Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/UQnIrI6qnZeM8pebhX6H6GiAOhw.roa
File:                     UQnIrI6qnZeM8pebhX6H6GiAOhw.roa (raw, json)
Hash identifier:          vzjOah1aEKMTTLk/uUIli7W9e7bQd33/DqS8oiFFARo=
Subject key identifier:   51:09:C8:AC:8E:AA:9D:97:8C:F2:97:9B:85:7E:87:E8:68:80:3A:1C
Certificate issuer:       /CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
Certificate serial:       01928AFD14B0F11949346B38DE43DC16C9BD
Authority key identifier: BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/UQnIrI6qnZeM8pebhX6H6GiAOhw.roa
Signing time:             Mon 14 Oct 2024 12:24:54 +0000
ROA not before:           Mon 14 Oct 2024 12:24:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21738
IP address blocks:        45.95.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8a:fd:14:b0:f1:19:49:34:6b:38:de:43:dc:16:c9:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
        Validity
            Not Before: Oct 14 12:24:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5109c8ac8eaa9d978cf2979b857e87e868803a1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:0e:f8:dc:67:f1:0b:cd:c7:83:07:1d:a5:f1:
                    7e:c6:43:70:1f:b9:62:71:88:3b:b0:c7:89:72:17:
                    6b:d0:a8:2c:0b:94:9d:fb:14:53:da:ff:49:d4:3c:
                    ff:54:f2:26:7c:a0:93:98:11:b6:dc:7d:64:5c:5b:
                    83:3b:42:11:03:54:8d:84:1d:5c:ee:fe:2d:1b:ed:
                    cb:a8:a2:6c:f6:e0:56:07:87:c5:5f:91:86:87:3a:
                    84:3b:38:f8:ab:fa:15:1a:73:ba:37:d6:67:f2:93:
                    11:7e:bd:8a:3b:35:9b:75:72:4a:ec:2c:4a:e5:de:
                    e5:25:3e:a8:63:ab:80:16:e4:8c:1c:17:ed:2f:b6:
                    2f:18:76:40:5c:10:1d:25:d0:b5:e8:52:21:c1:10:
                    b1:e2:d2:89:d7:fe:4d:2e:e4:a9:4d:ce:0d:84:9b:
                    87:f0:3d:bd:a3:e8:61:83:02:8f:b0:ae:a4:4f:dd:
                    88:6b:fc:de:a0:46:0f:5f:61:7a:0b:40:3a:bd:6b:
                    24:af:6a:ca:08:d8:dc:27:0d:ff:cd:45:c8:7b:22:
                    7e:b9:92:65:63:e1:0a:6f:fb:86:e5:a3:67:ae:63:
                    93:49:bd:d9:cb:d9:50:a2:30:70:72:5f:b6:3a:59:
                    3f:d1:60:06:7b:a9:fd:12:d6:85:e8:b9:35:31:36:
                    f0:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:09:C8:AC:8E:AA:9D:97:8C:F2:97:9B:85:7E:87:E8:68:80:3A:1C
            X509v3 Authority Key Identifier:
                keyid:BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/UQnIrI6qnZeM8pebhX6H6GiAOhw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:8a:8f:9c:d5:c0:dc:7b:f0:c7:1a:aa:77:da:26:34:f3:5c:
         16:7b:e5:6d:f4:16:5d:a8:77:62:9b:83:a8:a1:d8:8e:0f:b9:
         66:bb:c3:59:cd:79:39:7b:2b:d7:6a:b1:cd:2c:a0:eb:a8:ab:
         2f:12:8d:b3:c5:f5:73:cb:a7:db:30:2e:b1:d8:99:1e:4c:5c:
         6d:fd:e7:d9:08:fe:e0:96:c5:28:7a:a2:6d:4b:2f:65:7f:cf:
         36:b1:9f:83:f0:6f:57:d5:e6:69:80:f1:2c:8c:5f:99:b9:f9:
         c5:9f:9b:88:da:80:4e:0d:29:fd:13:a5:35:6b:c8:70:ab:06:
         43:f1:7a:8b:1b:bb:42:f4:f4:6b:bb:f5:e8:c7:9d:43:89:40:
         4c:60:dd:c3:55:a2:df:d7:f5:a0:fe:5c:91:50:fb:69:67:ca:
         02:7c:7c:33:0f:0e:32:70:48:41:ab:5c:c1:b7:3c:69:6f:71:
         72:8c:93:a1:96:67:90:d8:00:f5:25:ae:0e:59:7e:fe:9c:2e:
         7d:e9:c7:6a:63:52:30:6c:6f:73:38:85:24:4c:8f:79:b2:71:
         0f:6d:25:0d:0c:58:bc:20:e8:fa:95:7d:14:0f:7a:61:1d:93:
         fd:43:67:ee:0b:9a:34:0f:ac:b6:e2:33:de:3d:f4:6a:13:99:
         93:cf:21:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKK/RSw8RlJNGs43kPcFsm9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMzY2ODYyOGYwZGY3OWQwNDdlY2EwZDlhZGNmYzBiNjY5
M2UzMDkwHhcNMjQxMDE0MTIyNDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTA5YzhhYzhlYWE5ZDk3OGNmMjk3OWI4NTdlODdlODY4ODAzYTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQ743GfxC83HgwcdpfF+xkNwH7li
cYg7sMeJchdr0KgsC5Sd+xRT2v9J1Dz/VPImfKCTmBG23H1kXFuDO0IRA1SNhB1c
7v4tG+3LqKJs9uBWB4fFX5GGhzqEOzj4q/oVGnO6N9Zn8pMRfr2KOzWbdXJK7CxK
5d7lJT6oY6uAFuSMHBftL7YvGHZAXBAdJdC16FIhwRCx4tKJ1/5NLuSpTc4NhJuH
8D29o+hhgwKPsK6kT92Ia/zeoEYPX2F6C0A6vWskr2rKCNjcJw3/zUXIeyJ+uZJl
Y+EKb/uG5aNnrmOTSb3Zy9lQojBwcl+2Olk/0WAGe6n9EtaF6Lk1MTbwqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEJyKyOqp2XjPKXm4V+h+hogDocMB8GA1UdIwQY
MBaAFL02aGKPDfedBH7KDZrc/Atmk+MJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMt
ZTZiZjMxNmM5NGExLzEvVVFuSXJJNnFuWmVNOHBlYmhYNkg2R2lBT2h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMtZTZiZjMxNmM5NGEx
LzEvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV/iMA0G
CSqGSIb3DQEBCwUAA4IBAQCPio+c1cDce/DHGqp32iY081wWe+Vt9BZdqHdim4Oo
odiOD7lmu8NZzXk5eyvXarHNLKDrqKsvEo2zxfVzy6fbMC6x2JkeTFxt/efZCP7g
lsUoeqJtSy9lf882sZ+D8G9X1eZpgPEsjF+ZufnFn5uI2oBODSn9E6U1a8hwqwZD
8XqLG7tC9PRru/Xox51DiUBMYN3DVaLf1/Wg/lyRUPtpZ8oCfHwzDw4ycEhBq1zB
tzxpb3FyjJOhlmeQ2AD1Ja4OWX7+nC596cdqY1IwbG9zOIUkTI95snEPbSUNDFi8
IOj6lX0UD3phHZP9Q2fuC5o0D6y24jPePfRqE5mTzyEO
-----END CERTIFICATE-----