Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/5c3b99-b8ef-4ed1-857c-b65cd136262e/1/ulG9s1p4E1-WG4qfVMMqLFT2A-E.roa
File:                     ulG9s1p4E1-WG4qfVMMqLFT2A-E.roa (raw, json)
Hash identifier:          UHpEzInt0Tizr4zgUdJ1hDrj3nw6V2iPyq2nFxJFp54=
Subject key identifier:   BA:51:BD:B3:5A:78:13:5F:96:1B:8A:9F:54:C3:2A:2C:54:F6:03:E1
Certificate issuer:       /CN=f1f186e97097c8417d9437d70cfdfc527331b5a8
Certificate serial:       018CC5DD1CBA438DCFA927280BB65F1D9EFA
Authority key identifier: F1:F1:86:E9:70:97:C8:41:7D:94:37:D7:0C:FD:FC:52:73:31:B5:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8fGG6XCXyEF9lDfXDP38UnMxtag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/5c3b99-b8ef-4ed1-857c-b65cd136262e/1/ulG9s1p4E1-WG4qfVMMqLFT2A-E.roa
Signing time:             Mon 01 Jan 2024 16:30:51 +0000
ROA not before:           Mon 01 Jan 2024 16:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35176
IP address blocks:        185.252.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/5c3b99-b8ef-4ed1-857c-b65cd136262e/1/8fGG6XCXyEF9lDfXDP38UnMxtag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/5c3b99-b8ef-4ed1-857c-b65cd136262e/1/8fGG6XCXyEF9lDfXDP38UnMxtag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8fGG6XCXyEF9lDfXDP38UnMxtag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 23:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:1c:ba:43:8d:cf:a9:27:28:0b:b6:5f:1d:9e:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1f186e97097c8417d9437d70cfdfc527331b5a8
        Validity
            Not Before: Jan  1 16:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba51bdb35a78135f961b8a9f54c32a2c54f603e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:17:80:c8:1f:35:af:5c:d0:88:ce:42:70:0b:
                    29:4f:8b:6b:5d:d8:fe:6c:c3:d5:a7:c1:f7:48:12:
                    21:bc:66:fb:54:cd:4f:bd:27:d2:03:de:5e:c9:0e:
                    77:e4:df:52:7c:3f:76:9c:c9:0a:84:25:a3:9d:75:
                    3e:a3:06:c3:26:92:2d:ca:1c:a2:87:9a:5c:11:3c:
                    48:94:b1:32:60:5c:09:43:66:4d:92:12:cf:8d:df:
                    7a:a5:cd:0d:8b:36:3c:45:c4:22:ad:42:35:6a:5b:
                    6a:0e:33:3d:9f:eb:0e:08:d8:23:c2:32:42:d4:e8:
                    96:9a:6c:57:af:23:d7:f7:f5:7e:9d:bb:d6:32:19:
                    3f:9b:06:b3:30:25:70:13:b3:86:57:61:f0:14:9b:
                    e0:93:b6:7b:19:84:a2:10:29:d1:64:a5:b3:b9:86:
                    d8:20:b1:ae:f5:17:3d:0d:9f:82:bc:a1:ca:c7:ff:
                    e6:25:3d:d0:28:98:5a:fd:e5:80:34:06:42:c1:5c:
                    d0:a0:4b:47:a6:ce:e3:0f:9c:63:8c:26:74:07:53:
                    d4:84:7e:f8:0b:5e:38:6c:80:44:17:e3:57:ec:48:
                    08:57:1d:8a:bc:76:6c:79:81:69:44:2d:40:a3:7b:
                    ac:ff:97:94:bb:bb:b7:bb:7e:ce:e7:e9:69:49:20:
                    73:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:51:BD:B3:5A:78:13:5F:96:1B:8A:9F:54:C3:2A:2C:54:F6:03:E1
            X509v3 Authority Key Identifier:
                keyid:F1:F1:86:E9:70:97:C8:41:7D:94:37:D7:0C:FD:FC:52:73:31:B5:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8fGG6XCXyEF9lDfXDP38UnMxtag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/5c3b99-b8ef-4ed1-857c-b65cd136262e/1/ulG9s1p4E1-WG4qfVMMqLFT2A-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/5c3b99-b8ef-4ed1-857c-b65cd136262e/1/8fGG6XCXyEF9lDfXDP38UnMxtag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:cc:ab:ac:ed:e9:1b:16:d2:5d:7d:9e:9b:d5:15:b7:06:4a:
         29:be:1b:14:b1:25:31:59:ed:9c:ef:e4:a5:cc:10:b7:41:67:
         ba:a6:e6:67:25:b7:7e:8b:a8:00:77:aa:11:19:3e:0b:f5:34:
         af:4d:36:4c:9e:da:4e:c7:64:e6:d0:b3:d9:ce:98:7e:76:b0:
         cf:6d:34:13:10:f6:b0:6b:ac:55:9b:48:9c:87:9f:c4:b0:85:
         e3:0e:4a:95:61:a1:b0:e9:d0:81:c9:76:12:aa:18:f7:6d:a1:
         b7:de:d8:7a:42:43:89:38:96:44:a7:58:93:60:b4:4a:1e:bf:
         89:5f:a9:e6:1a:56:b7:84:87:3b:21:b4:92:df:52:10:f1:de:
         0b:e4:44:70:8b:b0:f9:37:9f:33:dd:3d:2d:09:f3:f7:ec:7e:
         20:b7:34:b1:c3:88:81:13:b0:8e:47:6a:9d:a3:1b:a1:57:6d:
         ca:a2:14:08:8c:d5:23:11:f3:cd:7c:e1:8f:9c:1b:d4:d2:11:
         86:d7:38:bb:5d:fd:9a:d9:c6:48:01:af:62:1f:58:9d:d0:88:
         76:52:a5:2e:86:f3:46:ca:50:a2:2a:16:cf:1b:35:f9:fc:f6:
         0a:22:60:96:84:ba:e2:03:7d:f4:58:8b:aa:0e:86:10:4a:a3:
         30:86:b0:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Ry6Q43PqScoC7ZfHZ76MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZjE4NmU5NzA5N2M4NDE3ZDk0MzdkNzBjZmRmYzUyNzMz
MWI1YTgwHhcNMjQwMTAxMTYzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTUxYmRiMzVhNzgxMzVmOTYxYjhhOWY1NGMzMmEyYzU0ZjYwM2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBeAyB81r1zQiM5CcAspT4trXdj+
bMPVp8H3SBIhvGb7VM1PvSfSA95eyQ535N9SfD92nMkKhCWjnXU+owbDJpItyhyi
h5pcETxIlLEyYFwJQ2ZNkhLPjd96pc0NizY8RcQirUI1altqDjM9n+sOCNgjwjJC
1OiWmmxXryPX9/V+nbvWMhk/mwazMCVwE7OGV2HwFJvgk7Z7GYSiECnRZKWzuYbY
ILGu9Rc9DZ+CvKHKx//mJT3QKJha/eWANAZCwVzQoEtHps7jD5xjjCZ0B1PUhH74
C144bIBEF+NX7EgIVx2KvHZseYFpRC1Ao3us/5eUu7u3u37O5+lpSSBzqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLpRvbNaeBNflhuKn1TDKixU9gPhMB8GA1UdIwQY
MBaAFPHxhulwl8hBfZQ31wz9/FJzMbWoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGZHRzZYQ1h5RUY5bERmWERQMzhVbk14dGFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi81YzNiOTktYjhlZi00ZWQxLTg1N2Mt
YjY1Y2QxMzYyNjJlLzEvdWxHOXMxcDRFMS1XRzRxZlZNTXFMRlQyQS1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi81YzNiOTktYjhlZi00ZWQxLTg1N2MtYjY1Y2QxMzYyNjJl
LzEvOGZHRzZYQ1h5RUY5bERmWERQMzhVbk14dGFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufwVMA0G
CSqGSIb3DQEBCwUAA4IBAQArzKus7ekbFtJdfZ6b1RW3BkopvhsUsSUxWe2c7+Sl
zBC3QWe6puZnJbd+i6gAd6oRGT4L9TSvTTZMntpOx2Tm0LPZzph+drDPbTQTEPaw
a6xVm0ich5/EsIXjDkqVYaGw6dCByXYSqhj3baG33th6QkOJOJZEp1iTYLRKHr+J
X6nmGla3hIc7IbSS31IQ8d4L5ERwi7D5N58z3T0tCfP37H4gtzSxw4iBE7COR2qd
oxuhV23KohQIjNUjEfPNfOGPnBvU0hGG1zi7Xf2a2cZIAa9iH1id0Ih2UqUuhvNG
ylCiKhbPGzX5/PYKImCWhLriA330WIuqDoYQSqMwhrCC
-----END CERTIFICATE-----