Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/UyqW3Fu5WX86WOFFaVHFVH8PSTQ.roa
File:                     UyqW3Fu5WX86WOFFaVHFVH8PSTQ.roa (raw, json)
Hash identifier:          1WrxTBZC8hAJM4oMgwn7Q6KtzuoZLhr+G608hj5CpyY=
Subject key identifier:   53:2A:96:DC:5B:B9:59:7F:3A:58:E1:45:69:51:C5:54:7F:0F:49:34
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B369A95B9C968AF04F4740B9358ECF
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/UyqW3Fu5WX86WOFFaVHFVH8PSTQ.roa
Signing time:             Mon 14 Jul 2025 16:10:09 +0000
ROA not before:           Mon 14 Jul 2025 16:10:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52008
IP address blocks:        185.58.206.0/24 maxlen: 24
                          185.172.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b3:69:a9:5b:9c:96:8a:f0:4f:47:40:b9:35:8e:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:10:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=532a96dc5bb9597f3a58e1456951c5547f0f4934
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:43:29:1c:ce:a6:dd:bb:03:c5:e1:89:12:ae:
                    72:49:42:88:0f:00:e3:77:fd:45:cd:e3:8f:65:f6:
                    8e:af:f7:54:ea:ee:c7:7a:0d:b4:4e:8d:c0:e2:99:
                    75:20:63:58:3c:1e:e6:ef:de:b3:5b:0a:d8:b0:e7:
                    64:ca:51:55:60:20:b1:5e:ff:3f:a5:01:26:89:bd:
                    06:a4:a4:fb:76:6f:25:bc:67:d2:01:a9:63:2e:92:
                    5f:41:4a:de:8e:e3:17:2c:31:a6:16:9e:e3:30:99:
                    23:bb:9b:08:84:c8:30:b8:28:00:13:de:95:cd:69:
                    b6:e9:b2:c4:7b:6b:f6:a3:d0:02:ec:47:72:a2:8a:
                    5a:c1:5c:e4:1f:e4:f8:24:d3:2d:ac:aa:2c:f2:9d:
                    19:14:64:c1:02:48:30:6d:c8:a2:87:63:1f:7b:3b:
                    a7:d1:a8:be:08:9f:64:4f:b8:fa:2e:d2:d3:21:ca:
                    87:13:47:26:ee:59:ad:e0:9e:85:6d:33:b2:0d:87:
                    46:0b:60:b8:d7:4c:1c:13:ae:e0:53:c5:e4:c4:37:
                    b1:88:44:c9:82:ca:df:71:60:b2:c5:92:cb:c8:fd:
                    2e:78:f1:e9:3d:45:14:87:39:71:61:4b:33:dc:1f:
                    a7:18:bf:09:ba:8c:c6:02:29:23:00:53:55:f2:11:
                    7b:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:2A:96:DC:5B:B9:59:7F:3A:58:E1:45:69:51:C5:54:7F:0F:49:34
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/UyqW3Fu5WX86WOFFaVHFVH8PSTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.58.206.0/24
                  185.172.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:bf:7c:20:c9:23:5d:8c:28:14:df:c3:ac:3d:4c:ff:d4:3f:
         d4:e9:82:10:08:51:e1:58:f4:0e:fe:f5:61:6f:31:9b:32:35:
         83:7f:28:31:52:d0:d4:ff:9e:d8:9b:63:d3:1f:85:c1:a4:cb:
         22:25:46:82:fd:0d:eb:0c:b0:49:83:93:f4:7a:07:23:dd:46:
         48:6e:12:29:ac:8e:3d:82:3d:e8:c5:1f:ea:27:22:39:77:5c:
         27:57:9a:93:1f:4d:eb:b5:fe:fc:e8:1a:07:05:f7:ec:7f:08:
         7e:70:45:87:15:2c:50:10:8c:c6:53:75:ee:bc:0f:63:a5:aa:
         ef:e7:b3:94:0d:de:7b:8d:cd:e1:a7:3e:3a:f3:b9:2f:a7:72:
         bb:79:34:e6:f1:5e:60:6e:d8:2d:f9:d7:b0:dd:ca:e0:00:a8:
         e3:96:49:b1:3c:17:51:76:32:03:a4:a3:a6:a4:40:7d:21:41:
         a0:e7:74:e9:25:28:45:8f:2b:59:3d:c2:42:2c:2e:90:ec:72:
         62:89:7f:16:c9:bf:f2:20:f2:a5:59:04:e8:7a:0c:63:c5:cf:
         fa:d3:1c:a4:37:5b:41:6e:b3:6c:78:7a:3f:21:a1:34:76:c0:
         f0:30:a0:a2:b3:6e:d2:76:6d:e7:4f:ec:23:0c:25:66:21:2b:
         42:f7:76:3c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgJs2mpW5yWivBPR0C5NY7PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYxMDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzJhOTZkYzViYjk1OTdmM2E1OGUxNDU2OTUxYzU1NDdmMGY0OTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA10MpHM6m3bsDxeGJEq5ySUKIDwDj
d/1FzeOPZfaOr/dU6u7Heg20To3A4pl1IGNYPB7m796zWwrYsOdkylFVYCCxXv8/
pQEmib0GpKT7dm8lvGfSAaljLpJfQUrejuMXLDGmFp7jMJkju5sIhMgwuCgAE96V
zWm26bLEe2v2o9AC7EdyoopawVzkH+T4JNMtrKos8p0ZFGTBAkgwbciih2Mfezun
0ai+CJ9kT7j6LtLTIcqHE0cm7lmt4J6FbTOyDYdGC2C410wcE67gU8XkxDexiETJ
gsrfcWCyxZLLyP0uePHpPUUUhzlxYUsz3B+nGL8JuozGAikjAFNV8hF7XQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFMqltxbuVl/OljhRWlRxVR/D0k0MB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvVXlxVzNGdTVXWDg2V09GRmFWSEZWSDhQU1RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuTrOAwQA
uayAMA0GCSqGSIb3DQEBCwUAA4IBAQB4v3wgySNdjCgU38OsPUz/1D/U6YIQCFHh
WPQO/vVhbzGbMjWDfygxUtDU/57Ym2PTH4XBpMsiJUaC/Q3rDLBJg5P0egcj3UZI
bhIprI49gj3oxR/qJyI5d1wnV5qTH03rtf786BoHBffsfwh+cEWHFSxQEIzGU3Xu
vA9jparv57OUDd57jc3hpz4687kvp3K7eTTm8V5gbtgt+dew3crgAKjjlkmxPBdR
djIDpKOmpEB9IUGg53TpJShFjytZPcJCLC6Q7HJiiX8Wyb/yIPKlWQToegxjxc/6
0xykN1tBbrNseHo/IaE0dsDwMKCis27Sdm3nT+wjDCVmIStC93Y8
-----END CERTIFICATE-----