Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/UHLO67IVqLK3wBKjtXqCuEnRvo0.roa
File:                     UHLO67IVqLK3wBKjtXqCuEnRvo0.roa (raw, json)
Hash identifier:          xKb+wiHMYIh/xEuY3hGf04/l1U1bmZAY1ABfGNSqwyI=
Subject key identifier:   50:72:CE:EB:B2:15:A8:B2:B7:C0:12:A3:B5:7A:82:B8:49:D1:BE:8D
Certificate issuer:       /CN=e754c347d68d15493de71bb962f0a567e134d603
Certificate serial:       01982431E215E2FEE258DAC30F97D5603F08
Authority key identifier: E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/UHLO67IVqLK3wBKjtXqCuEnRvo0.roa
Signing time:             Sat 19 Jul 2025 19:38:25 +0000
ROA not before:           Sat 19 Jul 2025 19:38:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213535
IP address blocks:        107.161.168.0/24 maxlen: 24
                          162.217.249.0/24 maxlen: 24
                          198.105.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:24:31:e2:15:e2:fe:e2:58:da:c3:0f:97:d5:60:3f:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e754c347d68d15493de71bb962f0a567e134d603
        Validity
            Not Before: Jul 19 19:38:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5072ceebb215a8b2b7c012a3b57a82b849d1be8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:76:22:c8:f6:a0:fd:2b:ff:f2:cf:c7:0a:d3:
                    64:fb:4e:0b:36:48:4d:ff:96:13:bf:0b:c8:b9:0a:
                    1a:9e:2b:3e:e0:91:df:8b:35:91:0b:82:f0:31:1c:
                    24:21:c9:22:a0:28:08:21:18:f9:46:d8:e2:ad:9c:
                    28:62:be:69:4b:5d:69:ea:dc:0e:40:a5:b7:d0:69:
                    d1:f5:99:e0:db:7b:0e:34:dd:c9:c7:66:b9:c0:cf:
                    f0:9a:e9:af:8a:20:88:58:2a:e2:3d:5f:05:03:76:
                    bd:4f:70:5b:e7:56:e5:d9:86:64:c7:5c:99:80:69:
                    c3:c5:f6:aa:55:5f:1e:af:1e:fd:c7:01:ed:96:c0:
                    cd:61:30:b3:13:65:88:c0:70:79:eb:a5:fe:a1:54:
                    12:37:ed:29:37:fd:33:72:41:07:4c:08:51:99:84:
                    2b:8d:45:cb:bc:b6:72:cd:f8:81:94:b4:c6:5b:7b:
                    31:90:87:ae:cb:27:7f:9d:75:91:18:8d:0a:8d:bd:
                    7b:db:ee:78:d2:33:c8:76:82:ca:05:43:30:45:7a:
                    9e:d4:18:cd:27:4c:d2:6f:d2:0c:e5:d2:fe:e6:47:
                    29:8a:4d:04:20:04:a2:53:bf:8c:23:ba:00:1b:12:
                    9b:12:57:9f:01:d0:f0:81:ea:a6:02:26:06:07:0f:
                    b6:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:72:CE:EB:B2:15:A8:B2:B7:C0:12:A3:B5:7A:82:B8:49:D1:BE:8D
            X509v3 Authority Key Identifier:
                keyid:E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/UHLO67IVqLK3wBKjtXqCuEnRvo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.161.168.0/24
                  162.217.249.0/24
                  198.105.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:ad:5b:a0:a1:d2:47:8d:97:a1:35:22:35:5d:44:6c:0c:c2:
         b9:a2:8a:6d:36:b1:6e:49:37:01:70:9a:fc:1b:66:ae:3d:b7:
         c8:a5:fa:f8:a3:5c:15:ff:09:b7:e4:20:f5:5e:dd:dc:81:8f:
         d2:4f:49:a9:b0:cc:14:5c:b0:ed:ea:0c:d2:25:41:37:2f:67:
         2c:c8:6f:07:e3:77:9d:82:0e:0d:8a:b1:98:60:dd:df:52:55:
         45:6b:d9:bf:62:96:dd:fb:86:9f:78:6b:b2:f4:f1:08:c8:d6:
         05:40:7e:2f:36:7c:c3:51:8a:e5:2c:3b:02:77:dc:50:07:21:
         0c:30:51:f0:66:e7:51:95:45:fa:d6:53:c4:ca:27:69:c0:05:
         ef:1c:b8:ba:66:ad:d1:3e:56:a0:43:2e:fc:71:66:10:b5:c4:
         48:0d:29:a8:02:4a:f1:4e:d6:c6:81:89:fa:46:86:2d:0b:97:
         9a:90:bf:97:de:60:16:b1:dc:2e:80:ac:a0:f1:ff:57:af:ea:
         53:e5:eb:64:f2:82:da:b9:42:b0:e4:9a:3b:8a:55:80:15:3d:
         bb:8b:8d:91:38:6b:9b:0f:b8:76:dc:b3:68:78:c6:3a:08:a8:
         1d:bd:8c:5b:38:f2:4c:0a:1c:31:bc:d5:80:cc:f1:d0:6c:60:
         e8:85:d3:a5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZgkMeIV4v7iWNrDD5fVYD8IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NTRjMzQ3ZDY4ZDE1NDkzZGU3MWJiOTYyZjBhNTY3ZTEz
NGQ2MDMwHhcNMjUwNzE5MTkzODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDcyY2VlYmIyMTVhOGIyYjdjMDEyYTNiNTdhODJiODQ5ZDFiZThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3YiyPag/Sv/8s/HCtNk+04LNkhN
/5YTvwvIuQoanis+4JHfizWRC4LwMRwkIckioCgIIRj5RtjirZwoYr5pS11p6twO
QKW30GnR9Zng23sONN3Jx2a5wM/wmumviiCIWCriPV8FA3a9T3Bb51bl2YZkx1yZ
gGnDxfaqVV8erx79xwHtlsDNYTCzE2WIwHB566X+oVQSN+0pN/0zckEHTAhRmYQr
jUXLvLZyzfiBlLTGW3sxkIeuyyd/nXWRGI0Kjb172+540jPIdoLKBUMwRXqe1BjN
J0zSb9IM5dL+5kcpik0EIASiU7+MI7oAGxKbElefAdDwgeqmAiYGBw+2HwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFByzuuyFaiyt8ASo7V6grhJ0b6NMB8GA1UdIwQY
MBaAFOdUw0fWjRVJPecbuWLwpWfhNNYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2It
MzdiNjJkMjIzOTI0LzEvVUhMTzY3SVZxTEszd0JLanRYcUN1RW5Sdm8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2ItMzdiNjJkMjIzOTI0
LzEvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAa6GoAwQA
otn5AwQAxml7MA0GCSqGSIb3DQEBCwUAA4IBAQBRrVugodJHjZehNSI1XURsDMK5
ooptNrFuSTcBcJr8G2auPbfIpfr4o1wV/wm35CD1Xt3cgY/ST0mpsMwUXLDt6gzS
JUE3L2csyG8H43edgg4NirGYYN3fUlVFa9m/Ypbd+4afeGuy9PEIyNYFQH4vNnzD
UYrlLDsCd9xQByEMMFHwZudRlUX61lPEyidpwAXvHLi6Zq3RPlagQy78cWYQtcRI
DSmoAkrxTtbGgYn6RoYtC5eakL+X3mAWsdwugKyg8f9Xr+pT5etk8oLauUKw5Jo7
ilWAFT27i42ROGubD7h23LNoeMY6CKgdvYxbOPJMChwxvNWAzPHQbGDohdOl
-----END CERTIFICATE-----