Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/41a166-3a00-49bc-935d-56b65b91a73c/1/UzBtv4rJBWuHWcHQ4AX4uDTOlyo.roa
File:                     UzBtv4rJBWuHWcHQ4AX4uDTOlyo.roa (raw, json)
Hash identifier:          Z3SK3q4aI928c85dSlzldkDVe4xsE7amFu9Ez1x1xoY=
Subject key identifier:   53:30:6D:BF:8A:C9:05:6B:87:59:C1:D0:E0:05:F8:B8:34:CE:97:2A
Certificate issuer:       /CN=ef2a98b221abe4dd95999eef292ff0bea41218ac
Certificate serial:       018CC726F1FB10867F385400AB2265F240C1
Authority key identifier: EF:2A:98:B2:21:AB:E4:DD:95:99:9E:EF:29:2F:F0:BE:A4:12:18:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7yqYsiGr5N2VmZ7vKS_wvqQSGKw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/41a166-3a00-49bc-935d-56b65b91a73c/1/UzBtv4rJBWuHWcHQ4AX4uDTOlyo.roa
Signing time:             Mon 01 Jan 2024 22:31:07 +0000
ROA not before:           Mon 01 Jan 2024 22:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12637
IP address blocks:        93.157.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/41a166-3a00-49bc-935d-56b65b91a73c/1/7yqYsiGr5N2VmZ7vKS_wvqQSGKw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/41a166-3a00-49bc-935d-56b65b91a73c/1/7yqYsiGr5N2VmZ7vKS_wvqQSGKw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7yqYsiGr5N2VmZ7vKS_wvqQSGKw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:f1:fb:10:86:7f:38:54:00:ab:22:65:f2:40:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef2a98b221abe4dd95999eef292ff0bea41218ac
        Validity
            Not Before: Jan  1 22:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53306dbf8ac9056b8759c1d0e005f8b834ce972a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:62:57:3d:af:50:9f:21:d2:2a:76:75:4a:a0:
                    c6:95:65:bb:b1:55:08:65:d9:8d:8b:6b:23:7c:95:
                    35:1c:f9:cb:0c:fb:07:65:93:f1:70:4f:b2:a0:fc:
                    a2:1d:47:80:97:99:04:32:ba:e8:b4:ea:6f:ad:1a:
                    f7:24:72:9d:a5:c1:c7:46:dd:64:41:41:f7:80:04:
                    9b:51:26:e0:80:ca:b0:23:53:17:4e:48:68:3a:c3:
                    e0:78:2b:28:f9:c1:d1:a6:5d:74:07:3c:5d:84:05:
                    53:72:84:2c:2a:19:b5:ad:aa:30:9a:5b:21:f6:ae:
                    37:b6:cb:e6:2c:45:0f:da:c4:f2:8f:46:cc:5f:60:
                    6a:f3:2f:c7:60:a6:78:b3:b2:04:a7:31:3f:eb:d9:
                    ac:68:99:2c:57:68:8a:92:93:99:12:e2:b3:95:cd:
                    3c:64:94:61:67:f9:17:81:45:40:d3:42:09:d0:93:
                    6e:ac:11:b8:02:30:c2:f9:07:c3:0c:d5:5d:0b:68:
                    c5:26:49:c2:35:dd:22:21:c7:8d:64:0f:3e:1c:bc:
                    bf:e8:1e:51:e0:1c:ae:c5:47:32:c8:5e:da:00:93:
                    db:56:75:fd:c9:62:47:c6:5a:1a:e9:d3:25:d2:0f:
                    b5:25:4c:4f:e8:23:af:76:f2:f6:f7:bc:26:c3:15:
                    39:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:30:6D:BF:8A:C9:05:6B:87:59:C1:D0:E0:05:F8:B8:34:CE:97:2A
            X509v3 Authority Key Identifier:
                keyid:EF:2A:98:B2:21:AB:E4:DD:95:99:9E:EF:29:2F:F0:BE:A4:12:18:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7yqYsiGr5N2VmZ7vKS_wvqQSGKw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/41a166-3a00-49bc-935d-56b65b91a73c/1/UzBtv4rJBWuHWcHQ4AX4uDTOlyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/41a166-3a00-49bc-935d-56b65b91a73c/1/7yqYsiGr5N2VmZ7vKS_wvqQSGKw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.157.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:53:31:21:0e:8b:0b:3a:87:a8:88:5f:b7:88:fe:a8:52:48:
         87:2a:04:ed:10:30:e7:a0:58:45:55:bb:46:41:c7:92:10:fb:
         3d:42:c9:02:dd:9f:d0:a9:99:92:27:cf:62:8d:6b:99:82:a9:
         10:0d:b7:76:b7:97:28:86:98:5b:cf:f6:82:cc:de:e8:22:87:
         64:99:20:d8:93:fb:11:51:c3:37:5a:f1:61:7e:bd:c3:89:ed:
         9c:c0:0c:3d:82:d7:81:d1:30:71:5b:e0:6b:fa:35:be:74:01:
         ff:fb:24:82:13:d3:10:b4:5f:bc:25:6e:97:62:ba:3a:42:78:
         21:9d:3c:58:ae:54:fd:a5:64:2f:b0:a2:13:4a:16:91:37:65:
         48:9b:83:04:c6:94:38:87:3f:ff:5c:9e:14:56:74:18:9d:fa:
         c9:92:2b:0f:a7:35:cb:e7:cb:5d:fd:15:35:07:96:c3:dc:5b:
         a6:97:c7:a5:05:59:ce:a8:14:d1:dc:53:68:81:53:61:f3:70:
         8a:6a:ef:66:a4:a6:d5:ba:79:ed:3b:1d:26:54:8f:fa:23:bd:
         d0:cb:bd:12:5a:86:11:c9:e6:bb:e0:52:2f:99:79:8a:d3:a9:
         32:73:b7:63:45:86:31:80:bf:41:28:5b:dc:87:a4:5a:e2:19:
         f6:03:70:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJvH7EIZ/OFQAqyJl8kDBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMmE5OGIyMjFhYmU0ZGQ5NTk5OWVlZjI5MmZmMGJlYTQx
MjE4YWMwHhcNMjQwMTAxMjIzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzMwNmRiZjhhYzkwNTZiODc1OWMxZDBlMDA1ZjhiODM0Y2U5NzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2JXPa9QnyHSKnZ1SqDGlWW7sVUI
ZdmNi2sjfJU1HPnLDPsHZZPxcE+yoPyiHUeAl5kEMrrotOpvrRr3JHKdpcHHRt1k
QUH3gASbUSbggMqwI1MXTkhoOsPgeCso+cHRpl10BzxdhAVTcoQsKhm1raowmlsh
9q43tsvmLEUP2sTyj0bMX2Bq8y/HYKZ4s7IEpzE/69msaJksV2iKkpOZEuKzlc08
ZJRhZ/kXgUVA00IJ0JNurBG4AjDC+QfDDNVdC2jFJknCNd0iIceNZA8+HLy/6B5R
4ByuxUcyyF7aAJPbVnX9yWJHxloa6dMl0g+1JUxP6COvdvL297wmwxU5owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMwbb+KyQVrh1nB0OAF+Lg0zpcqMB8GA1UdIwQY
MBaAFO8qmLIhq+TdlZme7ykv8L6kEhisMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3lxWXNpR3I1TjJWbVo3dktTX3d2cVFTR0t3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC80MWExNjYtM2EwMC00OWJjLTkzNWQt
NTZiNjViOTFhNzNjLzEvVXpCdHY0ckpCV3VIV2NIUTRBWDR1RFRPbHlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC80MWExNjYtM2EwMC00OWJjLTkzNWQtNTZiNjViOTFhNzNj
LzEvN3lxWXNpR3I1TjJWbVo3dktTX3d2cVFTR0t3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXZ25MA0G
CSqGSIb3DQEBCwUAA4IBAQAHUzEhDosLOoeoiF+3iP6oUkiHKgTtEDDnoFhFVbtG
QceSEPs9QskC3Z/QqZmSJ89ijWuZgqkQDbd2t5cohphbz/aCzN7oIodkmSDYk/sR
UcM3WvFhfr3Die2cwAw9gteB0TBxW+Br+jW+dAH/+ySCE9MQtF+8JW6XYro6Qngh
nTxYrlT9pWQvsKITShaRN2VIm4MExpQ4hz//XJ4UVnQYnfrJkisPpzXL58td/RU1
B5bD3Fuml8elBVnOqBTR3FNogVNh83CKau9mpKbVunntOx0mVI/6I73Qy70SWoYR
yea74FIvmXmK06kyc7djRYYxgL9BKFvch6Ra4hn2A3Df
-----END CERTIFICATE-----