Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/UmjABTUr0Zb4pHIrxaH4BnUZZBw.roa
File:                     UmjABTUr0Zb4pHIrxaH4BnUZZBw.roa (raw, json)
Hash identifier:          5WOS1og+TrtZTsHliThud8m2Aj8cNpDdBDap4VqTPRc=
Subject key identifier:   52:68:C0:05:35:2B:D1:96:F8:A4:72:2B:C5:A1:F8:06:75:19:64:1C
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019420683568162939A2325E027D9EA0B5AB
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/UmjABTUr0Zb4pHIrxaH4BnUZZBw.roa
Signing time:             Wed 01 Jan 2025 05:48:07 +0000
ROA not before:           Wed 01 Jan 2025 05:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212609
IP address blocks:        171.33.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 01:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:35:68:16:29:39:a2:32:5e:02:7d:9e:a0:b5:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jan  1 05:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5268c005352bd196f8a4722bc5a1f8067519641c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:96:7b:d4:b2:5c:d2:09:aa:30:30:56:b4:45:
                    4d:70:32:8e:46:2d:ea:41:86:e4:07:bd:17:f5:05:
                    b0:4b:75:e1:fa:8d:5f:ea:fa:a9:b7:e4:f1:89:47:
                    0f:2a:30:41:ea:e3:33:34:e6:3c:8a:3f:d4:0b:49:
                    4e:6b:a1:90:39:15:54:67:14:68:38:2d:7e:f2:2e:
                    1e:f4:93:e6:74:72:43:ff:e9:73:09:3b:1c:20:5d:
                    1a:4e:06:1e:cb:cf:46:4c:37:ae:97:58:f6:d1:d2:
                    1e:f1:14:9e:5c:c5:84:7e:4b:97:96:b2:c6:c8:87:
                    79:09:f0:b7:10:56:af:ba:85:55:1f:2b:bc:ee:f4:
                    33:00:de:18:2c:1f:a8:9c:9e:8e:70:97:f5:39:48:
                    4e:05:63:f9:d8:18:1f:32:d0:f8:ca:8e:40:5a:20:
                    a6:35:78:a3:2f:7f:24:82:5a:45:22:52:72:83:12:
                    a0:04:b3:74:4c:29:af:87:f1:90:3f:95:f7:3e:d7:
                    1d:76:c6:21:f9:c9:b0:76:7d:47:6d:c7:a2:98:0d:
                    50:3d:8d:fd:4e:8d:93:2c:6b:5c:58:f2:79:6e:c4:
                    70:6d:33:d9:d8:09:f0:17:12:f0:22:11:63:d5:32:
                    62:02:a8:0f:b6:c9:ba:e8:ac:2b:01:db:f7:02:7e:
                    6a:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:68:C0:05:35:2B:D1:96:F8:A4:72:2B:C5:A1:F8:06:75:19:64:1C
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/UmjABTUr0Zb4pHIrxaH4BnUZZBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.33.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:c3:c6:07:79:17:92:96:7f:57:47:fe:4c:9c:e6:12:06:8e:
         a6:f3:d0:3c:fa:c9:d5:50:93:dc:7d:18:10:fe:81:37:80:75:
         fc:6b:9d:54:c4:91:fe:04:35:4e:e3:68:38:f4:79:96:31:1a:
         54:00:9b:62:4b:86:58:c6:ab:8a:2a:5e:51:75:08:24:34:bc:
         07:a4:f4:2c:48:59:b6:fe:c1:42:df:2b:01:ab:a4:2a:77:77:
         ff:c3:ab:fc:92:ef:b3:56:16:c4:c4:af:f3:03:77:0a:b3:4d:
         88:a0:fb:23:cf:3f:78:c5:79:05:8b:a5:5f:33:1f:3d:76:29:
         26:ab:87:b4:55:28:60:7f:42:7a:36:62:2d:e0:2d:29:a9:26:
         51:fe:60:c8:f0:40:9d:69:77:a9:70:57:67:e6:c2:1a:aa:02:
         84:32:59:75:3e:03:0d:7e:b1:a6:f9:a9:f5:fa:6e:8a:ed:a3:
         5d:b2:ca:88:63:0c:a8:19:a2:b8:30:ea:ec:23:be:04:15:e6:
         da:0f:ae:47:df:0a:23:d8:00:16:26:58:99:4b:a5:4f:07:ea:
         f5:a5:fd:b9:36:9e:a6:06:72:f0:01:f9:06:12:21:07:37:a2:
         59:af:8a:00:f9:27:fa:1e:4a:7e:1d:3c:4f:94:74:58:ca:01:
         c3:4f:9b:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaDVoFik5ojJeAn2eoLWrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjUwMTAxMDU0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjY4YzAwNTM1MmJkMTk2ZjhhNDcyMmJjNWExZjgwNjc1MTk2NDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupZ71LJc0gmqMDBWtEVNcDKORi3q
QYbkB70X9QWwS3Xh+o1f6vqpt+TxiUcPKjBB6uMzNOY8ij/UC0lOa6GQORVUZxRo
OC1+8i4e9JPmdHJD/+lzCTscIF0aTgYey89GTDeul1j20dIe8RSeXMWEfkuXlrLG
yId5CfC3EFavuoVVHyu87vQzAN4YLB+onJ6OcJf1OUhOBWP52BgfMtD4yo5AWiCm
NXijL38kglpFIlJygxKgBLN0TCmvh/GQP5X3PtcddsYh+cmwdn1HbceimA1QPY39
To2TLGtcWPJ5bsRwbTPZ2AnwFxLwIhFj1TJiAqgPtsm66KwrAdv3An5quQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJowAU1K9GW+KRyK8Wh+AZ1GWQcMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvVW1qQUJUVXIwWmI0cEhJcnhhSDRCblVaWkJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqyHwMA0G
CSqGSIb3DQEBCwUAA4IBAQChw8YHeReSln9XR/5MnOYSBo6m89A8+snVUJPcfRgQ
/oE3gHX8a51UxJH+BDVO42g49HmWMRpUAJtiS4ZYxquKKl5RdQgkNLwHpPQsSFm2
/sFC3ysBq6Qqd3f/w6v8ku+zVhbExK/zA3cKs02IoPsjzz94xXkFi6VfMx89dikm
q4e0VShgf0J6NmIt4C0pqSZR/mDI8ECdaXepcFdn5sIaqgKEMll1PgMNfrGm+an1
+m6K7aNdssqIYwyoGaK4MOrsI74EFebaD65H3woj2AAWJliZS6VPB+r1pf25Np6m
BnLwAfkGEiEHN6JZr4oA+Sf6Hkp+HTxPlHRYygHDT5t3
-----END CERTIFICATE-----