Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/U-7WbY80azeStrIeiVwRKT2jwRc.roa
File:                     U-7WbY80azeStrIeiVwRKT2jwRc.roa (raw, json)
Hash identifier:          ZIXrmXYlNSZMhkWiKE/Lr2Ib1xU5DsRD19T62itUvp4=
Subject key identifier:   53:EE:D6:6D:8F:34:6B:37:92:B6:B2:1E:89:5C:11:29:3D:A3:C1:17
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       01961EC1FDE600E9CB00AE53B1095360CCC2
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/U-7WbY80azeStrIeiVwRKT2jwRc.roa
Signing time:             Thu 10 Apr 2025 08:12:31 +0000
ROA not before:           Thu 10 Apr 2025 08:12:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48199
IP address blocks:        37.77.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 04:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1e:c1:fd:e6:00:e9:cb:00:ae:53:b1:09:53:60:cc:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Apr 10 08:12:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53eed66d8f346b3792b6b21e895c11293da3c117
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e4:e5:28:51:45:ff:8b:c8:33:d0:59:41:73:
                    c5:7a:06:ca:cb:ae:6a:cb:cc:c8:cb:d9:3f:93:d0:
                    37:19:1a:e7:a7:c4:dd:8e:f9:f7:94:99:8d:c8:79:
                    73:ed:9c:1d:5c:ff:6c:6c:8b:d4:30:22:9c:f5:65:
                    d7:97:a2:9c:10:12:6a:38:6e:28:28:8b:a6:9a:2b:
                    50:5f:b2:6a:1e:2c:bf:af:73:1a:70:fe:c0:0e:54:
                    74:9b:d1:4b:f7:7c:cf:35:52:62:61:ac:e1:4b:37:
                    df:e2:be:69:0b:0c:fa:d0:a5:5e:16:68:b6:a2:1a:
                    88:de:e6:d9:45:a3:3c:8c:6f:6c:d9:e4:6b:dd:79:
                    57:ef:86:97:c5:ba:24:a8:1e:6d:c3:20:ef:08:3c:
                    f9:93:1e:c8:21:4c:c6:60:99:e9:07:fd:11:47:49:
                    b5:a3:5e:08:01:c8:f0:96:21:83:25:df:0c:21:9e:
                    e2:cf:64:5c:ce:2a:84:39:82:b3:a3:e7:4d:0a:e0:
                    58:28:52:6d:22:7a:00:c9:b5:5f:ca:78:2f:18:5e:
                    db:da:48:40:f6:ac:42:99:1c:40:8b:3e:a3:cb:f5:
                    a4:a9:4c:45:5c:40:20:3c:f1:4c:53:9d:fe:c5:24:
                    6a:6e:7c:5d:67:02:b2:13:16:19:b4:61:38:e8:cd:
                    21:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:EE:D6:6D:8F:34:6B:37:92:B6:B2:1E:89:5C:11:29:3D:A3:C1:17
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/U-7WbY80azeStrIeiVwRKT2jwRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:a6:62:0e:d2:ff:ab:0f:64:e1:4c:75:8e:64:33:fd:f1:90:
         93:33:ba:88:5b:db:2c:7b:6e:3b:16:64:b4:5a:cf:72:b7:c7:
         29:67:be:38:d5:2e:d0:74:2e:bf:fe:f9:30:eb:de:10:d5:51:
         aa:a1:8f:64:4a:aa:60:2f:93:c1:4a:a9:03:6d:76:96:a6:5c:
         19:e5:03:df:bd:de:44:34:af:3c:cf:5f:21:db:83:2b:f1:77:
         da:f8:b1:f4:96:73:47:e9:57:13:33:99:8b:84:d1:d1:b8:cd:
         28:a7:7f:fa:f4:11:cb:0d:fb:db:4d:d5:6e:c8:27:dc:55:6c:
         64:f5:3e:75:4c:ea:b0:15:17:66:90:ae:8b:c9:1c:62:f8:be:
         9c:9f:d6:70:b3:11:f5:38:68:f4:30:84:a8:31:57:8f:e6:43:
         44:55:b5:00:65:e7:19:95:45:28:5a:1d:10:1b:7a:c0:1d:4d:
         9c:22:f6:0f:8f:f5:43:5d:fb:09:0e:f9:ba:99:5f:7c:0c:37:
         2b:53:b4:13:f7:1e:01:b5:00:49:12:0a:7c:4f:83:37:b8:26:
         ac:0a:8f:57:5b:cd:71:9f:5b:1e:9e:2d:56:96:72:f7:14:fa:
         31:38:a2:b4:9d:32:8b:da:1f:5d:ed:0a:ce:14:76:ce:93:94:
         41:f9:ee:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYewf3mAOnLAK5TsQlTYMzCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwNDEwMDgxMjMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2VlZDY2ZDhmMzQ2YjM3OTJiNmIyMWU4OTVjMTEyOTNkYTNjMTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOTlKFFF/4vIM9BZQXPFegbKy65q
y8zIy9k/k9A3GRrnp8Tdjvn3lJmNyHlz7ZwdXP9sbIvUMCKc9WXXl6KcEBJqOG4o
KIummitQX7JqHiy/r3MacP7ADlR0m9FL93zPNVJiYazhSzff4r5pCwz60KVeFmi2
ohqI3ubZRaM8jG9s2eRr3XlX74aXxbokqB5twyDvCDz5kx7IIUzGYJnpB/0RR0m1
o14IAcjwliGDJd8MIZ7iz2RcziqEOYKzo+dNCuBYKFJtInoAybVfyngvGF7b2khA
9qxCmRxAiz6jy/WkqUxFXEAgPPFMU53+xSRqbnxdZwKyExYZtGE46M0hGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPu1m2PNGs3krayHolcESk9o8EXMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvVS03V2JZODBhemVTdHJJZWlWd1JLVDJqd1JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJU2UMA0G
CSqGSIb3DQEBCwUAA4IBAQBRpmIO0v+rD2ThTHWOZDP98ZCTM7qIW9sse247FmS0
Ws9yt8cpZ7441S7QdC6//vkw694Q1VGqoY9kSqpgL5PBSqkDbXaWplwZ5QPfvd5E
NK88z18h24Mr8Xfa+LH0lnNH6VcTM5mLhNHRuM0op3/69BHLDfvbTdVuyCfcVWxk
9T51TOqwFRdmkK6LyRxi+L6cn9ZwsxH1OGj0MISoMVeP5kNEVbUAZecZlUUoWh0Q
G3rAHU2cIvYPj/VDXfsJDvm6mV98DDcrU7QT9x4BtQBJEgp8T4M3uCasCo9XW81x
n1seni1WlnL3FPoxOKK0nTKL2h9d7QrOFHbOk5RB+e56
-----END CERTIFICATE-----