Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/UeVZOMy3sLqRb-jHxcEqrPa3vaI.roa
File:                     UeVZOMy3sLqRb-jHxcEqrPa3vaI.roa (raw, json)
Hash identifier:          J3aS99lHixQv29whtFlARZD2hOIYf9/apPweThlkqwY=
Subject key identifier:   51:E5:59:38:CC:B7:B0:BA:91:6F:E8:C7:C5:C1:2A:AC:F6:B7:BD:A2
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       01942748594434569C234F34FA2AEA07A157
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/UeVZOMy3sLqRb-jHxcEqrPa3vaI.roa
Signing time:             Thu 02 Jan 2025 13:50:40 +0000
ROA not before:           Thu 02 Jan 2025 13:50:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47527
IP address blocks:        192.121.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:59:44:34:56:9c:23:4f:34:fa:2a:ea:07:a1:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 13:50:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=51e55938ccb7b0ba916fe8c7c5c12aacf6b7bda2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:a7:2b:ae:18:51:33:5d:28:5d:c6:8b:6d:1b:
                    ed:b2:4e:0d:94:44:5f:e1:b5:f0:49:b5:70:cb:6d:
                    38:75:49:65:80:59:76:20:36:08:51:f3:62:d8:ee:
                    5d:70:ab:b4:57:f1:a9:f1:f2:c1:de:da:92:93:d5:
                    a0:02:84:10:ff:be:5e:07:9d:bd:27:08:61:04:c8:
                    2c:0b:6c:76:0a:49:08:1a:fa:3b:fd:f6:dd:6c:56:
                    27:e5:7a:20:82:7e:a7:a4:48:7e:bb:e8:8d:91:09:
                    2c:0e:9c:f1:24:8c:0b:78:cb:69:15:e9:8f:c3:97:
                    80:56:7b:9f:b3:93:f4:a7:5b:9e:50:97:f5:33:a5:
                    33:57:d9:73:06:dd:cf:32:e7:37:a4:ad:f2:cc:82:
                    47:01:03:05:92:63:71:a3:93:e6:00:e9:a7:4e:71:
                    14:17:11:8f:f8:d8:52:e7:44:fe:c1:c1:07:04:37:
                    fe:03:c7:66:64:43:93:60:37:73:bd:aa:c3:88:21:
                    12:45:e0:61:f9:3a:51:a0:fc:b9:7b:a6:04:b6:69:
                    5e:e5:7a:fd:10:c5:32:5d:a8:eb:08:92:12:6a:e9:
                    3b:4e:de:b6:5e:e4:ef:db:56:4f:cb:99:ab:d5:49:
                    4e:58:79:f5:7c:57:03:30:33:bc:4d:14:34:f3:be:
                    83:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:E5:59:38:CC:B7:B0:BA:91:6F:E8:C7:C5:C1:2A:AC:F6:B7:BD:A2
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/UeVZOMy3sLqRb-jHxcEqrPa3vaI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.121.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:99:66:1e:33:75:fb:fb:22:b2:df:a5:65:3c:33:83:62:c5:
         a5:9e:ef:0b:5e:01:28:60:02:8e:83:27:6d:d0:c9:74:3d:3f:
         2e:1e:27:f9:a5:bf:e4:7b:a1:90:06:c2:ac:ef:6e:24:08:ed:
         64:34:2c:d1:3c:6a:3a:1c:b0:95:e5:91:78:db:cc:25:e2:09:
         be:cd:5b:5f:90:bf:1d:8c:1a:a9:06:0c:ec:ba:a9:d4:d7:42:
         e8:c1:ac:4d:6f:7d:00:ef:2f:2d:8b:ea:64:80:d4:b3:da:c4:
         36:5f:bf:4d:03:f3:c4:48:9b:cd:7a:fc:64:9b:af:37:07:7d:
         84:6c:d5:62:52:24:eb:d4:7f:4a:8b:87:08:71:1e:4a:de:81:
         60:2e:e2:1f:a3:6c:07:3a:23:32:f0:f1:9a:19:6f:1c:48:88:
         71:32:bf:1a:48:ed:0f:ca:a9:c2:c8:13:c9:d7:a4:86:80:ae:
         ca:df:c2:83:4c:7a:a3:b1:1e:da:5e:74:4c:7a:5b:6d:8c:f5:
         98:a6:65:93:cb:fa:74:1e:cf:76:f1:57:94:a0:0b:01:5f:a1:
         37:54:92:dc:1b:37:2c:cf:b4:7a:7d:b8:32:e6:f3:a8:73:88:
         2e:67:79:b1:50:5a:f6:73:18:20:51:0a:3b:fa:d5:8a:94:ab:
         ae:a2:b1:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSFlENFacI080+irqB6FXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMTAyMTM1MDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWU1NTkzOGNjYjdiMGJhOTE2ZmU4YzdjNWMxMmFhY2Y2YjdiZGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6crrhhRM10oXcaLbRvtsk4NlERf
4bXwSbVwy204dUllgFl2IDYIUfNi2O5dcKu0V/Gp8fLB3tqSk9WgAoQQ/75eB529
JwhhBMgsC2x2CkkIGvo7/fbdbFYn5Xoggn6npEh+u+iNkQksDpzxJIwLeMtpFemP
w5eAVnufs5P0p1ueUJf1M6UzV9lzBt3PMuc3pK3yzIJHAQMFkmNxo5PmAOmnTnEU
FxGP+NhS50T+wcEHBDf+A8dmZEOTYDdzvarDiCESReBh+TpRoPy5e6YEtmle5Xr9
EMUyXajrCJISauk7Tt62XuTv21ZPy5mr1UlOWHn1fFcDMDO8TRQ0876DJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFHlWTjMt7C6kW/ox8XBKqz2t72iMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvVWVWWk9NeTNzTHFSYi1qSHhjRXFyUGEzdmFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwHnsMA0G
CSqGSIb3DQEBCwUAA4IBAQA7mWYeM3X7+yKy36VlPDODYsWlnu8LXgEoYAKOgydt
0Ml0PT8uHif5pb/ke6GQBsKs724kCO1kNCzRPGo6HLCV5ZF428wl4gm+zVtfkL8d
jBqpBgzsuqnU10LowaxNb30A7y8ti+pkgNSz2sQ2X79NA/PESJvNevxkm683B32E
bNViUiTr1H9Ki4cIcR5K3oFgLuIfo2wHOiMy8PGaGW8cSIhxMr8aSO0PyqnCyBPJ
16SGgK7K38KDTHqjsR7aXnRMelttjPWYpmWTy/p0Hs928VeUoAsBX6E3VJLcGzcs
z7R6fbgy5vOoc4guZ3mxUFr2cxggUQo7+tWKlKuuorEZ
-----END CERTIFICATE-----