Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/UpYan03byxcHPqw8EiCGXgZiuOU.roa
File:                     UpYan03byxcHPqw8EiCGXgZiuOU.roa (raw, json)
Hash identifier:          dBcw6COpJvxlrXUtiIxkNddYnLkt6xR4lnMEe8zrVu4=
Subject key identifier:   52:96:1A:9F:4D:DB:CB:17:07:3E:AC:3C:12:20:86:5E:06:62:B8:E5
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       019777EF8FFA4D673BF51D27F6A82BAFAB31
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/UpYan03byxcHPqw8EiCGXgZiuOU.roa
Signing time:             Mon 16 Jun 2025 08:51:17 +0000
ROA not before:           Mon 16 Jun 2025 08:51:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206935
IP address blocks:        78.142.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 10:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:77:ef:8f:fa:4d:67:3b:f5:1d:27:f6:a8:2b:af:ab:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jun 16 08:51:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52961a9f4ddbcb17073eac3c1220865e0662b8e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d1:8c:32:2b:74:eb:2c:f7:2d:8d:5e:36:a8:
                    1a:6b:32:17:95:4d:a5:7b:ff:ce:9a:40:20:80:28:
                    ed:a3:83:83:c2:e6:5c:81:42:c7:90:a8:27:14:86:
                    53:b0:fe:d0:9e:31:ac:8b:9f:a0:64:d4:b5:f1:d3:
                    6e:7f:6b:7a:99:80:59:ab:0e:2f:d0:dc:83:07:65:
                    8b:ac:97:7e:f2:0a:a1:db:44:c1:17:04:09:e4:57:
                    b1:a5:8d:2f:cd:cf:69:bf:00:17:a2:c3:f2:2d:31:
                    4a:a7:8e:cc:5b:dc:d1:15:ab:72:c3:5c:af:df:8d:
                    be:5a:8d:bd:c8:ee:35:ec:79:f0:1d:12:bb:fb:f8:
                    fb:3d:97:28:6e:4d:16:0e:76:f3:51:1b:f6:f1:8c:
                    12:c9:75:bf:43:68:37:bf:ab:03:b5:95:80:f5:e9:
                    01:0e:6d:28:b9:0a:cc:cd:0d:e1:cf:e9:e9:be:dd:
                    a3:5c:03:f7:a0:7d:1f:1c:b8:4c:24:1d:51:18:5b:
                    f5:5d:2a:2e:b9:77:97:94:29:0a:3e:3b:ff:3e:b7:
                    bf:0e:c5:9c:0d:c9:04:a9:6e:3b:5e:2e:1f:97:73:
                    80:fc:20:69:a5:41:bc:06:6d:dc:46:de:2b:81:29:
                    a4:0b:b2:45:d0:1b:7e:7a:38:49:18:cb:0e:d6:20:
                    14:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:96:1A:9F:4D:DB:CB:17:07:3E:AC:3C:12:20:86:5E:06:62:B8:E5
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/UpYan03byxcHPqw8EiCGXgZiuOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.142.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:e5:17:11:6c:b9:bc:a6:4b:ec:c4:1d:df:51:99:37:5d:97:
         7c:68:1a:84:b7:a9:46:57:10:b6:19:63:52:bf:7b:bc:45:9c:
         9d:8c:b5:e0:97:2f:6e:45:a3:2f:a8:4b:b9:15:7d:53:d7:b3:
         1c:26:8e:82:f4:6e:5b:2b:8c:d9:99:6d:50:4a:a2:51:63:be:
         e2:3d:9c:50:7c:7b:0d:2c:7f:25:5b:bd:d4:98:4f:42:7b:b0:
         e4:c8:84:c4:96:28:b1:16:60:62:f0:97:7e:47:e0:4a:2c:d8:
         fd:bf:b9:5c:26:0c:1b:1d:13:bc:62:ce:d3:0d:74:9c:9a:2b:
         8d:fd:23:80:2f:a4:95:15:37:b2:c6:77:e9:47:a9:b1:be:dd:
         fe:aa:e2:da:f2:73:c5:87:23:58:62:c2:2b:75:30:66:2b:4c:
         94:ea:b8:10:d1:ae:26:9c:15:18:45:6f:85:39:c2:90:fb:0e:
         0a:21:2b:50:7b:88:c9:ad:7d:80:f3:87:8b:c0:94:df:f7:d8:
         2d:f5:4c:85:b6:a8:87:29:38:80:aa:41:e3:0a:33:09:ab:1c:
         3e:4b:1c:e3:23:08:29:f3:87:c3:15:bf:f7:d5:25:ac:31:e4:
         b9:a9:d6:cc:b5:33:43:26:75:cf:e3:e7:96:15:84:c6:1b:31:
         50:0f:09:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd374/6TWc79R0n9qgrr6sxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwNjE2MDg1MTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mjk2MWE5ZjRkZGJjYjE3MDczZWFjM2MxMjIwODY1ZTA2NjJiOGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdGMMit06yz3LY1eNqgaazIXlU2l
e//OmkAggCjto4ODwuZcgULHkKgnFIZTsP7QnjGsi5+gZNS18dNuf2t6mYBZqw4v
0NyDB2WLrJd+8gqh20TBFwQJ5FexpY0vzc9pvwAXosPyLTFKp47MW9zRFatyw1yv
342+Wo29yO417HnwHRK7+/j7PZcobk0WDnbzURv28YwSyXW/Q2g3v6sDtZWA9ekB
Dm0ouQrMzQ3hz+npvt2jXAP3oH0fHLhMJB1RGFv1XSouuXeXlCkKPjv/Pre/DsWc
DckEqW47Xi4fl3OA/CBppUG8Bm3cRt4rgSmkC7JF0Bt+ejhJGMsO1iAU+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKWGp9N28sXBz6sPBIghl4GYrjlMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvVXBZYW4wM2J5eGNIUHF3OEVpQ0dYZ1ppdU9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATo4dMA0G
CSqGSIb3DQEBCwUAA4IBAQC95RcRbLm8pkvsxB3fUZk3XZd8aBqEt6lGVxC2GWNS
v3u8RZydjLXgly9uRaMvqEu5FX1T17McJo6C9G5bK4zZmW1QSqJRY77iPZxQfHsN
LH8lW73UmE9Ce7DkyITEliixFmBi8Jd+R+BKLNj9v7lcJgwbHRO8Ys7TDXScmiuN
/SOAL6SVFTeyxnfpR6mxvt3+quLa8nPFhyNYYsIrdTBmK0yU6rgQ0a4mnBUYRW+F
OcKQ+w4KIStQe4jJrX2A84eLwJTf99gt9UyFtqiHKTiAqkHjCjMJqxw+SxzjIwgp
84fDFb/31SWsMeS5qdbMtTNDJnXP4+eWFYTGGzFQDwnI
-----END CERTIFICATE-----