Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/UWAkOLxdcSPEBsnLHKLGVFj6HSY.roa
File:                     UWAkOLxdcSPEBsnLHKLGVFj6HSY.roa (raw, json)
Hash identifier:          dNB9CSwfrGd4Zr+0Ay5Qi/d5x8ITuVt9C22HWCd4MaA=
Subject key identifier:   51:60:24:38:BC:5D:71:23:C4:06:C9:CB:1C:A2:C6:54:58:FA:1D:26
Certificate issuer:       /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial:       01961ABDDCD4B42E12E33BEFB41333E66C88
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/UWAkOLxdcSPEBsnLHKLGVFj6HSY.roa
Signing time:             Wed 09 Apr 2025 13:29:32 +0000
ROA not before:           Wed 09 Apr 2025 13:29:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395374
IP address blocks:        185.95.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 16:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1a:bd:dc:d4:b4:2e:12:e3:3b:ef:b4:13:33:e6:6c:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
        Validity
            Not Before: Apr  9 13:29:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=51602438bc5d7123c406c9cb1ca2c65458fa1d26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:63:89:ca:de:b2:e0:ff:3b:2e:2a:7a:47:58:
                    7b:cd:1d:47:67:6d:d5:1b:76:dd:b2:44:8c:93:e3:
                    09:a2:a2:96:a8:5a:0d:23:8e:30:40:e4:77:7b:0a:
                    0a:12:33:4f:9b:fc:c8:4e:de:4c:a0:6e:8c:67:b4:
                    16:c9:70:b1:d0:50:d8:7f:4d:d3:4d:3e:dc:34:4c:
                    84:8f:32:5d:db:7a:11:c3:6c:3e:1e:18:42:96:7c:
                    1e:b5:e5:15:50:61:1a:e8:3e:4b:0d:5e:76:35:20:
                    cb:63:a7:5e:43:2a:2f:9d:fc:6c:a6:64:48:b2:28:
                    db:a6:82:63:5e:1a:41:5a:e7:5f:8a:43:53:6d:a8:
                    a8:b6:ff:57:e9:f5:fd:16:8f:fe:f0:18:90:2d:52:
                    ed:b4:a1:54:0c:6f:c1:af:f1:44:0e:63:65:9c:d1:
                    b4:f4:03:2d:de:a4:a6:56:26:07:00:71:c7:05:4f:
                    8c:bb:8a:ee:57:6f:15:a2:11:bd:8a:fd:02:a5:ba:
                    0f:06:aa:59:a7:cf:8e:db:a4:50:f8:dc:1b:ed:ac:
                    52:b8:e9:e0:ab:4a:91:19:fc:b0:85:93:65:3b:10:
                    98:4a:4c:f6:f1:1d:28:a0:2c:b4:b4:61:64:ae:e5:
                    4b:da:45:12:fd:48:84:07:7f:64:48:62:ae:03:90:
                    8d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:60:24:38:BC:5D:71:23:C4:06:C9:CB:1C:A2:C6:54:58:FA:1D:26
            X509v3 Authority Key Identifier:
                keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/UWAkOLxdcSPEBsnLHKLGVFj6HSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:c4:f0:92:2c:5e:ed:0b:d0:bc:6a:4e:03:e8:5b:53:f6:dc:
         51:9b:15:8b:63:31:c9:7f:e3:ba:22:ae:3d:d7:e2:b6:98:1d:
         ba:e2:d2:38:2e:5c:fd:38:03:4a:a9:54:e2:b7:f5:3c:fe:e0:
         50:67:94:e3:ee:f9:02:d6:9c:8f:6f:23:a3:b9:d9:5c:04:ba:
         8e:52:d6:11:a7:64:73:1c:29:ab:77:3c:46:1c:f3:b0:ff:c4:
         d6:79:d0:16:fe:ce:1f:90:22:f0:c2:39:ba:4e:73:29:77:0b:
         15:81:3a:f8:0b:23:a1:28:c9:1d:ac:07:21:c3:0d:9d:7c:16:
         ac:79:5a:b1:fe:6c:e2:15:3d:b6:70:69:b8:1f:e3:d0:ce:26:
         01:60:a2:8a:f0:b7:aa:d7:f6:58:d6:e1:00:f9:d1:91:0c:96:
         a8:76:4c:d0:2c:2e:89:9b:5b:1b:50:8a:94:af:40:f5:2b:6b:
         23:23:8d:04:b0:12:c8:f9:1a:fe:a3:5a:8d:1d:50:6d:94:2d:
         c0:89:db:8f:6b:ff:47:56:f2:06:37:24:1a:c2:73:bd:16:d0:
         63:e4:cb:64:f1:87:5c:50:b2:2f:3c:17:08:ba:3a:c4:c5:4f:
         c6:92:ac:5a:ea:52:63:46:9e:10:fa:ca:eb:a3:5c:4e:36:0b:
         f1:71:53:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYavdzUtC4S4zvvtBMz5myIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwNDA5MTMyOTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTYwMjQzOGJjNWQ3MTIzYzQwNmM5Y2IxY2EyYzY1NDU4ZmExZDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2OJyt6y4P87Lip6R1h7zR1HZ23V
G3bdskSMk+MJoqKWqFoNI44wQOR3ewoKEjNPm/zITt5MoG6MZ7QWyXCx0FDYf03T
TT7cNEyEjzJd23oRw2w+HhhClnweteUVUGEa6D5LDV52NSDLY6deQyovnfxspmRI
sijbpoJjXhpBWudfikNTbaiotv9X6fX9Fo/+8BiQLVLttKFUDG/Br/FEDmNlnNG0
9AMt3qSmViYHAHHHBU+Mu4ruV28VohG9iv0CpboPBqpZp8+O26RQ+Nwb7axSuOng
q0qRGfywhZNlOxCYSkz28R0ooCy0tGFkruVL2kUS/UiEB39kSGKuA5CNpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFFgJDi8XXEjxAbJyxyixlRY+h0mMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvVVdBa09MeGRjU1BFQnNuTEhLTEdWRmo2SFNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV+dMA0G
CSqGSIb3DQEBCwUAA4IBAQBkxPCSLF7tC9C8ak4D6FtT9txRmxWLYzHJf+O6Iq49
1+K2mB264tI4Llz9OANKqVTit/U8/uBQZ5Tj7vkC1pyPbyOjudlcBLqOUtYRp2Rz
HCmrdzxGHPOw/8TWedAW/s4fkCLwwjm6TnMpdwsVgTr4CyOhKMkdrAchww2dfBas
eVqx/mziFT22cGm4H+PQziYBYKKK8Leq1/ZY1uEA+dGRDJaodkzQLC6Jm1sbUIqU
r0D1K2sjI40EsBLI+Rr+o1qNHVBtlC3AiduPa/9HVvIGNyQawnO9FtBj5Mtk8Ydc
ULIvPBcIujrExU/Gkqxa6lJjRp4Q+srro1xONgvxcVOc
-----END CERTIFICATE-----