Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/kUvUMMUm6A2S-PsLFuOoxFGjL2g.roa
File:                     kUvUMMUm6A2S-PsLFuOoxFGjL2g.roa (raw, json)
Hash identifier:          43KKo4hB/OsGlhMLYdFrQhlx6kBqniKw+U0iCAYg2Qg=
Subject key identifier:   91:4B:D4:30:C5:26:E8:0D:92:F8:FB:0B:16:E3:A8:C4:51:A3:2F:68
Certificate issuer:       /CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
Certificate serial:       019422FC19FF36BECF12239A0558CAD5E9D2
Authority key identifier: 3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/kUvUMMUm6A2S-PsLFuOoxFGjL2g.roa
Signing time:             Wed 01 Jan 2025 17:48:54 +0000
ROA not before:           Wed 01 Jan 2025 17:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57358
IP address blocks:        82.98.73.0/24 maxlen: 32
                          2a02:2e0:3ec::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:19:ff:36:be:cf:12:23:9a:05:58:ca:d5:e9:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
        Validity
            Not Before: Jan  1 17:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=914bd430c526e80d92f8fb0b16e3a8c451a32f68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:50:fb:3f:73:6f:3d:ad:ee:3e:1e:42:71:37:
                    dc:88:a0:43:a8:91:ec:e5:be:42:62:57:fa:38:ba:
                    cf:41:b6:96:bd:14:5e:0d:14:85:64:a3:90:13:5b:
                    9b:d0:3c:b5:e8:22:1c:c4:b5:a9:0d:82:40:16:0e:
                    7c:dd:87:ac:10:9e:c4:ac:d6:e4:48:eb:59:10:20:
                    ca:86:8a:76:9e:2f:a3:86:72:b4:01:86:9c:e7:3f:
                    26:7d:52:d5:d3:6a:84:1d:84:5d:a8:9b:a3:66:d7:
                    be:6a:e9:24:fb:e9:f9:27:c6:7a:d8:d9:aa:47:2c:
                    8e:53:01:eb:c6:cf:a6:4f:05:2e:61:3b:24:97:5c:
                    09:53:87:1e:c9:91:31:0e:c2:e2:90:8a:e6:f1:fd:
                    dd:d7:44:18:a3:32:09:e1:b6:4b:03:fb:42:97:52:
                    7b:f8:63:f0:a6:7c:4d:18:27:65:5f:1b:8f:17:89:
                    98:bc:80:19:39:49:e1:e7:46:13:12:e6:59:63:f1:
                    f6:82:83:3f:c1:c9:51:15:79:ea:30:ae:25:31:c4:
                    94:0d:42:ef:ee:21:51:1a:d8:3e:87:4e:3a:42:6e:
                    42:ae:a9:5d:a3:96:e0:54:9e:0d:16:cc:ea:f0:68:
                    14:b4:7c:3e:e4:0d:a9:1a:14:75:bb:4d:e4:7b:1a:
                    e3:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:4B:D4:30:C5:26:E8:0D:92:F8:FB:0B:16:E3:A8:C4:51:A3:2F:68
            X509v3 Authority Key Identifier:
                keyid:3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/kUvUMMUm6A2S-PsLFuOoxFGjL2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.98.73.0/24
                IPv6:
                  2a02:2e0:3ec::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:6d:3a:e4:07:2f:5e:df:b1:f3:ab:f8:c1:42:cb:31:02:8c:
         21:72:85:ef:c5:1a:20:35:45:82:69:a3:69:3a:28:55:17:8d:
         b5:d1:9d:d4:bc:20:8c:c5:a8:d8:f6:42:8a:d0:a9:2e:d5:5b:
         6b:6a:20:79:b8:42:6a:68:49:c3:44:e7:33:e1:59:97:db:28:
         2c:2a:2c:c5:c3:45:e0:ee:81:a0:ef:23:82:c5:f6:ea:28:56:
         57:29:d5:80:25:d0:d1:82:d5:35:42:20:24:f3:22:98:d5:11:
         74:84:85:a5:43:d0:0c:da:5f:07:90:80:17:4b:26:e8:ca:50:
         ce:c7:f2:c3:6b:58:12:3b:a4:f6:7e:68:3f:34:b6:42:5a:1d:
         5b:3b:fd:e2:0e:01:43:13:78:85:22:9b:67:19:3d:24:2e:9a:
         d2:a2:2f:dd:47:e2:93:6c:fb:dd:2f:1f:11:d5:36:6a:a4:5d:
         a9:44:36:a7:e0:51:1d:00:6d:7e:9f:18:86:cf:86:f0:d2:fc:
         62:d5:da:c7:25:2d:86:84:25:74:aa:1e:92:0f:ea:7d:6a:ab:
         b5:3c:7d:ae:78:91:b2:b4:ed:ac:23:e8:5a:4b:8a:03:7c:ba:
         1e:d4:07:15:0f:4a:13:53:a9:4f:c4:4f:ea:20:74:0b:f3:a9:
         cc:f9:d1:94
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQi/Bn/Nr7PEiOaBVjK1enSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkOGJhMGE1MmM0MjEyOWFmMWQ0Zjc0M2ZlYjMzYmIxNDRk
NGJiNWMwHhcNMjUwMTAxMTc0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTRiZDQzMGM1MjZlODBkOTJmOGZiMGIxNmUzYThjNDUxYTMyZjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAilD7P3NvPa3uPh5CcTfciKBDqJHs
5b5CYlf6OLrPQbaWvRReDRSFZKOQE1ub0Dy16CIcxLWpDYJAFg583YesEJ7ErNbk
SOtZECDKhop2ni+jhnK0AYac5z8mfVLV02qEHYRdqJujZte+aukk++n5J8Z62Nmq
RyyOUwHrxs+mTwUuYTskl1wJU4ceyZExDsLikIrm8f3d10QYozIJ4bZLA/tCl1J7
+GPwpnxNGCdlXxuPF4mYvIAZOUnh50YTEuZZY/H2goM/wclRFXnqMK4lMcSUDULv
7iFRGtg+h046Qm5Crqldo5bgVJ4NFszq8GgUtHw+5A2pGhR1u03kexrjbQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJFL1DDFJugNkvj7CxbjqMRRoy9oMB8GA1UdIwQY
MBaAFD2LoKUsQhKa8dT3Q/6zO7FE1LtcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMt
YTU2ODM4NDRlNzkyLzEva1V2VU1NVW02QTJTLVBzTEZ1T294RkdqTDJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMtYTU2ODM4NDRlNzky
LzEvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUmJJMA8E
AgACMAkDBwAqAgLgA+wwDQYJKoZIhvcNAQELBQADggEBAH9tOuQHL17fsfOr+MFC
yzECjCFyhe/FGiA1RYJpo2k6KFUXjbXRndS8IIzFqNj2QorQqS7VW2tqIHm4Qmpo
ScNE5zPhWZfbKCwqLMXDReDugaDvI4LF9uooVlcp1YAl0NGC1TVCICTzIpjVEXSE
haVD0AzaXweQgBdLJujKUM7H8sNrWBI7pPZ+aD80tkJaHVs7/eIOAUMTeIUim2cZ
PSQumtKiL91H4pNs+90vHxHVNmqkXalENqfgUR0AbX6fGIbPhvDS/GLV2sclLYaE
JXSqHpIP6n1qq7U8fa54kbK07awj6FpLigN8uh7UBxUPShNTqU/ET+ogdAvzqcz5
0ZQ=
-----END CERTIFICATE-----