Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/336701-e36a-4db2-974e-0ed078f4bcaf/1/uYBmloio0v9Mj1oUCQ7dp4Uq2pg.roa
File:                     uYBmloio0v9Mj1oUCQ7dp4Uq2pg.roa (raw, json)
Hash identifier:          k0vCLZfeunG/QoHpcwb7GJEwzSKtofkLLPDzKPrjJzU=
Subject key identifier:   B9:80:66:96:88:A8:D2:FF:4C:8F:5A:14:09:0E:DD:A7:85:2A:DA:98
Certificate issuer:       /CN=0bc893375ad155b5ffced3cbee2535b8659fe389
Certificate serial:       019422FBBC31241E17BDB6DC0AC3EE70F85F
Authority key identifier: 0B:C8:93:37:5A:D1:55:B5:FF:CE:D3:CB:EE:25:35:B8:65:9F:E3:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C8iTN1rRVbX_ztPL7iU1uGWf44k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/336701-e36a-4db2-974e-0ed078f4bcaf/1/uYBmloio0v9Mj1oUCQ7dp4Uq2pg.roa
Signing time:             Wed 01 Jan 2025 17:48:30 +0000
ROA not before:           Wed 01 Jan 2025 17:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197690
IP address blocks:        85.208.180.0/22 maxlen: 22
                          2a09:8b40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/336701-e36a-4db2-974e-0ed078f4bcaf/1/C8iTN1rRVbX_ztPL7iU1uGWf44k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/336701-e36a-4db2-974e-0ed078f4bcaf/1/C8iTN1rRVbX_ztPL7iU1uGWf44k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C8iTN1rRVbX_ztPL7iU1uGWf44k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 20:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:bc:31:24:1e:17:bd:b6:dc:0a:c3:ee:70:f8:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bc893375ad155b5ffced3cbee2535b8659fe389
        Validity
            Not Before: Jan  1 17:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b980669688a8d2ff4c8f5a14090edda7852ada98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:eb:8c:87:d5:82:3e:0f:dc:2a:bf:43:0c:38:
                    7a:17:06:69:a9:3f:e1:c1:92:ff:37:90:64:d2:d3:
                    51:90:4b:65:a7:5d:bc:f8:c3:79:b4:6c:3c:82:f7:
                    f2:a1:44:83:87:99:fe:70:49:ba:da:7c:aa:86:2a:
                    9e:08:a5:5b:7b:ac:b1:b7:b8:5c:d9:84:c8:9d:77:
                    1b:c0:67:1e:92:3b:91:e9:66:0f:b8:93:85:2c:2a:
                    9e:8d:ae:07:c2:ab:38:71:14:de:a9:97:de:9a:8c:
                    ed:70:ff:c2:fd:41:17:ba:f5:a8:9b:38:4b:03:05:
                    8e:ab:26:f6:37:01:8c:fe:2c:68:f9:85:67:2a:5e:
                    05:d7:99:8a:72:7e:a2:f0:23:1d:49:88:d4:7b:94:
                    8b:62:42:fc:72:3c:cc:c3:bf:35:ef:5f:e5:cd:f7:
                    7c:28:3c:87:0f:73:cc:ef:20:a7:32:98:70:0c:2c:
                    37:94:3b:a2:d2:f6:93:cc:64:e0:a4:f2:eb:7c:9a:
                    b8:fb:6b:4c:a6:fa:ad:32:27:6d:97:2d:63:2b:37:
                    14:53:ff:b8:89:18:7b:f0:ab:2d:40:35:0d:c8:53:
                    fd:cd:cb:63:9c:19:86:d2:89:21:b7:6f:ed:8d:e1:
                    cc:c8:07:b2:b0:1d:85:8f:0b:1c:d6:fe:57:d5:f5:
                    3d:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:80:66:96:88:A8:D2:FF:4C:8F:5A:14:09:0E:DD:A7:85:2A:DA:98
            X509v3 Authority Key Identifier:
                keyid:0B:C8:93:37:5A:D1:55:B5:FF:CE:D3:CB:EE:25:35:B8:65:9F:E3:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C8iTN1rRVbX_ztPL7iU1uGWf44k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/336701-e36a-4db2-974e-0ed078f4bcaf/1/uYBmloio0v9Mj1oUCQ7dp4Uq2pg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/336701-e36a-4db2-974e-0ed078f4bcaf/1/C8iTN1rRVbX_ztPL7iU1uGWf44k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.180.0/22
                IPv6:
                  2a09:8b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         6e:8d:76:7f:ee:85:1c:3f:20:9d:b1:3d:e7:ab:e0:2e:ef:45:
         79:12:57:52:c2:3c:42:bb:54:a1:55:79:ae:82:63:38:ec:3e:
         01:d2:a0:fc:f9:cf:f8:4c:66:ba:a7:e5:bd:82:3d:50:1c:83:
         cf:a1:f1:1c:d2:ea:81:38:53:b0:00:c2:e4:19:7a:17:c3:0e:
         ae:c2:ed:7d:98:8f:0b:1c:f6:2e:86:d5:e3:58:f3:9c:f7:51:
         70:e8:fe:fb:51:3b:e4:d1:f3:db:01:7e:79:81:24:18:75:84:
         91:34:ff:1e:ea:48:46:dc:68:ff:e6:38:62:a8:8d:db:d4:cf:
         eb:59:7e:86:57:1a:f4:1b:e8:c0:93:55:2a:a0:f7:f1:ca:91:
         11:4f:6d:06:34:72:bf:aa:22:54:17:1e:3c:b3:0e:a0:e7:18:
         38:3c:cb:0b:ca:c7:51:64:2a:3a:c4:9e:5a:e9:84:02:cc:57:
         b6:91:31:49:3a:3b:44:c8:37:63:04:b2:59:4f:0b:e0:84:f6:
         4c:d7:0a:7c:b4:ce:23:a1:57:76:8b:86:c3:71:18:98:2b:a7:
         99:76:64:b8:a7:38:92:09:72:64:9e:95:bc:5e:ec:ff:b6:93:
         c2:6d:7f:c9:2f:80:21:a3:65:6c:6b:3a:4d:8a:17:4a:5c:a0:
         65:18:b7:12
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQi+7wxJB4XvbbcCsPucPhfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYzg5MzM3NWFkMTU1YjVmZmNlZDNjYmVlMjUzNWI4NjU5
ZmUzODkwHhcNMjUwMTAxMTc0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTgwNjY5Njg4YThkMmZmNGM4ZjVhMTQwOTBlZGRhNzg1MmFkYTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOuMh9WCPg/cKr9DDDh6FwZpqT/h
wZL/N5Bk0tNRkEtlp128+MN5tGw8gvfyoUSDh5n+cEm62nyqhiqeCKVbe6yxt7hc
2YTInXcbwGcekjuR6WYPuJOFLCqeja4Hwqs4cRTeqZfemoztcP/C/UEXuvWomzhL
AwWOqyb2NwGM/ixo+YVnKl4F15mKcn6i8CMdSYjUe5SLYkL8cjzMw78171/lzfd8
KDyHD3PM7yCnMphwDCw3lDui0vaTzGTgpPLrfJq4+2tMpvqtMidtly1jKzcUU/+4
iRh78KstQDUNyFP9zctjnBmG0okht2/tjeHMyAeysB2Fjwsc1v5X1fU9vQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLmAZpaIqNL/TI9aFAkO3aeFKtqYMB8GA1UdIwQY
MBaAFAvIkzda0VW1/87Ty+4lNbhln+OJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzhpVE4xclJWYlhfenRQTDdpVTF1R1dmNDRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8zMzY3MDEtZTM2YS00ZGIyLTk3NGUt
MGVkMDc4ZjRiY2FmLzEvdVlCbWxvaW8wdjlNajFvVUNRN2RwNFVxMnBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8zMzY3MDEtZTM2YS00ZGIyLTk3NGUtMGVkMDc4ZjRiY2Fm
LzEvQzhpVE4xclJWYlhfenRQTDdpVTF1R1dmNDRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCVdC0MA0E
AgACMAcDBQMqCYtAMA0GCSqGSIb3DQEBCwUAA4IBAQBujXZ/7oUcPyCdsT3nq+Au
70V5EldSwjxCu1ShVXmugmM47D4B0qD8+c/4TGa6p+W9gj1QHIPPofEc0uqBOFOw
AMLkGXoXww6uwu19mI8LHPYuhtXjWPOc91Fw6P77UTvk0fPbAX55gSQYdYSRNP8e
6khG3Gj/5jhiqI3b1M/rWX6GVxr0G+jAk1UqoPfxypERT20GNHK/qiJUFx48sw6g
5xg4PMsLysdRZCo6xJ5a6YQCzFe2kTFJOjtEyDdjBLJZTwvghPZM1wp8tM4joVd2
i4bDcRiYK6eZdmS4pziSCXJknpW8Xuz/tpPCbX/JL4Aho2VsazpNihdKXKBlGLcS
-----END CERTIFICATE-----