Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/UKHZWUb2QMnIeyFceeYsJyNs2dE.roa
File:                     UKHZWUb2QMnIeyFceeYsJyNs2dE.roa (raw, json)
Hash identifier:          R5MOCmFKtRGlB3Py2M6AJaYUWsq318YC7IDgmUdJw+k=
Subject key identifier:   50:A1:D9:59:46:F6:40:C9:C8:7B:21:5C:79:E6:2C:27:23:6C:D9:D1
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       01975950D22D0B97D1608F99826B87162569
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/UKHZWUb2QMnIeyFceeYsJyNs2dE.roa
Signing time:             Tue 10 Jun 2025 10:09:18 +0000
ROA not before:           Tue 10 Jun 2025 10:09:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214515
IP address blocks:        37.32.41.0/24 maxlen: 24
                          185.243.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:59:50:d2:2d:0b:97:d1:60:8f:99:82:6b:87:16:25:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jun 10 10:09:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50a1d95946f640c9c87b215c79e62c27236cd9d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:61:ed:7d:11:92:f0:70:ec:4f:92:32:c4:ab:
                    e1:7a:2d:51:0f:02:ab:c5:33:25:0b:e3:1b:84:90:
                    70:64:a3:3e:82:37:73:2a:da:36:01:bf:03:43:b8:
                    4d:06:7d:cb:e1:70:68:3a:56:ef:86:3b:35:92:d6:
                    5a:59:14:8d:dd:8a:ea:6a:b6:06:58:1e:b2:36:df:
                    1a:85:30:bc:d1:b1:ff:d2:80:8f:d4:0e:ce:3d:91:
                    b4:eb:8f:f7:39:af:12:c1:48:84:4a:7b:2e:70:c3:
                    c5:dd:70:a7:a3:5f:76:59:72:92:9a:04:e5:6c:52:
                    9f:a0:39:71:2a:f3:74:cb:86:d2:dd:29:63:d5:6e:
                    0b:ec:bf:d6:1f:5f:ff:8f:d2:e3:d6:5d:a2:f5:fa:
                    9d:f7:44:4b:0c:bd:9a:5e:fc:bc:8c:e5:bd:70:08:
                    f2:5e:7f:a6:23:8f:e7:7b:a8:18:d1:06:7b:f0:1b:
                    1c:53:61:eb:07:b5:ba:4e:b8:c9:4c:2b:54:43:cc:
                    f9:a4:6d:ee:8b:59:58:dc:4a:9b:b8:3f:0b:e2:77:
                    61:d7:ff:ad:df:7a:25:2c:5d:00:41:4e:55:50:83:
                    3b:80:e8:33:38:cf:5d:29:70:66:59:3a:d4:d2:fe:
                    e3:a0:2b:de:f2:ff:bb:66:bc:f3:97:26:8d:58:20:
                    05:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:A1:D9:59:46:F6:40:C9:C8:7B:21:5C:79:E6:2C:27:23:6C:D9:D1
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/UKHZWUb2QMnIeyFceeYsJyNs2dE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.41.0/24
                  185.243.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:8e:e0:b6:5a:96:ce:a3:71:55:63:a2:ba:49:34:85:ac:14:
         b8:e6:b5:10:ee:c6:fb:fb:f7:5e:00:b0:f9:f5:2c:cc:a9:b0:
         2e:e1:14:f4:48:1e:09:5a:d6:c7:2f:a0:f6:1c:45:32:b8:2a:
         1a:31:bb:e8:30:3e:35:d6:86:52:f3:78:51:18:68:63:5f:80:
         1d:4b:e6:0b:ac:f7:b6:06:69:6e:7f:87:2d:da:4d:41:cc:6e:
         a8:8f:80:c5:df:a2:cd:25:7a:fa:23:01:34:86:26:f6:9e:4e:
         44:9e:35:38:c8:e6:5a:ed:03:57:b8:ee:e5:62:8e:a9:d2:5b:
         36:a8:2e:e0:24:28:13:c4:50:75:9f:20:cc:7d:46:7c:f8:d2:
         8f:6c:8d:b0:79:87:cd:b0:17:8a:2f:e0:8a:2b:f1:dc:23:3b:
         1d:32:fb:76:1c:de:96:66:a9:e5:ba:64:3e:a1:9b:9e:9d:9c:
         df:52:0f:a7:b3:33:14:5f:54:e2:a9:b4:cb:d3:1f:d1:a6:9b:
         d8:84:47:d2:35:7e:d1:48:f1:df:1f:29:4a:59:74:12:31:9c:
         f8:ff:c9:ff:c0:b3:aa:9e:de:38:36:d0:b2:56:de:86:d0:4c:
         41:49:5e:23:1e:ee:e5:6d:b2:cf:35:8f:11:ec:9f:a6:ac:dd:
         26:db:cf:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdZUNItC5fRYI+ZgmuHFiVpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwNjEwMTAwOTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGExZDk1OTQ2ZjY0MGM5Yzg3YjIxNWM3OWU2MmMyNzIzNmNkOWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymHtfRGS8HDsT5IyxKvhei1RDwKr
xTMlC+MbhJBwZKM+gjdzKto2Ab8DQ7hNBn3L4XBoOlbvhjs1ktZaWRSN3YrqarYG
WB6yNt8ahTC80bH/0oCP1A7OPZG064/3Oa8SwUiESnsucMPF3XCno192WXKSmgTl
bFKfoDlxKvN0y4bS3Slj1W4L7L/WH1//j9Lj1l2i9fqd90RLDL2aXvy8jOW9cAjy
Xn+mI4/ne6gY0QZ78BscU2HrB7W6TrjJTCtUQ8z5pG3ui1lY3EqbuD8L4ndh1/+t
33olLF0AQU5VUIM7gOgzOM9dKXBmWTrU0v7joCve8v+7ZrzzlyaNWCAFjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFCh2VlG9kDJyHshXHnmLCcjbNnRMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvVUtIWldVYjJRTW5JZXlGY2VlWXNKeU5zMmRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJSApAwQA
ufMzMA0GCSqGSIb3DQEBCwUAA4IBAQAGjuC2WpbOo3FVY6K6STSFrBS45rUQ7sb7
+/deALD59SzMqbAu4RT0SB4JWtbHL6D2HEUyuCoaMbvoMD411oZS83hRGGhjX4Ad
S+YLrPe2Bmluf4ct2k1BzG6oj4DF36LNJXr6IwE0hib2nk5EnjU4yOZa7QNXuO7l
Yo6p0ls2qC7gJCgTxFB1nyDMfUZ8+NKPbI2weYfNsBeKL+CKK/HcIzsdMvt2HN6W
ZqnlumQ+oZuenZzfUg+nszMUX1TiqbTL0x/RppvYhEfSNX7RSPHfHylKWXQSMZz4
/8n/wLOqnt44NtCyVt6G0ExBSV4jHu7lbbLPNY8R7J+mrN0m288D
-----END CERTIFICATE-----