Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/UXrSci2HbtZVvlSwavB75QsDwEk.roa
File:                     UXrSci2HbtZVvlSwavB75QsDwEk.roa (raw, json)
Hash identifier:          mbZg74q8v9iCoXxNnbpQg4Ih7hA9J7SFdzicE2drjAU=
Subject key identifier:   51:7A:D2:72:2D:87:6E:D6:55:BE:54:B0:6A:F0:7B:E5:0B:03:C0:49
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       01963468198F22B1EF9D4A3C93C187248521
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/UXrSci2HbtZVvlSwavB75QsDwEk.roa
Signing time:             Mon 14 Apr 2025 13:05:59 +0000
ROA not before:           Mon 14 Apr 2025 13:05:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        212.87.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 07:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:34:68:19:8f:22:b1:ef:9d:4a:3c:93:c1:87:24:85:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Apr 14 13:05:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=517ad2722d876ed655be54b06af07be50b03c049
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ea:57:6a:ba:a4:c4:83:16:41:29:65:12:89:
                    a3:b4:9d:1f:ed:c1:4f:76:7c:de:d7:87:b8:d4:fd:
                    ec:63:b0:d6:8f:d7:37:9c:fa:4f:19:36:22:02:80:
                    33:22:ba:b0:83:7f:42:63:28:a2:4a:9e:e1:a3:f3:
                    de:b8:b4:1e:ff:3e:dc:d3:ca:81:74:9a:a8:47:c8:
                    e5:46:f6:a8:21:3f:0c:09:9e:cf:ab:a4:7c:ae:6c:
                    28:27:93:c7:b5:d5:9b:4e:f6:34:53:b0:0d:99:ac:
                    82:35:68:78:57:2e:62:45:44:dd:1c:35:85:77:92:
                    79:32:40:10:66:d6:8b:8e:33:ac:21:1a:31:a2:94:
                    00:be:b6:f2:11:c5:ed:30:b7:3b:2c:29:35:d1:83:
                    b7:a7:6d:90:d2:87:81:0b:54:85:1f:cc:07:39:8a:
                    0e:6e:ab:44:13:99:60:89:86:c6:46:3b:54:9f:8b:
                    2b:25:19:3f:a2:28:4b:e8:66:7f:0e:fc:c2:cf:2d:
                    66:72:92:c6:6a:d1:50:9a:fd:c1:62:37:52:4a:20:
                    1f:92:70:d1:47:1b:46:a9:7d:05:ab:d7:c8:15:cf:
                    3f:05:b6:02:d7:61:15:27:83:83:da:c8:a1:fb:b9:
                    dd:db:95:05:4c:67:90:dc:1c:42:8b:0f:f6:61:f5:
                    cb:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:7A:D2:72:2D:87:6E:D6:55:BE:54:B0:6A:F0:7B:E5:0B:03:C0:49
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/UXrSci2HbtZVvlSwavB75QsDwEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.87.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:a4:a8:15:79:00:98:6c:b0:72:e6:2c:cb:15:54:86:42:ad:
         04:13:0a:4c:ef:b3:5f:a0:bb:f8:ca:1a:f5:41:a9:1a:74:f9:
         c5:35:b9:b6:07:dc:9a:91:96:07:47:d3:82:9b:15:19:45:5b:
         ff:67:4b:cd:dd:9a:61:26:64:0b:55:65:ed:a2:fc:37:5a:8c:
         20:0a:f4:37:f3:67:96:59:80:3b:13:ff:f7:24:d4:b2:2f:99:
         c8:57:08:04:26:12:b6:7c:9d:1f:54:b4:a9:a5:bc:8f:60:70:
         f0:71:c0:ff:94:fe:5c:3b:ea:f3:82:8c:0d:58:a9:c8:76:3b:
         5f:6a:f3:5c:d8:6b:fb:d2:ed:14:8c:86:08:46:77:4d:c2:db:
         3f:6d:cd:d3:14:7d:d7:e5:19:7c:b3:0f:38:70:be:0f:86:2f:
         59:da:ee:e5:a0:dd:2e:b7:df:20:c1:eb:34:c5:fb:e4:97:0b:
         17:f9:02:59:34:76:e5:19:2a:2b:3f:71:27:ad:ac:2c:a0:4f:
         07:a8:ab:fa:f7:c1:3d:97:d5:35:b0:36:df:5b:07:f1:25:79:
         d7:6f:22:8d:e3:d4:18:0f:a8:ad:3e:81:ad:15:3e:b5:f9:b6:
         7e:68:96:f0:d8:e7:e0:e0:52:a9:29:d6:15:71:8c:56:e0:d0:
         00:31:fb:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY0aBmPIrHvnUo8k8GHJIUhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjUwNDE0MTMwNTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTdhZDI3MjJkODc2ZWQ2NTViZTU0YjA2YWYwN2JlNTBiMDNjMDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtupXarqkxIMWQSllEomjtJ0f7cFP
dnze14e41P3sY7DWj9c3nPpPGTYiAoAzIrqwg39CYyiiSp7ho/PeuLQe/z7c08qB
dJqoR8jlRvaoIT8MCZ7Pq6R8rmwoJ5PHtdWbTvY0U7ANmayCNWh4Vy5iRUTdHDWF
d5J5MkAQZtaLjjOsIRoxopQAvrbyEcXtMLc7LCk10YO3p22Q0oeBC1SFH8wHOYoO
bqtEE5lgiYbGRjtUn4srJRk/oihL6GZ/DvzCzy1mcpLGatFQmv3BYjdSSiAfknDR
RxtGqX0Fq9fIFc8/BbYC12EVJ4OD2sih+7nd25UFTGeQ3BxCiw/2YfXL1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFF60nIth27WVb5UsGrwe+ULA8BJMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvVVhyU2NpMkhidFpWdmxTd2F2Qjc1UXNEd0VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FfJMA0G
CSqGSIb3DQEBCwUAA4IBAQCnpKgVeQCYbLBy5izLFVSGQq0EEwpM77NfoLv4yhr1
QakadPnFNbm2B9yakZYHR9OCmxUZRVv/Z0vN3ZphJmQLVWXtovw3WowgCvQ382eW
WYA7E//3JNSyL5nIVwgEJhK2fJ0fVLSppbyPYHDwccD/lP5cO+rzgowNWKnIdjtf
avNc2Gv70u0UjIYIRndNwts/bc3TFH3X5Rl8sw84cL4Phi9Z2u7loN0ut98gwes0
xfvklwsX+QJZNHblGSorP3EnrawsoE8HqKv698E9l9U1sDbfWwfxJXnXbyKN49QY
D6itPoGtFT61+bZ+aJbw2Ofg4FKpKdYVcYxW4NAAMfv6
-----END CERTIFICATE-----