Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/uV4t_7bTpNlFxKD9GYRWKLiyTLU.roa
File:                     uV4t_7bTpNlFxKD9GYRWKLiyTLU.roa (raw, json)
Hash identifier:          K6OEW6tNyr4l0fhWATgLvlxaTWug9MOuApyrEqbKNyE=
Subject key identifier:   B9:5E:2D:FF:B6:D3:A4:D9:45:C4:A0:FD:19:84:56:28:B8:B2:4C:B5
Certificate issuer:       /CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
Certificate serial:       019421B2176D591C54F6F04B13501F6DE40F
Authority key identifier: 54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/uV4t_7bTpNlFxKD9GYRWKLiyTLU.roa
Signing time:             Wed 01 Jan 2025 11:48:26 +0000
ROA not before:           Wed 01 Jan 2025 11:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42246
IP address blocks:        82.177.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:17:6d:59:1c:54:f6:f0:4b:13:50:1f:6d:e4:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=546834e68890f3986a1b0457ce0f54ae03c2d76b
        Validity
            Not Before: Jan  1 11:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b95e2dffb6d3a4d945c4a0fd19845628b8b24cb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ae:cf:a6:c8:fb:dc:98:4b:bb:ea:f1:e3:88:
                    5f:ec:48:23:62:68:af:5f:59:d8:d0:08:17:dc:95:
                    f4:b3:5c:d5:c4:36:2d:9e:bd:96:fe:1c:b7:b7:5c:
                    a1:64:10:e3:d7:d8:a7:b8:89:4a:84:52:27:d6:88:
                    a0:5d:4e:4c:e1:b0:db:53:20:83:43:59:0f:08:6b:
                    ec:9a:25:27:a4:ff:04:d3:48:90:2c:5d:7e:be:85:
                    bf:3f:84:e5:31:2b:0b:ba:d2:d3:bb:fd:26:ca:b7:
                    b2:f6:5e:67:e9:37:1e:28:c3:8f:3f:a4:22:c6:ce:
                    aa:b0:ea:1e:5f:14:a9:ee:aa:62:77:a4:ba:d0:47:
                    f0:e0:4d:b9:b2:94:02:23:1e:08:4d:44:5f:a3:a4:
                    73:a2:b9:a1:5e:82:4e:2c:0a:f7:92:1b:a6:62:de:
                    c5:9f:95:1d:6d:84:8d:84:4a:78:21:e2:e8:8e:39:
                    37:9b:43:94:7b:b3:b4:fc:c6:b5:3d:c5:4c:b6:3e:
                    c2:fe:4b:43:eb:2a:e8:b6:73:c6:07:92:e1:c0:db:
                    b5:f6:a9:80:41:fc:53:f8:11:80:2a:c6:f7:82:e4:
                    de:3f:d4:d9:9d:9a:10:13:b3:a8:cc:0f:cc:bd:06:
                    57:3a:00:87:3e:b5:f1:58:27:b9:17:5f:7f:75:de:
                    28:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:5E:2D:FF:B6:D3:A4:D9:45:C4:A0:FD:19:84:56:28:B8:B2:4C:B5
            X509v3 Authority Key Identifier:
                keyid:54:68:34:E6:88:90:F3:98:6A:1B:04:57:CE:0F:54:AE:03:C2:D7:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VGg05oiQ85hqGwRXzg9UrgPC12s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/uV4t_7bTpNlFxKD9GYRWKLiyTLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/5f2f0b-fd82-44fa-b634-52766b24baa4/1/VGg05oiQ85hqGwRXzg9UrgPC12s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.177.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:ea:4c:06:03:45:0c:2a:27:cb:4d:31:94:cd:f6:93:51:7f:
         32:42:72:7b:f0:d0:f7:7b:55:cb:70:c3:1c:6f:0d:7d:9d:b3:
         61:bf:46:00:b4:36:b5:65:66:07:cc:1e:a9:cf:5d:1a:5c:9f:
         a1:7e:88:0b:e1:f1:42:1b:f0:0d:ea:05:d0:f9:bf:96:2f:5b:
         52:c0:ab:92:25:eb:d1:b8:5a:67:c0:eb:40:11:94:52:95:8c:
         33:df:af:52:96:86:3f:3e:af:e2:05:04:7e:f4:07:25:e6:62:
         c2:04:3c:5c:29:db:c2:e7:fb:61:f6:c9:d9:aa:9c:1a:7f:91:
         a4:14:34:f3:81:d8:a8:ec:f9:1b:aa:b6:be:62:95:bb:57:9a:
         33:8f:d1:f0:ae:c7:ec:2d:a5:4d:d6:a3:2e:4c:39:b0:0e:ba:
         b8:a0:03:d6:f1:45:51:c7:e2:0c:f7:ca:c8:17:4a:cd:64:4c:
         b0:ef:d9:19:1d:83:12:86:0c:7d:ca:6e:20:82:e2:3b:24:77:
         f5:24:fe:fc:ee:40:a6:53:4f:58:ac:a6:7d:9e:72:e5:83:0d:
         e8:64:ab:63:45:43:07:4c:60:31:37:51:44:c5:9c:47:27:fd:
         f3:9d:5b:fe:80:bb:da:02:02:1e:94:a0:52:70:05:29:7c:1f:
         af:f6:d9:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhshdtWRxU9vBLE1AfbeQPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NjgzNGU2ODg5MGYzOTg2YTFiMDQ1N2NlMGY1NGFlMDNj
MmQ3NmIwHhcNMjUwMTAxMTE0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTVlMmRmZmI2ZDNhNGQ5NDVjNGEwZmQxOTg0NTYyOGI4YjI0Y2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0q7Ppsj73JhLu+rx44hf7EgjYmiv
X1nY0AgX3JX0s1zVxDYtnr2W/hy3t1yhZBDj19inuIlKhFIn1oigXU5M4bDbUyCD
Q1kPCGvsmiUnpP8E00iQLF1+voW/P4TlMSsLutLTu/0myrey9l5n6TceKMOPP6Qi
xs6qsOoeXxSp7qpid6S60Efw4E25spQCIx4ITURfo6RzormhXoJOLAr3khumYt7F
n5UdbYSNhEp4IeLojjk3m0OUe7O0/Ma1PcVMtj7C/ktD6yrotnPGB5LhwNu19qmA
QfxT+BGAKsb3guTeP9TZnZoQE7OozA/MvQZXOgCHPrXxWCe5F19/dd4o2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLleLf+206TZRcSg/RmEVii4sky1MB8GA1UdIwQY
MBaAFFRoNOaIkPOYahsEV84PVK4DwtdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQt
NTI3NjZiMjRiYWE0LzEvdVY0dF83YlRwTmxGeEtEOUdZUldLTGl5VExVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS81ZjJmMGItZmQ4Mi00NGZhLWI2MzQtNTI3NjZiMjRiYWE0
LzEvVkdnMDVvaVE4NWhxR3dSWHpnOVVyZ1BDMTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUrHJMA0G
CSqGSIb3DQEBCwUAA4IBAQAW6kwGA0UMKifLTTGUzfaTUX8yQnJ78ND3e1XLcMMc
bw19nbNhv0YAtDa1ZWYHzB6pz10aXJ+hfogL4fFCG/AN6gXQ+b+WL1tSwKuSJevR
uFpnwOtAEZRSlYwz369SloY/Pq/iBQR+9Acl5mLCBDxcKdvC5/th9snZqpwaf5Gk
FDTzgdio7Pkbqra+YpW7V5ozj9HwrsfsLaVN1qMuTDmwDrq4oAPW8UVRx+IM98rI
F0rNZEyw79kZHYMShgx9ym4gguI7JHf1JP787kCmU09YrKZ9nnLlgw3oZKtjRUMH
TGAxN1FExZxHJ/3znVv+gLvaAgIelKBScAUpfB+v9tml
-----END CERTIFICATE-----