Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/UYEZb-NB4LxQf23HXvgumhETuh8.roa
File:                     UYEZb-NB4LxQf23HXvgumhETuh8.roa (raw, json)
Hash identifier:          8WWVRhvoeVKe5QD2G/CV3zdyhFyySnvvIH3sDj2uAKc=
Subject key identifier:   51:81:19:6F:E3:41:E0:BC:50:7F:6D:C7:5E:F8:2E:9A:11:13:BA:1F
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019715A96E7F5D1B0765A60F4053D45494B1
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/UYEZb-NB4LxQf23HXvgumhETuh8.roa
Signing time:             Wed 28 May 2025 06:51:54 +0000
ROA not before:           Wed 28 May 2025 06:51:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        89.249.192.0/21 maxlen: 24
                          89.249.205.0/24 maxlen: 24
                          89.249.206.0/23 maxlen: 24
                          212.42.192.0/20 maxlen: 24
                          212.42.208.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 02:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:15:a9:6e:7f:5d:1b:07:65:a6:0f:40:53:d4:54:94:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: May 28 06:51:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5181196fe341e0bc507f6dc75ef82e9a1113ba1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:db:db:3e:6f:81:0c:db:7e:14:2c:b6:23:41:
                    a0:c3:c0:12:74:6d:b8:91:00:72:17:c5:5e:43:0d:
                    25:80:ad:51:60:53:ac:f7:d2:d1:c2:d9:af:fe:95:
                    27:98:fa:3d:b2:71:ee:43:af:30:0a:2a:8b:4f:d2:
                    32:a4:6c:c2:a4:ab:e5:f8:6a:fd:5c:7c:ad:50:6a:
                    89:d5:d8:28:63:4a:e0:c0:06:c0:72:26:cf:f6:09:
                    6a:6c:a1:95:99:f7:69:ff:48:a7:ed:2f:01:00:62:
                    d4:9a:37:9f:44:d3:1d:cd:8a:21:e7:38:c8:8b:32:
                    d1:4b:8b:78:13:af:87:6c:15:dc:90:67:7e:e2:77:
                    28:63:d4:00:e6:86:df:57:3b:ab:70:76:b8:72:4e:
                    a6:ee:38:63:cd:97:ed:bf:d1:e2:c4:17:48:14:90:
                    22:ab:f2:46:c8:f2:97:65:23:f2:fa:13:48:81:34:
                    74:66:e3:01:25:2c:b7:45:8d:92:1a:e4:41:76:87:
                    d0:35:1b:fe:e5:a1:be:3d:d8:2c:07:f8:10:8c:9d:
                    9e:f2:a7:2b:f9:ab:9d:58:d2:5e:ab:0f:8d:51:ed:
                    09:0c:c0:3e:8c:cb:e7:a8:2c:9b:5e:a1:ce:ff:71:
                    e5:38:a0:5f:2f:0c:9e:2b:78:9e:b4:50:9e:94:d2:
                    af:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:81:19:6F:E3:41:E0:BC:50:7F:6D:C7:5E:F8:2E:9A:11:13:BA:1F
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/UYEZb-NB4LxQf23HXvgumhETuh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.192.0/21
                  89.249.205.0-89.249.207.255
                  212.42.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         14:de:96:c8:97:cc:5d:a4:b9:a5:bf:6b:0d:f4:7b:5d:ef:7a:
         b7:64:a6:45:a9:0a:d8:cb:a8:9f:44:cb:91:f3:34:9d:75:43:
         77:fc:6e:e7:b6:8b:16:0a:76:0a:01:ee:66:54:0e:74:1f:62:
         dc:3e:b6:38:b0:cc:c3:09:31:e7:68:6a:39:55:65:f5:45:39:
         cf:98:5d:7d:24:f0:0d:ab:00:70:04:42:fb:1c:aa:15:fa:bf:
         20:cd:f2:15:a6:2a:7e:a4:71:eb:8f:80:0b:2d:8c:3a:71:1c:
         c6:72:3d:bb:1c:4d:30:29:10:79:1f:7a:d4:88:bf:e9:16:01:
         70:55:ae:b8:a8:83:a3:de:9d:66:fe:5b:34:3f:05:a0:18:52:
         04:e5:15:8f:5c:b1:a7:8c:dc:db:59:56:b3:6a:63:02:79:88:
         18:1c:00:5a:1b:3f:0f:1b:95:ce:45:bf:fd:bd:20:5c:de:8a:
         75:98:00:71:01:4b:aa:c6:ee:bc:c1:37:50:9e:88:69:4c:80:
         9d:b5:66:2d:26:d5:5a:b8:3c:cf:89:78:8c:88:fe:9b:03:d5:
         0c:a8:ca:2b:49:48:89:b3:ea:a9:08:dd:a1:58:d0:09:f1:99:
         f0:3a:87:b7:a3:4c:1d:e5:72:c9:c4:bf:7d:dd:d8:64:94:3b:
         15:d1:91:2e
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZcVqW5/XRsHZaYPQFPUVJSxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwNTI4MDY1MTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTgxMTk2ZmUzNDFlMGJjNTA3ZjZkYzc1ZWY4MmU5YTExMTNiYTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytvbPm+BDNt+FCy2I0Ggw8ASdG24
kQByF8VeQw0lgK1RYFOs99LRwtmv/pUnmPo9snHuQ68wCiqLT9IypGzCpKvl+Gr9
XHytUGqJ1dgoY0rgwAbAcibP9glqbKGVmfdp/0in7S8BAGLUmjefRNMdzYoh5zjI
izLRS4t4E6+HbBXckGd+4ncoY9QA5obfVzurcHa4ck6m7jhjzZftv9HixBdIFJAi
q/JGyPKXZSPy+hNIgTR0ZuMBJSy3RY2SGuRBdofQNRv+5aG+PdgsB/gQjJ2e8qcr
+audWNJeqw+NUe0JDMA+jMvnqCybXqHO/3HlOKBfLwyeK3ietFCelNKvPQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFFGBGW/jQeC8UH9tx174LpoRE7ofMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvVVlFWmItTkI0THhRZjIzSFh2Z3VtaEVUdWg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQDWfnAMAwD
BABZ+c0DBARZ+cADBAXUKsAwDQYJKoZIhvcNAQELBQADggEBABTelsiXzF2kuaW/
aw30e13verdkpkWpCtjLqJ9Ey5HzNJ11Q3f8bue2ixYKdgoB7mZUDnQfYtw+tjiw
zMMJMedoajlVZfVFOc+YXX0k8A2rAHAEQvscqhX6vyDN8hWmKn6kceuPgAstjDpx
HMZyPbscTTApEHkfetSIv+kWAXBVrriog6PenWb+WzQ/BaAYUgTlFY9csaeM3NtZ
VrNqYwJ5iBgcAFobPw8blc5Fv/29IFzeinWYAHEBS6rG7rzBN1CeiGlMgJ21Zi0m
1Vq4PM+JeIyI/psD1QyoyitJSImz6qkI3aFY0AnxmfA6h7ejTB3lcsnEv33d2GSU
OxXRkS4=
-----END CERTIFICATE-----
Generated at Mon Jun 9 12:35:29 2025 by rpki-client