Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/uBPI4Rs7rRPQGCWlNIMKuX7PU7k.roa
File:                     uBPI4Rs7rRPQGCWlNIMKuX7PU7k.roa (raw, json)
Hash identifier:          jFkWBUBLmZ3TDstxedf2WQQANWt19wC/I1ODOLEnI/k=
Subject key identifier:   B8:13:C8:E1:1B:3B:AD:13:D0:18:25:A5:34:83:0A:B9:7E:CF:53:B9
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019427B5FF257B573FF12013074AEF07CD0E
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/uBPI4Rs7rRPQGCWlNIMKuX7PU7k.roa
Signing time:             Thu 02 Jan 2025 15:50:26 +0000
ROA not before:           Thu 02 Jan 2025 15:50:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204834
IP address blocks:        85.133.160.0/22 maxlen: 24
                          85.133.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:ff:25:7b:57:3f:f1:20:13:07:4a:ef:07:cd:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Jan  2 15:50:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b813c8e11b3bad13d01825a534830ab97ecf53b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:d3:aa:dc:72:d4:b6:2f:a4:38:79:44:f6:ab:
                    b8:9f:58:45:cd:6b:b1:71:dc:28:f5:10:c4:51:58:
                    50:57:6d:8c:fe:4f:a0:ee:ec:6b:44:8d:b5:48:65:
                    97:72:12:af:9c:da:77:a5:3d:33:79:f2:ef:22:1f:
                    3c:c0:f7:50:b7:58:be:98:82:41:1d:6d:dc:62:84:
                    37:0e:d1:78:81:a1:b8:5e:2e:30:fe:32:87:c1:ed:
                    d8:5a:51:03:bf:64:10:b9:e2:26:6e:b5:48:9b:00:
                    fd:69:8a:72:47:0e:49:18:b3:50:7f:d9:13:0e:ba:
                    48:03:23:cc:b6:b4:f1:ef:f4:9a:45:9f:dd:c2:1e:
                    fd:43:78:a6:21:7a:97:18:36:13:d5:9d:2b:2d:5e:
                    20:61:93:e9:07:a7:f0:74:a0:77:5d:53:e3:8d:ed:
                    c1:b4:c6:5f:5c:b4:d0:a3:83:b7:37:26:5f:64:c3:
                    42:5a:66:e2:fb:96:11:96:b4:e4:ec:bb:9e:49:86:
                    bb:b4:a7:73:2b:de:d1:0f:8c:69:4c:37:c5:c2:ee:
                    26:db:76:04:0e:63:b5:59:5c:78:f6:d1:ee:02:17:
                    f7:cf:69:49:17:dd:cc:90:a9:27:02:27:2c:f7:a1:
                    d8:d2:43:bf:3c:27:26:8d:86:c0:22:1e:7d:e5:44:
                    ec:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:13:C8:E1:1B:3B:AD:13:D0:18:25:A5:34:83:0A:B9:7E:CF:53:B9
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/uBPI4Rs7rRPQGCWlNIMKuX7PU7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.160.0/22
                  85.133.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:76:8d:de:a9:ec:dd:04:c5:63:34:56:17:59:d4:54:05:5e:
         23:f3:e4:0d:b6:e9:85:af:1f:d5:cd:89:e6:50:ad:f0:49:41:
         12:f8:c5:46:fa:2f:23:c5:b6:d9:7c:fb:6c:65:b9:1a:a3:2c:
         ce:ba:66:2b:6a:6a:ab:9f:c1:bb:81:0c:ec:32:70:7e:28:57:
         45:67:07:4d:94:22:f0:6f:0e:a7:c1:f2:b2:fd:f6:04:61:e3:
         7f:c5:86:c9:b1:d7:1d:e0:d8:a8:2a:79:5b:c1:53:c8:75:c6:
         01:6b:d1:e6:b9:e7:ac:94:fa:e8:62:04:38:8e:ef:c1:ab:f7:
         2f:3f:ab:7c:84:af:d8:76:ed:7c:59:10:7b:a8:7b:4f:6f:ad:
         87:19:9d:f6:64:7e:c5:45:c8:66:2f:b4:61:9d:84:d3:21:e0:
         2c:52:88:c9:bc:2f:3d:55:39:7d:80:47:47:40:48:ce:a8:1c:
         c4:54:45:f9:e8:3d:e3:6a:df:60:5b:de:c8:89:87:90:5a:47:
         fa:2d:10:33:c5:32:5e:7a:3b:a8:43:38:fd:b8:55:02:04:dc:
         c9:07:14:73:62:b6:37:a9:36:85:e4:2c:de:2a:63:72:ae:f9:
         66:a1:32:33:66:af:8a:e0:6a:34:67:6a:d6:aa:d7:f8:11:f9:
         53:9b:e8:3b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntf8le1c/8SATB0rvB80OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjUwMTAyMTU1MDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODEzYzhlMTFiM2JhZDEzZDAxODI1YTUzNDgzMGFiOTdlY2Y1M2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9Oq3HLUti+kOHlE9qu4n1hFzWux
cdwo9RDEUVhQV22M/k+g7uxrRI21SGWXchKvnNp3pT0zefLvIh88wPdQt1i+mIJB
HW3cYoQ3DtF4gaG4Xi4w/jKHwe3YWlEDv2QQueImbrVImwD9aYpyRw5JGLNQf9kT
DrpIAyPMtrTx7/SaRZ/dwh79Q3imIXqXGDYT1Z0rLV4gYZPpB6fwdKB3XVPjje3B
tMZfXLTQo4O3NyZfZMNCWmbi+5YRlrTk7LueSYa7tKdzK97RD4xpTDfFwu4m23YE
DmO1WVx49tHuAhf3z2lJF93MkKknAics96HY0kO/PCcmjYbAIh595UTsIQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLgTyOEbO60T0BglpTSDCrl+z1O5MB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvdUJQSTRSczdyUlBRR0NXbE5JTUt1WDdQVTdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCVYWgAwQA
VYXyMA0GCSqGSIb3DQEBCwUAA4IBAQBZdo3eqezdBMVjNFYXWdRUBV4j8+QNtumF
rx/VzYnmUK3wSUES+MVG+i8jxbbZfPtsZbkaoyzOumYramqrn8G7gQzsMnB+KFdF
ZwdNlCLwbw6nwfKy/fYEYeN/xYbJsdcd4NioKnlbwVPIdcYBa9HmueeslProYgQ4
ju/Bq/cvP6t8hK/Ydu18WRB7qHtPb62HGZ32ZH7FRchmL7RhnYTTIeAsUojJvC89
VTl9gEdHQEjOqBzEVEX56D3jat9gW97IiYeQWkf6LRAzxTJeejuoQzj9uFUCBNzJ
BxRzYrY3qTaF5CzeKmNyrvlmoTIzZq+K4Go0Z2rWqtf4EflTm+g7
-----END CERTIFICATE-----