Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/UPvQH8NqTEDPXNhWgpYWh0Lf6jo.roa
File:                     UPvQH8NqTEDPXNhWgpYWh0Lf6jo.roa (raw, json)
Hash identifier:          XstlXZLlwubvWrcgmyQX4gAdUbjlGPeHGy1bUvhLT38=
Subject key identifier:   50:FB:D0:1F:C3:6A:4C:40:CF:5C:D8:56:82:96:16:87:42:DF:EA:3A
Certificate issuer:       /CN=7d4d1c8790a913e832c733dff778dee79129700a
Certificate serial:       0194258F8F9EA0949C703A373B27DF10510F
Authority key identifier: 7D:4D:1C:87:90:A9:13:E8:32:C7:33:DF:F7:78:DE:E7:91:29:70:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fU0ch5CpE-gyxzPf93je55EpcAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/UPvQH8NqTEDPXNhWgpYWh0Lf6jo.roa
Signing time:             Thu 02 Jan 2025 05:49:12 +0000
ROA not before:           Thu 02 Jan 2025 05:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        185.54.240.0/22 maxlen: 22
                          2001:780::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/fU0ch5CpE-gyxzPf93je55EpcAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/fU0ch5CpE-gyxzPf93je55EpcAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fU0ch5CpE-gyxzPf93je55EpcAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:8f:9e:a0:94:9c:70:3a:37:3b:27:df:10:51:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d4d1c8790a913e832c733dff778dee79129700a
        Validity
            Not Before: Jan  2 05:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50fbd01fc36a4c40cf5cd8568296168742dfea3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:96:69:6e:22:75:47:58:0b:53:10:f2:3b:70:
                    c8:c1:70:17:1a:19:4a:d0:f5:be:b0:6d:aa:d5:5d:
                    ca:2c:86:c0:96:e2:ba:75:bc:7c:e9:b4:30:2c:8e:
                    48:b0:64:dc:d4:92:dd:4f:b4:14:90:dd:fc:43:96:
                    d6:af:3d:55:00:99:60:a7:9f:d0:b9:f2:9c:ba:b9:
                    9c:e8:64:97:83:fa:5f:c0:6c:67:65:68:da:7a:4f:
                    56:25:65:cd:c7:2c:db:40:f8:91:1e:19:68:18:b8:
                    2a:44:13:43:e6:b2:ac:46:e2:d3:d7:f9:81:12:ba:
                    8b:d0:91:e3:c3:27:21:77:cc:35:53:13:0d:c2:47:
                    89:c8:55:ae:3f:7c:5b:2e:d3:b5:a2:44:10:5c:07:
                    9a:c7:38:88:00:6a:66:01:7b:38:07:43:44:34:80:
                    b4:92:d2:29:87:65:09:99:81:08:57:49:5f:88:5d:
                    84:c3:a4:e5:3d:a4:d3:0d:6c:10:97:64:9d:09:43:
                    75:61:6e:8a:85:60:60:ba:08:54:d0:ce:8b:34:08:
                    a8:41:c2:0d:c3:b0:6f:37:c2:9d:3b:db:21:6f:9b:
                    a0:27:8f:18:82:16:1c:a0:d6:66:3b:b8:98:d5:64:
                    8d:43:d2:67:05:cb:37:f9:a0:42:65:29:29:9a:ae:
                    bf:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:FB:D0:1F:C3:6A:4C:40:CF:5C:D8:56:82:96:16:87:42:DF:EA:3A
            X509v3 Authority Key Identifier:
                keyid:7D:4D:1C:87:90:A9:13:E8:32:C7:33:DF:F7:78:DE:E7:91:29:70:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fU0ch5CpE-gyxzPf93je55EpcAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/UPvQH8NqTEDPXNhWgpYWh0Lf6jo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/1c6180-9950-4ce8-811e-f8d662b96dab/1/fU0ch5CpE-gyxzPf93je55EpcAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.240.0/22
                IPv6:
                  2001:780::/29

    Signature Algorithm: sha256WithRSAEncryption
         54:4f:29:cf:f8:49:e3:92:48:ea:f1:5b:31:e1:9d:6d:35:ee:
         81:df:23:ab:ef:09:bb:5a:74:da:78:0a:56:f6:6e:ec:db:1d:
         47:9c:65:d2:79:2c:c7:d3:9a:9f:07:9a:27:18:8b:37:40:ba:
         5c:62:19:44:d4:65:e5:83:87:c6:24:26:30:fb:15:0b:af:9e:
         62:c2:1f:8c:b4:84:e3:cb:0a:83:24:fd:02:25:27:b3:36:cc:
         28:fe:71:bb:e0:e6:c4:3d:b8:73:4c:15:02:99:17:ee:ce:12:
         f8:ef:97:0e:8e:30:cd:10:a2:f6:77:bf:ce:cd:e8:c1:aa:4e:
         ef:b6:0b:a1:78:88:5b:09:a6:c9:7c:81:47:ab:da:a0:6f:e1:
         7b:c6:95:2e:b0:46:df:df:45:e0:62:86:5f:0e:3f:f4:f3:a9:
         3a:a3:1c:ca:99:7a:52:fc:35:f3:9b:a1:e2:c3:ce:38:ff:10:
         4c:99:73:76:2a:44:e8:62:9b:23:db:0a:64:81:17:ab:fa:8b:
         e0:5b:cf:e2:0c:23:05:f2:a5:d2:f4:ae:b6:41:0a:a0:a2:ee:
         c7:fc:b1:e1:7f:09:3a:3a:02:60:58:0e:1e:f5:44:5b:69:6d:
         d2:a9:ca:29:ce:f8:0d:ae:b1:33:3b:90:d4:75:d7:37:39:af:
         ab:f1:c0:ed
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlj4+eoJSccDo3OyffEFEPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNGQxYzg3OTBhOTEzZTgzMmM3MzNkZmY3NzhkZWU3OTEy
OTcwMGEwHhcNMjUwMTAyMDU0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGZiZDAxZmMzNmE0YzQwY2Y1Y2Q4NTY4Mjk2MTY4NzQyZGZlYTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZZpbiJ1R1gLUxDyO3DIwXAXGhlK
0PW+sG2q1V3KLIbAluK6dbx86bQwLI5IsGTc1JLdT7QUkN38Q5bWrz1VAJlgp5/Q
ufKcurmc6GSXg/pfwGxnZWjaek9WJWXNxyzbQPiRHhloGLgqRBND5rKsRuLT1/mB
ErqL0JHjwychd8w1UxMNwkeJyFWuP3xbLtO1okQQXAeaxziIAGpmAXs4B0NENIC0
ktIph2UJmYEIV0lfiF2Ew6TlPaTTDWwQl2SdCUN1YW6KhWBgughU0M6LNAioQcIN
w7BvN8KdO9shb5ugJ48YghYcoNZmO7iY1WSNQ9JnBcs3+aBCZSkpmq6/NQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFD70B/DakxAz1zYVoKWFodC3+o6MB8GA1UdIwQY
MBaAFH1NHIeQqRPoMscz3/d43ueRKXAKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlUwY2g1Q3BFLWd5eHpQZjkzamU1NUVwY0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8xYzYxODAtOTk1MC00Y2U4LTgxMWUt
ZjhkNjYyYjk2ZGFiLzEvVVB2UUg4TnFURURQWE5oV2dwWVdoMExmNmpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8xYzYxODAtOTk1MC00Y2U4LTgxMWUtZjhkNjYyYjk2ZGFi
LzEvZlUwY2g1Q3BFLWd5eHpQZjkzamU1NUVwY0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTbwMA0E
AgACMAcDBQMgAQeAMA0GCSqGSIb3DQEBCwUAA4IBAQBUTynP+Enjkkjq8Vsx4Z1t
Ne6B3yOr7wm7WnTaeApW9m7s2x1HnGXSeSzH05qfB5onGIs3QLpcYhlE1GXlg4fG
JCYw+xULr55iwh+MtITjywqDJP0CJSezNswo/nG74ObEPbhzTBUCmRfuzhL475cO
jjDNEKL2d7/OzejBqk7vtguheIhbCabJfIFHq9qgb+F7xpUusEbf30XgYoZfDj/0
86k6oxzKmXpS/DXzm6Hiw844/xBMmXN2KkToYpsj2wpkgRer+ovgW8/iDCMF8qXS
9K62QQqgou7H/LHhfwk6OgJgWA4e9URbaW3SqcopzvgNrrEzO5DUddc3Oa+r8cDt
-----END CERTIFICATE-----