Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/3bafd8-c34e-4890-b4cf-73db0f2841c9/1/uTJHpPw8MiXzvmoOasbIM18rO48.roa
File:                     uTJHpPw8MiXzvmoOasbIM18rO48.roa (raw, json)
Hash identifier:          417uE377R+rkUzMmjx7quT0IM4A+QC6t0Oyj6z4KxVE=
Subject key identifier:   B9:32:47:A4:FC:3C:32:25:F3:BE:6A:0E:6A:C6:C8:33:5F:2B:3B:8F
Certificate issuer:       /CN=0253b919d75dc204d9ca38db7b28a174834b3b3d
Certificate serial:       0198F6E003CAAEBF90A53FF7DAA2C721EE18
Authority key identifier: 02:53:B9:19:D7:5D:C2:04:D9:CA:38:DB:7B:28:A1:74:83:4B:3B:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AlO5GdddwgTZyjjbeyihdINLOz0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/3bafd8-c34e-4890-b4cf-73db0f2841c9/1/uTJHpPw8MiXzvmoOasbIM18rO48.roa
Signing time:             Fri 29 Aug 2025 17:28:52 +0000
ROA not before:           Fri 29 Aug 2025 17:28:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203779
IP address blocks:        185.124.52.0/22 maxlen: 24
                          2a06:b040::/29 maxlen: 32
                          2a06:b040:8000::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/3bafd8-c34e-4890-b4cf-73db0f2841c9/1/AlO5GdddwgTZyjjbeyihdINLOz0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/3bafd8-c34e-4890-b4cf-73db0f2841c9/1/AlO5GdddwgTZyjjbeyihdINLOz0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AlO5GdddwgTZyjjbeyihdINLOz0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f6:e0:03:ca:ae:bf:90:a5:3f:f7:da:a2:c7:21:ee:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0253b919d75dc204d9ca38db7b28a174834b3b3d
        Validity
            Not Before: Aug 29 17:28:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b93247a4fc3c3225f3be6a0e6ac6c8335f2b3b8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b5:1b:b5:a4:08:12:1f:09:77:63:71:3d:3e:
                    08:5f:c8:6e:71:0f:34:ef:5c:69:37:56:b3:60:74:
                    3c:97:b2:19:ed:24:f4:40:7e:d1:91:fc:53:16:d6:
                    bb:c0:fa:53:9d:0a:3c:bc:72:c0:91:8b:c8:b2:f7:
                    7e:1c:43:82:0c:1a:fb:9e:cd:6b:09:eb:6e:e2:ed:
                    dd:1e:60:da:9b:3c:d4:b9:95:59:05:6e:65:46:39:
                    36:29:c6:6a:ce:53:e1:9c:76:bc:74:46:db:c7:35:
                    bc:a4:ee:4e:dd:1f:3c:52:66:89:9c:15:66:4b:ef:
                    3b:f5:a1:b4:dd:c6:1c:5b:63:f4:f9:66:8e:5a:b3:
                    0c:74:c5:13:2e:00:7d:56:6d:d6:7d:a6:be:7b:36:
                    a2:2f:d9:6e:68:cb:06:f2:94:bb:f6:b0:d7:34:70:
                    9b:7a:22:45:c9:7f:a3:90:92:26:25:dd:2c:6b:fd:
                    f1:e2:e0:43:33:b8:d8:d6:20:02:c4:df:0c:0c:6a:
                    6f:24:60:4c:52:9a:da:ae:5f:b7:1d:23:5a:4a:ad:
                    52:b1:d4:fc:c6:b6:97:8b:d0:f5:81:fb:fc:b6:3f:
                    15:fb:9f:7a:e9:ab:c3:2a:97:d3:8b:14:4c:fe:ae:
                    31:6a:66:cb:ee:31:9b:09:ec:93:7d:ca:a2:5a:cf:
                    8d:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:32:47:A4:FC:3C:32:25:F3:BE:6A:0E:6A:C6:C8:33:5F:2B:3B:8F
            X509v3 Authority Key Identifier:
                keyid:02:53:B9:19:D7:5D:C2:04:D9:CA:38:DB:7B:28:A1:74:83:4B:3B:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AlO5GdddwgTZyjjbeyihdINLOz0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/3bafd8-c34e-4890-b4cf-73db0f2841c9/1/uTJHpPw8MiXzvmoOasbIM18rO48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/3bafd8-c34e-4890-b4cf-73db0f2841c9/1/AlO5GdddwgTZyjjbeyihdINLOz0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.52.0/22
                IPv6:
                  2a06:b040::/29

    Signature Algorithm: sha256WithRSAEncryption
         32:da:f5:55:47:8c:16:71:ba:12:84:b2:28:bf:7a:d6:bb:20:
         a3:73:7f:2f:20:fb:16:5a:91:74:5b:f7:0b:dd:c4:f1:7e:b4:
         90:49:9b:bf:88:ef:97:23:4f:b2:b1:69:36:0c:5b:5d:f1:ea:
         d5:e0:07:98:4c:93:73:4b:96:be:77:dd:55:e8:17:c9:d9:f8:
         cb:8c:22:d8:62:45:3c:88:05:a0:bf:50:a5:ba:57:dc:df:39:
         fd:62:5e:03:6e:01:17:b4:d5:a7:fd:2b:bd:b6:f9:53:87:6b:
         ef:98:a7:39:56:d3:eb:8a:8c:e0:b4:c8:2e:76:2d:d4:66:e9:
         e4:d7:c8:1b:9f:75:1a:7a:bc:c9:75:8d:b1:64:c6:f3:7e:0d:
         da:7b:e6:a4:f5:00:e7:34:19:fc:05:eb:d3:ba:9c:60:ea:00:
         1c:a6:f8:7e:75:06:9f:12:b2:e2:09:83:12:2e:04:55:31:ad:
         e4:45:8c:12:b2:13:65:f3:6b:d7:3e:63:fc:75:e3:25:93:04:
         ce:ba:cb:bb:98:dc:4a:db:25:c0:39:47:eb:f9:3f:55:13:24:
         cc:b5:0e:21:01:8a:22:11:94:5b:dd:58:3e:76:90:a5:0e:3a:
         13:fe:ac:07:10:09:d5:07:47:11:ce:5c:43:1d:0e:e1:81:b7:
         a5:48:84:a2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZj24APKrr+QpT/32qLHIe4YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyNTNiOTE5ZDc1ZGMyMDRkOWNhMzhkYjdiMjhhMTc0ODM0
YjNiM2QwHhcNMjUwODI5MTcyODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTMyNDdhNGZjM2MzMjI1ZjNiZTZhMGU2YWM2YzgzMzVmMmIzYjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrUbtaQIEh8Jd2NxPT4IX8hucQ80
71xpN1azYHQ8l7IZ7ST0QH7RkfxTFta7wPpTnQo8vHLAkYvIsvd+HEOCDBr7ns1r
Cetu4u3dHmDamzzUuZVZBW5lRjk2KcZqzlPhnHa8dEbbxzW8pO5O3R88UmaJnBVm
S+879aG03cYcW2P0+WaOWrMMdMUTLgB9Vm3Wfaa+ezaiL9luaMsG8pS79rDXNHCb
eiJFyX+jkJImJd0sa/3x4uBDM7jY1iACxN8MDGpvJGBMUprarl+3HSNaSq1SsdT8
xraXi9D1gfv8tj8V+5966avDKpfTixRM/q4xambL7jGbCeyTfcqiWs+NuwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLkyR6T8PDIl875qDmrGyDNfKzuPMB8GA1UdIwQY
MBaAFAJTuRnXXcIE2co423sooXSDSzs9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWxPNUdkZGR3Z1RaeWpqYmV5aWhkSU5MT3owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8zYmFmZDgtYzM0ZS00ODkwLWI0Y2Yt
NzNkYjBmMjg0MWM5LzEvdVRKSHBQdzhNaVh6dm1vT2FzYklNMThyTzQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8zYmFmZDgtYzM0ZS00ODkwLWI0Y2YtNzNkYjBmMjg0MWM5
LzEvQWxPNUdkZGR3Z1RaeWpqYmV5aWhkSU5MT3owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXw0MA0E
AgACMAcDBQMqBrBAMA0GCSqGSIb3DQEBCwUAA4IBAQAy2vVVR4wWcboShLIov3rW
uyCjc38vIPsWWpF0W/cL3cTxfrSQSZu/iO+XI0+ysWk2DFtd8erV4AeYTJNzS5a+
d91V6BfJ2fjLjCLYYkU8iAWgv1Clulfc3zn9Yl4DbgEXtNWn/Su9tvlTh2vvmKc5
VtPriozgtMgudi3UZunk18gbn3UaerzJdY2xZMbzfg3ae+ak9QDnNBn8BevTupxg
6gAcpvh+dQafErLiCYMSLgRVMa3kRYwSshNl82vXPmP8deMlkwTOusu7mNxK2yXA
OUfr+T9VEyTMtQ4hAYoiEZRb3Vg+dpClDjoT/qwHEAnVB0cRzlxDHQ7hgbelSISi
-----END CERTIFICATE-----