzYp0-LEOJoa_vElss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.41.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:0f:69:91:31:af:e9:63:55:52:0f:30:ff:25:28:ee:5d:6e:
         25:cb:32:75:e2:d8:0d:bd:72:03:c1:41:36:b6:34:4d:b7:8a:
         38:58:d2:f4:98:39:68:6b:f9:fe:3e:ee:b4:50:74:67:b8:30:
         ad:6f:f2:c2:3a:c7:a0:4b:bd:30:21:b3:60:96:08:55:30:fc:
         70:a8:f0:cf:6f:f9:8c:52:bc:df:62:16:48:5a:ed:d3:3a:bf:
         fe:d7:85:ee:91:39:35:60:8e:92:9a:97:b7:dc:44:a8:76:4d:
         97:a1:91:8b:82:70:72:72:9e:bb:24:eb:04:78:f6:ae:d2:af:
         51:7d:ae:57:43:1d:f7:4f:89:b9:54:39:b8:d5:83:16:bc:0e:
         e1:a4:c3:09:7c:64:28:c5:45:39:02:90:d5:f5:64:ef:f4:08:
         09:9a:76:40:cf:97:9b:e2:4b:8e:bd:0c:6c:98:13:4f:60:79:
         d5:7b:ec:45:19:75:60:fb:9d:5c:88:a7:af:ac:ad:78:17:9a:
         2d:57:ed:c0:be:07:30:f4:f3:6b:31:2a:33:ae:fa:fc:71:2f:
         91:8d:a3:6a:66:50:69:e7:55:65:9f:06:30:99:df:15:57:f6:
         b0:0a:59:03:47:d8:72:a4:dc:4b:fb:38:e8:b4:ea:7d:58:4b:
         1f:bf:03:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4yQ8P4L1F/7CUDfKAmvvIwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2M2Q0NTdlNWQzY2MwYWNkOGE3NGY4YjEwZTI2ODZiZmJj
NDk2Y2IwHhcNMjQwMzEyMTA0NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDk1YmU3OTkyNjIyODc0MzFiZmRkMTdmM2UyMTQzNDcyODFhODhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEEHSh5MyRm8NlxJHWzAEGws7LK9
FuORYcvBcmlqHT2g7aTbaFRXmpEaoQ+tuFzB3TPnIvw4Fa/6cT1xiN0c1mLp9sdT
kkYfGitaLtvZA5iHTvWDcBqJYwk29o8KKeQfGjaE2/PakkQqhTQH+uvEkZk62Jpk
IEJlOs+o7wSW6JNJFvCW36ulAThcnig3gpuZaSHtLJ43WaAJSI42SbuZwuviW75v
2Df7/sV20gdQEcRaHbBnuOH9/iLxRDbkFPojvsUmksATL9nOu6DUaoDSou6Kd+IO
gkKb7VEcWEFIFbd/jjJdoJPBYlk6f8il6MmZ+scOWOTAZPrf9osfc0oFbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFCVvnmSYih0Mb/dF/PiFDRygaiPMB8GA1UdIwQY
MBaAFHY9RX5dPMCs2KdPixDiaGv7xJbLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQt
N2U1OTRmMjQ5NGNjLzEvVUpXLWVaSmlLSFF4djkwWDgtSVVOSEtCcUk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jY2M5NGItYzI4Ny00ZTVmLTg2MDQtN2U1OTRmMjQ5NGNj
LzEvZGoxRmZsMDh3S3pZcDAtTEVPSm9hX3ZFbHNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyn8MA0G
CSqGSIb3DQEBCwUAA4IBAQBPD2mRMa/pY1VSDzD/JSjuXW4lyzJ14tgNvXIDwUE2
tjRNt4o4WNL0mDloa/n+Pu60UHRnuDCtb/LCOsegS70wIbNglghVMPxwqPDPb/mM
UrzfYhZIWu3TOr/+14XukTk1YI6Smpe33ESodk2XoZGLgnBycp67JOsEePau0q9R
fa5XQx33T4m5VDm41YMWvA7hpMMJfGQoxUU5ApDV9WTv9AgJmnZAz5eb4kuOvQxs
mBNPYHnVe+xFGXVg+51ciKevrK14F5otV+3Avgcw9PNrMSozrvr8cS+RjaNqZlBp
51VlnwYwmd8VV/awClkDR9hypNxL+zjotOp9WEsfvwOW
-----END CERTIFICATE-----