Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/S_UvXYrcwi02mD9XS72xM5GP0XM.roa
File:                     S_UvXYrcwi02mD9XS72xM5GP0XM.roa (raw, json)
Hash identifier:          tDWixxPYWWKm64Sflrs16Hs5q2OnmoXj3QlJNoGIgAE=
Subject key identifier:   4B:F5:2F:5D:8A:DC:C2:2D:36:98:3F:57:4B:BD:B1:33:91:8F:D1:73
Certificate issuer:       /CN=d4ce2bf0001cd430e9277fb00ed1abe51c0b5c7c
Certificate serial:       0196A446DFA9DEB61AAE120272EC281AC5BA
Authority key identifier: D4:CE:2B:F0:00:1C:D4:30:E9:27:7F:B0:0E:D1:AB:E5:1C:0B:5C:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/S_UvXYrcwi02mD9XS72xM5GP0XM.roa
Signing time:             Tue 06 May 2025 06:27:10 +0000
ROA not before:           Tue 06 May 2025 06:27:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215540
IP address blocks:        77.110.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a4:46:df:a9:de:b6:1a:ae:12:02:72:ec:28:1a:c5:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4ce2bf0001cd430e9277fb00ed1abe51c0b5c7c
        Validity
            Not Before: May  6 06:27:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4bf52f5d8adcc22d36983f574bbdb133918fd173
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:be:a0:77:d4:9c:bd:4c:2a:df:5c:68:63:08:
                    b8:ba:f2:1b:78:6f:20:51:ce:ba:1a:94:26:38:77:
                    dd:cc:e6:57:98:58:55:71:4e:4d:f1:04:fb:dc:6f:
                    1e:62:aa:a9:c1:ac:48:31:df:cd:d8:03:b4:8f:50:
                    e3:ed:6b:fb:19:ae:c4:b3:bb:9c:76:05:10:dc:1b:
                    fc:80:c8:ab:db:db:f1:a3:91:e5:3f:ae:dc:f0:ec:
                    52:a4:21:52:ce:8d:50:c1:81:08:49:36:01:63:9b:
                    c9:bd:cc:e0:30:50:c5:35:1e:53:9b:53:2d:10:a6:
                    6c:30:02:3c:6c:bd:d4:19:66:56:d5:9b:b5:a2:0d:
                    86:d4:0a:b7:0c:05:be:89:a0:fc:5d:40:45:cd:b1:
                    d6:71:70:68:d2:f4:61:5c:17:e6:e0:62:ff:2e:22:
                    80:f2:b8:f6:9d:98:af:c6:a9:95:66:1c:52:a8:80:
                    b5:41:b4:dc:79:1e:bd:0e:11:2f:54:0f:9f:4f:52:
                    89:53:fe:ad:38:4d:4e:d5:4e:35:de:84:45:1e:1a:
                    72:41:9e:89:bc:90:8d:7b:8a:ce:44:91:57:0e:e9:
                    7b:8e:da:c7:6a:dc:2e:db:92:f0:2e:55:90:41:aa:
                    54:1c:f3:61:6b:50:5f:be:98:a0:23:60:5a:e4:a9:
                    5a:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:F5:2F:5D:8A:DC:C2:2D:36:98:3F:57:4B:BD:B1:33:91:8F:D1:73
            X509v3 Authority Key Identifier:
                keyid:D4:CE:2B:F0:00:1C:D4:30:E9:27:7F:B0:0E:D1:AB:E5:1C:0B:5C:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/S_UvXYrcwi02mD9XS72xM5GP0XM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ba0bd3-b365-4461-8ffa-1f5431e2a5af/1/1M4r8AAc1DDpJ3-wDtGr5RwLXHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.110.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:c8:ae:fe:cf:79:4e:36:c4:3b:6c:38:0a:bf:d1:b1:5e:93:
         0c:35:ab:84:5d:d3:2c:8c:21:1c:d1:08:02:a1:f3:c6:3f:af:
         75:ef:58:bb:b4:89:24:3b:bc:f6:8e:ba:92:ff:32:df:15:7d:
         37:f9:93:43:7f:05:7f:36:fa:05:43:a4:9d:e6:51:6b:f6:8f:
         75:6e:0f:fb:07:f7:d6:e1:81:85:5a:fc:5b:67:7a:1a:fb:9f:
         b5:61:26:42:b4:3a:8d:e7:c6:03:e2:75:39:f8:74:72:f5:fe:
         cc:a9:a2:20:10:b1:e8:0c:6a:e9:52:8a:21:07:56:97:bc:0b:
         d9:19:98:f6:d4:1e:1c:49:74:2c:2b:ea:15:ed:da:2f:34:93:
         fa:fb:20:de:d5:21:77:90:e0:0a:45:35:fc:be:e9:42:48:4e:
         83:2f:c6:0b:a0:a4:bc:cd:3b:d4:45:00:cc:cb:0b:9d:ed:1b:
         e2:83:fd:28:09:f4:e1:6b:00:61:af:50:db:1c:c5:f0:e6:b4:
         c5:a9:28:dc:4b:2b:c9:a4:55:66:b0:b3:58:64:87:79:81:52:
         78:c9:74:f8:0f:f3:fd:3d:8c:d4:78:9c:21:02:3e:23:72:2d:
         28:dd:03:bc:37:ae:78:f0:5b:cf:10:2d:5d:be:54:88:63:02:
         84:fa:16:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZakRt+p3rYarhICcuwoGsW6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Y2UyYmYwMDAxY2Q0MzBlOTI3N2ZiMDBlZDFhYmU1MWMw
YjVjN2MwHhcNMjUwNTA2MDYyNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmY1MmY1ZDhhZGNjMjJkMzY5ODNmNTc0YmJkYjEzMzkxOGZkMTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt76gd9ScvUwq31xoYwi4uvIbeG8g
Uc66GpQmOHfdzOZXmFhVcU5N8QT73G8eYqqpwaxIMd/N2AO0j1Dj7Wv7Ga7Es7uc
dgUQ3Bv8gMir29vxo5HlP67c8OxSpCFSzo1QwYEISTYBY5vJvczgMFDFNR5Tm1Mt
EKZsMAI8bL3UGWZW1Zu1og2G1Aq3DAW+iaD8XUBFzbHWcXBo0vRhXBfm4GL/LiKA
8rj2nZivxqmVZhxSqIC1QbTceR69DhEvVA+fT1KJU/6tOE1O1U413oRFHhpyQZ6J
vJCNe4rORJFXDul7jtrHatwu25LwLlWQQapUHPNha1BfvpigI2Ba5KlaEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEv1L12K3MItNpg/V0u9sTORj9FzMB8GA1UdIwQY
MBaAFNTOK/AAHNQw6Sd/sA7Rq+UcC1x8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU00cjhBQWMxRERwSjMtd0R0R3I1UndMWEh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9iYTBiZDMtYjM2NS00NDYxLThmZmEt
MWY1NDMxZTJhNWFmLzEvU19VdlhZcmN3aTAybUQ5WFM3MnhNNUdQMFhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9iYTBiZDMtYjM2NS00NDYxLThmZmEtMWY1NDMxZTJhNWFm
LzEvMU00cjhBQWMxRERwSjMtd0R0R3I1UndMWEh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATW5rMA0G
CSqGSIb3DQEBCwUAA4IBAQAKyK7+z3lONsQ7bDgKv9GxXpMMNauEXdMsjCEc0QgC
ofPGP69171i7tIkkO7z2jrqS/zLfFX03+ZNDfwV/NvoFQ6Sd5lFr9o91bg/7B/fW
4YGFWvxbZ3oa+5+1YSZCtDqN58YD4nU5+HRy9f7MqaIgELHoDGrpUoohB1aXvAvZ
GZj21B4cSXQsK+oV7dovNJP6+yDe1SF3kOAKRTX8vulCSE6DL8YLoKS8zTvURQDM
ywud7Rvig/0oCfThawBhr1DbHMXw5rTFqSjcSyvJpFVmsLNYZId5gVJ4yXT4D/P9
PYzUeJwhAj4jci0o3QO8N6548FvPEC1dvlSIYwKE+hb1
-----END CERTIFICATE-----