Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c43e1c-b676-48c6-863f-9ade396f7c4c/1/UTAlH1piM7PJ2QM0s5skdXPPsuo.roa
File:                     UTAlH1piM7PJ2QM0s5skdXPPsuo.roa (raw, json)
Hash identifier:          fzndOTAoxEC/XhPLAQSFfAsuTeWYwABcKcsXrCmPQNc=
Subject key identifier:   51:30:25:1F:5A:62:33:B3:C9:D9:03:34:B3:9B:24:75:73:CF:B2:EA
Certificate issuer:       /CN=86f6e524fc15aadc489ee975815a37286de4bb52
Certificate serial:       0196251CEB2916E7A895177ABAC3B7878D44
Authority key identifier: 86:F6:E5:24:FC:15:AA:DC:48:9E:E9:75:81:5A:37:28:6D:E4:BB:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hvblJPwVqtxInul1gVo3KG3ku1I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c43e1c-b676-48c6-863f-9ade396f7c4c/1/UTAlH1piM7PJ2QM0s5skdXPPsuo.roa
Signing time:             Fri 11 Apr 2025 13:49:34 +0000
ROA not before:           Fri 11 Apr 2025 13:49:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212672
IP address blocks:        185.39.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/c43e1c-b676-48c6-863f-9ade396f7c4c/1/hvblJPwVqtxInul1gVo3KG3ku1I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/c43e1c-b676-48c6-863f-9ade396f7c4c/1/hvblJPwVqtxInul1gVo3KG3ku1I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hvblJPwVqtxInul1gVo3KG3ku1I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 07:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:25:1c:eb:29:16:e7:a8:95:17:7a:ba:c3:b7:87:8d:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86f6e524fc15aadc489ee975815a37286de4bb52
        Validity
            Not Before: Apr 11 13:49:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5130251f5a6233b3c9d90334b39b247573cfb2ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:7a:47:b4:1b:39:d1:13:5f:c8:b9:ef:0f:b7:
                    14:c3:d4:61:c3:41:5a:de:56:f0:f1:19:e4:34:91:
                    82:66:3e:fa:d2:14:fb:85:28:03:f8:da:a1:3e:be:
                    85:dd:3d:42:53:d7:2f:b0:ec:fb:d8:9b:05:9c:1e:
                    85:81:32:19:1c:78:58:fb:8a:e5:74:06:21:de:3a:
                    c6:1f:fb:b4:3d:15:8d:03:2a:67:2f:78:74:c0:91:
                    c1:e0:37:5f:f8:85:50:ba:cd:ea:81:f1:a1:89:6d:
                    99:55:d4:9b:03:c5:1d:2c:1d:2d:55:56:90:af:55:
                    22:0b:95:50:28:68:f1:e8:d2:b4:da:56:bd:e2:01:
                    61:69:c5:f7:f5:5d:93:1b:b2:35:43:45:7b:79:df:
                    fc:c5:d8:49:fd:73:e3:fc:d3:00:28:a2:e4:ae:3d:
                    e1:c4:0c:fc:0d:92:f3:f0:1e:1b:40:82:6e:c7:88:
                    d9:72:47:3f:25:b3:14:61:57:33:28:05:39:b1:c6:
                    dd:13:2b:46:79:e8:59:9b:1d:42:ce:6a:92:bf:02:
                    07:f8:0d:d5:9d:d0:07:c2:3d:3a:c4:64:9c:5a:37:
                    65:f6:9f:20:2e:75:f6:42:f8:c8:d3:5c:00:e6:0c:
                    0d:53:4d:7e:b6:23:df:0e:98:a9:de:64:f9:9c:8c:
                    ae:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:30:25:1F:5A:62:33:B3:C9:D9:03:34:B3:9B:24:75:73:CF:B2:EA
            X509v3 Authority Key Identifier:
                keyid:86:F6:E5:24:FC:15:AA:DC:48:9E:E9:75:81:5A:37:28:6D:E4:BB:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hvblJPwVqtxInul1gVo3KG3ku1I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c43e1c-b676-48c6-863f-9ade396f7c4c/1/UTAlH1piM7PJ2QM0s5skdXPPsuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c43e1c-b676-48c6-863f-9ade396f7c4c/1/hvblJPwVqtxInul1gVo3KG3ku1I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:bb:51:32:93:ed:ec:a8:12:31:6a:3b:1d:37:d7:f7:6c:2c:
         ba:91:4a:13:ae:f8:ac:fc:a7:d0:26:2d:ee:77:9f:f6:36:f4:
         63:99:68:fa:fb:56:5c:87:78:fb:2e:d3:7a:b4:0b:e0:dd:3f:
         0e:80:ad:07:ff:9b:3a:59:97:29:71:cb:fb:92:35:43:04:73:
         a9:bd:cc:e0:4a:b2:27:cd:dc:98:88:91:4a:e0:17:e5:c1:2e:
         9a:0e:41:16:bc:7b:3c:03:43:27:8b:5b:4c:c8:96:b3:d7:4d:
         0d:8c:86:56:38:ee:83:14:fe:dc:4a:5b:e0:48:b4:ee:0c:16:
         03:63:b2:01:33:46:5e:c9:18:03:74:ad:61:d3:94:43:4c:f6:
         d9:98:b0:b7:79:4b:14:35:ed:7f:25:47:e2:c6:11:b1:c0:8a:
         22:f9:7d:b8:b6:de:e2:66:99:bd:d2:7a:b0:cb:8c:27:2a:5c:
         00:3e:2d:2b:9d:91:5a:a4:6f:0d:57:03:e5:1b:58:24:60:33:
         5b:7b:9d:2d:b8:7c:25:e6:00:37:d7:4f:06:89:90:97:5b:56:
         47:73:98:63:bc:74:01:42:e5:e7:ca:cf:d0:fe:7d:20:ba:9e:
         3e:93:43:57:c3:6b:6a:f8:4f:d7:80:6c:2b:57:3d:65:86:13:
         0e:f2:8b:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYlHOspFueolRd6usO3h41EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZjZlNTI0ZmMxNWFhZGM0ODllZTk3NTgxNWEzNzI4NmRl
NGJiNTIwHhcNMjUwNDExMTM0OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTMwMjUxZjVhNjIzM2IzYzlkOTAzMzRiMzliMjQ3NTczY2ZiMmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8XpHtBs50RNfyLnvD7cUw9Rhw0Fa
3lbw8RnkNJGCZj760hT7hSgD+NqhPr6F3T1CU9cvsOz72JsFnB6FgTIZHHhY+4rl
dAYh3jrGH/u0PRWNAypnL3h0wJHB4Ddf+IVQus3qgfGhiW2ZVdSbA8UdLB0tVVaQ
r1UiC5VQKGjx6NK02la94gFhacX39V2TG7I1Q0V7ed/8xdhJ/XPj/NMAKKLkrj3h
xAz8DZLz8B4bQIJux4jZckc/JbMUYVczKAU5scbdEytGeehZmx1CzmqSvwIH+A3V
ndAHwj06xGScWjdl9p8gLnX2QvjI01wA5gwNU01+tiPfDpip3mT5nIyuwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEwJR9aYjOzydkDNLObJHVzz7LqMB8GA1UdIwQY
MBaAFIb25ST8FarcSJ7pdYFaNyht5LtSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHZibEpQd1ZxdHhJbnVsMWdWbzNLRzNrdTFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDNlMWMtYjY3Ni00OGM2LTg2M2Yt
OWFkZTM5NmY3YzRjLzEvVVRBbEgxcGlNN1BKMlFNMHM1c2tkWFBQc3VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDNlMWMtYjY3Ni00OGM2LTg2M2YtOWFkZTM5NmY3YzRj
LzEvaHZibEpQd1ZxdHhJbnVsMWdWbzNLRzNrdTFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSdNMA0G
CSqGSIb3DQEBCwUAA4IBAQBNu1Eyk+3sqBIxajsdN9f3bCy6kUoTrvis/KfQJi3u
d5/2NvRjmWj6+1Zch3j7LtN6tAvg3T8OgK0H/5s6WZcpccv7kjVDBHOpvczgSrIn
zdyYiJFK4BflwS6aDkEWvHs8A0Mni1tMyJaz100NjIZWOO6DFP7cSlvgSLTuDBYD
Y7IBM0ZeyRgDdK1h05RDTPbZmLC3eUsUNe1/JUfixhGxwIoi+X24tt7iZpm90nqw
y4wnKlwAPi0rnZFapG8NVwPlG1gkYDNbe50tuHwl5gA3108GiZCXW1ZHc5hjvHQB
QuXnys/Q/n0gup4+k0NXw2tq+E/XgGwrVz1lhhMO8ov5
-----END CERTIFICATE-----