Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/UVXJSMlcwPvX9wSFHlr_2BxTeBY.roa
File:                     UVXJSMlcwPvX9wSFHlr_2BxTeBY.roa (raw, json)
Hash identifier:          v4olu8knUOXGZo95yikqn7i0UUi9wj0a7lPXPrL3ohE=
Subject key identifier:   51:55:C9:48:C9:5C:C0:FB:D7:F7:04:85:1E:5A:FF:D8:1C:53:78:16
Certificate issuer:       /CN=5806da5a59251275ceb18694e17415352aedd6aa
Certificate serial:       01942445A7359F3F98903AE8DCECC9C6815A
Authority key identifier: 58:06:DA:5A:59:25:12:75:CE:B1:86:94:E1:74:15:35:2A:ED:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/UVXJSMlcwPvX9wSFHlr_2BxTeBY.roa
Signing time:             Wed 01 Jan 2025 23:48:52 +0000
ROA not before:           Wed 01 Jan 2025 23:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399641
IP address blocks:        185.220.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:a7:35:9f:3f:98:90:3a:e8:dc:ec:c9:c6:81:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5806da5a59251275ceb18694e17415352aedd6aa
        Validity
            Not Before: Jan  1 23:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5155c948c95cc0fbd7f704851e5affd81c537816
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:01:5b:f8:09:99:64:1c:9b:85:ad:e1:e7:4c:
                    86:96:d8:2c:bb:34:69:a7:29:b5:84:16:1b:82:fd:
                    98:39:83:0f:76:eb:4b:28:e1:0c:8d:28:9a:bd:e7:
                    29:43:6c:b3:30:8c:3f:91:3b:77:a0:f4:c0:be:73:
                    2a:46:9d:f7:ab:0f:c3:3e:ce:a5:1e:1b:dc:e6:97:
                    f1:8b:3c:50:24:54:86:4e:b4:3c:c2:e2:87:59:72:
                    f4:cd:f5:e5:e6:f5:70:80:64:df:35:0d:a6:96:12:
                    a2:e1:68:a8:9e:7f:b6:27:1e:79:77:51:27:2b:a4:
                    bc:be:31:53:0c:7b:de:d5:48:cc:86:af:9a:6a:22:
                    75:ce:58:15:52:3e:f7:8a:ce:17:2f:46:01:b6:4c:
                    54:29:12:91:09:2f:6a:08:9c:44:f5:b7:b3:40:cf:
                    14:f1:ed:f5:6f:f6:fb:08:12:a8:a1:20:7e:ed:ce:
                    6d:01:a8:31:a7:77:ae:f5:ec:12:a5:a0:b7:3b:4e:
                    6b:94:b4:87:00:68:66:15:7c:b5:be:d9:0d:a9:c7:
                    b9:37:c0:68:57:b3:26:f6:55:34:4d:2f:82:b0:e9:
                    e0:3a:3c:30:71:cf:2e:a3:b5:de:b2:69:00:d6:86:
                    3d:9f:8b:36:52:e5:ad:23:1c:f8:99:53:49:90:bb:
                    44:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:55:C9:48:C9:5C:C0:FB:D7:F7:04:85:1E:5A:FF:D8:1C:53:78:16
            X509v3 Authority Key Identifier:
                keyid:58:06:DA:5A:59:25:12:75:CE:B1:86:94:E1:74:15:35:2A:ED:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/UVXJSMlcwPvX9wSFHlr_2BxTeBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:20:5a:07:b9:fc:d5:a3:92:76:fb:fe:2e:93:e6:56:a4:50:
         0c:01:b9:b2:62:8e:e6:92:3a:bf:56:44:c5:39:ea:b3:1f:0a:
         62:38:f3:fc:f1:3b:8c:2a:59:8f:60:08:00:55:b5:27:6f:22:
         88:47:94:f7:26:7d:30:3c:ef:36:30:92:c4:41:33:e1:8b:34:
         2d:3d:a9:ef:3c:b9:b1:2d:75:0b:61:a6:8a:82:39:38:d5:1b:
         37:c7:e2:26:17:73:a0:11:d7:a5:57:e3:1b:97:74:10:b4:5b:
         32:23:cc:97:5e:0c:e0:22:c4:1c:fc:e4:c8:be:7a:82:80:82:
         ab:e7:12:16:01:4f:17:16:3d:2e:76:54:a1:58:24:42:44:24:
         06:4e:45:43:60:0d:78:dc:a2:ae:3d:ac:73:7b:6e:24:f7:e4:
         f8:42:76:9c:fa:16:f3:51:fa:09:a1:17:89:26:90:3d:8b:94:
         1f:4f:18:88:56:a3:d6:05:19:f1:b1:3a:69:c2:a1:fd:0a:c0:
         81:2f:06:0f:74:ad:02:d8:ee:97:d9:bc:3f:1e:43:15:8e:81:
         fb:39:a3:ac:a2:d0:e7:b0:fb:a2:3e:f2:9c:18:ef:31:9c:e5:
         9c:0f:d7:a1:e7:32:6a:ba:ee:e9:82:2a:54:d7:c9:3e:53:00:
         d4:d0:c3:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRac1nz+YkDro3OzJxoFaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MDZkYTVhNTkyNTEyNzVjZWIxODY5NGUxNzQxNTM1MmFl
ZGQ2YWEwHhcNMjUwMTAxMjM0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTU1Yzk0OGM5NWNjMGZiZDdmNzA0ODUxZTVhZmZkODFjNTM3ODE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgFb+AmZZBybha3h50yGltgsuzRp
pym1hBYbgv2YOYMPdutLKOEMjSiavecpQ2yzMIw/kTt3oPTAvnMqRp33qw/DPs6l
Hhvc5pfxizxQJFSGTrQ8wuKHWXL0zfXl5vVwgGTfNQ2mlhKi4Wionn+2Jx55d1En
K6S8vjFTDHve1UjMhq+aaiJ1zlgVUj73is4XL0YBtkxUKRKRCS9qCJxE9bezQM8U
8e31b/b7CBKooSB+7c5tAagxp3eu9ewSpaC3O05rlLSHAGhmFXy1vtkNqce5N8Bo
V7Mm9lU0TS+CsOngOjwwcc8uo7XesmkA1oY9n4s2UuWtIxz4mVNJkLtEaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFFVyUjJXMD71/cEhR5a/9gcU3gWMB8GA1UdIwQY
MBaAFFgG2lpZJRJ1zrGGlOF0FTUq7daqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0FiYVdsa2xFblhPc1lhVTRYUVZOU3J0MXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81ZGYxMTktYjFkZi00Y2ViLWJkNGYt
Zjc5Y2NjM2Y0ZWFmLzEvVVZYSlNNbGN3UHZYOXdTRkhscl8yQnhUZUJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81ZGYxMTktYjFkZi00Y2ViLWJkNGYtZjc5Y2NjM2Y0ZWFm
LzEvV0FiYVdsa2xFblhPc1lhVTRYUVZOU3J0MXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudySMA0G
CSqGSIb3DQEBCwUAA4IBAQARIFoHufzVo5J2+/4uk+ZWpFAMAbmyYo7mkjq/VkTF
OeqzHwpiOPP88TuMKlmPYAgAVbUnbyKIR5T3Jn0wPO82MJLEQTPhizQtPanvPLmx
LXULYaaKgjk41Rs3x+ImF3OgEdelV+Mbl3QQtFsyI8yXXgzgIsQc/OTIvnqCgIKr
5xIWAU8XFj0udlShWCRCRCQGTkVDYA143KKuPaxze24k9+T4Qnac+hbzUfoJoReJ
JpA9i5QfTxiIVqPWBRnxsTppwqH9CsCBLwYPdK0C2O6X2bw/HkMVjoH7OaOsotDn
sPuiPvKcGO8xnOWcD9eh5zJquu7pgipU18k+UwDU0MOX
-----END CERTIFICATE-----