Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/_Um_PacsCcGGNFV6nsh2hMGC7_0.roa
File:                     _Um_PacsCcGGNFV6nsh2hMGC7_0.roa (raw, json)
Hash identifier:          0F4uQNkxWGGJ1jVKWX4O9XIgcNoyE67KayxXqefk3/Q=
Subject key identifier:   FD:49:BF:3D:A7:2C:09:C1:86:34:55:7A:9E:C8:76:84:C1:82:EF:FD
Certificate issuer:       /CN=b9f74a47a6d1a0bf4c216e5fab4d91fb129df3d6
Certificate serial:       018CC4939DE89DF275774AE1BB735B75A61A
Authority key identifier: B9:F7:4A:47:A6:D1:A0:BF:4C:21:6E:5F:AB:4D:91:FB:12:9D:F3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ufdKR6bRoL9MIW5fq02R-xKd89Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/_Um_PacsCcGGNFV6nsh2hMGC7_0.roa
Signing time:             Mon 01 Jan 2024 10:30:57 +0000
ROA not before:           Mon 01 Jan 2024 10:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200602
IP address blocks:        185.54.103.0/24 maxlen: 32
                          5.63.188.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/ufdKR6bRoL9MIW5fq02R-xKd89Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/ufdKR6bRoL9MIW5fq02R-xKd89Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ufdKR6bRoL9MIW5fq02R-xKd89Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:9d:e8:9d:f2:75:77:4a:e1:bb:73:5b:75:a6:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9f74a47a6d1a0bf4c216e5fab4d91fb129df3d6
        Validity
            Not Before: Jan  1 10:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd49bf3da72c09c18634557a9ec87684c182effd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:0e:98:14:b7:30:56:03:c4:07:e9:42:4f:86:
                    33:69:f0:4c:7e:93:59:34:1c:91:e9:3b:9b:d8:1f:
                    96:2a:56:04:dd:04:78:b8:e7:aa:4f:aa:8c:da:6a:
                    f0:ec:06:49:ff:91:95:b1:6c:e5:ee:e2:96:37:59:
                    2e:0d:71:9b:6e:dc:0e:f3:db:6f:c2:f0:25:16:5b:
                    e5:39:04:95:95:c0:3d:a4:4f:33:9e:b0:2b:b7:79:
                    bf:53:23:23:3f:54:3b:91:50:da:c7:6f:03:be:e4:
                    29:cc:c4:01:22:cf:65:a7:a9:7a:ee:c5:6a:2d:c5:
                    b0:a7:de:46:f5:60:bf:7a:7e:d8:73:e0:69:e1:e2:
                    be:0f:b7:cf:66:93:af:26:61:46:83:86:c4:e7:1a:
                    54:1e:87:a5:35:71:35:de:18:27:ab:c5:3f:44:ef:
                    59:d2:36:5d:be:71:e2:98:44:64:4c:02:e1:03:b4:
                    7e:bb:56:7b:b1:d2:9a:1c:e0:00:61:87:96:a8:a5:
                    b1:f6:60:b9:ee:28:3d:54:ae:1e:8e:bb:5b:c6:e0:
                    e2:3a:c5:de:b4:d4:ba:71:7a:43:30:8d:eb:2e:25:
                    a2:90:9e:97:a6:7e:ca:a0:8a:71:54:15:fc:9b:46:
                    99:c8:b9:15:51:4c:06:1f:8c:4e:91:fc:ec:08:02:
                    be:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:49:BF:3D:A7:2C:09:C1:86:34:55:7A:9E:C8:76:84:C1:82:EF:FD
            X509v3 Authority Key Identifier:
                keyid:B9:F7:4A:47:A6:D1:A0:BF:4C:21:6E:5F:AB:4D:91:FB:12:9D:F3:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufdKR6bRoL9MIW5fq02R-xKd89Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/_Um_PacsCcGGNFV6nsh2hMGC7_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/24a0bd-0838-4c95-9ccd-30f608ade48d/1/ufdKR6bRoL9MIW5fq02R-xKd89Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.188.0/23
                  185.54.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:80:53:3d:8d:45:5f:aa:2e:c4:4c:a9:81:b9:2e:01:d1:65:
         dd:d2:3c:d8:85:f5:4f:71:29:9d:cf:2e:c4:53:4b:b3:61:50:
         28:09:6f:96:46:da:f8:e7:96:ae:f3:ee:96:83:4f:1a:81:f2:
         72:a4:a2:90:7c:93:51:df:4e:a5:4d:54:30:00:56:17:5b:ed:
         59:27:48:a8:07:a1:a9:3d:29:3e:df:8d:50:7c:b6:90:da:95:
         32:63:94:d6:75:24:b5:ab:ec:4e:ab:dc:78:fe:08:37:9d:74:
         37:5e:e6:51:43:af:72:c1:1a:b2:50:82:cc:85:31:39:95:d7:
         4b:c7:f8:88:56:e2:a6:58:29:78:ee:fc:95:bf:cf:21:67:09:
         27:4a:6b:0a:73:52:9f:a3:1b:0b:91:0b:8c:4d:6d:87:1c:82:
         4b:11:15:ca:18:26:2b:93:53:76:20:2f:77:09:2c:73:10:85:
         80:a2:5e:7e:c3:74:d4:bc:f7:a2:77:76:6c:ac:18:1c:a6:a9:
         a6:ab:f7:72:88:a3:88:f5:6b:20:c3:c6:64:c8:4e:df:df:7b:
         15:d7:6d:6f:ad:d0:58:ef:41:06:23:35:63:cf:cb:8c:10:42:
         84:4a:83:cc:e8:d7:3c:57:ba:a7:49:67:99:a4:ec:0c:24:99:
         8a:66:ef:fc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEk53onfJ1d0rhu3NbdaYaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5Zjc0YTQ3YTZkMWEwYmY0YzIxNmU1ZmFiNGQ5MWZiMTI5
ZGYzZDYwHhcNMjQwMTAxMTAzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDQ5YmYzZGE3MmMwOWMxODYzNDU1N2E5ZWM4NzY4NGMxODJlZmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmA6YFLcwVgPEB+lCT4YzafBMfpNZ
NByR6Tub2B+WKlYE3QR4uOeqT6qM2mrw7AZJ/5GVsWzl7uKWN1kuDXGbbtwO89tv
wvAlFlvlOQSVlcA9pE8znrArt3m/UyMjP1Q7kVDax28DvuQpzMQBIs9lp6l67sVq
LcWwp95G9WC/en7Yc+Bp4eK+D7fPZpOvJmFGg4bE5xpUHoelNXE13hgnq8U/RO9Z
0jZdvnHimERkTALhA7R+u1Z7sdKaHOAAYYeWqKWx9mC57ig9VK4ejrtbxuDiOsXe
tNS6cXpDMI3rLiWikJ6Xpn7KoIpxVBX8m0aZyLkVUUwGH4xOkfzsCAK+SwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP1Jvz2nLAnBhjRVep7IdoTBgu/9MB8GA1UdIwQY
MBaAFLn3Skem0aC/TCFuX6tNkfsSnfPWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZkS1I2YlJvTDlNSVc1ZnEwMlIteEtkODlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8yNGEwYmQtMDgzOC00Yzk1LTljY2Qt
MzBmNjA4YWRlNDhkLzEvX1VtX1BhY3NDY0dHTkZWNm5zaDJoTUdDN18wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8yNGEwYmQtMDgzOC00Yzk1LTljY2QtMzBmNjA4YWRlNDhk
LzEvdWZkS1I2YlJvTDlNSVc1ZnEwMlIteEtkODlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBBT+8AwQA
uTZnMA0GCSqGSIb3DQEBCwUAA4IBAQAygFM9jUVfqi7ETKmBuS4B0WXd0jzYhfVP
cSmdzy7EU0uzYVAoCW+WRtr455au8+6Wg08agfJypKKQfJNR306lTVQwAFYXW+1Z
J0ioB6GpPSk+341QfLaQ2pUyY5TWdSS1q+xOq9x4/gg3nXQ3XuZRQ69ywRqyUILM
hTE5lddLx/iIVuKmWCl47vyVv88hZwknSmsKc1KfoxsLkQuMTW2HHIJLERXKGCYr
k1N2IC93CSxzEIWAol5+w3TUvPeid3ZsrBgcpqmmq/dyiKOI9Wsgw8ZkyE7f33sV
121vrdBY70EGIzVjz8uMEEKESoPM6Nc8V7qnSWeZpOwMJJmKZu/8
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:58:24 2024 by rpki-client on console-ams.rpki-client.org