Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/5efad6-c9a4-4838-bd67-73717c56b6f3/1/UGAK2Vv5vfcj_tqLoCUvojrrljk.roa
File:                     UGAK2Vv5vfcj_tqLoCUvojrrljk.roa (raw, json)
Hash identifier:          dWkfYmwCuxzjtc+jPQuHj1jjKrVCHzu8r1iCqHENxHc=
Subject key identifier:   50:60:0A:D9:5B:F9:BD:F7:23:FE:DA:8B:A0:25:2F:A2:3A:EB:96:39
Certificate issuer:       /CN=9a2f0701d7a63cf3d193695c395d1a1f78335ccf
Certificate serial:       018CC56E5938D70B76841755D4B81EB4D97B
Authority key identifier: 9A:2F:07:01:D7:A6:3C:F3:D1:93:69:5C:39:5D:1A:1F:78:33:5C:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mi8HAdemPPPRk2lcOV0aH3gzXM8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/5efad6-c9a4-4838-bd67-73717c56b6f3/1/UGAK2Vv5vfcj_tqLoCUvojrrljk.roa
Signing time:             Mon 01 Jan 2024 14:29:52 +0000
ROA not before:           Mon 01 Jan 2024 14:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60893
IP address blocks:        185.58.148.0/22 maxlen: 24
                          185.24.48.0/22 maxlen: 24
                          2a00:7420::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/5efad6-c9a4-4838-bd67-73717c56b6f3/1/mi8HAdemPPPRk2lcOV0aH3gzXM8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/5efad6-c9a4-4838-bd67-73717c56b6f3/1/mi8HAdemPPPRk2lcOV0aH3gzXM8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mi8HAdemPPPRk2lcOV0aH3gzXM8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:59:38:d7:0b:76:84:17:55:d4:b8:1e:b4:d9:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a2f0701d7a63cf3d193695c395d1a1f78335ccf
        Validity
            Not Before: Jan  1 14:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50600ad95bf9bdf723feda8ba0252fa23aeb9639
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:5b:73:9c:87:e3:7c:79:d0:8d:c9:05:c7:6b:
                    e5:c9:f2:0e:5a:6f:2a:37:a6:df:70:94:9b:15:41:
                    75:a4:ac:d3:c9:18:a9:a1:87:92:a3:4e:25:f6:e8:
                    5a:6c:ed:2b:75:4b:53:61:f0:e9:44:93:eb:4c:60:
                    af:24:44:90:84:05:fa:30:6d:ab:6a:a9:bf:33:53:
                    0e:8a:4e:78:18:8b:6e:7c:38:a5:90:e6:02:df:46:
                    44:8f:d1:9a:c9:be:96:c3:57:4e:e3:e0:31:ac:2a:
                    08:01:a0:65:18:f9:0d:91:a0:0f:ec:42:47:ee:d9:
                    c7:a4:6e:b3:c8:7b:22:98:93:77:2d:30:be:f1:79:
                    9c:bf:21:86:07:93:1f:36:a6:5b:4e:5c:23:24:79:
                    f7:63:41:2b:61:72:18:d0:d0:62:2d:86:5d:4e:45:
                    25:04:f0:55:c4:01:fe:01:75:8b:5b:c1:6d:eb:d4:
                    3b:81:64:86:de:77:08:1f:62:8e:c8:d9:a2:8c:ec:
                    34:84:99:4d:f8:ac:98:3f:2e:95:29:2b:b7:ff:5e:
                    7e:6f:e4:53:ae:4e:34:6d:c3:08:69:fb:89:87:42:
                    1d:79:81:46:11:bf:2b:6c:20:f2:cf:23:88:f9:b0:
                    8e:26:ff:21:bc:14:72:f3:d5:00:af:fa:38:8e:92:
                    84:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:60:0A:D9:5B:F9:BD:F7:23:FE:DA:8B:A0:25:2F:A2:3A:EB:96:39
            X509v3 Authority Key Identifier:
                keyid:9A:2F:07:01:D7:A6:3C:F3:D1:93:69:5C:39:5D:1A:1F:78:33:5C:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mi8HAdemPPPRk2lcOV0aH3gzXM8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/5efad6-c9a4-4838-bd67-73717c56b6f3/1/UGAK2Vv5vfcj_tqLoCUvojrrljk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/5efad6-c9a4-4838-bd67-73717c56b6f3/1/mi8HAdemPPPRk2lcOV0aH3gzXM8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.24.48.0/22
                  185.58.148.0/22
                IPv6:
                  2a00:7420::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:34:28:0a:11:c2:ef:56:18:bb:fe:ce:28:f6:b8:47:4d:35:
         f2:ea:15:fe:c7:20:4b:8d:c4:07:28:70:77:4c:a0:d5:c2:07:
         04:1c:1f:ee:1f:13:95:32:ed:26:f3:06:80:e0:63:49:92:62:
         3f:20:87:96:cc:2a:7c:b5:64:2e:c9:52:c1:2d:d9:fc:7a:1b:
         8c:39:6e:19:b3:fc:d8:9d:ac:cf:de:e9:d0:a8:4f:69:54:e4:
         9a:5f:10:c1:bf:20:93:a4:73:83:07:dd:ab:99:f5:7d:0c:3c:
         51:0d:3d:8c:dd:f7:a5:38:da:6a:36:8f:76:1f:53:c9:c9:1e:
         81:a7:1c:0d:c2:87:7c:e5:c5:3f:7e:ed:a8:40:bb:a1:6b:f3:
         de:23:12:6a:d8:0a:c0:56:d7:d0:8a:cf:d4:98:6a:52:72:75:
         d0:70:0a:66:7f:9f:04:bd:eb:d4:81:33:e0:cc:1e:41:3d:70:
         e7:2d:55:4e:11:15:7e:8f:ff:b1:65:26:0e:ca:0b:07:e2:89:
         3c:a4:12:d4:d3:b7:05:e5:78:ca:c7:7b:73:40:8a:d4:5d:62:
         01:0c:a4:c8:15:71:c9:00:7a:1d:77:b3:db:d5:f1:07:ad:86:
         84:07:a0:ba:e2:64:8d:d8:5e:e8:fa:7e:f2:a5:d4:6d:f5:14:
         e7:17:04:4e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFblk41wt2hBdV1LgetNl7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMmYwNzAxZDdhNjNjZjNkMTkzNjk1YzM5NWQxYTFmNzgz
MzVjY2YwHhcNMjQwMTAxMTQyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDYwMGFkOTViZjliZGY3MjNmZWRhOGJhMDI1MmZhMjNhZWI5NjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk1tznIfjfHnQjckFx2vlyfIOWm8q
N6bfcJSbFUF1pKzTyRipoYeSo04l9uhabO0rdUtTYfDpRJPrTGCvJESQhAX6MG2r
aqm/M1MOik54GItufDilkOYC30ZEj9Gayb6Ww1dO4+AxrCoIAaBlGPkNkaAP7EJH
7tnHpG6zyHsimJN3LTC+8XmcvyGGB5MfNqZbTlwjJHn3Y0ErYXIY0NBiLYZdTkUl
BPBVxAH+AXWLW8Ft69Q7gWSG3ncIH2KOyNmijOw0hJlN+KyYPy6VKSu3/15+b+RT
rk40bcMIafuJh0IdeYFGEb8rbCDyzyOI+bCOJv8hvBRy89UAr/o4jpKEpwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFBgCtlb+b33I/7ai6AlL6I665Y5MB8GA1UdIwQY
MBaAFJovBwHXpjzz0ZNpXDldGh94M1zPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWk4SEFkZW1QUFBSazJsY09WMGFIM2d6WE04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS81ZWZhZDYtYzlhNC00ODM4LWJkNjct
NzM3MTdjNTZiNmYzLzEvVUdBSzJWdjV2ZmNqX3RxTG9DVXZvanJybGprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS81ZWZhZDYtYzlhNC00ODM4LWJkNjctNzM3MTdjNTZiNmYz
LzEvbWk4SEFkZW1QUFBSazJsY09WMGFIM2d6WE04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuRgwAwQC
uTqUMA0EAgACMAcDBQAqAHQgMA0GCSqGSIb3DQEBCwUAA4IBAQCZNCgKEcLvVhi7
/s4o9rhHTTXy6hX+xyBLjcQHKHB3TKDVwgcEHB/uHxOVMu0m8waA4GNJkmI/IIeW
zCp8tWQuyVLBLdn8ehuMOW4Zs/zYnazP3unQqE9pVOSaXxDBvyCTpHODB92rmfV9
DDxRDT2M3felONpqNo92H1PJyR6BpxwNwod85cU/fu2oQLuha/PeIxJq2ArAVtfQ
is/UmGpScnXQcApmf58EvevUgTPgzB5BPXDnLVVOERV+j/+xZSYOygsH4ok8pBLU
07cF5XjKx3tzQIrUXWIBDKTIFXHJAHodd7Pb1fEHrYaEB6C64mSN2F7o+n7ypdRt
9RTnFwRO
-----END CERTIFICATE-----