Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/52476d-a794-47d5-8f50-aeda824678d4/1/Ue8t7ak-mdS7pdxiVsJenOH4auM.roa
File:                     Ue8t7ak-mdS7pdxiVsJenOH4auM.roa (raw, json)
Hash identifier:          k9WX2UzIShjk00jzyDRYl9khq3bVFDyiQoOSD2d34B0=
Subject key identifier:   51:EF:2D:ED:A9:3E:99:D4:BB:A5:DC:62:56:C2:5E:9C:E1:F8:6A:E3
Certificate issuer:       /CN=72bd0e36e1c202304a35133b11666625e5d6e5ef
Certificate serial:       018CC870846B3721A0F8B188DEC41C66E61B
Authority key identifier: 72:BD:0E:36:E1:C2:02:30:4A:35:13:3B:11:66:66:25:E5:D6:E5:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cr0ONuHCAjBKNRM7EWZmJeXW5e8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/52476d-a794-47d5-8f50-aeda824678d4/1/Ue8t7ak-mdS7pdxiVsJenOH4auM.roa
Signing time:             Tue 02 Jan 2024 04:31:06 +0000
ROA not before:           Tue 02 Jan 2024 04:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207297
IP address blocks:        193.135.29.0/24 maxlen: 24
                          2a10:1c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/52476d-a794-47d5-8f50-aeda824678d4/1/cr0ONuHCAjBKNRM7EWZmJeXW5e8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/52476d-a794-47d5-8f50-aeda824678d4/1/cr0ONuHCAjBKNRM7EWZmJeXW5e8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cr0ONuHCAjBKNRM7EWZmJeXW5e8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:84:6b:37:21:a0:f8:b1:88:de:c4:1c:66:e6:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72bd0e36e1c202304a35133b11666625e5d6e5ef
        Validity
            Not Before: Jan  2 04:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51ef2deda93e99d4bba5dc6256c25e9ce1f86ae3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:69:0a:d5:35:3e:bd:20:b7:83:ad:31:a5:e7:
                    a9:07:9a:4a:dd:d1:12:1a:82:27:7b:62:92:e1:fa:
                    c8:c7:92:66:96:12:8c:86:f9:02:b7:d2:78:44:d2:
                    39:3d:84:fd:92:cc:d2:d4:e6:b5:27:2e:d2:5d:c8:
                    d4:07:fd:23:d8:50:fd:db:7c:da:48:1e:2b:26:f1:
                    7e:c7:df:da:54:4c:26:a9:bf:60:12:71:cd:60:e0:
                    89:8c:43:4d:5a:d5:0a:47:7f:25:4e:c7:c8:01:07:
                    71:46:26:55:01:3e:01:04:9f:07:2e:31:57:74:f5:
                    0c:36:f3:5c:e2:a8:73:31:77:d5:4f:c6:fc:aa:9f:
                    3f:32:19:27:90:ac:1d:39:79:0f:34:d9:83:74:5b:
                    ab:49:32:47:81:19:cc:e2:51:80:d6:06:e1:58:bd:
                    93:70:65:6d:48:f6:a6:24:44:4c:61:4d:a1:82:7b:
                    7e:5c:83:1d:ea:02:16:6f:92:aa:b3:9e:ca:0f:fa:
                    0c:51:e9:a7:a8:fb:f0:9b:ce:52:56:33:b2:36:12:
                    c2:eb:78:89:fd:53:2d:96:06:1d:49:c4:5a:41:96:
                    fd:45:8a:98:a0:65:14:57:4d:01:ed:ab:94:61:5d:
                    02:87:f0:b9:83:1d:67:6e:1e:b8:d2:2d:d8:42:55:
                    64:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:EF:2D:ED:A9:3E:99:D4:BB:A5:DC:62:56:C2:5E:9C:E1:F8:6A:E3
            X509v3 Authority Key Identifier:
                keyid:72:BD:0E:36:E1:C2:02:30:4A:35:13:3B:11:66:66:25:E5:D6:E5:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cr0ONuHCAjBKNRM7EWZmJeXW5e8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/52476d-a794-47d5-8f50-aeda824678d4/1/Ue8t7ak-mdS7pdxiVsJenOH4auM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/52476d-a794-47d5-8f50-aeda824678d4/1/cr0ONuHCAjBKNRM7EWZmJeXW5e8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.29.0/24
                IPv6:
                  2a10:1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         85:24:57:5e:de:eb:db:10:64:56:97:89:6d:f0:dc:a9:8e:af:
         8b:30:0f:97:57:e5:43:be:a3:ea:c1:17:7a:60:28:76:62:3b:
         d3:6d:97:15:2e:f2:f3:d1:f4:03:81:b5:a9:67:f6:b5:ae:9e:
         ee:af:6b:1a:96:ae:3a:1b:42:b2:a3:83:1b:dc:c0:59:6b:25:
         2b:96:4c:ec:76:75:5b:ea:28:1c:6f:8e:e9:93:6c:3a:94:e9:
         b4:2d:9b:15:d3:4a:46:20:c0:eb:90:38:6d:15:71:8f:68:38:
         1e:a3:0d:35:78:f4:8e:54:13:84:a0:d4:59:ba:15:1b:58:9f:
         d5:b3:14:9a:1e:38:85:62:e7:d5:12:1a:48:99:1a:81:26:9d:
         d2:13:34:2c:cf:b5:fb:96:11:b5:bf:b4:7e:47:b3:c1:79:c9:
         68:70:09:22:6b:f4:04:5d:eb:21:a4:0e:f6:90:9e:86:8a:7d:
         1f:56:f1:36:94:1f:22:ad:12:a3:bd:fd:1d:05:a2:c3:00:09:
         03:7a:00:47:33:e1:d2:6a:3c:35:e9:22:64:86:12:1a:8c:21:
         be:da:5e:d8:67:1c:79:23:16:a4:fe:57:64:fa:4b:ee:ec:1c:
         90:30:8d:86:f0:10:24:38:22:b7:c3:40:7e:c0:8d:70:4f:63:
         88:d3:08:db
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIcIRrNyGg+LGI3sQcZuYbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYmQwZTM2ZTFjMjAyMzA0YTM1MTMzYjExNjY2NjI1ZTVk
NmU1ZWYwHhcNMjQwMTAyMDQzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWVmMmRlZGE5M2U5OWQ0YmJhNWRjNjI1NmMyNWU5Y2UxZjg2YWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhWkK1TU+vSC3g60xpeepB5pK3dES
GoIne2KS4frIx5JmlhKMhvkCt9J4RNI5PYT9kszS1Oa1Jy7SXcjUB/0j2FD923za
SB4rJvF+x9/aVEwmqb9gEnHNYOCJjENNWtUKR38lTsfIAQdxRiZVAT4BBJ8HLjFX
dPUMNvNc4qhzMXfVT8b8qp8/MhknkKwdOXkPNNmDdFurSTJHgRnM4lGA1gbhWL2T
cGVtSPamJERMYU2hgnt+XIMd6gIWb5Kqs57KD/oMUemnqPvwm85SVjOyNhLC63iJ
/VMtlgYdScRaQZb9RYqYoGUUV00B7auUYV0Ch/C5gx1nbh640i3YQlVkDQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFHvLe2pPpnUu6XcYlbCXpzh+GrjMB8GA1UdIwQY
MBaAFHK9DjbhwgIwSjUTOxFmZiXl1uXvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3IwT051SENBakJLTlJNN0VXWm1KZVhXNWU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC81MjQ3NmQtYTc5NC00N2Q1LThmNTAt
YWVkYTgyNDY3OGQ0LzEvVWU4dDdhay1tZFM3cGR4aVZzSmVuT0g0YXVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC81MjQ3NmQtYTc5NC00N2Q1LThmNTAtYWVkYTgyNDY3OGQ0
LzEvY3IwT051SENBakJLTlJNN0VXWm1KZVhXNWU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwYcdMA0E
AgACMAcDBQMqEAHAMA0GCSqGSIb3DQEBCwUAA4IBAQCFJFde3uvbEGRWl4lt8Nyp
jq+LMA+XV+VDvqPqwRd6YCh2YjvTbZcVLvLz0fQDgbWpZ/a1rp7ur2salq46G0Ky
o4Mb3MBZayUrlkzsdnVb6igcb47pk2w6lOm0LZsV00pGIMDrkDhtFXGPaDgeow01
ePSOVBOEoNRZuhUbWJ/VsxSaHjiFYufVEhpImRqBJp3SEzQsz7X7lhG1v7R+R7PB
eclocAkia/QEXeshpA72kJ6Gin0fVvE2lB8irRKjvf0dBaLDAAkDegBHM+HSajw1
6SJkhhIajCG+2l7YZxx5Ixak/ldk+kvu7ByQMI2G8BAkOCK3w0B+wI1wT2OI0wjb
-----END CERTIFICATE-----