Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/UPULz0BbmOL6oB1Lvph6s81bIVc.roa
File:                     UPULz0BbmOL6oB1Lvph6s81bIVc.roa (raw, json)
Hash identifier:          KEGK8PJbSBsiHtUKaY1bLTWtxHt/0jD8x2QpGJMF8nk=
Subject key identifier:   50:F5:0B:CF:40:5B:98:E2:FA:A0:1D:4B:BE:98:7A:B3:CD:5B:21:57
Certificate issuer:       /CN=3a839936aeeff288678e772633020fa259bd9cf2
Certificate serial:       01971ED3EDB42C60BEB85CBA365BEB45E9FF
Authority key identifier: 3A:83:99:36:AE:EF:F2:88:67:8E:77:26:33:02:0F:A2:59:BD:9C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OoOZNq7v8ohnjncmMwIPolm9nPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/UPULz0BbmOL6oB1Lvph6s81bIVc.roa
Signing time:             Fri 30 May 2025 01:34:54 +0000
ROA not before:           Fri 30 May 2025 01:34:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214917
IP address blocks:        188.95.68.0/24 maxlen: 24
                          2a12:ff00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/OoOZNq7v8ohnjncmMwIPolm9nPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/OoOZNq7v8ohnjncmMwIPolm9nPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OoOZNq7v8ohnjncmMwIPolm9nPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1e:d3:ed:b4:2c:60:be:b8:5c:ba:36:5b:eb:45:e9:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a839936aeeff288678e772633020fa259bd9cf2
        Validity
            Not Before: May 30 01:34:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50f50bcf405b98e2faa01d4bbe987ab3cd5b2157
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:75:c4:cb:b4:fe:63:53:ea:88:89:6b:c1:16:
                    73:77:13:9c:68:ec:9e:cb:7a:9c:33:85:17:e3:b7:
                    b7:09:ce:66:a3:30:cc:c3:81:cf:c7:36:79:01:be:
                    42:a0:ac:b7:41:65:9d:43:3d:8b:c9:96:37:e6:1b:
                    e8:0c:33:53:6d:10:96:a8:58:a0:e9:a1:74:4d:6f:
                    33:0e:c8:e1:14:b1:20:fa:2a:f6:bc:bc:c4:88:c6:
                    c1:ef:30:cc:34:d4:39:fd:7f:c1:32:06:b4:1b:76:
                    46:b4:ac:66:65:b2:7d:ff:e0:72:82:4c:af:d6:04:
                    17:17:41:1d:b8:30:a3:bd:ad:c6:b3:b0:11:ec:00:
                    b9:7e:19:fc:b7:e2:ee:f6:5c:d3:0c:85:32:23:08:
                    7f:63:ea:c2:dc:5b:63:6d:85:81:d1:5b:81:1f:12:
                    17:96:e3:9e:3b:95:89:f8:44:f8:d8:83:86:e1:83:
                    54:93:39:aa:f5:89:c1:3d:3c:8c:ac:6f:13:03:c1:
                    db:5e:e6:95:8a:46:ee:e5:5d:48:1b:75:b7:e5:41:
                    97:e0:b7:92:0f:db:9d:a3:b3:3e:e9:3c:40:86:4d:
                    5d:56:d2:af:77:80:ca:b6:7b:59:fe:83:8f:09:ae:
                    3a:bc:43:98:93:c2:15:9e:b0:e0:92:01:0d:7d:2b:
                    69:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:F5:0B:CF:40:5B:98:E2:FA:A0:1D:4B:BE:98:7A:B3:CD:5B:21:57
            X509v3 Authority Key Identifier:
                keyid:3A:83:99:36:AE:EF:F2:88:67:8E:77:26:33:02:0F:A2:59:BD:9C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OoOZNq7v8ohnjncmMwIPolm9nPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/UPULz0BbmOL6oB1Lvph6s81bIVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/5c6745-768e-4d61-b604-835f4e37283c/1/OoOZNq7v8ohnjncmMwIPolm9nPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.68.0/24
                IPv6:
                  2a12:ff00::/29

    Signature Algorithm: sha256WithRSAEncryption
         72:11:21:c6:62:69:b8:d5:36:9e:38:43:24:f2:e5:68:67:7f:
         da:4b:df:35:c9:05:07:79:32:eb:b0:d5:8c:2d:8c:ca:b1:ed:
         53:8a:86:63:97:33:2a:39:f5:9d:5c:b7:39:62:1c:08:df:32:
         3f:9b:cf:9c:ed:2d:4e:26:91:e5:40:30:41:b4:9b:4a:d8:66:
         90:f1:3c:ff:25:39:cc:44:03:9a:6f:10:00:d5:7e:14:c1:e3:
         78:70:63:30:4f:fa:b9:d0:d0:a9:0d:bc:01:d3:56:04:25:9e:
         2a:18:dc:54:ff:d1:51:de:4b:08:b9:0d:e4:2b:96:5e:78:e8:
         2e:dc:45:10:b7:d6:f3:4d:3d:15:5c:17:2f:e5:81:e1:a0:61:
         58:8d:98:95:1c:13:e3:05:93:7c:df:06:e4:68:58:dc:c3:de:
         e3:65:b4:62:68:fd:25:59:88:4f:d7:56:e2:53:cc:4d:f1:02:
         cd:ba:80:2b:2d:69:e6:2f:6a:75:6d:f9:80:ad:53:19:d9:2e:
         00:3e:db:60:26:b0:17:35:7e:7c:f5:2e:f8:96:e0:0c:c7:c7:
         76:87:cc:fd:3f:5a:a4:1d:74:70:b7:6e:29:0a:31:5d:05:ff:
         e1:c1:c1:76:7f:ba:4a:50:d7:53:8a:76:2e:92:d9:4b:2f:4b:
         cc:fc:eb:ed
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZce0+20LGC+uFy6NlvrRen/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhODM5OTM2YWVlZmYyODg2NzhlNzcyNjMzMDIwZmEyNTli
ZDljZjIwHhcNMjUwNTMwMDEzNDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGY1MGJjZjQwNWI5OGUyZmFhMDFkNGJiZTk4N2FiM2NkNWIyMTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0HXEy7T+Y1PqiIlrwRZzdxOcaOye
y3qcM4UX47e3Cc5mozDMw4HPxzZ5Ab5CoKy3QWWdQz2LyZY35hvoDDNTbRCWqFig
6aF0TW8zDsjhFLEg+ir2vLzEiMbB7zDMNNQ5/X/BMga0G3ZGtKxmZbJ9/+Bygkyv
1gQXF0EduDCjva3Gs7AR7AC5fhn8t+Lu9lzTDIUyIwh/Y+rC3FtjbYWB0VuBHxIX
luOeO5WJ+ET42IOG4YNUkzmq9YnBPTyMrG8TA8HbXuaVikbu5V1IG3W35UGX4LeS
D9udo7M+6TxAhk1dVtKvd4DKtntZ/oOPCa46vEOYk8IVnrDgkgENfStpFwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFD1C89AW5ji+qAdS76YerPNWyFXMB8GA1UdIwQY
MBaAFDqDmTau7/KIZ453JjMCD6JZvZzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT29PWk5xN3Y4b2huam5jbU13SVBvbG05blBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My81YzY3NDUtNzY4ZS00ZDYxLWI2MDQt
ODM1ZjRlMzcyODNjLzEvVVBVTHowQmJtT0w2b0IxTHZwaDZzODFiSVZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My81YzY3NDUtNzY4ZS00ZDYxLWI2MDQtODM1ZjRlMzcyODNj
LzEvT29PWk5xN3Y4b2huam5jbU13SVBvbG05blBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAvF9EMA0E
AgACMAcDBQMqEv8AMA0GCSqGSIb3DQEBCwUAA4IBAQByESHGYmm41TaeOEMk8uVo
Z3/aS981yQUHeTLrsNWMLYzKse1TioZjlzMqOfWdXLc5YhwI3zI/m8+c7S1OJpHl
QDBBtJtK2GaQ8Tz/JTnMRAOabxAA1X4UweN4cGMwT/q50NCpDbwB01YEJZ4qGNxU
/9FR3ksIuQ3kK5ZeeOgu3EUQt9bzTT0VXBcv5YHhoGFYjZiVHBPjBZN83wbkaFjc
w97jZbRiaP0lWYhP11biU8xN8QLNuoArLWnmL2p1bfmArVMZ2S4APttgJrAXNX58
9S74luAMx8d2h8z9P1qkHXRwt24pCjFdBf/hwcF2f7pKUNdTinYuktlLL0vM/Ovt
-----END CERTIFICATE-----