Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/5c9b74-753b-42e2-b41a-2b649d5ebaf3/1/ULUALQSKNZEpPcNq68X1y69o-9w.roa
File:                     ULUALQSKNZEpPcNq68X1y69o-9w.roa (raw, json)
Hash identifier:          u+zVU0SkY5ZMKNVKnpjmcvlKMcttm6HzHNnhk032Vso=
Subject key identifier:   50:B5:00:2D:04:8A:35:91:29:3D:C3:6A:EB:C5:F5:CB:AF:68:FB:DC
Certificate issuer:       /CN=40131c943977ea0a93efceecd34d1d5d1cb182af
Certificate serial:       0198126CC47A8E237C15A413F8DE3CF3ABEC
Authority key identifier: 40:13:1C:94:39:77:EA:0A:93:EF:CE:EC:D3:4D:1D:5D:1C:B1:82:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QBMclDl36gqT787s000dXRyxgq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/5c9b74-753b-42e2-b41a-2b649d5ebaf3/1/ULUALQSKNZEpPcNq68X1y69o-9w.roa
Signing time:             Wed 16 Jul 2025 08:49:34 +0000
ROA not before:           Wed 16 Jul 2025 08:49:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210264
IP address blocks:        188.66.52.0/24 maxlen: 24
                          188.66.53.0/24 maxlen: 24
                          188.66.54.0/23 maxlen: 23
                          188.66.54.0/24 maxlen: 24
                          188.66.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/5c9b74-753b-42e2-b41a-2b649d5ebaf3/1/QBMclDl36gqT787s000dXRyxgq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/5c9b74-753b-42e2-b41a-2b649d5ebaf3/1/QBMclDl36gqT787s000dXRyxgq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QBMclDl36gqT787s000dXRyxgq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 Aug 2025 11:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:12:6c:c4:7a:8e:23:7c:15:a4:13:f8:de:3c:f3:ab:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40131c943977ea0a93efceecd34d1d5d1cb182af
        Validity
            Not Before: Jul 16 08:49:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50b5002d048a3591293dc36aebc5f5cbaf68fbdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:6a:2a:56:ec:0d:be:84:f0:49:99:1b:8e:fb:
                    cb:d3:05:0c:3b:7e:d4:dd:00:1b:c8:8d:be:74:d7:
                    70:c4:6d:fa:85:09:ff:f7:b7:6a:aa:83:34:04:00:
                    f2:18:ed:22:2e:24:d8:4d:d6:90:b8:4b:d9:fd:57:
                    10:83:ca:5e:f4:5a:3c:77:30:ff:78:b2:36:a1:32:
                    96:88:ae:f0:6f:04:4c:b6:a5:02:df:f0:90:0f:95:
                    7b:a9:15:aa:ca:1e:3a:ad:67:6b:c4:53:6d:44:35:
                    aa:f3:d7:87:9e:b0:71:84:95:b0:e3:10:81:6a:a3:
                    c8:12:f9:57:05:e0:66:21:56:e8:1d:b1:1a:11:75:
                    89:79:86:6b:4a:0e:4a:2a:37:a8:36:1d:b5:8f:48:
                    fc:f8:21:7c:48:65:99:ec:da:7f:df:06:9e:94:76:
                    5e:40:8f:37:28:49:5c:29:fb:0f:36:36:99:e5:89:
                    23:33:f0:9b:7a:25:98:95:6e:1d:97:b2:34:fc:25:
                    7e:96:14:43:3c:bb:c5:fb:91:9a:81:8a:4f:52:79:
                    b8:b3:72:ca:9c:d1:5a:c0:65:67:f4:a4:2e:ba:4d:
                    1f:0a:5e:c4:ad:c3:39:e2:ac:95:58:41:75:45:17:
                    ab:09:36:d1:6e:0a:30:a1:c4:e8:f3:4d:9d:98:e7:
                    b0:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:B5:00:2D:04:8A:35:91:29:3D:C3:6A:EB:C5:F5:CB:AF:68:FB:DC
            X509v3 Authority Key Identifier:
                keyid:40:13:1C:94:39:77:EA:0A:93:EF:CE:EC:D3:4D:1D:5D:1C:B1:82:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QBMclDl36gqT787s000dXRyxgq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/5c9b74-753b-42e2-b41a-2b649d5ebaf3/1/ULUALQSKNZEpPcNq68X1y69o-9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/5c9b74-753b-42e2-b41a-2b649d5ebaf3/1/QBMclDl36gqT787s000dXRyxgq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.66.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:eb:8b:e3:d8:49:38:85:07:79:21:a2:13:d7:4e:ab:94:3f:
         9e:a5:0b:dd:53:e9:21:4f:8f:fd:ae:35:bb:21:33:bc:70:22:
         fe:2a:90:9b:1e:71:1d:18:08:f2:71:45:98:59:44:e3:ca:6f:
         a2:f5:e3:24:f7:d2:2f:eb:0c:84:81:35:fb:18:46:84:10:33:
         83:8e:b3:c9:4e:82:52:64:2a:24:d2:65:c2:cc:a2:34:9c:1e:
         0f:50:7d:fd:c5:e2:4c:fe:8e:1e:4a:b1:86:6b:f2:33:ec:c6:
         ae:61:3a:2d:ab:eb:88:7b:b0:86:53:f8:68:65:c4:23:68:cd:
         a8:50:3e:09:77:96:a2:22:af:e2:2b:06:fa:19:f7:45:a4:9d:
         37:e0:66:24:9e:a0:ed:97:00:18:1b:33:9e:47:cc:f7:46:d8:
         a3:f7:b5:58:29:f1:39:11:5c:76:47:34:5d:a5:c2:ce:d4:c7:
         7e:20:99:27:50:59:8c:d1:a6:c2:eb:4e:9f:e5:8a:fc:04:aa:
         da:57:03:44:9a:67:b8:c0:cd:64:21:ed:13:18:94:6c:86:0f:
         71:e5:91:e1:a8:f1:29:db:43:a7:34:ab:16:4d:ef:d4:1a:33:
         8f:87:d8:1e:14:0a:56:70:99:52:5f:07:b0:03:62:ca:6b:e3:
         16:27:91:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgSbMR6jiN8FaQT+N4886vsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwMTMxYzk0Mzk3N2VhMGE5M2VmY2VlY2QzNGQxZDVkMWNi
MTgyYWYwHhcNMjUwNzE2MDg0OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGI1MDAyZDA0OGEzNTkxMjkzZGMzNmFlYmM1ZjVjYmFmNjhmYmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWoqVuwNvoTwSZkbjvvL0wUMO37U
3QAbyI2+dNdwxG36hQn/97dqqoM0BADyGO0iLiTYTdaQuEvZ/VcQg8pe9Fo8dzD/
eLI2oTKWiK7wbwRMtqUC3/CQD5V7qRWqyh46rWdrxFNtRDWq89eHnrBxhJWw4xCB
aqPIEvlXBeBmIVboHbEaEXWJeYZrSg5KKjeoNh21j0j8+CF8SGWZ7Np/3waelHZe
QI83KElcKfsPNjaZ5YkjM/CbeiWYlW4dl7I0/CV+lhRDPLvF+5GagYpPUnm4s3LK
nNFawGVn9KQuuk0fCl7ErcM54qyVWEF1RRerCTbRbgowocTo802dmOewLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFC1AC0EijWRKT3DauvF9cuvaPvcMB8GA1UdIwQY
MBaAFEATHJQ5d+oKk+/O7NNNHV0csYKvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUJNY2xEbDM2Z3FUNzg3czAwMGRYUnl4Z3E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC81YzliNzQtNzUzYi00MmUyLWI0MWEt
MmI2NDlkNWViYWYzLzEvVUxVQUxRU0tOWkVwUGNOcTY4WDF5NjlvLTl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC81YzliNzQtNzUzYi00MmUyLWI0MWEtMmI2NDlkNWViYWYz
LzEvUUJNY2xEbDM2Z3FUNzg3czAwMGRYUnl4Z3E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvEI0MA0G
CSqGSIb3DQEBCwUAA4IBAQAy64vj2Ek4hQd5IaIT106rlD+epQvdU+khT4/9rjW7
ITO8cCL+KpCbHnEdGAjycUWYWUTjym+i9eMk99Iv6wyEgTX7GEaEEDODjrPJToJS
ZCok0mXCzKI0nB4PUH39xeJM/o4eSrGGa/Iz7MauYTotq+uIe7CGU/hoZcQjaM2o
UD4Jd5aiIq/iKwb6GfdFpJ034GYknqDtlwAYGzOeR8z3Rtij97VYKfE5EVx2RzRd
pcLO1Md+IJknUFmM0abC606f5Yr8BKraVwNEmme4wM1kIe0TGJRshg9x5ZHhqPEp
20OnNKsWTe/UGjOPh9geFApWcJlSXwewA2LKa+MWJ5EF
-----END CERTIFICATE-----