Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/8efd80-7db3-4e52-ad76-0f896ebca4f8/1/UWPX1C1pYJapHWY_bOOSsesilZo.roa
File:                     UWPX1C1pYJapHWY_bOOSsesilZo.roa (raw, json)
Hash identifier:          9QdQtG1yBNBMUc5+s34FHpgXaUYZ7BxL5SshozmA09w=
Subject key identifier:   51:63:D7:D4:2D:69:60:96:A9:1D:66:3F:6C:E3:92:B1:EB:22:95:9A
Certificate issuer:       /CN=e58069748748e9aebd7be40587d8140efde55b6b
Certificate serial:       018CC7952DFC1A8603F6E31ED149564C4CA0
Authority key identifier: E5:80:69:74:87:48:E9:AE:BD:7B:E4:05:87:D8:14:0E:FD:E5:5B:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YBpdIdI6a69e-QFh9gUDv3lW2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/8efd80-7db3-4e52-ad76-0f896ebca4f8/1/UWPX1C1pYJapHWY_bOOSsesilZo.roa
Signing time:             Tue 02 Jan 2024 00:31:31 +0000
ROA not before:           Tue 02 Jan 2024 00:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12843
IP address blocks:        193.47.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/8efd80-7db3-4e52-ad76-0f896ebca4f8/1/5YBpdIdI6a69e-QFh9gUDv3lW2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/8efd80-7db3-4e52-ad76-0f896ebca4f8/1/5YBpdIdI6a69e-QFh9gUDv3lW2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YBpdIdI6a69e-QFh9gUDv3lW2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 21:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:2d:fc:1a:86:03:f6:e3:1e:d1:49:56:4c:4c:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e58069748748e9aebd7be40587d8140efde55b6b
        Validity
            Not Before: Jan  2 00:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5163d7d42d696096a91d663f6ce392b1eb22959a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:0f:53:b1:89:18:ed:21:21:34:17:86:fb:f1:
                    a2:4e:a1:c3:ef:4f:cb:13:13:35:b1:1e:02:cc:f2:
                    7d:ed:05:61:8e:e7:0a:1d:3f:d7:6a:8c:aa:09:b7:
                    b6:74:30:9e:9e:95:d7:89:57:a9:4c:b3:d1:ae:c6:
                    e4:99:5b:22:03:c8:a3:dd:71:54:11:a1:24:60:d4:
                    be:3e:e8:54:a2:26:78:b7:55:d0:e2:7a:18:78:a6:
                    96:ab:86:e3:d1:2b:e7:63:11:ad:ee:c4:cc:a3:bc:
                    2d:d6:3e:37:e3:e5:52:37:05:33:21:5f:38:b2:57:
                    85:d8:2b:e0:7e:d4:03:66:14:e0:ee:51:1c:c2:b8:
                    80:63:4f:75:e6:f0:aa:c2:fe:0b:47:52:2c:15:99:
                    72:b8:94:bc:c7:ed:b4:7c:53:2f:53:7a:7e:d7:0e:
                    1c:64:fc:9a:bf:7e:64:3d:e2:a3:2c:52:d5:0a:6d:
                    8c:f3:4a:9f:c1:a8:37:d3:ae:e7:80:9e:2e:8d:31:
                    fd:e6:97:97:48:c0:40:67:5a:ca:24:0c:be:91:29:
                    1d:1f:07:e6:1d:dd:a9:7f:3f:75:4f:0f:89:0f:da:
                    df:b9:d4:bc:2b:e3:b5:b4:39:65:45:0c:fb:3c:bb:
                    84:a0:8b:d8:c5:b0:e1:76:e2:3e:bc:fc:28:55:c2:
                    b1:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:63:D7:D4:2D:69:60:96:A9:1D:66:3F:6C:E3:92:B1:EB:22:95:9A
            X509v3 Authority Key Identifier:
                keyid:E5:80:69:74:87:48:E9:AE:BD:7B:E4:05:87:D8:14:0E:FD:E5:5B:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YBpdIdI6a69e-QFh9gUDv3lW2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/8efd80-7db3-4e52-ad76-0f896ebca4f8/1/UWPX1C1pYJapHWY_bOOSsesilZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/8efd80-7db3-4e52-ad76-0f896ebca4f8/1/5YBpdIdI6a69e-QFh9gUDv3lW2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.47.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:86:7c:cf:3d:64:4b:23:d7:e8:1f:1e:db:e2:d8:ee:00:3e:
         4e:9a:df:2b:77:c5:65:be:8c:c3:7e:53:7e:2f:e4:28:ea:22:
         77:ff:c9:70:ea:2c:1c:85:95:ae:67:11:4d:63:1f:4f:6c:ad:
         c2:fe:6b:e0:d2:c0:bd:70:8e:3d:0c:98:6f:a0:3e:a0:9b:7b:
         76:23:a4:f2:bc:11:eb:85:80:19:73:1d:47:0b:b7:e2:83:db:
         5f:22:b6:cc:60:1e:1f:35:6b:34:0d:45:f4:4a:68:7f:54:d8:
         81:63:32:d3:26:dd:3c:14:f8:71:e5:1f:f4:ad:81:eb:20:3d:
         e1:25:94:2b:78:20:61:66:1f:cc:80:ac:16:69:20:25:8e:16:
         fe:56:73:67:15:4c:1f:78:e5:f3:f7:ab:ba:a5:c6:93:7d:61:
         a2:56:06:58:08:b0:c0:a8:8d:ab:ce:09:e9:d3:6b:f0:b0:4c:
         d4:92:e6:4b:0a:ae:d3:a4:1a:73:a6:dc:db:e5:fb:74:ce:3f:
         94:3c:af:8d:52:4d:1d:a4:7b:6e:8b:00:2c:07:e1:77:33:d8:
         44:7f:f9:0e:b4:2c:92:e4:9a:58:2c:81:28:28:e7:62:d8:ea:
         8f:71:79:b6:cc:7f:f1:2f:9f:c8:2e:e7:99:16:ab:1c:50:29:
         17:06:6c:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlS38GoYD9uMe0UlWTEygMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODA2OTc0ODc0OGU5YWViZDdiZTQwNTg3ZDgxNDBlZmRl
NTViNmIwHhcNMjQwMTAyMDAzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTYzZDdkNDJkNjk2MDk2YTkxZDY2M2Y2Y2UzOTJiMWViMjI5NTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQ9TsYkY7SEhNBeG+/GiTqHD70/L
ExM1sR4CzPJ97QVhjucKHT/XaoyqCbe2dDCenpXXiVepTLPRrsbkmVsiA8ij3XFU
EaEkYNS+PuhUoiZ4t1XQ4noYeKaWq4bj0SvnYxGt7sTMo7wt1j434+VSNwUzIV84
sleF2CvgftQDZhTg7lEcwriAY0915vCqwv4LR1IsFZlyuJS8x+20fFMvU3p+1w4c
ZPyav35kPeKjLFLVCm2M80qfwag3067ngJ4ujTH95peXSMBAZ1rKJAy+kSkdHwfm
Hd2pfz91Tw+JD9rfudS8K+O1tDllRQz7PLuEoIvYxbDhduI+vPwoVcKxPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFFj19QtaWCWqR1mP2zjkrHrIpWaMB8GA1UdIwQY
MBaAFOWAaXSHSOmuvXvkBYfYFA795VtrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlCcGRJZEk2YTY5ZS1RRmg5Z1VEdjNsVzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS84ZWZkODAtN2RiMy00ZTUyLWFkNzYt
MGY4OTZlYmNhNGY4LzEvVVdQWDFDMXBZSmFwSFdZX2JPT1NzZXNpbFpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS84ZWZkODAtN2RiMy00ZTUyLWFkNzYtMGY4OTZlYmNhNGY4
LzEvNVlCcGRJZEk2YTY5ZS1RRmg5Z1VEdjNsVzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS+YMA0G
CSqGSIb3DQEBCwUAA4IBAQCHhnzPPWRLI9foHx7b4tjuAD5Omt8rd8VlvozDflN+
L+Qo6iJ3/8lw6iwchZWuZxFNYx9PbK3C/mvg0sC9cI49DJhvoD6gm3t2I6TyvBHr
hYAZcx1HC7fig9tfIrbMYB4fNWs0DUX0Smh/VNiBYzLTJt08FPhx5R/0rYHrID3h
JZQreCBhZh/MgKwWaSAljhb+VnNnFUwfeOXz96u6pcaTfWGiVgZYCLDAqI2rzgnp
02vwsEzUkuZLCq7TpBpzptzb5ft0zj+UPK+NUk0dpHtuiwAsB+F3M9hEf/kOtCyS
5JpYLIEoKOdi2OqPcXm2zH/xL5/ILueZFqscUCkXBmxi
-----END CERTIFICATE-----