Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/UIGvYkduNGqg09SYQ7P_OdhL5co.roa
File:                     UIGvYkduNGqg09SYQ7P_OdhL5co.roa (raw, json)
Hash identifier:          cF4oKBk4rbOWfJja0DECjSfTGt9MZe0fwhQ8uP9/BBQ=
Subject key identifier:   50:81:AF:62:47:6E:34:6A:A0:D3:D4:98:43:B3:FF:39:D8:4B:E5:CA
Certificate issuer:       /CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
Certificate serial:       01971347B12ADCAC9E5A77FE4814BB92882A
Authority key identifier: 8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/UIGvYkduNGqg09SYQ7P_OdhL5co.roa
Signing time:             Tue 27 May 2025 19:45:54 +0000
ROA not before:           Tue 27 May 2025 19:45:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6886
IP address blocks:        185.29.252.0/22 maxlen: 24
                          2a09:10c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 01:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:13:47:b1:2a:dc:ac:9e:5a:77:fe:48:14:bb:92:88:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
        Validity
            Not Before: May 27 19:45:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5081af62476e346aa0d3d49843b3ff39d84be5ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:eb:0e:88:5d:19:40:73:ba:c0:e5:ee:c4:c2:
                    f5:30:7d:35:05:04:17:b3:bc:f8:3a:c6:b5:87:f4:
                    43:60:9b:69:21:cc:6c:08:b1:5a:2f:6a:21:84:75:
                    0b:4d:d0:72:44:dd:0f:ca:c4:03:c2:05:b9:12:04:
                    60:46:49:f9:e8:4d:3f:de:2f:de:3d:ee:18:40:33:
                    e5:ec:ae:3b:c6:97:ca:86:d2:80:a9:f9:03:17:25:
                    6b:eb:84:6e:03:88:79:1c:09:52:4e:2d:46:72:ce:
                    40:ae:ff:2f:a0:dd:b8:93:d2:7a:c8:d1:47:84:f9:
                    f2:9c:57:c1:39:59:78:bd:67:99:27:44:6f:12:8a:
                    63:49:33:ff:62:ad:4d:e8:d8:22:dc:3c:76:a2:39:
                    3f:7b:41:58:6b:e7:95:56:56:6b:b6:8e:d8:c4:fc:
                    3e:c6:34:79:fe:87:a3:a0:00:f4:79:14:46:9c:0d:
                    31:c6:f4:0f:fb:b3:62:c3:83:f6:43:d1:40:d3:fd:
                    d2:15:97:6b:b9:1e:15:c5:5c:c9:aa:29:9e:d6:a6:
                    d3:82:34:be:33:d5:82:68:73:30:af:8d:c9:8d:fe:
                    f1:6a:b5:25:7b:d9:d1:b4:6a:29:d6:dc:9e:2d:91:
                    d7:30:4c:07:9f:21:38:62:94:6b:30:05:c3:94:4c:
                    61:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:81:AF:62:47:6E:34:6A:A0:D3:D4:98:43:B3:FF:39:D8:4B:E5:CA
            X509v3 Authority Key Identifier:
                keyid:8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/UIGvYkduNGqg09SYQ7P_OdhL5co.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.252.0/22
                IPv6:
                  2a09:10c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7f:13:34:4e:e8:e9:33:07:26:4f:67:5a:99:9c:cf:e9:ad:35:
         a8:d7:c9:5c:30:c3:45:aa:9e:d3:60:54:da:c5:23:62:3e:67:
         36:b1:8e:d7:06:20:f1:dc:f0:df:46:ee:0c:e3:87:d2:29:ca:
         1a:e3:16:80:a4:92:f6:c3:5b:3c:a2:16:e3:5d:a8:93:ce:66:
         8d:f2:67:e6:ce:3c:33:a7:c3:e2:ff:6f:dd:f6:f1:af:2f:ff:
         ea:48:e6:60:84:81:da:3b:02:ba:dd:d8:74:31:06:4f:c5:31:
         01:83:4f:69:a6:21:d5:14:7b:16:76:61:fc:07:c2:c8:c2:00:
         b3:43:2b:e2:88:c0:1f:96:79:d4:bf:d9:1d:8f:10:cd:50:0f:
         2e:d7:43:a1:7f:4a:6c:ae:3f:77:0e:7f:9a:a8:06:59:82:0c:
         02:09:9b:d7:47:79:eb:4a:b0:81:49:2f:03:23:23:b1:6d:23:
         6e:48:8a:d6:f4:af:3f:22:e8:52:91:fd:8d:2d:66:e0:cc:e6:
         a7:cb:e0:b6:f5:92:72:8b:6a:cb:3c:26:9d:3c:90:58:35:9f:
         4a:c8:89:a8:51:3f:7c:22:2e:fc:fe:65:52:10:98:e7:20:6d:
         57:a1:b1:a6:f6:c7:17:94:58:43:84:1e:58:44:ae:e1:98:e0:
         57:7f:86:f3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZcTR7Eq3KyeWnf+SBS7kogqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMDFhYjZjZDQ0YTdhM2VhNDAwMmMxMDZhOTZjNDI3YjUy
YzgxZDUwHhcNMjUwNTI3MTk0NTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDgxYWY2MjQ3NmUzNDZhYTBkM2Q0OTg0M2IzZmYzOWQ4NGJlNWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsesOiF0ZQHO6wOXuxML1MH01BQQX
s7z4Osa1h/RDYJtpIcxsCLFaL2ohhHULTdByRN0PysQDwgW5EgRgRkn56E0/3i/e
Pe4YQDPl7K47xpfKhtKAqfkDFyVr64RuA4h5HAlSTi1Gcs5Arv8voN24k9J6yNFH
hPnynFfBOVl4vWeZJ0RvEopjSTP/Yq1N6Ngi3Dx2ojk/e0FYa+eVVlZrto7YxPw+
xjR5/oejoAD0eRRGnA0xxvQP+7Niw4P2Q9FA0/3SFZdruR4VxVzJqime1qbTgjS+
M9WCaHMwr43Jjf7xarUle9nRtGop1tyeLZHXMEwHnyE4YpRrMAXDlExh6wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFCBr2JHbjRqoNPUmEOz/znYS+XKMB8GA1UdIwQY
MBaAFIoBq2zUSno+pAAsEGqWxCe1LIHVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEt
OWZlYmY4YzNlMzNmLzEvVUlHdllrZHVOR3FnMDlTWVE3UF9PZGhMNWNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEtOWZlYmY4YzNlMzNm
LzEvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuR38MA0E
AgACMAcDBQMqCRDAMA0GCSqGSIb3DQEBCwUAA4IBAQB/EzRO6OkzByZPZ1qZnM/p
rTWo18lcMMNFqp7TYFTaxSNiPmc2sY7XBiDx3PDfRu4M44fSKcoa4xaApJL2w1s8
ohbjXaiTzmaN8mfmzjwzp8Pi/2/d9vGvL//qSOZghIHaOwK63dh0MQZPxTEBg09p
piHVFHsWdmH8B8LIwgCzQyviiMAflnnUv9kdjxDNUA8u10Ohf0psrj93Dn+aqAZZ
ggwCCZvXR3nrSrCBSS8DIyOxbSNuSIrW9K8/IuhSkf2NLWbgzOany+C29ZJyi2rL
PCadPJBYNZ9KyImoUT98Ii78/mVSEJjnIG1XobGm9scXlFhDhB5YRK7hmOBXf4bz
-----END CERTIFICATE-----